def auth():
import ConfigParser
section = 'Login'
key = 'showPassword'
if request.method == 'POST' and 'password' in request.form:
# Save show password preference in editor config
showPassword = True if 'showPassword' in request.form else False
try:
config = ConfigParser.SafeConfigParser()
config.optionxform = str # Don't convert to lower case
config.read(CONFIG_FILE)
if not config.has_section(section):
config.add_section(section)
config.set(section, key, str(showPassword))
with open(CONFIG_FILE, 'wb') as configfile:
config.write(configfile)
except Exception, e:
print '## auth save_pref ## Unexpected error: %s' % str(e)
# Validate password
pw = request.form['password']
hash = get_hash('root')
salt = hash[0:2]
if crypt(pw, salt) == hash:
if login_user(USER_NAMES['rascal']):
flash('Logged in!')
return redirect(request.args.get('next') or '/')
else:
flash('Sorry, but you could not log in.')
else:
flash('Sorry, but you could not log in.')
def read_dic(pwd):
## initialize pwd_match_flag to 0
pwd_match_flag = 0
## salt value is first 2 characters of the pwd
salt = pwd[:2]
print('salt "' + salt + '"')
## open dictionary and crypt each password using the salt value
dic = open('HW3dictionary.txt', 'r')
for d in dic:
d = d.strip()
# using crypt from hcrypt, create an encrypted password valueusing the derived salt value
hpwd = fcrypt.crypt(d, salt)
# not required to print all passwords
#print(d," : ",hpwd)
## compare each derived encrypted password with the pwd to obtain the unencrypted value
if pwd == hpwd:
# set pwd_match_flag to 1
pwd_match_flag = 1
print('pwd matched to "' + d + '"')
break
if pwd_match_flag == 0:
print("no password was found")
def checkPassword(hashedpw):
salt = hashedpw[0:2] #first 2 characters give salt, per spec
dictFile = open('HW1-dictionary.txt', 'r')
for word in dictFile.readlines():
word = word.rstrip()
cryptWord = crypt(word, salt)
if (cryptWord == hashedpw):
print "*** Found Password: "******" *** \n"
return True
print "Password Not Found.\n"
return False
def test_pass(crypt_pass, encryption):
dict_file = open('dictionary.txt', 'r')
for word in dict_file.readlines():
word = word.strip('\n')
if(encryption == 'crypt'):
salt = crypt_pass[0:2]
crypt_word = fcrypt.crypt(word, salt)
elif(encryption == 'sha512'):
crypt_word = hashlib.sha512(word).hexdigest()
if(crypt_word == crypt_pass):
print "[+] Found Password: "******"\n"
return
print "[-] Password Not Found. \n"
def encrypt(password):
"""
Used to create a password that can be stored safely somewhere.
:param password: This is the plain text password.
:returns: the result of an fcrypt.crypt(...) call.
"""
if not password:
return ValueError("The password is not a valid string!")
return fcrypt.crypt(password, "cE")
def setExportPWD(self, password):
context = self.context.aq_inner
enc_pwd = crypt(password, 'ad')
root_path = '/var/everydo-frs%s' % '/'.join(context.getPhysicalPath())
if not os.path.exists(root_path):
os.makedirs(root_path, 0777)
path = root_path + '/.htaccess'
htaccess = """<IfDefine neverdefine>
export:%s
</IfDefine>
AuthUserFile %s"""
htaccess = htaccess % (enc_pwd, path)
f = open(path, 'w')
f.write(htaccess)
plone_utils = getToolByName(context, 'plone_utils')
plone_utils.addPortalMessage('导出数据访问密码已经成功设置,请进行第三步。', 'info')
return self.request.response.redirect(self.context.absolute_url()+'/@@@@prefs_export_data')
def setExportPWD(self, password):
context = self.context.aq_inner
enc_pwd = crypt(password, 'ad')
root_path = '/var/everydo-frs%s' % '/'.join(context.getPhysicalPath())
if not os.path.exists(root_path):
os.makedirs(root_path, 0777)
path = root_path + '/.htaccess'
htaccess = """<IfDefine neverdefine>
export:%s
</IfDefine>
AuthUserFile %s"""
htaccess = htaccess % (enc_pwd, path)
f = open(path, 'w')
f.write(htaccess)
plone_utils = getToolByName(context, 'plone_utils')
plone_utils.addPortalMessage('导出数据访问密码已经成功设置,请进行第三步。', 'info')
return self.request.response.redirect(self.context.absolute_url() +
'/@@@@prefs_export_data')
def password_check(password, hashed):
"""
Used to check if the given password is equal to given encrypted password.
:param password: This is the plain text password.
:param arg2: This is the encrypted value, created from an
earlier call to encrypt().
:returns: True | False to say whether the passwords
match | don't match.
"""
if not password:
return False
if not hashed:
return False
mhash = fcrypt.crypt(password, "cE")
get_log().debug("crypt_check: given hash<%s> generated hash <%s>" % (hashed, mhash))
return hashed == mhash
def auth():
import configparser
section = 'Login'
key = 'showPassword'
if request.method == 'POST' and 'password' in request.form:
# Save show password preference in editor config
showPassword = True if 'showPassword' in request.form else False
try:
config = ConfigParser.SafeConfigParser()
config.optionxform = str # Don't convert to lower case
config.read(CONFIG_FILE)
if not config.has_section(section):
config.add_section(section)
config.set(section, key, str(showPassword))
with open(CONFIG_FILE, 'wb') as configfile:
config.write(configfile)
except Exception as e:
print('## auth save_pref ## Unexpected error: {0}'.format(e))
# Validate password
pw = request.form['password']
hash = get_hash('root')
salt = hash[3:11]
if crypt(pw, '$6$' + salt) == hash:
if login_user(USER_NAMES['rascal']):
flash('Logged in!')
return redirect(request.args.get('next') or '/')
else:
flash('Sorry, but you could not log in.')
else:
flash('Sorry, but you could not log in.')
# Get show password preference
config = configparser.SafeConfigParser()
config.read(CONFIG_FILE)
try:
showPassword = config.getboolean(section, key)
except (configparser.NoSectionError, configparser.NoOptionError):
showPassword = False
# Set type of password input element (auth page uses this to sets checkbox state)
pwtype = 'text' if showPassword else 'password'
return render_template('auth.html', home=HOME, type=pwtype)
def _check_passwd(user_passwd, real_passwd): return real_passwd == fcrypt.crypt(user_passwd, real_passwd[:2])
def realEncode(self, data): if self._salt == None: return fcrypt.crypt(data, data[:2]) return fcrypt.crypt(data, self._salt)
def ckpw(pwd, crpwd):
pwd = pwd[:8]
if crpwd == crypt(pwd, crpwd[:2]):
return 1
return 0
def realEncode(self, data): if self._salt == None: return fcrypt.crypt(data, data[:2]) return fcrypt.crypt(data, self._salt)
def realTransform(self, data): if self._salt == None: return fcrypt.crypt(data, data[:2]) return fcrypt.crypt(data, self._salt)
import sys import fcrypt import string import random password = sys.argv[0] salt = ''.join(random.sample(string.ascii_letters, 2)) protected_password = fcrypt.crypt(password, salt) print protected_password
def _check_passwd(user_passwd, real_passwd):
return real_passwd == fcrypt.crypt(user_passwd, real_passwd[:2])
def genpw(pwd):
pwd = pwd[:8]
salt = random.choice(_saltchrs) + random.choice(_saltchrs)
return crypt(pwd, salt)
