def response(): action = cgi_get("action", choices=["join", "activate", "login", "contact", "edit", "email"]) if action == "join": email = cgi_get("email") if CTUser.query(CTUser.email == email).get(): fail("this email is already in use") user_type = cgi_get("utype") u = db.get_model(user_type)(email=email, firstName=cgi_get("firstName"), lastName=cgi_get("lastName"), **cgi_get("extras")) u.put() # to generate created timestamp u.password = db.hashpass(cgi_get("password"), u.created) rule = config.ctuser.activation.get(user_type, config.ctuser.activation.ctuser) if rule == "auto": u.active = True else: # assumes config.mailer (otherwise, don't change activation "auto" default) usk = u.key.urlsafe() if rule == "confirm": send_mail(to=u.email, subject="activation required", body=JOIN%(usk,)) else: # email admin to handle it send_mail(to=rule, subject="activation required", body=JOINED%(email, usk)) u.put() succeed(u.data()) elif action == "activate": u = db.get(cgi_get("key")) if u and not u.active: # else, don't even trip u.active = True u.put() send_mail(to=u.email, subject="account activated", body=ACTIVATE) redirect("/", "you did it!") elif action == "login": u = CTUser.query(CTUser.email == cgi_get("email"), CTUser.active == True).get() if not u or u.password != db.hashpass(cgi_get("password"), u.created): fail() succeed(u.data()) elif action == "contact": sender = db.get(cgi_get("user")) message = cgi_get("message") convokey = cgi_get("conversation", required=False) if convokey: conversation = db.get(convokey) else: conversation = Conversation() conversation.topic = cgi_get("topic") conversation.participants = [sender.key, db.KeyWrapper(cgi_get("recipient"))] conversation.put() m = Message(sender=sender.key, conversation=conversation.key, body=message) m.put() for recipient in conversation.participants: if recipient != sender.key: send_mail(to=recipient.get().email, subject="message from %s"%(sender.firstName,), body=CONTACT%(sender.fullName(), message, sender.firstName, sender.key.urlsafe(), conversation.key.urlsafe())) succeed(convokey and m.key.urlsafe() or conversation.key.urlsafe()) elif action == "edit": changes = cgi_get("changes") changes["key"] = cgi_get("user") edit(changes) elif action == "email": sender = db.get(cgi_get("user")) if not sender.admin: fail() recips = cgi_get("recipients", default=[]) if not recips: if config.wpmail: log("no recipients specified -- WP mode enabled -- building recipient list...") recips = getWPmails() else: fail("no recipients specified -- can't email nobody") batch(recips, lambda chunk : send_mail(bcc=chunk, subject=cgi_get("subject"), body=cgi_get("body")), chunk=100)