def create_user(self, username, password, email, \ user_type=USER_TYPES['user']): ''' Called when a request is made to create a new user account. @param username: The username to associate with the new account. @type username: String @param password: The password to associate with the new account. @type password: String @param email: The email account to associate with the new account. @type email: String @param user_type: The user-type of the new account (admin, regular user, etc.). [Default == regular user] @type user_type: Integer (util.config.USER_TYPES) ''' username = sanitize(username) password = hash(password) if 'admin' in username: user_type = USER_TYPES['admin'] # TODO: Validate the email address -- util.general.validate_email() add_user_query = \ ''' INSERT OR IGNORE INTO users (user, pass, email, user_type) VALUES ("%s", "%s", "%s", %d); ''' print add_user_query print username print password self.db.query(add_user_query % (username, password, email, user_type,)) return True
def delete_user(self, username, password='', user_type=USER_TYPES['user']): ''' Called when attempting to remove a user account from the record. For security and common-sense purposes; the password must also be provided. @param username: The username to be deleted from the records. @type username: String @param password: The password of the account to be deleted from the records. This param is not required by administrators. [Default == ''] @type password: String @param user_type: The type of user making the request. See config.USER_TYPES for more details. @type user_type: Integer (util.config.USER_TYPES) @return: The success/failure notification of the process. @rtype: Boolean ''' username = sanitize(username) delete_user_query = \ ''' DELETE FROM users WHERE user = "******"; ''' delete_success = False # If the requester is an admin or the correct user/pass is provided, # proceed with deleting the account. if (user_type is USER_TYPES['admin']) or \ self.attempt_login(username, password): self.db.query(delete_user_query%username) delete_success = True return delete_success
def is_user(self, username): ''' Called when a user has attempted a username and password combination. If the user is successfully logged in, this will return a valid user-type; otherwise, it will return 0. @param username: The username being attempted. @type username: String @param password: The password that is associated with the aforementioned username. @type password: String @return: The user-type if the login succeeds; otherwise, returns 0. @rtype: Integer (util.config.USER_TYPES) ''' username = sanitize(username) #password = hash(password) find_user_query = \ ''' SELECT * FROM users WHERE user = "******"; ''' #old query SELECT * FROM users WHERE user = "******" AND pass = "******"; records = self.db.query(find_user_query % (username)) try: user = records[0] user_data = { 'is_user': '******', 'data': user } print user_data['is_user'] print user_data['data']['user'] except IndexError: LOGGER.warning('Invalid user/pass for user <%s>.' % username) #user_type = 0 user_data = { 'is_user': '******', 'data': '' } return user_data