def login(sp): error = None if request.method == 'POST': try: # get username & password hash from html form username = request.form['username'] hashed_pass = hashlib.sha1(request.form['password']).hexdigest() sp_id = int(sp) # find user in database query = "SELECT spUserID FROM Users WHERE username='******' AND passw='%s' AND spID=%d" %\ (username, hashed_pass, sp_id) data_base_manager = DataBaseManager(DB_NAME) sp_user_id = data_base_manager.exec_query(query)[0] data_base_manager.close_connection() # redirect to user's profile page is SP sp_user_id = get_encrypt_obj(sp_id).encryptAES(str(sp_user_id)) addr=get_sp_url(sp_id) sp_url = '%s/user/%s' % (addr, str(sp_user_id)) server = "PhoneBook Server" return render_template('RedirectPage.html', path=sp_url, server=server, addr=addr) #return redirect(sp_url) except Exception, exc: # if user wasn't found error = 'Invalid Credentials. Please try again.' print exc
def get_encrypt_obj(sid): """ Gets encryption key from SPs table in db. Creates an instance of Encryption using that key. :param sid: SP server ID :return: AES encryption object """ query = "SELECT key FROM SPs WHERE SPID=%d" % sid data_base_manager = DataBaseManager(DB_NAME) key = data_base_manager.exec_query(query)[0] data_base_manager.close_connection() key = Encryption(MASTER).decryptAES(key) return Encryption(key)
def get_sp_url(sp_id=1): """ Gets RedirectPath data from SPs table in db, for a specific SP :param sp_id: SP to find url of :return: path of this SP """ query = "SELECT redirectPath FROM SPs WHERE SPID=%d" % sp_id try: data_base_manager = DataBaseManager(DB_NAME) path = data_base_manager.exec_query(query)[0] data_base_manager.close_connection() return path except Exception, e: print 'Unable to execute query: ' + query print e
path = MAIN_SERVER_PATH + '/login/' + str(my_sp_id) server = "MyMainServer" return render_template('RedirectPage.html', path=path, server=server, addr=MAIN_SERVER_PATH) #return redirect(MAIN_SERVER_PATH + '/login/' + str(my_sp_id)) # route for showing the user's profile page @app.route('/user/<userid>') def profile(userid): # show user profile try: userid = enc_obj.decryptAES(userid) except Exception, e: print e query = "SELECT name, age, phoneNum FROM UserProfiles WHERE ID=%s" % userid name, age, phone_num = data_base_manager.exec_query(query) if name: return render_template('Profile.html', name=name, age=age, phoneNum=phone_num) else: # error if userID was invalid print "Invalid User ID" # route for creating new user ID @app.route('/register') def register(): user_id = data_base_manager.last_id("UserProfiles") + 1 user_id = str(user_id) user_id = enc_obj.encryptAES(user_id) # redirect to My Main Server's registration page path = (MAIN_SERVER_PATH+"/register/"+user_id + " " + str(my_sp_id))