def register(self, password,email):
session = EVCstate(trust=True)
charname = None
if 'Eve-Charname' in dict(cherrypy.request.headers):
charname = cherrypy.request.headers['Eve-Charname']
if charname is None:
return evec_func.simple_error("No username found?")
if password == "":
return evec_func.simple_error("Please specify a password")
if '@' not in email:
return evec_func.simple_error("Please specify a semi-valid email address")
db = evec_func.db_con()
password = password.strip()
r = User.register(db, password,email)
if r is False:
db.close()
return evec_func.simple_error("Error: Registration error. You may already be registered or the system messed up")
User.login(db, session, charname, password)
emit_redirect('/users/')
return """<html><head><title>Hi</title></head><body>
def login(self, username, password):
session = EVCstate(trust=True)
db = evec_func.db_con()
res = None
r = User.login(db, session, username, password)
if r is not False:
if 'isigb' not in session or not session['isigb']:
emit_redirect('/users/index.html')
res = "<html><head><title>Logged in</title></head><body>"
res += "Logged in! Go to <a href=/users/index.html>user home</a>. You are getting this page because the IGB does not know how to redirect."
res += "</body></html>"
session['user'] = r
else:
res = "<html><head><title>Login failed</title></head><body>"
res += "Your login failed due to a bad password or username."
res += "<form method=GET action=/users/passreset.html>Send a reset email for the user " + username
res += " to the email address <input type=text name=uemail> (must match email on file!)"
res += "<input type=hidden name=username value=\""+username+"\"><input type=submit value=Send>"
res += "</form>"
res += "</body></html>"
db.close()
return res
def setapikeys(self, full_apikey = None, apiuserid = None, error = 0):
session = EVCstate(trust=True)
db = evec_func.db_con()
user = User.get(session, db)
if not user.valid:
return
t = display.template('user_setapikeys.tmpl', session)
t.errormsg = ""
t.full_apikey = user.full_apikey
t.apiuserid = user.apiuserid
if full_apikey is not None and full_apikey != "":
user.full_apikey = full_apikey
user.apiuserid = apiuserid
session['user'] = user
user.update_user(db)
session.save()
t.full_apikey = user.full_apikey
t.apiuserid = user.apiuserid
if error == 1:
t.errormsg = "We couldn't access the API services with the keys below - please double check your input"
return t.respond()
def view_page(self, ticker, page="index", retry = True):
session = EVCstate(trust=True)
db = evec_func.db_con()
user = User.get(session, db)
corp = None
if user.valid:
corp = Corp(db, user.corpid)
cur = db.cursor()
cur.execute("SELECT corps.corpid,contents,title,view,edit FROM corppages,corps WHERE corppages.corpid = corps.corpid AND corps.ticker = %s AND corppages.pagename = %s",
[ticker,page])
r = cur.fetchone()
if r:
view = r[3]
page_corp = Corp(db, long(r[0]))
t = display.template('corpviewpage.tmpl', session)
t.canedit = False
print view
if user.valid:
if view == "corp only" and not long(r[0]) == corp.corpid and not user.ismember:
return evec_func.simple_error("You are not authorized to view this page")
if view == "director only" and not long(r[0]) == corp.corpid and not user.isdirector:
return evec_func.simple_error("You are not authorized to view this page")
t.canedit = user.isdirector and long(r[0]) == corp.corpid
else:
if view != "public":
return evec_func.simple_error("You are not authorized to view this page.")
t.pcontents = r[1]
t.ptitle = r[2]
t.view = r[3]
t.pagename = page
t.pedit = r[4]
t.corp = page_corp
db.close()
return t.respond()
else:
if retry:
return self.view_page(ticker, page[:-5], retry = False)
db.close()
return evec_func.simple_error("No such page: " + ticker + " page " + page)
def changepw(self, oldpw, newpw, newpw2):
session = EVCstate(trust=True)
db = evec_func.db_con()
if newpw != newpw2:
return evec_func.simple_error("Passwords do not match")
u = User.get(session, db)
u.change_pw(db, oldpw,newpw)
emit_redirect('/users/')
db.close()
def userlogin(self, username, password):
db = evec_func.db_con()
cur = db.cursor()
cur.execute('SELECT userid FROM users WHERE username = %s AND password = md5(%s)',
[username, User.salt(password, username)])
r = cur.fetchone()
if r:
return str(r[0])
else:
return '-1'
db.close()
def advertise(self):
session = EVCstate(self, trust=True)
db = evec_func.db_con()
user = User.get(session, db)
if not user.valid:
return evec_func.simple_error("Not logged in")
if not user.isdirector:
return evec_func.simple_error("Not enough priveleges")
ucorp = Corp(db,user.corpid)
t = display.template('corpmanage.tmpl', session)
t.corp = ucorp
return t.respond()
def register(self):
session = EVCstate(trust=True)
db = evec_func.db_con()
user = User.get(session, db)
if user.valid is False:
db.close()
return evec_func.simple_error("Not logged in")
if user.isdirector != 1:
db.close()
return evec_func.simple_error("Not director - only directors can do that")
r = Corp.create(db, user.corpid, user.corporation)
if r is False:
db.close()
return evec_func.simple_error("Corp exists")
emit_redirect('/corps/')
db.close()
def index(self, message=""):
session = EVCstate(trust=True)
db = evec_func.db_con()
user = User.get(session, db)
if user.valid is False:
t = display.template('registerlogin.tmpl', session)
if 'Eve-Charname' in dict(cherrypy.request.headers):
t.charname = cherrypy.request.headers['Eve-Charname']
else:
t.charname = ""
else:
t = display.template('usermain.tmpl', session)
t.charname = user.username
t.message = message
t.user = user
hdump = ""
for name in dict(cherrypy.request.headers):
hdump = hdump + name + ":" + cherrypy.request.headers[name] + "<br>"
return t.respond() + hdump
def manage(self, set = 0, description = "", join_password = "", headquarters = "", ticker = ""):
session = EVCstate(trust=True)
db = evec_func.db_con()
user = User.get(session, db)
if not user.valid:
return evec_func.simple_error("Not logged in")
if not user.isdirector:
return evec_func.simple_error("Not enough priveleges")
ucorp = Corp(db,user.corpid)
if set:
ucorp.description = description
ucorp.headquarters = headquarters
ucorp.join_password = join_password
ucorp.ticker = ticker
ucorp.update(db)
t = display.template('corpmanage.tmpl', session)
t.corp = ucorp
return t.respond()
def passreset(self, username, uemail):
session = EVCstate(trust=True)
db = evec_func.db_con()
u = User.get(session, db)
email = u.get_email(db, username)
if email is False:
r = "<html><head><title>Password reset failed</title></head><body>"
r+= "Password reset failed. Please check your email address. "
r += "</body></html>"
db.close()
return r
if uemail.lower() != email.lower():
r = "<html><head><title>Email not match</title></head>"
r = "<body>The email address provided does not match the one on file - process aborted.</body></html>"
db.close()
return r
if email:
newpass = str(random.randint(10000,9000000))
msg = "Subject: EVE-Central.com Password Reset\nTo: " + email + "\nFrom: EVE-Central.com <*****@*****.**>\n\nThe password for username " + username + " has been reset to " + newpass
u.change_pw_name(db, username, newpass)
server = smtplib.SMTP('localhost')
server.sendmail("*****@*****.**", email, msg)
r = "<html><head><title>Password reset</title></head><body>"
r += "Password reset mail sent. Please check your inbox. Go to <a href=/users/>user home</a>"
r += "</body></html>"
db.close()
return r
def index(self, join_password = None):
session = EVCstate(trust=True)
db = evec_func.db_con()
user = User.get(session, db)
t = display.template('corpmain.tmpl', session)
ucorp = None
if user.valid:
ucorp = Corp(db,user.corpid)
if join_password:
if ucorp.join_password == join_password:
user.make_member(db)
session.save()
t.can_create = False
t.ucorp = ucorp
if user.valid and (user.ismember or ucorp.join_password == ''):
if user.isdirector:
if not ucorp.exists:
t.can_create = True
t.corp = user.corporation
t.corpid = user.corpid
t.ismember = 1
t.user = user
elif user.valid and not user.ismember:
t.corp = user.corporation
t.corpid = user.corpid
t.user = user
t.ismember = 0
else:
t.corp = None
t.corpid = None
t.can_create = False
t.user = None
t.ismember = 0
cur = db.cursor()
cur.execute("SELECT corpname,description,headquarters,ticker,corpid FROM corps WHERE ticker IS NOT NULL AND ticker != '' ORDER BY corpname")
r = cur.fetchone()
corps = []
while r:
c = {}
c['corpname'] = r[0]
c['description'] = r[1]
c['headquarters'] = r[2]
c['ticker'] = r[3]
corpid = r[4]
ccheck = db.cursor()
ccheck.execute("SELECT contents FROM corppages WHERE corpid = %s", [corpid])
rc = ccheck.fetchone()
if rc[0] == "Placeholder text - this corporation has not yet provided a webpage":
pass
else:
corps.append(c)
r = cur.fetchone()
t.corps = corps
return t.respond()
def edit_page(self, page, delete=None, create = None, set=None, contents = "", title = "", view = "public"):
session = EVCstate(trust=True)
db = evec_func.db_con()
user = User.get(session, db)
if not user.isdirector:
return
corp = Corp(db, user.corpid)
cur = db.cursor()
if delete and page != "index":
cur.execute("DELETE FROM corppages WHERE pagename = %s AND corpid = %s AND pagename != 'index'",
[page, user.corpid])
db.commit()
page = 'index'
if create and page:
found = False
try:
page.index('.')
found = True
except:
pass
try:
page.index('/')
found = True
except:
pass
try:
page.index(' ')
found = True
except:
pass
if found:
return evec_func.simple_error( "Invalid page name. No ., /, spaces")
cur.execute("INSERT INTO corppages (pagename, corpid, title, contents, view) VALUES (%s, %s, 'New page', 'Type stuff here', 'public')",
[page, user.corpid])
db.commit()
if set:
cur.execute("UPDATE corppages SET contents = %s, title = %s, view = %s, edit = NOW() WHERE pagename = %s AND corpid = %s",
[contents, title, view, page, user.corpid])
db.commit()
cur.execute("SELECT contents,title,view,edit FROM corppages WHERE corppages.corpid = %s AND corppages.pagename = %s",
[corp.corpid,page])
r = cur.fetchone()
if r:
t = display.template('corpeditpage.tmpl', session)
t.pcontents = r[0]
t.ptitle = r[1]
t.view = r[2]
t.pagename = page
t.pedit = r[3]
t.corp = corp
pages = []
cur.execute("SELECT pagename FROM corppages WHERE corpid = %s", [user.corpid])
r = cur.fetchone()
while r:
pages.append(r[0])
r = cur.fetchone()
t.pages = pages
db.close()
return t.respond()
