def process (self, email=None, password=None):
# Clean up text for usage with database.
email = sqlutils.quote (email)
password = sqlutils.quote (password)
# Encrypt password using the same encryption we used when the password
# was stored in the database.
password = crypt.crypt (password, "23")
description = None
results = None
# Try to connect to the database.
try:
dbconnection = pgdb.connect (database_connect_fields)
dbcursor = dbconnection.cursor()
dbcursor.execute ("SELECT * FROM users WHERE email=%s", [email])
# Get the cursor description and results from the query.
description = dbcursor.description
results = dbcursor.fetchone()
# Close the database cursor and connection.
dbcursor.close()
dbconnection.close()
except:
# FIXME: do something more useful here.
pass
# If we don't have any results, the email address wasn't on record.
if (results == None):
return self.index (errornotfound=True)
else:
stored_password = ""
try:
stored_password = results[sqlutils.getfieldindex ("password", description)]
except:
# FIXME: do something more useful here.
raise cherrypy.HTTPRedirect ("/fatalerror")
# Verify password equivalence.
if (password <> stored_password):
return self.index (errorbadpassword=True)
else:
# If we got this far, the email address was on record, and the password
# matches it, so we deem the user to be logged in. Hooray!
user_id = None
user_level = 0
try:
user_id = results[sqlutils.getfieldindex ("user_id", description)]
user_level = results[sqlutils.getfieldindex ("level", description)]
except:
# FIXME: do something more useful here.
raise cherrypy.HTTPRedirect ("/fatalerror")
# If the user level is 2 or higher, the user is an admin user.
pageutils.set_logged_in (user_id, (user_level > 1))
# FIXME: Might want to redirect to some sort of user dashboard page in the future.
raise cherrypy.HTTPRedirect ("/")
def process (self, name=None, email=None, password=None, passwordverify=None, url=None):
# If we got to this page through the /register form, all fields should be filled
# in, with the possible exception of URL, which is optional. If they aren't all
# filled in, then something unexpected happened, and we shouldn't continue processing
# the form.
if (name == None or email == None or password == None or passwordverify == None):
return self.index (errormissing = True, name=name, email=email,
password=password, passwordverify=passwordverify,
url=url)
else:
# Store original values as given in case we need to represent the form.
originalname = name
originalemail = email
originalpassword = password
originalpasswordverify = passwordverify
originalurl = url
# Remove any leading/trailing spaces.
name = string.strip(name)
email = string.strip(email)
password = string.strip(password)
passwordverify = string.strip(passwordverify)
url = string.strip(url)
level = "1" # default level for regular user.
# Verify all required fields are filled in.
if (name == '' or email == '' or password == '' or passwordverify == ''):
return self.index (errormissing = True, name=originalname, email=originalemail,
password=originalpassword, passwordverify=originalpasswordverify,
url=originalurl)
# Verify email address is plausibly valid.
if (re.match (pageutils.emailregex, email) == None):
return self.index (erroremail = True, name=originalname, email=originalemail,
password=originalpassword, passwordverify=originalpasswordverify,
url=originalurl)
# Verify passwords match.
if (password <> passwordverify):
return self.index (errorverify = True, name=originalname, email=originalemail,
password=originalpassword, passwordverify=originalpasswordverify,
url=originalurl)
# Encypt the password. Once we do this, we can't get the original
# password back out of the database, so we can't send the original
# password back to the user if they lose it. We can generate a new
# password and send them that.
password = crypt.crypt (password, "23")
# Add http:// to the URL if needed.
if (url[0:7] =="http://" or url == ""):
pass
else:
url = "http://" + url
# Ensure that email address hasn't already been used in database.
try:
dbconnection = pgdb.connect (database_connect_fields)
dbcursor = dbconnection.cursor()
dbcursor.execute ("SELECT * FROM users WHERE email=%s", [email])
results = dbcursor.fetchone()
# Close the database cursor and connection.
dbcursor.close()
dbconnection.close()
if (results <> None):
return self.index (errorduplicate=True, name=originalname, email=originalemail,
password=originalpassword, passwordverify=originalpasswordverify,
url=originalurl)
except:
return pageutils.generate_page ("Database Error", "Database Error")
try:
# Connect to the database and insert the values.
dbconnection = pgdb.connect (database_connect_fields)
dbcursor = dbconnection.cursor()
dbcursor.execute ("INSERT INTO users (name, email, password, url, level) " +
"VALUES (%s, %s, %s, %s, %s)",
[name, email, password, url, level])
dbconnection.commit()
# Now fetch the user_id so we can automatically log the user in.
dbcursor.execute ("SELECT * FROM users WHERE email=%s", [email])
description = dbcursor.description
results = dbcursor.fetchone()
user_id = None
user_level = 0
try:
user_id = results[sqlutils.getfieldindex ("user_id", description)]
user_level = results[sqlutils.getfieldindex ("level", description)]
except:
pass
pageutils.set_logged_in (user_id, (user_level > 1))
# Close the database cursor and connection.
dbcursor.close()
dbconnection.close()
except:
# FIXME: this is a public user page; provide more interesting feedback in this event.
return pageutils.generate_page ("Invalid SQL Query", "Invalid SQL Query!")
raise cherrypy.HTTPRedirect ("/register/thanks")
