def does_authenticate(username, password): hashes = loadHashes() if username in GLOBAL_BAD_LOGIN: timenow = datetime.datetime.now() timestamp = GLOBAL_BAD_LOGIN[username][1] timedelta = timenow - timestamp if (timedelta >= datetime.timedelta(seconds=LIMIT_TIME_TO_RETRY)): # An hour has gone by, so we givem them a pass.... GLOBAL_BAD_LOGIN.pop(username, None) if username in GLOBAL_BAD_LOGIN: count = GLOBAL_BAD_LOGIN[username][0] if (count >= LIMIT_NUMBER_BAD_LOGINS): # Probably should have a separate log message for this.. LogActivity.logTooManyLoginAttempts(username) return False if username not in hashes: LogActivity.logBadCredentials(username) record_bad_login(username) return False if hashes[username] == hashlib.sha256(password + P3APISALT).hexdigest(): return True else: LogActivity.logBadCredentials(username) record_bad_login(username) return False
def does_authenticate(username,password): hashes = loadHashes() if username in GLOBAL_BAD_LOGIN: timenow = datetime.datetime.now() timestamp = GLOBAL_BAD_LOGIN[username][1] timedelta = timenow - timestamp if (timedelta >= datetime.timedelta(seconds=LIMIT_TIME_TO_RETRY)): # An hour has gone by, so we givem them a pass.... GLOBAL_BAD_LOGIN.pop(username, None) if username in GLOBAL_BAD_LOGIN: count = GLOBAL_BAD_LOGIN[username][0] if (count >= LIMIT_NUMBER_BAD_LOGINS): # Probably should have a separate log message for this.. LogActivity.logTooManyLoginAttempts(username) return False; if username not in hashes: LogActivity.logBadCredentials(username) record_bad_login(username) return False; if hashes[username] == hashlib.sha256(password+P3APISALT).hexdigest(): return True; else: LogActivity.logBadCredentials(username) record_bad_login(username) return False;
def pptriv(): username = request.forms.get('username') password = request.forms.get('password') # just a little throttle to slow down any denial of service attack.. time.sleep(1.0); if (not auth.does_authenticate(username,password)): LogActivity.logBadCredentials(username) return template('Login',message='Improper Credentials.',goog_anal_script=GoogleAnalyticsInclusionScript) search_string = request.forms.get('search_string') search_string = search_string if search_string is not None else "Dell Latitude" psc_pattern = request.forms.get('psc_pattern') ses_id = auth.create_session_id() LogActivity.logSessionBegin(username,ses_id) LogActivity.logPageTurn(ses_id,"StartPage") return template('StartPage',search_string=search_string,\ acsrf=auth.get_acsrf(ses_id),\ username=username, \ session_id=ses_id,\ psc_pattern=psc_pattern,goog_anal_script=GoogleAnalyticsInclusionScript)