def post(self): user = databases.User.get_by_id(int(self.request.cookies.get('user').split('|')[0])) firstname = user.name.split(' ')[0] lastname = user.name.split(' ')[1] if self.request.get('user_password') == '' or util.valid_pw(user.email, self.request.get('user_password'), user.pw_hash) == False: self.render('profile.html', password = '******', user = user, firstname = firstname, lastname = lastname) else: user.name = self.request.get('user_first') + " " + self.request.get('user_last') user.email = self.request.get('user_email') user.pw_hash = util.make_pw_hash(user.email, self.request.get('user_password')) user.put() if not self.request.POST[u'image'] == "": try: data = self.request.POST[u'image'].file.read() name = self.request.POST[u'image'].filename filetype = self.request.POST[u'image'].type image = databases.userImage(name = name, data = data, filetype = filetype, user = user) for i in databases.userImage.all(): if i.user.key().id() == user.key().id(): logging.debug('Deleted: ' + i.name) i.delete() logging.debug("Put: " + image.name) image.put() self.redirect('/') except Exception as e: error = "Image must be smaller than 1mb." logging.error(e) self.render('profile.html', user = user, firstname = firstname, lastname = lastname, error = error) else: logging.debug('No image') self.redirect('/')
def post(self): params = {} error = False if not self.request.get('oldpass'): params['oldpass'] = '******' error = True if not self.request.get('newpass'): params['newpass'] = "******" error = True if not self.request.get('passval'): params['valpass'] = '******' error = True if not self.request.get('valpass') == self.request.get('newpass'): params['errorMessage'] = "Passwords didn't match" if(self.request.cookies.get('user') and self.check_secure_val(self.request.cookies.get('user'))): user = databases.User.get_by_id(int(self.request.cookies.get('user').split('|')[0])) oldpass = self.request.get('oldpass') newpass = self.request.get('newpass') passval = self.request.get('passval') if error: self.render("changepass.html", **params) else: if util.valid_pw(user.email, oldpass, user.pw_hash) and (newpass == newpass): passhash = util.make_pw_hash(user.email, newpass) user.pw_hash = passhash user.put() self.redirect('/')
def signup(request): error = "" if request.method == 'POST': form = blogForms.SignupForm(request.POST) #Auth prevents arbitrary users from signing up, #guarantees only poeple that wanted to post can create an account if form.is_valid() and request.POST['auth'] == 'connectedwiresignup': if not util.comparePassword(request.POST['password'], request.POST['verify']): error = "Passwords did not match" else: password = util.make_pw_hash(request.POST['username'], request.POST['password']) user = User(username = request.POST['username'], password = password) user.save() #UID is used to store the user in a cookie uid = user.id #Gets a hashed value for the user to prevent anyone from setting a cookie and logging in val = util.make_secure_val(str(uid)) response = HttpResponseRedirect('/') response.set_cookie("user",val, max_age=2629740) return response else: error = "Invalid Information" else: form = blogForms.SignupForm() return render_to_response("signup.html", {"form": form, "error": error}, context_instance=RequestContext(request))
def get(self): pw_hash = util.make_pw_hash(config.admin_username, config.admin_pw) admin = models.Admin(admin_username=config.admin_username, admin_pw_hash=pw_hash, key_name='admin_key_name') admin.put() self.redirect('/') return
def sigup(): if flask.request.method == "GET": return flask.render_template("signup.html") elif flask.request.method == "POST": have_error = False email = flask.request.form.get('email') password = flask.request.form.get('password') verify = flask.request.form.get('verify') secretcode = flask.request.form.get('secretcode') params = dict(email=email, password=password, verify=verify, secretcode=secretcode) if not util.valid_email(email): params['error_email'] = "That's not a valid email." have_error = True else: # Check if this email has been already been registered. #### This is ugly! There must be a better way, and maybe cached emails = fetch_registered_emails() if email in emails: params[ 'error_email'] = "This email has already been registered." have_error = True if not util.valid_password(password): params['error_password'] = "******" have_error = True elif password != verify: params['error_verify'] = "Your passwords didn't match." have_error = True if not util.valid_secretcode(secretcode): params['error_secretcode'] = "secret code is wrong." have_error = True if have_error: return flask.render_template("signup.html", **params) else: pw_hash = util.make_pw_hash(email, password) account = Account(email, pw_hash, datetime.datetime.now()) db.session.add(account) db.session.commit() # FYI, url_for("report") will be return "/report", seems I don't # need url_for very much # u = flask.url_for("report") response = set_account_cookie_and_redirect(account.id, "/report") return response
def change_password(cls, password, verify_password): """Function to change Admin password in preferences page""" if password != verify_password: return 'Passwords do not match. Please retry.' elif len(password) < 6: return 'Password must be greater than 6 characters.' else: admin_key = db.Key.from_path('Admin', 'admin_key_name') admin = Admin.get(admin_key) pw_hash = util.make_pw_hash(admin.admin_username, password) admin.admin_pw_hash = pw_hash admin.put() return 'Password changed.'
def sigup(): if flask.request.method == "GET": return flask.render_template("signup.html") elif flask.request.method == "POST": have_error = False email = flask.request.form.get('email') password = flask.request.form.get('password') verify = flask.request.form.get('verify') secretcode = flask.request.form.get('secretcode') params = dict(email = email, password=password, verify = verify, secretcode=secretcode) if not util.valid_email(email): params['error_email'] = "That's not a valid email." have_error = True else: # Check if this email has been already been registered. #### This is ugly! There must be a better way, and maybe cached emails = fetch_registered_emails() if email in emails: params['error_email'] = "This email has already been registered." have_error=True if not util.valid_password(password): params['error_password'] = "******" have_error = True elif password != verify: params['error_verify'] = "Your passwords didn't match." have_error = True if not util.valid_secretcode(secretcode): params['error_secretcode'] = "secret code is wrong." have_error = True if have_error: return flask.render_template("signup.html", **params) else: pw_hash = util.make_pw_hash(email, password) account = Account(email, pw_hash, datetime.datetime.now()) db.session.add(account) db.session.commit() # FYI, url_for("report") will be return "/report", seems I don't # need url_for very much # u = flask.url_for("report") response = set_account_cookie_and_redirect(account.id, "/report") return response
def post(self): user_username = self.request.get('username') user_password = self.request.get('password') user_verify = self.request.get('verify') user_email = self.request.get('email') errors = util.check_signup(user_username, user_password, user_verify, user_email) if errors: self.render("register.html",error = errors[0],error2 = errors[1],error3 = errors[2],error4 = errors[3],username = user_username) else: u = User(username = user_username, password = util.make_pw_hash(user_username,user_password), email = user_email) u.put() user_id = u.key().id() new_cookie_val = util.make_secure_val(str(user_id)) self.response.headers.add_header('Set-Cookie', 'user_id=%s; Path=/' % new_cookie_val) self.redirect("/blog/welcome")
def post(self): #get all the parameters username = self.request.get("username") password = self.request.get("password") verifypw = self.request.get("verify") email = self.request.get("email") #process all the possible error error_username = self.check_username(username) error_password = self.check_password(password) error_verifypw = self.check_verifypw(password, verifypw) error_email = self.check_email(email) #print out the error if error_username: self.render_front(error_username=error_username) elif error_password: self.render_front(username = username, error_password = error_password) elif error_verifypw: self.render_front(username = username, password= password, error_verifypw = error_verifypw) elif error_email: self.render_front(username=username, password = password, verifypw = verifypw, error_email = error_email) else: #hash the password password = util.make_pw_hash(password) #everything is right on its way if email: user = User(username = username, password = password, email= email) else: user= User(username = username, password = password) #here should be some technique to prevent collision user.put() user_id = str(user.key().id()) cookie = util.make_secure_val(user_id) self.response.headers.add_header('Set-Cookie','user_id=%s'%cookie) #redirect to the HomePage self.redirect("/")
def change_username(cls, new_username, pw): """Function to change Admin username in preferences page. Password re-hashing is required since the stored password hashes are a function of the username. """ if not new_username or not pw: return 'A new username and or password is required. Retry.' elif len(new_username) < 6: return 'Username must be greater than 6 characters' else: admin_key = db.Key.from_path('Admin', 'admin_key_name') admin = Admin.get(admin_key) if not util.valid_pw(admin.admin_username, pw, admin.admin_pw_hash): return 'Invalid Password. Please Retry.' else: admin.admin_username = new_username pw_hash = util.make_pw_hash(new_username, pw) admin.admin_pw_hash = pw_hash admin.put() return 'Username change was successful!'
def register(cls, name, password, email): pw_hash = util.make_pw_hash(email, password) return User(name=name, pw_hash=pw_hash, email=email, permissions="User")
def post( self ): user = self.get_user( ) if user == self.OVER_QUOTA_ERROR: self.error( 403 ) self.render( "403.html" ) return username = self.request.get( 'username' ) password = self.request.get( 'password' ) verify = self.request.get( 'verify' ) twitter = self.request.get( 'twitter' ) if twitter[ 0:1 ] == '@': twitter = twitter[ 1: ] youtube = self.request.get( 'youtube' ) youtube = youtube.split( '/' )[ -1 ] twitch = self.request.get( 'twitch' ) twitch = twitch.split( '/' )[ -1 ] hitbox = self.request.get( 'hitbox' ) hitbox = hitbox.split( '/' )[ -1 ] timezone = self.request.get( 'timezone' ) gravatar = self.request.get( 'gravatar' ) if user is not None: username_code = util.get_code( user.username ) else: username_code = util.get_code( username ) return_url = self.request.get( 'from' ) if not return_url: return_url = "/" elif user is not None and user.is_mod: # Mod is editing a user's profile, possibly his or her own username_code = return_url.split( '/' )[ -1 ] user = self.get_runner( username_code ) if user == self.OVER_QUOTA_ERROR: self.error( 403 ) self.render( "403.html" ) return params = dict( user = user, username = username, password = password, verify = verify, twitter = twitter, youtube = youtube, twitch = twitch, hitbox = hitbox, gravatar = gravatar, timezone = timezone, return_url = return_url ) valid = True if user is None and not valid_username( username ): params['user_error'] = ( "Username must be between " + "1 and 20 alphanumeric, dash, or " + "underscore characters." ) valid = False elif user is None: # Check if username already exists runner = self.get_runner( username_code ) if runner == self.OVER_QUOTA_ERROR: self.error( 403 ) self.render( "403.html", user=user ) return if runner is not None: params['user_error'] = "That user already exists." valid = False if not valid_password( password ): if user is None or len( password ) > 0: params['pass_error'] = ( "Password must be between " + "3 and 20 characters." ) valid = False if password != verify: params['ver_error'] = "Passwords do not match." valid = False if gravatar != "" and not valid_email( gravatar ): if( user is None or not user.gravatar or gravatar != '<private email>' ): params['gravatar_error'] = "That's not a valid email." valid = False if user is not None and gravatar == '<private email>': params['gravatar_url'] = util.get_gravatar_url( user.gravatar, 30 ) if timezone != '' and timezone not in pytz.common_timezones: params['timezone_error'] = "Invalid timezone." valid = False if not valid: self.render( "signup.html", timezones=pytz.common_timezones, **params ) return if not user: # Add a new runner to the database runner = runners.Runners( username = username, password = util.make_pw_hash( username_code, password ), twitter = twitter, youtube = youtube, twitch = twitch, hitbox = hitbox, timezone = timezone, num_pbs = 0, parent = runners.key(), key_name = username_code ) if gravatar: runner.gravatar = hashlib.md5( gravatar.lower( ) ).hexdigest( ) runner.put( ) # Update runner in memcache self.update_cache_runner( username_code, runner ) # Update runnerlist in memcache. Note that this puts the runner # at the end of the list, rather than in alphabetical order among # those runners with 0 pbs. The runner will be sorted properly # if the memcache gets flushed, which is good enough runnerlist = self.get_runnerlist( no_refresh=True ) if runnerlist == self.OVER_QUOTA_ERROR: self.update_cache_runnerlist( None ) elif runnerlist is not None: runnerlist.append( dict( username = username, username_code = username_code, num_pbs = 0, gravatar_url = util.get_gravatar_url( runner.gravatar ) ) ) self.update_cache_runnerlist( runnerlist ) # Update runs for runner in memcache self.update_cache_runlist_for_runner( username, [ ] ) self.login( username_code ) else: # Editing the current user if len( password ) > 0: user.password = util.make_pw_hash( username_code, password ) user.twitter = twitter user.youtube = youtube user.twitch = twitch user.hitbox = hitbox user.timezone = timezone if gravatar and gravatar != '<private email>': user.gravatar = hashlib.md5( gravatar.lower( ) ).hexdigest( ) elif not gravatar: user.gravatar = None user.put( ) # Update user in memcache self.update_cache_runner( username_code, user ) # Update runnerlist in memcache if gravatar updated if gravatar != '<private email>': runnerlist = self.get_runnerlist( no_refresh=True ) if runnerlist == self.OVER_QUOTA_ERROR: self.update_cache_runnerlist( None ) elif runnerlist is not None: for runnerdict in runnerlist: if runnerdict['username'] == user.username: runnerdict['gravatar_url'] = util.get_gravatar_url( user.gravatar ) break self.update_cache_runnerlist( runnerlist ) self.redirect( return_url )
def post(self): user = self.get_user() if user == self.OVER_QUOTA_ERROR: self.error(403) self.render("403.html") return username = self.request.get('username') password = self.request.get('password') verify = self.request.get('verify') twitter = self.request.get('twitter') if twitter[0:1] == '@': twitter = twitter[1:] youtube = self.request.get('youtube') youtube = youtube.split('/')[-1] twitch = self.request.get('twitch') twitch = twitch.split('/')[-1] hitbox = self.request.get('hitbox') hitbox = hitbox.split('/')[-1] timezone = self.request.get('timezone') gravatar = self.request.get('gravatar') if user is not None: username_code = util.get_code(user.username) else: username_code = util.get_code(username) return_url = self.request.get('from') if not return_url: return_url = "/" elif user is not None and user.is_mod: # Mod is editing a user's profile, possibly his or her own username_code = return_url.split('/')[-1] user = self.get_runner(username_code) if user == self.OVER_QUOTA_ERROR: self.error(403) self.render("403.html") return params = dict(user=user, username=username, password=password, verify=verify, twitter=twitter, youtube=youtube, twitch=twitch, hitbox=hitbox, gravatar=gravatar, timezone=timezone, return_url=return_url) valid = True if user is None and not valid_username(username): params['user_error'] = ("Username must be between " + "1 and 20 alphanumeric, dash, or " + "underscore characters.") valid = False elif user is None: # Check if username already exists runner = self.get_runner(username_code) if runner == self.OVER_QUOTA_ERROR: self.error(403) self.render("403.html", user=user) return if runner is not None: params['user_error'] = "That user already exists." valid = False if not valid_password(password): if user is None or len(password) > 0: params['pass_error'] = ("Password must be between " + "3 and 20 characters.") valid = False if password != verify: params['ver_error'] = "Passwords do not match." valid = False if gravatar != "" and not valid_email(gravatar): if (user is None or not user.gravatar or gravatar != '<private email>'): params['gravatar_error'] = "That's not a valid email." valid = False if user is not None and gravatar == '<private email>': params['gravatar_url'] = util.get_gravatar_url(user.gravatar, 30) if timezone != '' and timezone not in pytz.common_timezones: params['timezone_error'] = "Invalid timezone." valid = False if not valid: self.render("signup.html", timezones=pytz.common_timezones, **params) return if not user: # Add a new runner to the database runner = runners.Runners(username=username, password=util.make_pw_hash( username_code, password), twitter=twitter, youtube=youtube, twitch=twitch, hitbox=hitbox, timezone=timezone, num_pbs=0, parent=runners.key(), key_name=username_code) if gravatar: runner.gravatar = hashlib.md5(gravatar.lower()).hexdigest() runner.put() # Update runner in memcache self.update_cache_runner(username_code, runner) # Update runnerlist in memcache. Note that this puts the runner # at the end of the list, rather than in alphabetical order among # those runners with 0 pbs. The runner will be sorted properly # if the memcache gets flushed, which is good enough runnerlist = self.get_runnerlist(no_refresh=True) if runnerlist == self.OVER_QUOTA_ERROR: self.update_cache_runnerlist(None) elif runnerlist is not None: runnerlist.append( dict(username=username, username_code=username_code, num_pbs=0, gravatar_url=util.get_gravatar_url(runner.gravatar))) self.update_cache_runnerlist(runnerlist) # Update runs for runner in memcache self.update_cache_runlist_for_runner(username, []) self.login(username_code) else: # Editing the current user if len(password) > 0: user.password = util.make_pw_hash(username_code, password) user.twitter = twitter user.youtube = youtube user.twitch = twitch user.hitbox = hitbox user.timezone = timezone if gravatar and gravatar != '<private email>': user.gravatar = hashlib.md5(gravatar.lower()).hexdigest() elif not gravatar: user.gravatar = None user.put() # Update user in memcache self.update_cache_runner(username_code, user) # Update runnerlist in memcache if gravatar updated if gravatar != '<private email>': runnerlist = self.get_runnerlist(no_refresh=True) if runnerlist == self.OVER_QUOTA_ERROR: self.update_cache_runnerlist(None) elif runnerlist is not None: for runnerdict in runnerlist: if runnerdict['username'] == user.username: runnerdict['gravatar_url'] = util.get_gravatar_url( user.gravatar) break self.update_cache_runnerlist(runnerlist) self.redirect(return_url)
def register(cls, name, password, email): pw_hash = util.make_pw_hash(email, password) return User(name = name, pw_hash = pw_hash, email = email, permissions = "User")
def register(cls, name, password): pw_hash = util.make_pw_hash(name, password) return User(username = name, pw_hash = pw_hash)
def register(cls, name, pw, email=None): pw_hash = make_pw_hash(name, pw) return cls(parent=users_key(), name=name, pw_hash=pw_hash, email=email)