コード例 #1
0
ファイル: web.py プロジェクト: jbzhang99/tornado-push
    def post(self, *args, **kwargs):
        secret_key = self.get_argument('secret_key', None)
        username = self.get_argument('username', None)
        mod = self.get_argument('mod', 0)
        db = Database()

        if db.is_banned(username):
            response = {'status': 'ok', 'token': 'banned'}
            self.write(json.dumps(response))
        else:
            if secret_key == SECRET_KEY:
                token = hashlib.md5(str(time.time()) + username).hexdigest()

                db.set_token(username, token, int(mod))

                response = {'status': 'ok', 'token': token}
                self.write(json.dumps(response))

            else:
                response = {'status': 'error', 'token': None}
                self.write(json.dumps(response))
コード例 #2
0
    def post(self, *args, **kwargs):
        secret_key = self.get_argument('secret_key', None)
        username = self.get_argument('username', None)
        mod = self.get_argument('mod', 0)
        db = Database()

        if db.is_banned(username):
            response = {'status': 'ok', 'token': 'banned'}
            self.write(json.dumps(response))
        else:
            if secret_key == SECRET_KEY:
                token = hashlib.md5(str(time.time()) + username).hexdigest()

                db.set_token(username, token, int(mod))

                response = {'status': 'ok', 'token': token}
                self.write(json.dumps(response))

            else:
                response = {'status': 'error', 'token': None}
                self.write(json.dumps(response))
コード例 #3
0
ファイル: web.py プロジェクト: jbzhang99/tornado-push
    def post(self, *args, **kwargs):
        value = self.get_argument('val', None)
        action = self.get_argument('action', None)
        csrf_token = self.get_argument('csrf_token', None)

        # Sanitize Input
        if value is not None:
            restricted_words = ['<script>', '<p>', '</p>']
            for x in restricted_words:
                value = value.replace(x, '')

        if value == '':
            value = None

        if value is not None and action is not None and csrf_token is not None:
            db = Database()
            user, mod = db.get_username(csrf_token)

            if user is not None and not db.is_banned(user):
                # Add message
                if action == 'add':
                    line_id, date = db.save_message(user, value)
                    response = {'user': user, 'action': action, 'val': value, 'line': line_id,
                                'online': len(SOCKETS)}
                    data = json.dumps(response)

                    for socket in SOCKETS:
                        socket.write_message(data)
                    self.write('Added')


                # Add private message
                if action == 'pvt_msg':
                    username = self.get_argument('username', None)
                    line_id, date = db.save_pvt_message(user, username, value)
                    response = {'user': user, 'action': action, 'val': value, 'username': username, 'line': line_id,
                                'online': len(SOCKETS)}
                    data = json.dumps(response)
                    for socket in SOCKETS:
                        socket.write_message(data)
                    self.write('Added')

                #Remove message
                if action == 'remove':
                    response = {'user': user, 'action': action, 'val': value, 'online': len(SOCKETS)}
                    data = json.dumps(response)
                    if int(mod) == 1:
                        db.remove_message(value)
                        for socket in SOCKETS:
                            socket.write_message(data)
                        self.write('Remove command issued')
                    else:
                        self.write('Permission denied')

                # Remove all messages
                if action == 'remove_all':
                    response = {'user': user, 'action': action, 'val': value, 'online': len(SOCKETS)}
                    data = json.dumps(response)
                    if int(mod) == 1:
                        db.remove_all_messages(value)
                        for socket in SOCKETS:
                            socket.write_message(data)
                        self.write('Removed all messages')
                    else:
                        self.write('Permission denied')

                # Ban user
                if action == 'ban':
                    response = {'user': user, 'action': action, 'val': value, 'online': len(SOCKETS)}
                    data = json.dumps(response)
                    if int(mod) == 1:
                        db.ban_user(value)
                        for socket in SOCKETS:
                            socket.write_message(data)
                        self.write('Removed all messages')
                    else:
                        self.write('Permission denied')


            else:
                self.write('Invalid Value')
        else:
            self.write('No user found')
コード例 #4
0
    def post(self, *args, **kwargs):
        value = self.get_argument('val', None)
        action = self.get_argument('action', None)
        csrf_token = self.get_argument('csrf_token', None)

        # Sanitize Input
        if value is not None:
            restricted_words = ['<script>', '<p>', '</p>']
            for x in restricted_words:
                value = value.replace(x, '')

        if value == '':
            value = None

        if value is not None and action is not None and csrf_token is not None:
            db = Database()
            user, mod = db.get_username(csrf_token)
            if user is not None and not db.is_banned(user):
                # Add message
                if action == 'add':
                    line_id, date = db.save_message(user, value)
                    response = {'user': user, 'action': action, 'val': value, 'line': line_id,
                                'online': len(SOCKETS)}
                    data = json.dumps(response)

                    for socket in SOCKETS:
                        socket.write_message(data)
                    self.write('Added')


                # Add private message
                if action == 'pvt_msg':
                    username = self.get_argument('username', None)
                    line_id, date = db.save_pvt_message(user, username, value)
                    response = {'user': user, 'action': action, 'val': value, 'username': username, 'line': line_id,
                                'online': len(SOCKETS)}
                    data = json.dumps(response)
                    for socket in SOCKETS:
                        socket.write_message(data)
                    self.write('Added')

                #Remove message
                if action == 'remove':
                    response = {'user': user, 'action': action, 'val': value, 'online': len(SOCKETS)}
                    data = json.dumps(response)
                    if int(mod) == 1:
                        db.remove_message(value)
                        for socket in SOCKETS:
                            socket.write_message(data)
                        self.write('Remove command issued')
                    else:
                        self.write('Permission denied')

                # Remove all messages
                if action == 'remove_all':
                    response = {'user': user, 'action': action, 'val': value, 'online': len(SOCKETS)}
                    data = json.dumps(response)
                    if int(mod) == 1:
                        db.remove_all_messages(value)
                        for socket in SOCKETS:
                            socket.write_message(data)
                        self.write('Removed all messages')
                    else:
                        self.write('Permission denied')

                # Ban user
                if action == 'ban':
                    response = {'user': user, 'action': action, 'val': value, 'online': len(SOCKETS)}
                    data = json.dumps(response)
                    if int(mod) == 1:
                        db.ban_user(value)
                        for socket in SOCKETS:
                            socket.write_message(data)
                        self.write('Removed all messages')
                    else:
                        self.write('Permission denied')


            else:
                self.write('Invalid Value')
        else:
            self.write('No user found')