def login(sp):
error = None
if request.method == 'POST':
try:
# get username & password hash from html form
username = request.form['username']
hashed_pass = hashlib.sha1(request.form['password']).hexdigest()
sp_id = int(sp)
# find user in database
query = "SELECT spUserID FROM Users WHERE username='******' AND passw='%s' AND spID=%d" %\
(username, hashed_pass, sp_id)
data_base_manager = DataBaseManager(DB_NAME)
sp_user_id = data_base_manager.exec_query(query)[0]
data_base_manager.close_connection()
# redirect to user's profile page is SP
sp_user_id = get_encrypt_obj(sp_id).encryptAES(str(sp_user_id))
addr=get_sp_url(sp_id)
sp_url = '%s/user/%s' % (addr, str(sp_user_id))
server = "PhoneBook Server"
return render_template('RedirectPage.html', path=sp_url, server=server, addr=addr)
#return redirect(sp_url)
except Exception, exc:
# if user wasn't found
error = 'Invalid Credentials. Please try again.'
print exc
def get_encrypt_obj(sid):
"""
Gets encryption key from SPs table in db.
Creates an instance of Encryption using that key.
:param sid: SP server ID
:return: AES encryption object
"""
query = "SELECT key FROM SPs WHERE SPID=%d" % sid
data_base_manager = DataBaseManager(DB_NAME)
key = data_base_manager.exec_query(query)[0]
data_base_manager.close_connection()
key = Encryption(MASTER).decryptAES(key)
return Encryption(key)
def get_sp_url(sp_id=1):
"""
Gets RedirectPath data from SPs table in db, for a specific SP
:param sp_id: SP to find url of
:return: path of this SP
"""
query = "SELECT redirectPath FROM SPs WHERE SPID=%d" % sp_id
try:
data_base_manager = DataBaseManager(DB_NAME)
path = data_base_manager.exec_query(query)[0]
data_base_manager.close_connection()
return path
except Exception, e:
print 'Unable to execute query: ' + query
print e
path = MAIN_SERVER_PATH + '/login/' + str(my_sp_id)
server = "MyMainServer"
return render_template('RedirectPage.html', path=path, server=server, addr=MAIN_SERVER_PATH)
#return redirect(MAIN_SERVER_PATH + '/login/' + str(my_sp_id))
# route for showing the user's profile page
@app.route('/user/<userid>')
def profile(userid):
# show user profile
try:
userid = enc_obj.decryptAES(userid)
except Exception, e:
print e
query = "SELECT name, age, phoneNum FROM UserProfiles WHERE ID=%s" % userid
name, age, phone_num = data_base_manager.exec_query(query)
if name:
return render_template('Profile.html', name=name, age=age, phoneNum=phone_num)
else:
# error if userID was invalid
print "Invalid User ID"
# route for creating new user ID
@app.route('/register')
def register():
user_id = data_base_manager.last_id("UserProfiles") + 1
user_id = str(user_id)
user_id = enc_obj.encryptAES(user_id)
# redirect to My Main Server's registration page
path = (MAIN_SERVER_PATH+"/register/"+user_id + " " + str(my_sp_id))
