#! /usr/bin/python import func import config con = func.sql_connect(config.DB_FILE) print("Erstelle ergebnis tabelle") func.sql( con, '''CREATE TABLE ergebnisse ( url varchar(255) NOT NULL, created timestamp NOT NULL DEFAULT CURRENT_TIMESTAMP )''') func.sql_close(con)
#! /usr/bin/python import func as f con = f.sql_connect('/root/lib/pyRSS/pyRSS.db') print(f.sql(con, "SELECT * FROM ergebnisse")) f.sql_close(con)
#! /usr/bin/python import func as f con = f.sql_connect('/root/lib/pyRSS/pyRSS.db') print(f.sql(con,"SELECT * FROM ergebnisse")) f.sql_close(con)
def requests(self,post={},get={}): global conf access = False self.send_response(200) self.head.write("<head>") self.body.write("<body>") lite = func.sql_connect(conf['db_path']) if 'uName' in post and 'uPass' in post: # holt User anhand des usernamens ipaddr = func.no_inject(self.client_address[0]) blocktime = func.timestamp(conf['ipblock']) log = func.sql(lite,"SELECT timecode FROM log WHERE ipAddr = '%s' AND answere = 'X' AND timecode > '%s'" % (ipaddr,blocktime)) print(log) if(len(log) < 3): que = "SELECT uPass, uSalt, uID FROM users WHERE uName LIKE '%s'" % post["uName"][0] data = func.sql(lite,que) if len(data) == 1: # Prüft ob Passwort stimmt nMD5 = "%s%s" % (post["uPass"][0],data[0][1]) if func.md5(nMD5) == data[0][0]: # erstelle neues uSalt und uPass uSalt = func.random(75) nMD5 = "%s%s" % (post["uPass"][0],uSalt) uPass = func.md5(nMD5) session = func.random(32) expire = func.timestamp(conf['expire']) que = "UPDATE users SET uSalt = '%s',uPass='******',uSession='%s',expire='%s'" % (uSalt,uPass,session,expire) if func.sql(lite,que): # db update erfolgreich session = session access = True else: # update fehlgeschlagen self.body.write('''<p>Schreiben in DB Fehlgeschlagen</p>''') else: # Passwort stimmt nicht self.body.write('''<p>Passwort nicht Korrekt</p>''') dellog = func.timestamp(conf['dellog']) now = func.timestamp() func.sql(lite,"DELETE FROM log WHERE timecode < '%s';" % dellog) func.sql(lite,"INSERT INTO log (tokenID, answere, timecode, ipAddr) VALUES ('fffffffffffffffffffffffffffffffff','X','%s','%s')" % (now,ipaddr)); else: #user existiert nicht self.body.write('''<p>User nicht Korrekt</p>''') dellog = func.timestamp(conf['dellog']) now = func.timestamp() func.sql(lite,"DELETE FROM log WHERE timecode < '%s';" % dellog) func.sql(lite,"INSERT INTO log (tokenID, answere, timecode, ipAddr) VALUES ('fffffffffffffffffffffffffffffffff','X','%s','%s')" % (now,ipaddr)); else: #ip gesperrt self.body.write('''<p>Die IP-Adresse wurde gesperrt</p>''') else: #token prüfen und gleich expire erneuern print(get) if 's' in get: if "logout" in get: expire = '0000-00-00- 00:00:00' else: expire = func.timestamp(conf['expire']) now = func.timestamp() session = func.no_inject(get['s']) que = "UPDATE users SET expire='%s' WHERE uSession = '%s'" % (expire,session) print(que) if func.sql(lite,que): if "logout" in get: self.body.write('''<p>Session beendet.</p>''') access = False else: access = True else: # Token abgelaufen self.body.write('''<p>Session abgelaufen</p>''') else: # Token nicht existent self.body.write('''<p>Keine Session gefunden</p>''') #TODO pass # Content if access == True: # hier kommt alles rein was nur erreichbar ist, wenn man angemeldet ist # Navigation navi = '''<a href="/stats/index/s/%s">Statistik</a> <a href="/user/list/s/%s">Userliste</a> <a href="/user/create/s/%s">User erstellen</a> <a href="/logout/index/s/%s">Logout</a> <hr/>''' % (session,session,session,session) self.body.write(navi) if 'user' in get: if get["user"] == '': get["user"] = '******' if get["user"] == 'create': if "submit" in post: #TODO pass else: content = '''<form action="/user/create/s/%s" method="post">Name<input type="text" name="uName" /><br/>Passwort <input type="password" name="uPass" />(Nur ausfüllen, wenn der user admin zugriff haben soll.)<br/><input type="submit" name="submit" value="Erstellen" /></form>''' % session self.body.write(content) if get["user"] == 'edit': pass #TODO if get["user"] == 'del': pass #TODO if get["user"] == 'detail': pass #TODO if get["user"] == 'list': pass #TODO if "token" in get: #token list gibts in user details schon #token create #token deleter pass if "log" in get: #todo pass else: # hier sieht man nur wenn man abgemeldet ist # Navigation self.body.write(''' <a href="/stats">Statistik</a> <a href="/login">Login</a> <hr/>''') if "login" in get: self.body.write('''<form action="" method="post"> User: <input type="text" name="uName" /><br/> Pass: <input type="password" name="uPass" /></br> <input type="submit" name="submit" value="Login" /> </form>''') #TODO self.body.write('''Abgemeldet''') if "stats" in get: self.body.write("stats chosen"); pass #TODO tmp = urlsplit(self.path) print(tmp.path) if tmp.path == "/favicon.ico": #todo self.send_header('Content-Type','image/ico') self.end_headers() with open('favicon.ico', 'rb') as f: self.wfile.write(f.read()) f.close pass if "style.css" in get: pass #todo #Aufräumen func.sql_close(lite); self.body.write("</body></html>")
print "Erstelle log tabelle" func.sql(con,'''CREATE TABLE log ( tokenID varchar(32) NOT NULL, answere varchar(1) NOT NULL , timecode timestamp NOT NULL DEFAULT CURRENT_TIMESTAMP, ipAddr varchar(42) NULL DEFAULT '' )''') print "Erstelle token tabelle" func.sql(con,'''CREATE TABLE token ( tID varchar(32) NOT NULL, userID int(11) NOT NULL, tKey varchar(32) NOT NULL, tActive int(1) NOT NULL DEFAULT '1' )''') print "Erstelle users Tabelle" func.sql(con,'''CREATE TABLE users ( uID INTEGER PRIMARY KEY AUTOINCREMENT, uName varchar(35) NOT NULL, uPass varchar(32) NOT NULL, uSalt varchar(75) NOT NULL, uSession varchar(32) NOT NULL, uActive int(1) NOT NULL DEFAULT 1, expire timestamp NOT NULL DEFAULT '0000-00-00 00:00:00' );''') print "Erstelle pi:raspberry User" func.sql(con,'''INSERT INTO users (uName, uPass, uSalt,uSession) VALUES ('pi','b89749505e144b564adfe3ea8fc394aa','','')''') func.sql_close(con)
def requests(self, post={}, get={}): global conf access = False self.send_response(200) self.head.write("<head>") self.body.write("<body>") lite = func.sql_connect(conf['db_path']) if 'uName' in post and 'uPass' in post: # holt User anhand des usernamens ipaddr = func.no_inject(self.client_address[0]) blocktime = func.timestamp(conf['ipblock']) log = func.sql( lite, "SELECT timecode FROM log WHERE ipAddr = '%s' AND answere = 'X' AND timecode > '%s'" % (ipaddr, blocktime)) print(log) if (len(log) < 3): que = "SELECT uPass, uSalt, uID FROM users WHERE uName LIKE '%s'" % post[ "uName"][0] data = func.sql(lite, que) if len(data) == 1: # Prüft ob Passwort stimmt nMD5 = "%s%s" % (post["uPass"][0], data[0][1]) if func.md5(nMD5) == data[0][0]: # erstelle neues uSalt und uPass uSalt = func.random(75) nMD5 = "%s%s" % (post["uPass"][0], uSalt) uPass = func.md5(nMD5) session = func.random(32) expire = func.timestamp(conf['expire']) que = "UPDATE users SET uSalt = '%s',uPass='******',uSession='%s',expire='%s'" % ( uSalt, uPass, session, expire) if func.sql(lite, que): # db update erfolgreich session = session access = True else: # update fehlgeschlagen self.body.write( '''<p>Schreiben in DB Fehlgeschlagen</p>''') else: # Passwort stimmt nicht self.body.write('''<p>Passwort nicht Korrekt</p>''') dellog = func.timestamp(conf['dellog']) now = func.timestamp() func.sql( lite, "DELETE FROM log WHERE timecode < '%s';" % dellog) func.sql( lite, "INSERT INTO log (tokenID, answere, timecode, ipAddr) VALUES ('fffffffffffffffffffffffffffffffff','X','%s','%s')" % (now, ipaddr)) else: #user existiert nicht self.body.write('''<p>User nicht Korrekt</p>''') dellog = func.timestamp(conf['dellog']) now = func.timestamp() func.sql(lite, "DELETE FROM log WHERE timecode < '%s';" % dellog) func.sql( lite, "INSERT INTO log (tokenID, answere, timecode, ipAddr) VALUES ('fffffffffffffffffffffffffffffffff','X','%s','%s')" % (now, ipaddr)) else: #ip gesperrt self.body.write('''<p>Die IP-Adresse wurde gesperrt</p>''') else: #token prüfen und gleich expire erneuern print(get) if 's' in get: if "logout" in get: expire = '0000-00-00- 00:00:00' else: expire = func.timestamp(conf['expire']) now = func.timestamp() session = func.no_inject(get['s']) que = "UPDATE users SET expire='%s' WHERE uSession = '%s'" % ( expire, session) print(que) if func.sql(lite, que): if "logout" in get: self.body.write('''<p>Session beendet.</p>''') access = False else: access = True else: # Token abgelaufen self.body.write('''<p>Session abgelaufen</p>''') else: # Token nicht existent self.body.write('''<p>Keine Session gefunden</p>''') #TODO pass # Content if access == True: # hier kommt alles rein was nur erreichbar ist, wenn man angemeldet ist # Navigation navi = '''<a href="/stats/index/s/%s">Statistik</a> <a href="/user/list/s/%s">Userliste</a> <a href="/user/create/s/%s">User erstellen</a> <a href="/logout/index/s/%s">Logout</a> <hr/>''' % (session, session, session, session) self.body.write(navi) if 'user' in get: if get["user"] == '': get["user"] = '******' if get["user"] == 'create': if "submit" in post: #TODO pass else: content = '''<form action="/user/create/s/%s" method="post">Name<input type="text" name="uName" /><br/>Passwort <input type="password" name="uPass" />(Nur ausfüllen, wenn der user admin zugriff haben soll.)<br/><input type="submit" name="submit" value="Erstellen" /></form>''' % session self.body.write(content) if get["user"] == 'edit': pass #TODO if get["user"] == 'del': pass #TODO if get["user"] == 'detail': pass #TODO if get["user"] == 'list': pass #TODO if "token" in get: #token list gibts in user details schon #token create #token deleter pass if "log" in get: #todo pass else: # hier sieht man nur wenn man abgemeldet ist # Navigation self.body.write(''' <a href="/stats">Statistik</a> <a href="/login">Login</a> <hr/>''') if "login" in get: self.body.write('''<form action="" method="post"> User: <input type="text" name="uName" /><br/> Pass: <input type="password" name="uPass" /></br> <input type="submit" name="submit" value="Login" /> </form>''') #TODO self.body.write('''Abgemeldet''') if "stats" in get: self.body.write("stats chosen") pass #TODO tmp = urlsplit(self.path) print(tmp.path) if tmp.path == "/favicon.ico": #todo self.send_header('Content-Type', 'image/ico') self.end_headers() with open('favicon.ico', 'rb') as f: self.wfile.write(f.read()) f.close pass if "style.css" in get: pass #todo #Aufräumen func.sql_close(lite) self.body.write("</body></html>")
def requests(self,post={},get={}): global conf html = False access = False self.send_response(200) self.send_header('Content-Type','text/html') self.end_headers() if 'style.css' not in get.keys() and 'favicon.ico' not in get.keys(): html = True self.wfile.write(bytes("<html><head><title>Web-Administration Zuul</title><link href='/style.css' type='text/css' rel='stylesheet'/></head><body>","UTF-8")) lite = func.sql_connect(conf['db_path']) # session erzeugen if bytes('u',"UTF-8") in post.keys() and bytes('p',"UTF-8") in post.keys(): # holt User anhand des usernamens ipaddr = func.no_inject(self.client_address[0]) blocktime = func.timestamp(conf['ipblock']) log = func.sql(lite,"SELECT timecode FROM log WHERE addInfo = '%s' AND answere = 'X' AND timecode > '%s'" % (ipaddr,blocktime)) if(len(log) < 5): que = "SELECT uPass, uSalt, uID FROM users WHERE uName LIKE '%s'" % post[b"u"][0].decode("utf-8") print(que) data = func.sql(lite,que) if len(data) == 1: # Prüft ob Passwort stimmt nMD5 = "%s%s" % (post[b"p"][0].decode("utf-8") ,data[0][1]) if func.md5(nMD5) == data[0][0]: # erstelle neues uSalt und uPass uSalt = func.random(75) nMD5 = "%s%s" % (post[b"p"][0].decode("utf-8") ,uSalt) uPass = func.md5(nMD5) session = func.random(32) expire = func.timestamp(conf['expire']) que = "UPDATE users SET uSalt = '%s',uPass='******',uSession='%s',expire='%s'" % (uSalt,uPass,session,expire) if func.sql(lite,que): # db update erfolgreich session = session access = True else: # update fehlgeschlagen self.wfile.write(bytes('''<p>Schreiben in DB Fehlgeschlagen</p>''',"UTF-8")) else: # Passwort stimmt nicht self.wfile.write(bytes('''<p>Passwort nicht Korrekt</p>''',"UTF-8")) dellog = func.timestamp(conf['dellog']) now = func.timestamp() func.sql(lite,"DELETE FROM log WHERE timecode < '%s';" % dellog) func.sql(lite,"INSERT INTO log (tokenID, answere, timecode, addInfo) VALUES ('fffffffffffffffffffffffffffffffff','X','%s','%s')" % (now,ipaddr)); else: #user existiert nicht self.wfile.write(bytes('''<p>User nicht Korrekt</p>''',"UTF-8")) dellog = func.timestamp(conf['dellog']) now = func.timestamp() func.sql(lite,"DELETE FROM log WHERE timecode < '%s';" % dellog) func.sql(lite,"INSERT INTO log (tokenID, answere, timecode, addInfo) VALUES ('fffffffffffffffffffffffffffffffff','X','%s','%s')" % (now,ipaddr)); else: #ip gesperrt self.wfile.write(bytes('''<p>Die IP-Adresse wurde gesperrt</p>''',"UTF-8")) else: # laufende session #token prüfen und gleich expire erneuern if 's' in get.keys(): if 'logout' in get.keys(): expire = '0000-00-00- 00:00:00' else: expire = func.timestamp(conf['expire']) now = func.timestamp() session = func.no_inject(get['s']) que = "UPDATE users SET expire='%s' WHERE uSession = '%s'" % (expire,session) if func.sql(lite,que): if 'logout' in get.keys(): self.wfile.write(bytes('''<p>Session beendet.</p>''',"UTF-8")) access = False else: access = True else: # Token abgelaufen self.wfile.write(bytes('''<p>Session abgelaufen</p>''',"UTF-8")) else: # Token nicht existent self.wfile.write(bytes('''<p>Keine Session gefunden</p>''',"UTF-8")) # Content if access == True: # hier kommt alles rein was nur erreichbar ist, wenn man angemeldet ist # Navigation navi = '''<div><a href="/stats/index/s/%s">Statistik</a> <a href="/user/list/s/%s">Userliste</a> <a href="/user/create/s/%s">User erstellen</a> <a href="/logout/index/s/%s">Logout</a></div> <hr/>''' % (session,session,session,session) self.wfile.write(bytes(navi,"UTF-8")) if 'token' in get.keys(): #token search #TODO #token create #ungeprüft if get['token'] == 'add': if 'tid' in get.keys(): tid = func.no_inject(get['tid']) id = func.no_inject(get['id']) if func.sql(lite,"INSERT INTO token (tID,userID,tKey) VALUES ('"+tid+"','"+id+"','')"): self.wfile.write(bytes('''<p>Anlegen erfolgreich</p>''',"UTF-8")) else: self.wfile.write(bytes('''<p>Anlegen fehlgeschlagen</p>''',"UTF-8")) get['user'] = '******' else: data = func.sql(lite,"SELECT tokenID,timecode FROM log WHERE answere = 'D' ORDER BY timecode DESC LIMIT 10") for d in data: self.wfile.write(bytes("[<a href='/token/add/id/"+get['id']+"/tid/"+d[0]+"/s/"+session+"'>Add to User</a>] "+ d[0] +"("+d[1]+")","UTF-8")) #token deleter if get['token'] == 'del': if 'tid' in get.keys(): tid = func.no_inject(get['tid']) if func.sql(lite,"DELETE FROM token WHERE tID = '"+tid+"';"): self.wfile.write(bytes('''<p>Löschen erfolgreich</p>''',"UTF-8")) else: self.wfile.write(bytes('''<p>Löschen fehlgeschlagen</p>''',"UTF-8")) get['user'] = '******' else: data = func.sql(lite,"SELECT tokenID,timecode FROM log WHERE answere = 'D' ORDER BY timecode DESC LIMIT 10") for d in data: self.wfile.write(bytes("[<a href='/token/add/id/"+get['id']+"/tid/"+d[0]+"/s/"+session+"'>Add to User</a>] "+ d[0] +"("+d[1]+")","UTF-8")) #token an anderen user geben if get['token'] == 'change': pass #TODO if 'log' in get.keys(): pass #todo if 'user' in get.keys(): #ungeprüft if get["user"] == '': get["user"] = '******' #ungeprüft if get["user"] == 'create': if bytes('submit',"UTF-8") in post.keys(): uName = func.no_inject(post[b'uName'][0].decode("utf-8") ) uMember = func.no_inject(post[b'uMember'][0].decode("utf-8") ) if(post[b'uPass'][0].decode("utf-8") != ''): uSalt = func.random(75) uPass = func.md5(post[b'uPass'][0].decode("utf-8") +uSalt) else: uSalt = '' uPass = '' if func.sql(lite,"INSERT INTO users (uName,uPass,uSalt,uMember,uSession) VALUES ('"+uName+"','"+uPass+"','"+uSalt+"','"+uMember+"','')"): self.wfile.write(bytes('''<p>User angelegt</p>''',"UTF-8")) get["id"] = func.sql(lite,"SELECT uID FROM users ORDER BY uID DESC LIMIT 1")[0][0] get["user"] = '******' else: self.wfile.write(bytes('''<p>Anlegen fehlgeschlagen</p>''',"UTF-8")) else: content = '''<form action="/user/create/s/%s" method="post"><div><span>Name</span><input type="text" name="uName" /></div><div><span>Passwort</span><input type="password" name="uPass" />(Nur ausfüllen, wenn der user admin zugriff haben soll.)</div><div><span>Member-ID</span><input type="text" name="uMember" /></div><div><input type="submit" name="submit" value="Erstellen" /></div></form>''' % session self.wfile.write(bytes(content,"UTF-8")) #ungeprüft if get["user"] == 'edit': if bytes('submit',"UTF-8") in post.keys(): uName = func.no_inject(post[b'uName'][0].decode("utf-8") ) uMember = func.no_inject(post[b'uMember'][0].decode("utf-8") ) id = func.no_inject(get['id']) if(post[b'uPass'][0].decode("utf-8") != ''): uSalt = func.random(75) uPass = func.md5(post[b'uPass'][0].decode("utf-8") +uSalt) res = func.sql(lite,"UPDATE users SET uName = '"+uName+"',uPass = '******',uSalt = '"+uSalt+"',uMember = '"+uMember+"' WHERE uID = '"+id+"'") else: res = func.sql(lite,"UPDATE users SET uName = '"+uName+"',uMember = '"+uMember+"' WHERE uID = '"+id+"'") if res == True: self.wfile.write(bytes('''<p>User editiert</p>''',"UTF-8")) else: self.wfile.write(bytes('''<p>Editieren fehlgeschlagen</p>''',"UTF-8")) get["user"] = '******' else: id = func.no_inject(get['id']) #user daten werden in form, geladen self.wfile.write(bytes("<table><thead><tr><th>Feld</th><th>Daten</th></tr></thead><tbody>","UTF-8")) ud = func.sql(lite,"SELECT uName, uPass, uMember FROM users WHERE uID = %s" % id) if len(ud) == 1: if ud[0][1] == '': admin = 'User' else: admin = 'Admin' content = '''<form action="/user/edit/id/%s/s/%s" method="post"><div><span>Name</span><input type="text" name="uName" value="%s" /></div><div><span>Gruppe:</span> %s</div><div><span>Passwort</span><input type="password" name="uPass" />(bleibt unverändert wenn leer.)</div><div><span>Member-ID</span><input type="text" name="uMember" value="%s" /></div><div><input type="submit" name="submit" value="Erstellen" /></div></form>''' % (id,session,ud[0][0],admin,ud[0][2]) self.wfile.write(bytes(content,"UTF-8")) self.wfile.write(bytes("</tbody></table>[<a href='/token/add/id/"+id+"/s/"+session+"'>AddToken</a>]<table><thead><tr><th>ID</th><th>zuletzt benutzt</th><th>Optionen</th></tr></thead><tbody>","UTF-8")) #zugehörige tokens gelistet data = func.sql(lite,"SELECT tID,tActive,lastUsed FROM token WHERE userID = '%s';" % id) for d in data: if d[1] == 1: active = 'Aktiv' else: active = 'Deaktiviert' self.wfile.write(bytes("<tr><td>"+d[0]+"</td><td>"+d[3]+"</td><td>"+active+"</td><td>[De/Aktivieren][Löschen][Weitergeben]</td></tr>","UTF-8")) self.wfile.write(bytes("</tbody></table>","UTF-8")) #geprüft if get["user"] == 'del': id = func.no_inject(get['id']) if bytes('submit',"UTF-8") in post.keys(): func.sql(lite,"DELETE FROM token WHERE userID = '%s'" % id) func.sql(lite,"DELETE FROM users WHERE uID = '%s'" % id) get["user"] = '******' else: self.wfile.write(bytes("<form action='/user/del/id/"+id+"/s/"+session+"' method='post'>Sicher? <input type='submit' name='submit' value='Ja, klar' /></form>","UTF-8")) #ungeprüft if get["user"] == 'list': data = func.sql(lite,"SELECT uId,uName,uPass,uMember FROM users ORDER BY uName") self.wfile.write(bytes('''<table><thead><tr><th>ID</th><th>Name</th><th>Optionen</th></tr></thead><tbody>''',"UTF-8")) for d in data: if d[2] != '': ismod = '*' else: ismod = '' self.wfile.write(bytes("<tr><td>"+str(d[0])+"</td><td>"+d[1]+" "+ismod+"</td><td>[<a href='/user/edit/id/"+str(d[0])+"/s/"+session+"'>Edit</a>][De/Aktivieren][<a href='/user/del/id/"+str(d[0])+"/s/"+session+"'>Löschen</a>]</td></tr>","UTF-8")) self.wfile.write(bytes("</tbody></table>","UTF-8")) #TODO else: # hier sieht man nur wenn man abgemeldet ist # Navigation self.wfile.write(bytes(''' <div><a href="/stats">Statistik</a> <a href="/login">Login</a> </div> <hr/>''',"UTF-8")) if 'login' in get.keys(): self.wfile.write(bytes('''<form action="" method="post"> <div><span>User:</span> <input type="text" name="u" /></div> <div><span>Pass:</span> <input type="password" name="p" /></div> <div><input type="submit" name="submit" value="Login" /></div> </form>''',"UTF-8")) #TODO self.wfile.write(bytes('''Abgemeldet''',"UTF-8")) if 'stats' in get.keys(): self.wfile.write(bytes('''Statistik<br/> was soll hier alles rein????''',"UTF-8")) #todo if 'favicon.ico' in get.keys(): #todo pass #ungeprüft if 'style.css' in get.keys(): self.wfile.write(bytes('''p {background-color: #000000; display: block; color: #ffffff;} span {display: block; width: 200px; float:left;} input {display:block; float:left;} div{width:100%; clear: both;}''',"UTF-8")) #Aufräumen if html == True: self.wfile.write(bytes("</body></html>","UTF-8")) func.sql_close(lite);