def userAdmin(request, userId2): WEB_FILES, LIVE_SITE, totalNumberOfGames, sendBackUrl, startOffset, \ user, userId, message, topHits, topRated = initialVars(request) #log(request, 'USERADMINPAGE', 'just landed', sendBackUrl) # need to convert to strings otherwise methods are unhappy. # (should look into why this is.... TODO) userId = str(userId) userId2 = str(userId2) # set sendBackUrl to their userPage if they logout sendBackUrl = "/user/" + userId # This will see if the user who's page is queried exists. try: userAdmin = User.objects.get(id__exact=userId) except ObjectDoesNotExist: request.session['message'] = "Something is amiss with your session.\ Please log in again!" return HttpResponseRedirect('/') if user == None: request.session['message'] = "Something is amiss with your session.\ Please log in again." return HttpResponseRedirect('/') elif user != userAdmin: request.session['message'] = "You aren't allowed on that page!" return HttpResponseRedirect('/') elif int(userId) != int(userId2): # just another paranoid check request.session['message'] = "You aren't allowed on that page!" return HttpResponseRedirect('/') if request.method == 'GET': # forms to change password and description try: userDescription = UserProfile.objects.get(user=user) except ObjectDoesNotExist: userDescription = None passwordForm = ChangePassword(initial={'username': user.username}) descriptionForm = UserDescription(initial={ 'userId': userId, 'description': userDescription }) elif request.method == 'POST': whichform = request.POST.get('descriptionName', '') if whichform: # Form is description form descriptionForm = UserDescription(request.POST) if descriptionForm.is_valid(): userFromProfile = descriptionForm.cleaned_data['userId'] description = descriptionForm.cleaned_data['description'] try: userDescription = UserProfile.objects.get(user=user) except ObjectDoesNotExist: userDescription = None if userDescription == None: userDescription = UserProfile(user=user, description=description) else: userDescription.description = description userDescription.save() #log(request, 'USERADMINPAGE', 'modified description', sendBackUrl) message = "The description has been changed. Perhaps to something\ more meaningful. Perhaps to less. Tough to say." else: # need to reload to User Admin Page with all variables message = "Dude, something went wrong. Why you trying to hack our\ system?" #log(request, 'USERADMINPAGEERROR', 'failed to modify description', sendBackUrl) # passwordForm = ChangePassword(initial={'username': user.username}) # return render_to_response('useradmin.html' , locals()) passwordForm = ChangePassword(initial={'username': user.username}) return render_to_response('useradmin.html', locals()) else: # Password form is submitted, POST # First reinitialize the description form. try: userDescription = UserProfile.objects.get(user=user) except ObjectDoesNotExist: userDescription = None descriptionForm = UserDescription(initial={ 'userId': userId, 'description': userDescription }) passwordForm = ChangePassword(request.POST) if passwordForm.is_valid(): username = passwordForm.cleaned_data['username'] passwordOld = passwordForm.cleaned_data['passwordOld'] passwordNew1 = passwordForm.cleaned_data['passwordNew1'] passwordNew2 = passwordForm.cleaned_data['passwordNew2'] else: # need to reload to User Admin Page with all variables #log(request, 'USERADMINPAGEERROR', 'Password Form not valid', sendBackUrl) return render_to_response('useradmin.html', locals()) if passwordNew1 != passwordNew2: #log(request, 'USERADMINPAGEERROR', 'Passwords do not match', sendBackUrl) message = "Passwords do not match!" return render_to_response('useradmin.html', locals()) try: #Check username from hidden field against user.username from session if user.username != username: message = "User Names don't match. Something Funny's going on." return render_to_response('useradmin.html', locals()) # get user again based upon username just to be sure. u = User.objects.get(username__exact=username) if u: verifyOldPassword = u.check_password(passwordOld) if verifyOldPassword: u.set_password(passwordNew1) u.save() #log(request, 'USERADMINPAGE', 'Successfully Changed passwords', sendBackUrl) else: message = "Old Password did not match!" #log(request, 'USERADMINPAGEERROR', 'Old Password did not match', sendBackUrl) return render_to_response('useradmin.html', locals()) request.session[ 'message'] = "Password has been changed. Now go do something productive!" return HttpResponseRedirect("/useradmin/" + userId) #return render_to_response('useradmin.html' , locals()) else: # No user id?! Just return the user to the home page. return HttpResponseRedirect('/') except: # TODO log that there was an invalid POST #log(request, 'USERADMINPAGEERROR', 'invalid form POST', sendBackUrl) return HttpResponseRedirect('/') return render_to_response('useradmin.html', locals())
def userAdmin(request, userId2): WEB_FILES, LIVE_SITE, totalNumberOfGames, sendBackUrl, startOffset, \ user, userId, message, topHits, topRated = initialVars(request) #log(request, 'USERADMINPAGE', 'just landed', sendBackUrl) # need to convert to strings otherwise methods are unhappy. # (should look into why this is.... TODO) userId = str(userId) userId2 = str(userId2) # set sendBackUrl to their userPage if they logout sendBackUrl = "/user/" + userId # This will see if the user who's page is queried exists. try: userAdmin = User.objects.get(id__exact=userId) except ObjectDoesNotExist: request.session['message'] = "Something is amiss with your session.\ Please log in again!" return HttpResponseRedirect('/') if user == None: request.session['message'] = "Something is amiss with your session.\ Please log in again." return HttpResponseRedirect('/') elif user != userAdmin: request.session['message'] = "You aren't allowed on that page!" return HttpResponseRedirect('/') elif int(userId) != int(userId2): # just another paranoid check request.session['message'] = "You aren't allowed on that page!" return HttpResponseRedirect('/') if request.method == 'GET': # forms to change password and description try: userDescription = UserProfile.objects.get(user=user) except ObjectDoesNotExist: userDescription = None passwordForm = ChangePassword(initial={'username': user.username}) descriptionForm = UserDescription(initial={ 'userId': userId, 'description': userDescription }) elif request.method == 'POST': whichform = request.POST.get('descriptionName', '') if whichform: # Form is description form descriptionForm = UserDescription(request.POST) if descriptionForm.is_valid(): userFromProfile = descriptionForm.cleaned_data['userId'] description = descriptionForm.cleaned_data['description'] try: userDescription = UserProfile.objects.get(user=user) except ObjectDoesNotExist: userDescription = None if userDescription == None: userDescription = UserProfile(user=user, description=description) else: userDescription.description = description userDescription.save() #log(request, 'USERADMINPAGE', 'modified description', sendBackUrl) message = "The description has been changed. Perhaps to something\ more meaningful. Perhaps to less. Tough to say." else: # need to reload to User Admin Page with all variables message = "Dude, something went wrong. Why you trying to hack our\ system?" #log(request, 'USERADMINPAGEERROR', 'failed to modify description', sendBackUrl) # passwordForm = ChangePassword(initial={'username': user.username}) # return render_to_response('useradmin.html' , locals()) passwordForm = ChangePassword(initial={'username': user.username}) return render_to_response('useradmin.html' , locals()) else: # Password form is submitted, POST # First reinitialize the description form. try: userDescription = UserProfile.objects.get(user=user) except ObjectDoesNotExist: userDescription = None descriptionForm = UserDescription(initial={ 'userId': userId, 'description': userDescription }) passwordForm = ChangePassword(request.POST) if passwordForm.is_valid(): username = passwordForm.cleaned_data['username'] passwordOld = passwordForm.cleaned_data['passwordOld'] passwordNew1 = passwordForm.cleaned_data['passwordNew1'] passwordNew2 = passwordForm.cleaned_data['passwordNew2'] else: # need to reload to User Admin Page with all variables #log(request, 'USERADMINPAGEERROR', 'Password Form not valid', sendBackUrl) return render_to_response('useradmin.html' , locals()) if passwordNew1 != passwordNew2: #log(request, 'USERADMINPAGEERROR', 'Passwords do not match', sendBackUrl) message = "Passwords do not match!" return render_to_response('useradmin.html' , locals()) try: #Check username from hidden field against user.username from session if user.username != username: message = "User Names don't match. Something Funny's going on." return render_to_response('useradmin.html' , locals()) # get user again based upon username just to be sure. u = User.objects.get(username__exact=username) if u: verifyOldPassword = u.check_password(passwordOld) if verifyOldPassword: u.set_password(passwordNew1) u.save() #log(request, 'USERADMINPAGE', 'Successfully Changed passwords', sendBackUrl) else: message = "Old Password did not match!" #log(request, 'USERADMINPAGEERROR', 'Old Password did not match', sendBackUrl) return render_to_response('useradmin.html' , locals()) request.session['message'] = "Password has been changed. Now go do something productive!" return HttpResponseRedirect("/useradmin/" + userId) #return render_to_response('useradmin.html' , locals()) else: # No user id?! Just return the user to the home page. return HttpResponseRedirect('/') except: # TODO log that there was an invalid POST #log(request, 'USERADMINPAGEERROR', 'invalid form POST', sendBackUrl) return HttpResponseRedirect('/') return render_to_response('useradmin.html', locals())