def registerUser(req, uname, pwd, email, fname, mname, lname):
a = doSql()
b = cgi.escape(uname)
c = cgi.escape(email)
d = cgi.escape(fname)
e = cgi.escape(mname)
g = cgi.escape(lname)
salt = form.generateSalt()
hashPass = form.encryptPass(salt, pwd)
# stored proc for this. update user accounts with new parent account.
f = a.execqry(
"SELECT addparent('"
+ b
+ "','"
+ salt
+ "','"
+ hashPass
+ "','"
+ d
+ "','"
+ e
+ "','"
+ g
+ "','"
+ c
+ "')",
True,
)[0][0]
return f
def changepassword(req, oldpass, newpass):
session = Session.Session(req)
a = doSql()
x = a.execqry("select getsalt('" + session["id"] + "')", False)[0][0]
oldsalt = str(x)
newsalt = form.generateSalt()
oldhash = form.encryptPass(oldsalt, oldpass)
newhash = form.encryptPass(newsalt, newpass)
f = a.execqry(
"SELECT change_password('" + session["id"] + "','" + oldhash + "','" + newhash + "','" + newsalt + "')", True
)[0][0]
if f == "true":
return "success"
else:
return "invalid password"
def resetpassword(req, username):
session = Session.Session(req)
a = doSql()
randPassword = os.urandom(5)
newsalt = form.generateSalt()
newhash = form.encryptPass(newsalt, randPassword)
f = a.execqry("SELECT resetpass('" + username + "','" + newsalt + "','" + newhash + "')", True)[0][0]
if f == "true":
i = a.execqry("select getid('" + username + "')", False)[0][0]
e = a.execqry("select getemail('" + str(i) + "')", False)[0][0]
useremail = str(e)
form.sendemail(
from_addr="*****@*****.**",
to_addr_list=[useremail],
cc_addr_list=[useremail],
subject="Password Reset",
message="Your new password is " + randPassword,
login="******",
password="******",
)
return "sucess"
else:
return "user does not exist"
