def do_user_tags(name):
user = Account.get_user(name)
if not user:
error(code=404)
if 'username' not in request.params:
seterr('/station', 'noplayer')
redirect('/'.join(['/tag', name, request.params['username']]), 303)
def do_user_edit(name):
if not request.admin and request.user.username != name:
error(code=401)
p = request.params
user = Account.get_user(name)
# whitelist the params a player may pass in
perm_user = [
'verify_password', 'password', 'confirm_password', 'language', 'cell',
'twitter', 'email'
]
if request.player:
# filter the params down to the permitted ones
p = dict([(x, p[x]) for x in perm_user if x in p])
if 'password' in p and p['password'] and not request.admin:
if p['password'] != p['confirm_password']:
seterr('/user/%s/edit' % name, 'vp')
if not user.verify_pass(p['verify_password']):
seterr('/user/%s/edit' % name, 'bp')
for prop in [
'language', 'cell', 'twitter', 'name', 'username', 'state',
'signedin', 'student_num', 'email'
]:
if prop in p:
if p[prop]:
try:
i = int(p[prop])
setattr(user, prop, int(p[prop]))
except:
setattr(user, prop, p[prop])
else:
setattr(user, prop, None)
if p['password']:
user.hashed_pass = p['password']
redirect('/user/' + name, 303)
def do_user_tags(name):
user = Account.get_user(name)
if not user:
error(code=404)
if 'username' not in request.params:
seterr('/station', 'noplayer')
redirect('/'.join(['/tag',name,request.params['username']]), 303)
def do_user_edit(name):
if not request.admin and request.user.username != name:
error(code=401)
p = request.params
user = Account.get_user(name)
# whitelist the params a player may pass in
perm_user = ['verify_password','password','confirm_password','language','cell','twitter','email']
if request.player:
# filter the params down to the permitted ones
p = dict([(x,p[x]) for x in perm_user if x in p])
if 'password' in p and p['password'] and not request.admin:
if p['password'] != p['confirm_password']:
seterr('/user/%s/edit' % name, 'vp')
if not user.verify_pass(p['verify_password']):
seterr('/user/%s/edit' % name, 'bp')
for prop in ['language','cell','twitter','name','username','state','signedin','student_num','email']:
if prop in p:
if p[prop]:
try:
i = int(p[prop])
setattr(user,prop,int(p[prop]))
except:
setattr(user,prop,p[prop])
else:
setattr(user,prop,None)
if p['password']:
user.hashed_pass = p['password']
redirect('/user/' + name, 303)
def do_startend():
s_t = bottle.request.params.get('start_time', None)
e_t = bottle.request.params.get('end_time', None)
if not s_t or not e_t:
seterr('/game', 'notime')
Game.game_start = datetime.datetime.strptime(s_t,'%Y-%m-%d %H:%M:%S')
Game.game_end = datetime.datetime.strptime(e_t,'%Y-%m-%d %H:%M:%S')
redirect('/game', 303)
def do_eula():
for i in ('liability','safety'):
# if i+'_read' not in request.COOKIES or request.COOKIES[i+'_read'] != 'true':
# redirect('/eula?error='+i+'_read', 303)
if i not in request.params:
seterr('/eula', i)
setattr(request.user, i, True)
redirect('/', 303)
def do_comment(pid):
p = request.params
try:
po = Post.from_pid(pid)
except:
error(code=404)
if not p["comment"]:
seterr("/post/view/%s" % str(pid), "nocontent")
if Comment.select(Comment.q.user == request.user and Comment.q.content == p["comment"]).count() > 0:
seterr("/post/view/%s" % str(pid), "exists")
c = Comment(user=request.user, content=p["comment"], post=po)
redirect("/post/view/" + str(pid) + "#comment-" + str(c.id), 303)
def do_comment(pid):
p = request.params
try:
po = Post.from_pid(pid)
except:
error(code=404)
if not p['comment']:
seterr('/post/view/%s' % str(pid), 'nocontent')
if Comment.select(Comment.q.user == request.user and Comment.q.content == p['comment']).count() > 0:
seterr('/post/view/%s' % str(pid), 'exists')
c = Comment(user=request.user, content=p['comment'], post=po)
redirect('/post/view/' + str(pid) + '#comment-' + str(c.id), 303)
def do_webcheckin():
p = request.params
if 'confirm' not in p:
redirect('/webcheckin?error=notconfirmed', 303)
if request.user.did_webcheckin:
redirect('/webcheckin?error=alreadyused', 303)
station = Account.get_user('zombie_internet')
if not station:
redirect('/webcheckin?error=code499', 303)
try:
do_checkin(request.user, station)
except CheckInException, e:
err = e.message[::-1]
err = err[:err.find(' ')][::-1]
seterr('/webcheckin', err)
def do_create_post():
p = request.params
# content_e, content_f, title_e, title_f
if not p['content_e'] or not p['content_f'] or not p['title_e'] or not p['title_f']:
bottle.request.session.data = simplejson.dumps(p)
seterr('/post/create','missinginfo')
if 'allow_comments' in p:
p['allow_comments'] = True
else:
p['allow_comments'] = False
p = dict([(x,p[x]) for x in ['content_e','content_f','title_e','title_f','allow_comments']])
post = Post(allow_comments=p['allow_comments'])
for k in p:
setattr(post, k, p[k])
redirect('/post/view/' + str(post.id),303)
def do_create_post():
p = request.params
# content_e, content_f, title_e, title_f
if not p["content_e"] or not p["content_f"] or not p["title_e"] or not p["title_f"]:
bottle.request.session.data = simplejson.dumps(p)
seterr("/post/create", "missinginfo")
if "allow_comments" in p:
p["allow_comments"] = True
else:
p["allow_comments"] = False
p = dict([(x, p[x]) for x in ["content_e", "content_f", "title_e", "title_f", "allow_comments"]])
post = Post(allow_comments=p["allow_comments"])
for k in p:
setattr(post, k, p[k])
redirect("/post/view/" + str(post.id), 303)
def do_forgot_password():
email = request.params.get('email',None)
if not email:
seterr('/forgot_password', 'noemail')
u = Account.from_email(email)
if not u:
seterr('/forgot_password', 'nouser')
p = PasswordReset()
p.ttl = 24*60*60 # 24 hours
p.update_expires()
p.user = u
msg = MIMEText(i18n.i18n[get_session().language]['passemail']['body'] % p.skey)
msg['Subject'] = i18n.i18n[get_session().language]['passemail']['subject']
msg['From'] = '*****@*****.**'
s = smtplib.SMTP_SSL(Game.email_host, 465)
s.login(Game.email_user,Game.email_pass)
s.sendmail(msg['From'], [u.email], msg.as_string())
redirect('/forgot_password?result=success')
def do_find_user():
value = request.params['value']
cat = request.params['cat']
try:
p = None
if cat == 'email':
p = Player.from_email(value)
elif cat == 'twitter':
p = Player.from_twitter(value)
elif cat == 'cell':
p = Player.from_cell(value)
elif cat == 'student':
p = Player.from_student_num(int(value))
elif cat == 'game_id':
p = Player.from_game_id(value.upper())
except:
seterr('/users?cat=%s' % cat, 'nouser')
redirect('/user/%s' % p.username, 303)
def do_login():
usern = request.params['username']
passw = request.params['password']
user = Account.from_username(usern)
if not user:
seterr('/login','nouser')
if not user.verify_pass(passw):
seterr('/login','nouser')
sess = get_session()
# protect against session fixation
sess.destroySelf()
sess = get_session()
sess.user = user
if isinstance(user, Station):
sess.ttl = +(5*24*60*60)
sess.update_expires()
set_cookie(sess)
loc = request.environ.get('HTTP_REFERER', '/index')
if loc == '/':
loc = '/index'
response.set_header('Location', loc)
response.status = 303
return None
def do_add_user_checkin(name):
user = Account.get_user(name)
if not user:
error(code=404)
# no location or time
if not 'location' in request.params:
seterr('/user/%s/checkins' % user.username, 'noloc')
if not 'time' in request.params:
seterr('/user/%s/checkins' % user.username, 'notime')
# bad location
if not request.params['location'] in database.locations:
seterr('/user/%s/checkins' % user.username, 'badloc')
# bad time
time = None
try:
time = datetime.datetime.strptime(request.params['time'],'%Y-%m-%d %H:%M:%S')
except:
seterr('/user/%s/checkins' % user.username, 'badtime')
location = request.params['location']
Checkin(time=time,location=location,player=user)
redirect('/user/%s/checkins' % name, 303)
def do_add_user_checkin(name):
user = Account.get_user(name)
if not user:
error(code=404)
# no location or time
if not 'location' in request.params:
seterr('/user/%s/checkins' % user.username, 'noloc')
if not 'time' in request.params:
seterr('/user/%s/checkins' % user.username, 'notime')
# bad location
if not request.params['location'] in database.locations:
seterr('/user/%s/checkins' % user.username, 'badloc')
# bad time
time = None
try:
time = datetime.datetime.strptime(request.params['time'],
'%Y-%m-%d %H:%M:%S')
except:
seterr('/user/%s/checkins' % user.username, 'badtime')
location = request.params['location']
Checkin(time=time, location=location, player=user)
redirect('/user/%s/checkins' % name, 303)
def do_tag():
if 'taggee' not in request.params:
seterr('/tag','badinput')
if 'uid' not in request.params:
seterr('/tag','badinput')
if not Game.is_started:
seterr('/tag','game')
error = None
try:
kill = add_kill(request.user, request.params['taggee'], request.params['uid'])
except TagException, e:
if e.message == ops.EXC_NOTHUMAN:
error = 'nothuman'
elif e.message == ops.EXC_NOTZOMBIE:
error = 'notzombie'
elif e.message == ops.EXC_KITHUMAN:
error = 'kithuman'
elif e.message == ops.EXC_KITZOMBIE:
error = 'kitzombie'
elif e.message == ops.EXC_CHEATER:
error = 'duplicate'
else:
error = 'unknown'
except:
request.session.error = 'unknown'
return dict(error='unknown',mode='edit')
@route('/post/edit/:pid',method='POST')
@allow_auth
@lang
@require_auth
@require_role(Admin)
def do_edit_post(pid):
p = request.params
try:
post=Post.from_pid(pid)
except IndexError, e:
error(code=404)
except:
seterr(request.path, 'unknown')
if 'allow_comments' in p:
p['allow_comments'] = True
else:
p['allow_comments'] = False
p = dict([(x,p[x]) for x in ['content_e','content_f','title_e','title_f','allow_comments']])
p['time'] = datetime.datetime.now()
for i in p:
setattr(post, i, p[i])
redirect('/post/view/' + str(pid), 303)
@route('/post/delete/:pid')
@allow_auth
@require_auth
@require_role(Admin)
def do_delete_post(pid):
try:
def do_registration():
p = request.params
data = dict([(x, request.params[x]) for x in request.params.keys()])
del data['password_confirm']
# must rescue the question before it becomes obliterated by field-saving code
question = SkillTestingQuestion(request.session['question'])
request.session.data = simplejson.dumps(data)
for i in ['username', 'name', 'password', 'password_confirm', 'language', 'student_num', 'email', 'answer']:
if not p[i]:
seterr('/register','missinginfo')
if '/' in p['username']:
seterr('/register','noslash')
for i in ('liability', 'safety'):
# if i+'_read' not in request.COOKIES or request.COOKIES[i+'_read'] != 'true':
# redirect('/register?error='+i+'_read', 303)
if i not in request.params:
seterr('/register',i+'_err')
name = p['name']
username = p['username']
password = p['password']
language = p['language']
studentn = int(p['student_num'])
email = p['email']
twitter = None if not p['twitter'] else p['twitter'].replace('@','')
cell = p.get('cell', None)
answer = p['answer']
if not question.check(answer):
seterr('/register','badanswer')
user = (Account.from_username(username) or Player.from_student_num(studentn) or Account.from_email(email) or
Player.from_twitter(twitter) or Player.from_cell(cell))
if user:
seterr('/register','userexists')
u = None
try:
u = Player(name=name,username=username,hashed_pass=password,language=language,student_num=studentn,
email=email,twitter=twitter,cell=cell,liability=True,safety=True)
except dberrors.DuplicateEntryError, e:
seterr('/register', 'userexists')
kill = add_kill(request.user, request.params['taggee'], request.params['uid'])
except TagException, e:
if e.message == ops.EXC_NOTHUMAN:
error = 'nothuman'
elif e.message == ops.EXC_NOTZOMBIE:
error = 'notzombie'
elif e.message == ops.EXC_KITHUMAN:
error = 'kithuman'
elif e.message == ops.EXC_KITZOMBIE:
error = 'kitzombie'
elif e.message == ops.EXC_CHEATER:
error = 'duplicate'
else:
error = 'unknown'
if error:
seterr('/tag', error)
else:
redirect(request.environ.get('HTTP_REFERER','/'), 303)
@route('/webcheckin')
@mview('webcheckin')
@allow_auth
@lang
@require_auth
@require_role(Player)
def view_webcheckin():
return dict()
@route('/webcheckin',method='POST')
@allow_auth
@require_auth
@require_role(Player)
def do_itemail():
email = bottle.request.params.get('itemail', None)
if not email:
seterr('/game', 'noemail')
Game.it_email = email
redirect('/game', 303)
def do_hrsbc():
hours = bottle.request.params.get('hrsbc', None)
if not hours:
seterr('/game', 'notime')
Game.hours_between_checkins = int(hours)
redirect('/game', 303)
def do_rego():
r_t = bottle.request.params.get('rego', None)
if not r_t:
seterr('/game', 'notime')
Game.game_rego = datetime.datetime.strptime(r_t,'%Y-%m-%d %H:%M:%S')
redirect('/game', 303)
def do_countdown():
c_t = bottle.request.params.get('count_time', None)
if not c_t:
seterr('/game', 'notime')
Game.countdown_time = datetime.datetime.strptime(c_t,'%Y-%m-%d %H:%M:%S')
redirect('/game', 303)
def do_shotgun_email():
request.session.data = simplejson.dumps(dict([(x, request.params[x]) for x in request.params.keys()]))
msg = request.params.get('msg', None)
subject = request.params.get('subject', None)
from_ = request.params.get('from', None)
if msg == '' or msg is None:
seterr('/email', 'nomsg')
msg = MIMEText(msg)
if subject == '' or subject is None:
seterr('/email', 'nosubj')
msg['Subject'] = subject
if from_ == '' or from_ is None:
seterr('/email', 'nofrom')
msg['From'] = from_
if request.params['target'] == 'humans':
to = [x.email for x in Player.humans]
elif request.params['target'] == 'zombies':
to = [x.email for x in Player.zombies]
elif request.params['target'] == 'active':
to = [x.email for x in Player.users]
elif request.params['target'] == 'inactive':
to = [x.email for x in Player.select(Player.q.signedin == False).filter(Player.q.username != 'military.militaire')]
elif request.params['target'] == 'all':
to = [x.email for x in Player.select(Player.q.username != 'military.militaire')]
s = None
try:
s = smtplib.SMTP_SSL(Game.email_host,465)
except:
seterr('/email', 'nocon')
try:
s.login(Game.email_user,Game.email_pass)
except:
seterr('/email', 'badlogin')
try:
s.sendmail(msg['From'], ['*****@*****.**'] + to, msg.as_string())
except:
seterr('/email', 'nosend')
redirect('/', 303)
return dict(error="unknown", mode="edit")
@route("/post/edit/:pid", method="POST")
@allow_auth
@lang
@require_auth
@require_role(Admin)
def do_edit_post(pid):
p = request.params
try:
post = Post.from_pid(pid)
except IndexError, e:
error(code=404)
except:
seterr(request.path, "unknown")
if "allow_comments" in p:
p["allow_comments"] = True
else:
p["allow_comments"] = False
p = dict([(x, p[x]) for x in ["content_e", "content_f", "title_e", "title_f", "allow_comments"]])
p["time"] = datetime.datetime.now()
for i in p:
setattr(post, i, p[i])
redirect("/post/view/" + str(pid), 303)
@route("/post/delete/:pid")
@allow_auth
@require_auth
@require_role(Admin)
