def register(self, password,email): session = EVCstate(trust=True) charname = None if 'Eve-Charname' in dict(cherrypy.request.headers): charname = cherrypy.request.headers['Eve-Charname'] if charname is None: return evec_func.simple_error("No username found?") if password == "": return evec_func.simple_error("Please specify a password") if '@' not in email: return evec_func.simple_error("Please specify a semi-valid email address") db = evec_func.db_con() password = password.strip() r = User.register(db, password,email) if r is False: db.close() return evec_func.simple_error("Error: Registration error. You may already be registered or the system messed up") User.login(db, session, charname, password) emit_redirect('/users/') return """<html><head><title>Hi</title></head><body>
def login(self, username, password): session = EVCstate(trust=True) db = evec_func.db_con() res = None r = User.login(db, session, username, password) if r is not False: if 'isigb' not in session or not session['isigb']: emit_redirect('/users/index.html') res = "<html><head><title>Logged in</title></head><body>" res += "Logged in! Go to <a href=/users/index.html>user home</a>. You are getting this page because the IGB does not know how to redirect." res += "</body></html>" session['user'] = r else: res = "<html><head><title>Login failed</title></head><body>" res += "Your login failed due to a bad password or username." res += "<form method=GET action=/users/passreset.html>Send a reset email for the user " + username res += " to the email address <input type=text name=uemail> (must match email on file!)" res += "<input type=hidden name=username value=\""+username+"\"><input type=submit value=Send>" res += "</form>" res += "</body></html>" db.close() return res
def setapikeys(self, full_apikey = None, apiuserid = None, error = 0): session = EVCstate(trust=True) db = evec_func.db_con() user = User.get(session, db) if not user.valid: return t = display.template('user_setapikeys.tmpl', session) t.errormsg = "" t.full_apikey = user.full_apikey t.apiuserid = user.apiuserid if full_apikey is not None and full_apikey != "": user.full_apikey = full_apikey user.apiuserid = apiuserid session['user'] = user user.update_user(db) session.save() t.full_apikey = user.full_apikey t.apiuserid = user.apiuserid if error == 1: t.errormsg = "We couldn't access the API services with the keys below - please double check your input" return t.respond()
def view_page(self, ticker, page="index", retry = True): session = EVCstate(trust=True) db = evec_func.db_con() user = User.get(session, db) corp = None if user.valid: corp = Corp(db, user.corpid) cur = db.cursor() cur.execute("SELECT corps.corpid,contents,title,view,edit FROM corppages,corps WHERE corppages.corpid = corps.corpid AND corps.ticker = %s AND corppages.pagename = %s", [ticker,page]) r = cur.fetchone() if r: view = r[3] page_corp = Corp(db, long(r[0])) t = display.template('corpviewpage.tmpl', session) t.canedit = False print view if user.valid: if view == "corp only" and not long(r[0]) == corp.corpid and not user.ismember: return evec_func.simple_error("You are not authorized to view this page") if view == "director only" and not long(r[0]) == corp.corpid and not user.isdirector: return evec_func.simple_error("You are not authorized to view this page") t.canedit = user.isdirector and long(r[0]) == corp.corpid else: if view != "public": return evec_func.simple_error("You are not authorized to view this page.") t.pcontents = r[1] t.ptitle = r[2] t.view = r[3] t.pagename = page t.pedit = r[4] t.corp = page_corp db.close() return t.respond() else: if retry: return self.view_page(ticker, page[:-5], retry = False) db.close() return evec_func.simple_error("No such page: " + ticker + " page " + page)
def changepw(self, oldpw, newpw, newpw2): session = EVCstate(trust=True) db = evec_func.db_con() if newpw != newpw2: return evec_func.simple_error("Passwords do not match") u = User.get(session, db) u.change_pw(db, oldpw,newpw) emit_redirect('/users/') db.close()
def userlogin(self, username, password): db = evec_func.db_con() cur = db.cursor() cur.execute('SELECT userid FROM users WHERE username = %s AND password = md5(%s)', [username, User.salt(password, username)]) r = cur.fetchone() if r: return str(r[0]) else: return '-1' db.close()
def advertise(self): session = EVCstate(self, trust=True) db = evec_func.db_con() user = User.get(session, db) if not user.valid: return evec_func.simple_error("Not logged in") if not user.isdirector: return evec_func.simple_error("Not enough priveleges") ucorp = Corp(db,user.corpid) t = display.template('corpmanage.tmpl', session) t.corp = ucorp return t.respond()
def register(self): session = EVCstate(trust=True) db = evec_func.db_con() user = User.get(session, db) if user.valid is False: db.close() return evec_func.simple_error("Not logged in") if user.isdirector != 1: db.close() return evec_func.simple_error("Not director - only directors can do that") r = Corp.create(db, user.corpid, user.corporation) if r is False: db.close() return evec_func.simple_error("Corp exists") emit_redirect('/corps/') db.close()
def index(self, message=""): session = EVCstate(trust=True) db = evec_func.db_con() user = User.get(session, db) if user.valid is False: t = display.template('registerlogin.tmpl', session) if 'Eve-Charname' in dict(cherrypy.request.headers): t.charname = cherrypy.request.headers['Eve-Charname'] else: t.charname = "" else: t = display.template('usermain.tmpl', session) t.charname = user.username t.message = message t.user = user hdump = "" for name in dict(cherrypy.request.headers): hdump = hdump + name + ":" + cherrypy.request.headers[name] + "<br>" return t.respond() + hdump
def manage(self, set = 0, description = "", join_password = "", headquarters = "", ticker = ""): session = EVCstate(trust=True) db = evec_func.db_con() user = User.get(session, db) if not user.valid: return evec_func.simple_error("Not logged in") if not user.isdirector: return evec_func.simple_error("Not enough priveleges") ucorp = Corp(db,user.corpid) if set: ucorp.description = description ucorp.headquarters = headquarters ucorp.join_password = join_password ucorp.ticker = ticker ucorp.update(db) t = display.template('corpmanage.tmpl', session) t.corp = ucorp return t.respond()
def passreset(self, username, uemail): session = EVCstate(trust=True) db = evec_func.db_con() u = User.get(session, db) email = u.get_email(db, username) if email is False: r = "<html><head><title>Password reset failed</title></head><body>" r+= "Password reset failed. Please check your email address. " r += "</body></html>" db.close() return r if uemail.lower() != email.lower(): r = "<html><head><title>Email not match</title></head>" r = "<body>The email address provided does not match the one on file - process aborted.</body></html>" db.close() return r if email: newpass = str(random.randint(10000,9000000)) msg = "Subject: EVE-Central.com Password Reset\nTo: " + email + "\nFrom: EVE-Central.com <*****@*****.**>\n\nThe password for username " + username + " has been reset to " + newpass u.change_pw_name(db, username, newpass) server = smtplib.SMTP('localhost') server.sendmail("*****@*****.**", email, msg) r = "<html><head><title>Password reset</title></head><body>" r += "Password reset mail sent. Please check your inbox. Go to <a href=/users/>user home</a>" r += "</body></html>" db.close() return r
def index(self, join_password = None): session = EVCstate(trust=True) db = evec_func.db_con() user = User.get(session, db) t = display.template('corpmain.tmpl', session) ucorp = None if user.valid: ucorp = Corp(db,user.corpid) if join_password: if ucorp.join_password == join_password: user.make_member(db) session.save() t.can_create = False t.ucorp = ucorp if user.valid and (user.ismember or ucorp.join_password == ''): if user.isdirector: if not ucorp.exists: t.can_create = True t.corp = user.corporation t.corpid = user.corpid t.ismember = 1 t.user = user elif user.valid and not user.ismember: t.corp = user.corporation t.corpid = user.corpid t.user = user t.ismember = 0 else: t.corp = None t.corpid = None t.can_create = False t.user = None t.ismember = 0 cur = db.cursor() cur.execute("SELECT corpname,description,headquarters,ticker,corpid FROM corps WHERE ticker IS NOT NULL AND ticker != '' ORDER BY corpname") r = cur.fetchone() corps = [] while r: c = {} c['corpname'] = r[0] c['description'] = r[1] c['headquarters'] = r[2] c['ticker'] = r[3] corpid = r[4] ccheck = db.cursor() ccheck.execute("SELECT contents FROM corppages WHERE corpid = %s", [corpid]) rc = ccheck.fetchone() if rc[0] == "Placeholder text - this corporation has not yet provided a webpage": pass else: corps.append(c) r = cur.fetchone() t.corps = corps return t.respond()
def edit_page(self, page, delete=None, create = None, set=None, contents = "", title = "", view = "public"): session = EVCstate(trust=True) db = evec_func.db_con() user = User.get(session, db) if not user.isdirector: return corp = Corp(db, user.corpid) cur = db.cursor() if delete and page != "index": cur.execute("DELETE FROM corppages WHERE pagename = %s AND corpid = %s AND pagename != 'index'", [page, user.corpid]) db.commit() page = 'index' if create and page: found = False try: page.index('.') found = True except: pass try: page.index('/') found = True except: pass try: page.index(' ') found = True except: pass if found: return evec_func.simple_error( "Invalid page name. No ., /, spaces") cur.execute("INSERT INTO corppages (pagename, corpid, title, contents, view) VALUES (%s, %s, 'New page', 'Type stuff here', 'public')", [page, user.corpid]) db.commit() if set: cur.execute("UPDATE corppages SET contents = %s, title = %s, view = %s, edit = NOW() WHERE pagename = %s AND corpid = %s", [contents, title, view, page, user.corpid]) db.commit() cur.execute("SELECT contents,title,view,edit FROM corppages WHERE corppages.corpid = %s AND corppages.pagename = %s", [corp.corpid,page]) r = cur.fetchone() if r: t = display.template('corpeditpage.tmpl', session) t.pcontents = r[0] t.ptitle = r[1] t.view = r[2] t.pagename = page t.pedit = r[3] t.corp = corp pages = [] cur.execute("SELECT pagename FROM corppages WHERE corpid = %s", [user.corpid]) r = cur.fetchone() while r: pages.append(r[0]) r = cur.fetchone() t.pages = pages db.close() return t.respond()