def all_posts(page=1): sess = Session() if not sess['agree']: if env.request.args('agree'): sess['agree'] = True sess.save() else: return all_posts_warning() try: page = int(page) except (TypeError, ValueError): page = 1 if not page: page = 1 offset = (page - 1) * settings.page_limit plist = posts.select_posts(private=False, author_private=False, blacklist=True, limit=settings.page_limit + 1, offset=offset) return render('/all_posts.html', section='all', posts=plist, page=page)
def authenticate(self, login=None, password=None): if login is not None: res = db.fetchone("SELECT id, login FROM users.logins " "WHERE lower(login)=%s AND password=%s;", [login.lower(), self._passhash(password)]) if not res: self.id = None self.login = None raise NotAuthorized self.id = res['id'] self.login = res['login'] self._get_avatar() elif not self.id: raise NotAuthorized sess = Session() sess['id'] = self.id sess['login'] = self.login sess.save() add_session(self, sess.sessid) return sess.sessid
def add_post(): text = env.request.args('text', '').strip() tags = env.request.args('tags', '').strip(' \t*,;') if isinstance(tags, str): tags = tags.decode('utf-8') tags = [t.replace(u"\xa0", " ") for t in re.split(r'\s*[,;*]\s*', tags)] private = bool(env.request.args('private')) m = re.search(r'^\s*(?P<to>(?:@[a-zA-Z0-9_-]+[,\s]*)+)', text) to = parse_logins(m.group('to')) if m else [] files = _files([]) sess = Session() sess['clear_post_input'] = True sess.save() try: id = posts.add_post(text, tags=tags, to=to, private=private, files=files) except PostTextError: return render('/post-error.html') log.info('add_post: #%s %s %s' % (id, env.user.login, env.request.remote_host)) return Response(redirect='%s://%s.%s/%s' % \ (env.request.protocol, env.user.login, settings.domain, id))
def add_post(): text = env.request.args('text', '').strip() tags = env.request.args('tags', '').strip(' \t*,;') if isinstance(tags, str): tags = tags.decode('utf-8') tags = [t.replace(u"\xa0", " ") for t in re.split(r'\s*[,;*]\s*', tags)] private = bool(env.request.args('private')) m = re.search(r'^\s*(?P<to>(?:@[a-z0-9_-]+[,\s]*)+)', text) to = parse_logins(m.group('to')) if m else [] files = _files([]) sess = Session() sess['clear_post_input'] = True sess.save() try: id = posts.add_post(text, tags=tags, to=to, private=private, files=files) except PostTextError: return render('/post-error.html') return Response(redirect='%s://%s.%s/%s' % \ (env.request.protocol, env.user.login, settings.domain, id))
def show_post(id): post = posts.show_post(id) if env.request.method == 'POST': return add_comment(post.id) if not env.owner or env.owner.id != post.author.id: return Response(redirect='%s://%s.%s/%s' % \ (env.request.protocol, post.author.login.lower(), settings.domain, id)) comments = post.comments(cuser=env.user) if env.user.is_authorized(): posts.clear_unread_posts(id) if comments: posts.clear_unread_comments(id) errors = [] if env.request.args('expired'): errors.append('expired') if env.request.args('commented'): errors.append('commented') sess = Session() tree = env.request.args('tree') if tree: if tree.lower() in ('0', 'false', 'f'): tree = False else: tree = True sess['ctree'] = tree sess.save() elif sess['ctree'] is not None: tree = sess['ctree'] else: env.user.get_profile('tree') comments_count = len(comments) if tree: cout = {} for c in comments: cout[c.id] = c if c.to_comment_id and c.to_comment_id in cout: cout[c.to_comment_id].comments.append(c) else: c.to_comment_id = None comments = filter(lambda c: not c.to_comment_id, cout.itervalues()) section = 'messages' if post.private else '' return render('/post.html', post=post, comments=comments, comments_count=comments_count, tree=tree, errors=errors, section=section)
def ulogin(): if env.user.id: raise AlreadyAuthorized sess = Session() if env.request.method == "POST": url = "http://ulogin.ru/token.php?token=%s&host=%s" % (env.request.args("token"), settings.domain) try: resp = urllib2.urlopen(url) data = dict.fromkeys(ULOGIN_FIELDS) data.update(json.loads(resp.read())) resp.close() except urllib2.URLError: return render("/auth/login.html", fields=ULOGIN_FIELDS, errors=["ulogin-fail"]) try: env.user.authenticate_ulogin(data["network"], data["uid"]) if env.user.id: return Response(redirect=referer()) except NotAuthorized: pass login = data["nickname"].strip(u" -+.") if login: login = re.sub(r"[\._\-\+]+", "-", login) info = { "login": login, "network": data["network"], "uid": data["uid"], "name": ("%s %s" % (data["first_name"], data["last_name"])).strip(), "email": data["email"], "avatar": data["photo_big"], "birthdate": data["bdate"], "gender": True if data["sex"] == "2" else False if data["sex"] == "1" else None, "location": "%s, %s" % (data["city"], data["country"]) if data["city"] and data["country"] else data["city"] or data["country"], "_nickname": data["nickname"], "_name": ("%s %s" % (data["first_name"], data["last_name"])).strip(), "_profile": data["profile"], } sess["reg_info"] = info sess.save() else: info = sess["reg_info"] if not info or not "network" in info or not "uid" in info: return Response(redirect="%s://%s/register" % (env.request.protocol, settings.domain)) info["birthdate"] = parse_date(info["birthdate"]) or datetime.now() - timedelta(days=365 * 16 + 4) return render("/auth/register_ulogin.html", info=info)
def show_post(id): post = posts.show_post(id) if env.request.method == 'POST': return add_comment(post.id) if not env.owner or env.owner.id != post.author.id: return Response(redirect='%s://%s.%s/%s' % \ (env.request.protocol, post.author.login.lower(), settings.domain, id)) comments = post.comments(cuser=env.user) if env.user.is_authorized(): posts.clear_unread_posts(id) if comments: posts.clear_unread_comments(id) errors = [] if env.request.args('expired'): errors.append('expired') if env.request.args('commented'): errors.append('commented') sess = Session() tree = env.request.args('tree') if tree: if tree.lower() in ('0', 'false', 'f'): tree = False else: tree = True sess['ctree'] = tree sess.save() elif sess['ctree'] is not None: tree = sess['ctree'] else: env.user.get_profile('tree') comments_count = len(comments) if tree: cout = {} for c in comments: cout[c.id] = c if c.to_comment_id and c.to_comment_id in cout: cout[c.to_comment_id].comments.append(c) else: c.to_comment_id = None comments = filter(lambda c: not c.to_comment_id, cout.itervalues()) section = 'messages' if post.private else '' return render('/post.html', post=post, comments=comments, comments_count=comments_count, tree=tree, errors=errors, section=section)
def all_posts(page=1): sess = Session() if not sess['agree']: if env.request.args('agree'): sess['agree'] = True sess.save() else: return all_posts_warning() try: page = int(page) except (TypeError, ValueError): page = 1 if not page: page = 1 offset = (page - 1) * settings.page_limit plist = posts.select_posts(private=False, author_private=False, blacklist=True, limit=settings.page_limit+1, offset=offset) return render('/all_posts.html', section='all', posts=plist, page=page)
def register_post(): if env.user.id: raise AlreadyAuthorized sess = Session() info = sess["reg_info"] or {} try: del info["network"] del info["uid"] except (KeyError, TypeError): pass sess["reg_info"] = info sess.save() try: network = info["network"] if "network" in info else None uid = info["uid"] if "uid" in info else None except TypeError: network = None uid = None errors = [] for p in ["login", "name", "email", "birthdate", "location", "about", "homepage"]: info[p] = env.request.args(p, "").decode("utf-8") info["gender"] = _gender(env.request.args("gender")) login = env.request.args("login", "").strip() if login and validate_nickname(login): try: u = User("login", login) if u.id: errors.append("login-in-use") except UserNotFound: pass elif login: errors.append("login-invalid") else: errors.append("login-empty") password = env.request.args("password") if not (network and uid): if not password: errors.append("password") info["birthdate"] = parse_date(info["birthdate"]) if not network and not errors: try: resp = recaptcha2.verify( env.request.args("g-recaptcha-request", ""), settings.recaptcha_private_key, env.request.remote_host ) if not resp.is_valid: errors.append("captcha") except urllib2.URLError: errors.append("recaptcha-fail") except AddressNotFound: return Response(redirect="%s://%s/remember?fail=1" % (env.request.protocol, settings.domain)) if errors: if network and uid: tmpl = "/auth/register_ulogin.html" else: tmpl = "/auth/register.html" return Response(template=tmpl, fields=ULOGIN_FIELDS, info=info, errors=errors) users.register(login) for p in ["name", "email", "birthdate", "gender", "location", "about", "homepage"]: env.user.set_info(p, info[p]) if password: env.user.set_password(password) if network and uid: _nickname = info["_nickname"] if "_nickname" in info else None _name = info["_name"] if "_name" in info else None _profile = info["_profile"] if "_profile" in info else None try: env.user.bind_ulogin(network, uid, _nickname, _name, _profile) except UserExists: raise Forbidden if env.request.args("avatar"): ext = env.request.args("avatar", "").split(".").pop().lower() if ext not in ["jpg", "gif", "png"]: errors.append("filetype") else: filename = ("%s.%s" % (env.user.login, ext)).lower() make_avatar(env.request.files("avatar"), filename) env.user.set_info("avatar", "%s?r=%d" % (filename, randint(1000, 9999))) elif "avatar" in info and info["avatar"]: filename = ("%s.%s" % (env.user.login, "jpg")).lower() make_avatar(info["avatar"], filename) env.user.set_info("avatar", "%s?r=%d" % (filename, randint(1000, 9999))) env.user.save() env.user.authenticate() return Response(redirect=get_referer())
def register(): #raise Forbidden if env.user.id: raise AlreadyAuthorized sess = Session() info = sess['reg_info'] or {} print 'INFO', info if env.request.method == 'GET': try: del info['network'] del info['uid'] except (KeyError, TypeError): pass sess['reg_info'] = info sess.save() try: info['birthdate'] = parse_date(info['birthdate']) \ or datetime.now() - timedelta(days=365*16+4) except (KeyError, TypeError): info['birthdate'] = None return render('/auth/register.html', fields=ULOGIN_FIELDS, info=info) try: network = info['network'] if 'network' in info else None uid = info['uid'] if 'uid' in info else None except TypeError: network = None uid = None errors = [] for p in ['login', 'name', 'email', 'birthdate', 'location', 'about', 'homepage']: info[p] = env.request.args(p, '').decode('utf-8') info['gender'] = _gender(env.request.args('gender')) login = env.request.args('login', '').strip() if login and validate_nickname(login): try: u = User('login', login) if u.id: errors.append('login-in-use') except UserNotFound: pass elif login: errors.append('login-invalid') else: errors.append('login-empty') password = env.request.args('password') confirm = env.request.args('confirm') if not (network and uid): if not password: errors.append('password') elif password != confirm: errors.append('confirm') info['birthdate'] = parse_date(info['birthdate']) \ or datetime.now() - timedelta(days=365*16+4) if not network and not errors: try: text = env.request.args('recaptcha_response_field') challenge = env.request.args('recaptcha_challenge_field') resp = captcha.submit(challenge, text, settings.recaptcha_private_key, env.request.remote_host) if not resp.is_valid: errors.append('captcha') except urllib2.URLError: errors.append('recaptcha-fail') except AddressNotFound: return Response(redirect='%s://%s/remember?fail=1' % \ (env.request.protocol, settings.domain)) if errors: if network and uid: tmpl = '/auth/register_ulogin.html' else: tmpl = '/auth/register.html' return render(tmpl, fields=ULOGIN_FIELDS, info=info, errors=errors) users.register(login) for p in ['name', 'email', 'birthdate', 'gender', 'location', 'about', 'homepage']: env.user.set_info(p, info[p]) if password: env.user.set_password(password) if network and uid: _nickname = info['_nickname'] if '_nickname' in info else None _name = info['_name'] if '_name' in info else None _profile = info['_profile'] if '_profile' in info else None try: env.user.bind_ulogin(network, uid, _nickname, _name, _profile) except UserExists: raise Forbidden if env.request.args('avatar'): ext = env.request.args('avatar', '').split('.').pop().lower() if ext not in ['jpg', 'gif', 'png']: errors.append('filetype') else: filename = ('%s.%s' % (env.user.login, ext)).lower() make_avatar(env.request.files('avatar'), filename) env.user.set_info('avatar', '%s?r=%d' % (filename, randint(1000, 9999))) elif 'avatar' in info and info['avatar']: filename = ('%s.%s' % (env.user.login, 'jpg')).lower() make_avatar(info['avatar'], filename) env.user.set_info('avatar', '%s?r=%d' % (filename, randint(1000, 9999))) env.user.save() env.user.authenticate() return Response(redirect=get_referer())
def set_sessions_param(user, param, value): sessions = user_sessions(user) for sessid in sessions: sess = Session(sessid) sess[param] = value sess.save()
def register(): #raise Forbidden if env.user.id: raise AlreadyAuthorized sess = Session() info = sess['reg_info'] or {} print 'INFO', info if env.request.method == 'GET': try: del info['network'] del info['uid'] except (KeyError, TypeError): pass sess['reg_info'] = info sess.save() try: info['birthdate'] = parse_date(info['birthdate']) \ or datetime.now() - timedelta(days=365*16+4) except (KeyError, TypeError): info['birthdate'] = None return render('/auth/register.html', fields=ULOGIN_FIELDS, info=info) try: network = info['network'] if 'network' in info else None uid = info['uid'] if 'uid' in info else None except TypeError: network = None uid = None errors = [] for p in [ 'login', 'name', 'email', 'birthdate', 'location', 'about', 'homepage' ]: info[p] = env.request.args(p, '').decode('utf-8') info['gender'] = _gender(env.request.args('gender')) login = env.request.args('login', '').strip() if login and validate_nickname(login): try: u = User('login', login) if u.id: errors.append('login-in-use') except UserNotFound: pass elif login: errors.append('login-invalid') else: errors.append('login-empty') password = env.request.args('password') confirm = env.request.args('confirm') if not (network and uid): if not password: errors.append('password') elif password != confirm: errors.append('confirm') info['birthdate'] = parse_date(info['birthdate']) \ or datetime.now() - timedelta(days=365*16+4) if not network and not errors: try: text = env.request.args('recaptcha_response_field') challenge = env.request.args('recaptcha_challenge_field') resp = captcha.submit(challenge, text, settings.recaptcha_private_key, env.request.remote_host) if not resp.is_valid: errors.append('captcha') except urllib2.URLError: errors.append('recaptcha-fail') except AddressNotFound: return Response(redirect='%s://%s/remember?fail=1' % \ (env.request.protocol, settings.domain)) if errors: if network and uid: tmpl = '/auth/register_ulogin.html' else: tmpl = '/auth/register.html' return render(tmpl, fields=ULOGIN_FIELDS, info=info, errors=errors) users.register(login) for p in [ 'name', 'email', 'birthdate', 'gender', 'location', 'about', 'homepage' ]: env.user.set_info(p, info[p]) if password: env.user.set_password(password) if network and uid: _nickname = info['_nickname'] if '_nickname' in info else None _name = info['_name'] if '_name' in info else None _profile = info['_profile'] if '_profile' in info else None try: env.user.bind_ulogin(network, uid, _nickname, _name, _profile) except UserExists: raise Forbidden if env.request.args('avatar'): ext = env.request.args('avatar', '').split('.').pop().lower() if ext not in ['jpg', 'gif', 'png']: errors.append('filetype') else: filename = ('%s.%s' % (env.user.login, ext)).lower() make_avatar(env.request.files('avatar'), filename) env.user.set_info('avatar', '%s?r=%d' % (filename, randint(1000, 9999))) elif 'avatar' in info and info['avatar']: filename = ('%s.%s' % (env.user.login, 'jpg')).lower() make_avatar(info['avatar'], filename) env.user.set_info('avatar', '%s?r=%d' % (filename, randint(1000, 9999))) env.user.save() env.user.authenticate() return Response(redirect=get_referer())
def show_post(id, page=None): post = posts.show_post(id) if env.request.method == 'POST': return add_comment(post.id) if not env.owner or env.owner.id != post.author.id: return Response(redirect='%s://%s.%s/%s' % \ (env.request.protocol, post.author.login.lower(), settings.domain, id)) errors = [] if env.request.args('expired'): errors.append('expired') if env.request.args('commented'): errors.append('commented') sess = Session() tree = env.request.args('tree') if tree: if tree.lower() in ('0', 'false', 'f'): tree = False else: tree = True sess['ctree'] = tree sess.save() elif sess['ctree'] is not None: tree = sess['ctree'] else: env.user.get_profile('tree') comments_count = post.comments_count() if comments_count > 1000: climit = 100 tree = False last_page = int(math.ceil(float(comments_count) / climit)) try: page = int(page) except (TypeError, ValueError): page = last_page cstart = (page - 1) * climit comments = post.comments(cuser=env.user, offset=cstart, limit=climit) else: comments = post.comments(cuser=env.user) page = None last_page = None if env.user.is_authorized(): posts.clear_unread_posts(id) if comments: posts.clear_unread_comments(id) if tree: cout = {} for c in comments: cout[c.id] = c if c.to_comment_id and c.to_comment_id in cout: cout[c.to_comment_id].comments.append(c) else: c.to_comment_id = None comments = filter(lambda c: not c.to_comment_id, cout.itervalues()) sess = Session() clear_post_input = sess['clear_post_input'] if clear_post_input: sess['clear_post_input'] = False sess.save() section = 'messages' if post.private else '' return render('/post.html', post=post, comments=comments, comments_count=comments_count, tree=tree, errors=errors, section=section, page=page, last_page=last_page, clear_post_input=clear_post_input)
def show_post(id, page=None): post = posts.show_post(id) if env.request.method == 'POST': return add_comment(post.id) if not env.owner or env.owner.id != post.author.id: return Response(redirect='%s://%s.%s/%s' % \ (env.request.protocol, post.author.login.lower(), settings.domain, id)) errors = [] if env.request.args('expired'): errors.append('expired') if env.request.args('commented'): errors.append('commented') sess = Session() tree = env.request.args('tree') if tree: if tree.lower() in ('0', 'false', 'f'): tree = False else: tree = True sess['ctree'] = tree sess.save() elif sess['ctree'] is not None: tree = sess['ctree'] else: env.user.get_profile('tree') comments_count = post.comments_count() if comments_count > 1000: climit = 100 tree = False last_page = int(math.ceil(float(comments_count) / climit)) try: page = int(page) except (TypeError, ValueError): page = last_page cstart = (page - 1) * climit comments = post.comments(cuser=env.user, offset=cstart, limit=climit) else: comments = post.comments(cuser=env.user) page = None last_page = None if env.user.is_authorized(): posts.clear_unread_posts(id) if comments: posts.clear_unread_comments(id) if tree: cout = {} for c in comments: cout[c.id] = c if c.to_comment_id and c.to_comment_id in cout: cout[c.to_comment_id].comments.append(c) else: c.to_comment_id = None comments = filter(lambda c: not c.to_comment_id, cout.itervalues()) sess = Session() clear_post_input = sess['clear_post_input'] if clear_post_input: sess['clear_post_input'] = False sess.save() section = 'messages' if post.private else '' return render('/post.html', post=post, comments=comments, comments_count=comments_count, tree=tree, errors=errors, section=section, page=page, last_page=last_page, clear_post_input=clear_post_input)
def register(): #raise Forbidden if env.user.id: raise AlreadyAuthorized sess = Session() info = sess['reg_info'] or {} print 'INFO', info if env.request.method == 'GET': try: del info['network'] del info['uid'] except (KeyError, TypeError): pass sess['reg_info'] = info sess.save() try: info['birthdate'] = parse_date(info['birthdate']) \ or datetime.now() - timedelta(days=365*16+4) except (KeyError, TypeError): info['birthdate'] = None return render('/auth/register.html', fields=ULOGIN_FIELDS, info=info) try: network = info['network'] if 'network' in info else None uid = info['uid'] if 'uid' in info else None except TypeError: network = None uid = None errors = [] for p in ['login', 'name', 'email', 'birthdate', 'location', 'about', 'homepage']: info[p] = env.request.args(p, '').decode('utf-8') info['gender'] = _gender(env.request.args('gender')) login = env.request.args('login', '').strip() if login and validate_nickname(login): try: u = User('login', login) if u.id: errors.append('login-in-use') except UserNotFound: pass elif login: errors.append('login-invalid') else: errors.append('login-empty') password = env.request.args('password') confirm = env.request.args('confirm') if not (network and uid): if not password: errors.append('password') elif password != confirm: errors.append('confirm') info['birthdate'] = parse_date(info['birthdate']) \ or datetime.now() - timedelta(days=365*16+4) if not network and not errors: try: text = env.request.args('recaptcha_response_field') challenge = env.request.args('recaptcha_challenge_field') resp = captcha.submit(challenge, text, settings.recaptcha_private_key, env.request.remote_host) if not resp.is_valid: errors.append('captcha') except urllib2.URLError, e: log.error('recaptcha fail: %s' % e) #errors.append('recaptcha-fail') except AddressNotFound: return Response(redirect='%s://%s/remember?fail=1' % \ (env.request.protocol, settings.domain))
def ulogin(): if env.user.id: raise AlreadyAuthorized sess = Session() if env.request.method == 'POST': url = "http://ulogin.ru/token.php?token=%s&host=%s" % \ (env.request.args('token'), settings.domain) try: resp = urllib2.urlopen(url) data = dict.fromkeys(ULOGIN_FIELDS) data.update(json.loads(resp.read())) resp.close() except urllib2.URLError: return render('/auth/login.html', fields=ULOGIN_FIELDS, errors=['ulogin-fail']) try: env.user.authenticate_ulogin(data['network'], data['uid']) if env.user.id: return Response(redirect=get_referer()) except NotAuthorized: pass login = data['nickname'].strip(u' -+.') if login: login = re.sub(r'[\._\-\+]+', '-', login) info = { 'login': login, 'network': data['network'], 'uid': data['uid'], 'name': ('%s %s' % (data['first_name'], data['last_name'])).strip(), 'email': data['email'], 'avatar': data['photo_big'], 'birthdate': data['bdate'], 'gender': True if data['sex'] == '2' else False if data['sex'] == '1' else None, 'location': "%s, %s" % (data['city'], data['country']) \ if data['city'] and data['country'] else \ data['city'] or data['country'], '_nickname': data['nickname'], '_name': ('%s %s' % (data['first_name'], data['last_name'])).strip(), '_profile': data['profile'], } sess['reg_info'] = info sess.save() else: info = sess['reg_info'] if not info or not 'network' in info or not 'uid' in info: return Response(redirect='%s://%s/register' % \ (env.request.protocol, settings.domain)) info['birthdate'] = parse_date(info['birthdate']) \ or datetime.now() - timedelta(days=365*16+4) return render('/auth/register_ulogin.html', info=info)
def csrf_token(): sess = Session() if not sess.sessid: sess.save() return sha1('%s%s' % (settings.secret, sess.sessid)).hexdigest()
def ulogin(): if env.user.id: raise AlreadyAuthorized sess = Session() if env.request.method == 'POST': url = "http://ulogin.ru/token.php?token=%s&host=%s" % \ (env.request.args('token'), settings.domain) try: resp = urllib2.urlopen(url) data = dict.fromkeys(ULOGIN_FIELDS) data.update(json.loads(resp.read())) resp.close() except urllib2.URLError: return render('/auth/login.html', fields=ULOGIN_FIELDS, errors=['ulogin-fail']) try: env.user.authenticate_ulogin(data['network'], data['uid']) if env.user.id: return Response(redirect=referer()) except NotAuthorized: pass login = data['nickname'].strip(u' -+.') if login: login = re.sub(r'[\._\-\+]+', '-', login) info = { 'login': login, 'network': data['network'], 'uid': data['uid'], 'name': ('%s %s' % (data['first_name'], data['last_name'])).strip(), 'email': data['email'], 'avatar': data['photo_big'], 'birthdate': data['bdate'], 'gender': True if data['sex'] == '2' else False if data['sex'] == '1' else None, 'location': "%s, %s" % (data['city'], data['country']) \ if data['city'] and data['country'] else \ data['city'] or data['country'], '_nickname': data['nickname'], '_name': ('%s %s' % (data['first_name'], data['last_name'])).strip(), '_profile': data['profile'], } sess['reg_info'] = info sess.save() else: info = sess['reg_info'] if not info or not 'network' in info or not 'uid' in info: return Response(redirect='%s://%s/register' % \ (env.request.protocol, settings.domain)) info['birthdate'] = parse_date(info['birthdate']) \ or datetime.now() - timedelta(days=365*16+4) return render('/auth/register_ulogin.html', info=info)
def set_sessions_param(user, param, value): sessions = user_sessions(user) for sessid in sessions: sess = Session(sessid) sess[param] = value sess.save()