'update users set fail_login_counter=0,fail_login_timestamp=0 where id=' + str(auth.user_id)) mydb.execute('select id,`default` from devices where uid=' + str(auth.user_id) + ' and name="' + jsonpost['device'] + '" and state>0') dev = mydb.fetchone() if dev is None: # Need to add new device to user mydb.execute('insert into devices set `default`=0, uid=' + str(auth.user_id) + ', name="' + jsonpost['device'] + '", state=1, created=' + timestamp_string + ', lastconnect=' + timestamp_string) auth.user_some_state = mydb_connection.insert_id() _mobile.log('New device added id:' + str(auth.user_some_state)) else: if int(dev['default']) > 0: headers.errorResponse('You can not use this device name') auth.user_some_state = int(dev['id']) if auth.user_some_state < 1: wrongCred(4) auth.credentials = auth.buildCredentials(int(auth.user_id), jsonpost['login'], jsonpost['password'], 1, auth.user_some_state) headers.jsonAPI(False) _mobile.log('Token was sent to device id:' + str(auth.user_some_state)) headers.goodResponse({ 'accepted': True, 'token': auth.credentials }, translation.getValue('registration_success'))
import inspect import os import sys currentdir = os.path.dirname(os.path.abspath( inspect.getfile(inspect.currentframe()))) sys.path.insert(0, os.path.dirname(os.path.dirname(currentdir))) from _common.api import auth from _common.api import headers from _common.api import db headers.jsonAPI() ext_links = db.getUserLinkedDevices(auth.user_id) ext_link_names = ext_links['names'] ext_link_ids = ext_links['all'] linked_devices = [] for key in ext_link_ids: obj = {'id': ext_link_ids[key], 'name': ext_link_names[ext_link_ids[key]]['device'].title(), 'user': (ext_link_names[ext_link_ids[key]]['user'] or '').title() } linked_devices.append(obj) own_devices = db.getUserOwnDevices(auth.user_id) headers.goodResponse({'login': auth.user_login, 'some_state': auth.user_some_state, 'all_devices': [{'id': 0, 'name': '@str.all_devices'}], 'own_devices': own_devices['all'], 'linked_devices': linked_devices })
src = safeGETint('src') if src < 0: headers.errorResponse('@str.permission_denied') dst = safeGETint('dst') db.sql_request('select id from devices where id=' + str(src) + ' and uid=' + str(auth.user_id) + ' and state>0 and `default`=0') row = db.mydb.fetchone() if (row is None) or ('id' not in row) or (row['id'] is None) or (int( row['id']) < 1) or (int(row['id']) != src): headers.errorResponse('@str.permission_denied') if dst > 0: db.sql_request('select id from devices where id=' + str(dst) + ' and uid!=' + str(auth.user_id) + ' and state>0') row = db.mydb.fetchone() if (row is None) or ('id' not in row) or (row['id'] is None) or (int( row['id']) < 1) or (int(row['id']) != dst): headers.errorResponse('@str.permission_denied') else: db.sql_request('update devices set sync0=' + str(sync0) + ',sync1=' + str(sync1) + ',sync2=' + str(sync2) + ',sync3=' + str(sync3) + ' where id=' + str(src)) headers.goodResponse({'saved': True}) db.sql_request('update sync_devices set sync0=' + str(sync0) + ',sync1=' + str(sync1) + ',sync2=' + str(sync2) + ',sync3=' + str(sync3) + ' where src=' + str(src) + ' and dst=' + str(dst) + ' and state>0') headers.goodResponse({'saved': True})
import inspect import os import sys currentdir = os.path.dirname( os.path.abspath(inspect.getfile(inspect.currentframe()))) sys.path.insert(0, os.path.dirname(os.path.dirname(currentdir))) from _common.api import auth from _common.api import headers from mobile_service.apiv1 import _mobile headers.jsonAPI() devid = auth.user_some_state if (auth._POST is None): # only POST accepted _mobile.elog('No posted info uid:' + auth.user_id) headers.errorResponse('Wrong information') json = auth._POST if 'need_tasks' not in json: _mobile.elog('Incorrect tasks uid:' + auth.user_id) headers.errorResponse('Nothing was sent') tasks = json['need_tasks'] if len(tasks) < 1: headers.errorResponse('No requested information was sent') obj = _mobile.getTotalIdsString(user_id=auth.user_id, devid=auth.user_some_state, cross=tasks, extendType=1) if obj is None: headers.errorResponse('SQL error') headers.goodResponse(obj)
auth.user_id) + ')' try: mydb.execute(sql) except Exception as ex: utils.log(utils.clearUserLogin(str(ex)), 'error', 'mobile') headers.errorResponse('Can not remove dest sync devices') sql = 'delete from sync_tasks where dst in (select id from devices where uid=' + str( auth.user_id) + ')' try: mydb.execute(sql) except Exception as ex: utils.log(utils.clearUserLogin(str(ex)), 'error', 'mobile') headers.errorResponse('Can not remove tasks sync links') sql = 'delete from devices where uid=' + str(auth.user_id) + '' try: mydb.execute(sql) except Exception as ex: utils.log(utils.clearUserLogin(str(ex)), 'error', 'mobile') headers.errorResponse('Can not remove devices') sql = 'delete from users where id=' + str(auth.user_id) + '' try: mydb.execute(sql) except Exception as ex: utils.log(utils.clearUserLogin(str(ex)), 'error', 'mobile') headers.errorResponse('Can not remove user account') headers.goodResponse({'status': True}, translation.getValue('remove_account_message'))
devid=auth.user_some_state, myself=False, cache=False) # except myself result = {'own': [], 'in': [], 'out': []} def_id = db.getDefaultDevice(auth.user_id) for dev in own['all']: if (dev['id'] == def_id) or (dev['id'] == auth.user_id): continue result['own'].append({'id': dev['id'], 'device': dev['name']}) for key in links['in']['all']: dev = links['in']['all'][key] result['in'].append({ 'id': dev, 'device': links['names'][dev]['device'], 'user': links['names'][dev]['user'] }) for key in links['out']['all']: dev = links['out']['all'][key] result['out'].append({ 'id': dev, 'device': links['names'][dev]['device'], 'user': links['names'][dev]['user'] }) if len(result['out']) < 1 and len(result['in']) < 1 and len(result['own']) < 1: headers.errorResponse( 'No devices available.\nInvite new devices on settings page') headers.goodResponse(result)
month=row['month'], day=row['day'], hour=row['hour'], minute=row['minute']) event['start'] = str(task_time_obj['year']) + '-' +\ str(task_time_obj['month']).rjust(2, '0') + '-' +\ str(task_time_obj['day']).rjust(2, '0') + 'T' +\ str(task_time_obj['hour']).rjust(2, '0') + ':' +\ str(task_time_obj['minute']).rjust(2, '0') +\ ':00' if (row['duration_time'] > 0): task_time_obj = date_utils.getHumanTime(timezone_offset=row['timezone'], timestamp=task_time_obj['timestamp'] +\ (row['duration_time'] * 60 * 1000)) event['end'] = str(task_time_obj['year']) + '-' +\ str(task_time_obj['month']).rjust(2, '0') + '-' +\ str(task_time_obj['day']).rjust(2, '0') + 'T' +\ str(task_time_obj['hour']).rjust(2, '0') + ':' +\ str(task_time_obj['minute']).rjust(2, '0') +\ ':00' else: task_time_obj = date_utils.getHumanTime(timezone_offset=row['timezone'], timestamp=row['done_time']) event['start'] = str(task_time_obj['year']) + '-' +\ str(task_time_obj['month']).rjust(2, '0') + '-' +\ str(task_time_obj['day']).rjust(2, '0') + 'T' +\ str(task_time_obj['hour']).rjust(2, '0') + ':' +\ str(task_time_obj['minute']).rjust(2, '0') +\ ':00' event['color'] = '#d7d7d7' json_result.append(event) headers.goodResponse({'events': json_result}, toastMessage)
# check permissions for device in all_devices: if not (device in check_list): to_remove_from.append(device) for remover in to_remove_from: all_devices.remove(remover) # TODO # tids_str = "'" + "','".join(tasks_arr) + "'" # sql_request("delete from sync_tasks where tid in ("+tids_str+") and dst in ("++")") if duplicate: sql_request_ignore_error('START TRANSACTION') for device in all_devices: for task in tasks_arr: db.duplicateTask(task, device) sql_request_ignore_error('COMMIT') headers.goodResponse({'status': True}, translation.getValue('duplicate_complete')) else: sql_request_ignore_error('START TRANSACTION') for device in all_devices: for task in tasks_arr: sql = 'insert ignore into sync_tasks (dst,tid,sender) values (' + str( device) + ',' + str(task) + ',' + str(auth.user_id) + ')' sql_request_ignore_error(sql) sql_request_ignore_error('COMMIT') headers.goodResponse({'status': True}, translation.getValue('sharing_complete'))
if usr['fail_login_counter'] is None: usr['fail_login_counter'] = 0 timestamp_int = int(time.time() * 1000) if (abs(timestamp_int - int(usr['fail_login_timestamp'])) < 60 * 1000) and (int(usr['fail_login_counter']) > 5): auth.credentials = auth.buildCredentials(0, '', '', 0, 0) headers.jsonAPI(False) time.sleep(1) headers.errorResponse('@str.wait_1_min', '@str.attention', 403) timestamp_string = str(timestamp_int) if usr['password'] != jsonpost['password'] or int(usr['state']) < 1: mydb.execute( 'update users set fail_login_counter=(fail_login_counter+1),fail_login_timestamp=' + timestamp_string + ' where id=' + str( usr['id'])) wrongCred() # auth fail auth.user_id = int(usr['id']) # before! buildCredentials call if auth.isMobile: badExit() # using this form from mobile app APIs is not permitted else: mydb.execute('update users set fail_login_counter=0,fail_login_timestamp=0,lastlogin='******' where id=' + str(auth.user_id)) auth.credentials = auth.buildCredentials( auth.user_id, usr['login'], usr['password'], jsonpost['remember'], auth.user_some_state) headers.jsonAPI(False) # New cookie always there utils.log(usr['login'] + ' Logged in', 'auth') headers.goodResponse({'accepted': True})
minute=row['minute']) timestamp = task_time_obj['timestamp'] for i in range(7): if (timestamp < days_time[i]): timers[i]['data'].insert(0, row) break elif (row['type'] == 0): if (row['utc_flag'] != 0): timestamp = row['start_time'] else: if (row['day'] == 0): bug_obj = date_utils.getHumanTime(row['timezone'], row['start_time']) row['day'] = bug_obj['day'] row['month'] = bug_obj['month'] task_time_obj = date_utils.getTimestamp( timezone_offset=row['timezone'], year=row['year'], month=row['month'], day=row['day'], hour=row['hour'], minute=row['minute']) timestamp = task_time_obj['timestamp'] for i in range(7): if (timestamp < days_time[i]): timers[i]['data'].append(row) break # row['hour']=str(row['hour']).rjust(2, '0') row['minute'] = str(row['minute']).rjust(2, '0') headers.goodResponse({'timers': timers}, toastMessage)
for row in linksOut: if row['src'] == selected: obj = { 'color': 0, 'id': row['src'], 'dst': row['dst'], 'device': linked['names'][row['dst']]['device'], 'user': linked['names'][row['dst']]['user'], 'sync0': row['sync0'], 'sync1': row['sync1'], 'sync2': row['sync2'], 'sync3': row['sync3'] } selLinks.append(obj) headers.goodResponse({'nodes': nodes, 'edges': edges, 'links': selLinks}) if (selected > 0) and not our_device_selected: selLinks = [] for row in linksIn: if row['dst'] == selected: if row['src'] in own['names']: obj = { 'id': row['src'], 'color': 2, 'dst': row['dst'], 'device': own['names'][row['src']], 'sync0': row['sync0'], 'sync1': row['sync1'], 'sync2': row['sync2'], 'sync3': row['sync3']
headers.errorResponse('You already have full access to your own devices') sql_request('select id, state, invite from sync_devices where src=' + str(my_device) + ' and dst=' + str(another_device)) link_id = 0 link_state = 0 link_invite = '' rows = mydb.fetchall() for row in rows: link_id = int(row['id']) link_state = int(row['state']) link_invite = row['invite'] if link_state > 0: headers.errorResponse('You already can send information to this device') if link_id > 0: if len(link_invite) > 3: headers.goodResponse({'invite': link_invite.upper()}) link_invite = utils.rand_string(5) sql_request('update sync_devices set state=0,invite="' + link_invite + '" where id=' + str(link_id)) else: link_invite = utils.rand_string(5) sql_request( 'insert into sync_devices (src,dst,state,invite,created) values (' + str(my_device) + ',' + str(another_device) + ',0,"' + link_invite + '",' + str(int(time.time() * 1000)) + ')') headers.goodResponse({'invite': link_invite.upper()}, '\n' + link_invite.upper() + '\n')
{ 'state': 40, "id": "canceled", 'pname': '@str.canceled', 'items': [] } ] items_20 = panels[0]['items'] items_30 = panels[1]['items'] items_40 = panels[2]['items'] sql_filter = db.buildSqlPermissionfilter(auth.user_id, devid, True) sql = 'select * from tasks t where t.type=2 and ' + sql_filter + ' order by t.state, t.priority desc,t.created desc limit 600' db.sql_request(sql) rows = mydb.fetchall() json_result = [] toastMessage=None if (rows is None) or len(rows) < 1: toastMessage='@str.no_notes' for row in rows: obj = {'id': row['id'], 'title': row['title'], 'desc': row['desc'], 'priority': row['priority']} if row['state'] == 20: items_20.append(obj) elif row['state'] == 30: items_30.append(obj) elif row['state'] == 40: items_40.append(obj) headers.goodResponse({'panels': panels},toastMessage)
if len(your_arr) < 1 and len(out_arr) < 1 and len(in_arr) < 1: headers.errorResponse( "You can not remove current and default devices.\nBut you can erase your account from server") if len(out_arr) > 0: req_filter = ",".join(list(out_arr)) sql_request( "delete from sync_devices where src=" + str(auth.user_some_state) + " and dst in (" + req_filter + ")") sql_request("""delete sync_tasks from sync_tasks inner join tasks as t on t.id=sync_tasks.tid and t.devid=""" + str(auth.user_some_state) + """ where sync_tasks.dst in (""" + req_filter + ")") if len(in_arr) > 0: req_filter = ",".join(list(in_arr)) sql_request( "delete from sync_devices where dst=" + str(auth.user_some_state) + " and src in (" + req_filter + ")") sql_request("""delete sync_tasks from sync_tasks inner join tasks as t on t.id=sync_tasks.tid and t.devid in (""" + req_filter + """) where sync_tasks.dst in (""" + str(auth.user_some_state) + ")") if len(your_arr) > 0: req_filter = ",".join(list(your_arr)) sql_request( "update tasks set devid=" + str( auth.user_some_state) + " where devid in (" + req_filter + ") and devid in (select id from devices where uid=" + str( auth.user_id) + ")") sql_request( "delete from devices where id in (" + req_filter + ") and uid=" + str(auth.user_id)) headers.goodResponse({'status': True}, translation.getValue('device_link_removed'))
# After updating we check db values and CRC32, # if they are different - need to check obj = _mobile.getTotalIdsString(user_id=auth.user_id, devid=auth.user_some_state, extendType=2) if obj is None: headers.errorResponse('SQL error') if (mobile_time != obj['time'] or (mobile_serial != obj['serial']) or (mobile_count != obj['count']) or (mobile_crc32 != utils.crc32(obj['info']['ids']))): headers.goodResponse({ 'saved': { 'state': True, 'ids': ','.join(saved_ids), 'broken': ','.join(broken_ids), 'remove': ','.join(remove_ids), }, 'diff': { 'state': True, 'info': obj['info'] } }) else: headers.goodResponse( { 'saved': { 'state': True, 'ids': ','.join(saved_ids), 'broken': ','.join(broken_ids), 'remove': ','.join(remove_ids), }, 'diff': {
currentdir = os.path.dirname( os.path.abspath(inspect.getfile(inspect.currentframe()))) sys.path.insert(0, os.path.dirname(os.path.dirname(currentdir))) from _common.api._settings import mydb from _common.api import auth from _common.api import headers from _common.api import utils from _common.api import translation from mobile_service.apiv1._mobile import sql_request headers.jsonAPI() jsonpost = auth._POST if (jsonpost is None) or ('invite' not in jsonpost): headers.errorResponse('Bad request') invite = utils.clearStringHard(str(jsonpost['invite']))[:7].lower() if len(invite) < 3: headers.errorResponse('Too short invite') sql_request('select id from sync_devices where (dst=' + str(auth.user_some_state) + ') and invite="' + invite + '"') row = mydb.fetchone() id = 0 if row is None: headers.errorResponse('Not found') id = int(row['id']) if id < 1: headers.errorResponse('Not found') sql_request('update sync_devices set invite="", state=1 where id=' + str(id)) headers.goodResponse({'state': True}, translation.getValue('confirm_invite'))