def login_mod(req):
check_login(req)
login = Login(req.login.id)
token = do_create_token(req, "/login")
state = None
if req.method == "POST":
check_token(req, req.form.get("token"))
login.bind(req.form, req.cfg.login_rounds)
email = login.email if login.email != req.login.email else None
state = login.pref(req, email=email)
if 0 < state < 64:
return generate_page(req, "login/login_mod.html", token=token, item=login, error=state)
state = 0 if state is None else state
if email:
host = "%s (%s)" % (req.remote_host, req.remote_addr)
send_verify_email(req, login, req.login.email, host=host, browser=req.user_agent)
state |= REQUEST_FOR_EMAIL
else:
email = None
# endif
login.get(req)
req.login = login
return generate_page(req, "login/login_mod.html", token=token, item=login, state=state, email=email)
def login(req):
referer = req.args.getfirst("referer", "", str)
data = Object(referer=referer, email="")
if req.method == "POST":
login = Login()
login.bind(req.form, req.cfg.login_rounds)
ip = "ip" in req.form
if login.find(req):
do_login(req, login.simple(), ip)
if referer:
redirect(req, referer)
if "admin" in login.rights or "super" in login.rights:
redirect(req, "/admin")
redirect(req, "/")
data.ip = ip
data.email = login.email
data.error = BAD_LOGIN
return generate_page(
req, "login.html", data=data, sign_up=req.cfg.login_sign_up, password_link=req.cfg.login_forget_password_link
)
def sign_up(req):
if req.method == "POST":
robot = True if req.form.getfirst("robot", "", str) else False
qid = int(req.form.getfirst("qid", "0", str), 16)
question, answer = robot_questions[qid]
check = req.form.getfirst("answer", "", str) == answer
login = Login()
login.bind(req.form, req.cfg.login_rounds)
if robot or not check:
return generate_page(
req,
"/login/login_mod.html",
item=login,
question=question,
answer=answer,
check=check,
qid=hex(qid),
form=req.form,
)
error = login.add(req, True)
if error:
return generate_page(
req,
"/login/login_mod.html",
item=login,
error=error,
question=question,
answer=answer,
check=check,
qid=hex(qid),
form=req.form,
password_link=req.cfg.login_forget_password_link,
)
send_login_created(req, login)
return generate_page(req, "/login/waiting_for_verification.html", item=login)
# endif
qid = randint(0, len(robot_questions) - 1)
question, answer = robot_questions[qid]
return generate_page(
req, "/login/login_mod.html", item=Object(), question=question, answer=answer, qid=hex(qid), form=Object()
)
def admin_logins_mod(req, id):
check_login(req)
check_right(req, R_ADMIN)
token = do_create_token(req, "/admin/logins/%d" % id)
login = Login(id)
if req.login.id == login.id: # not good idea to remove
raise SERVER_RETURN(state.HTTP_FORBIDDEN) # rights himself
done = None
if req.method == "POST":
check_token(req, req.form.get("token"))
login.bind(req.form, req.cfg.login_rounds)
done = login.mod(req)
if 0 < done < 64:
return generate_page(req, "admin/logins_mod.html", token=token, rights=rights, item=login, error=done)
# endif
# endif
if not login.get(req):
raise SERVER_RETURN(state.HTTP_NOT_FOUND)
return generate_page(req, "admin/logins_mod.html", token=token, rights=rights, item=login, state=done)
def admin_logins_add(req):
check_login(req)
check_right(req, R_ADMIN)
token = do_create_token(req, "/admin/logins/add")
if req.method == "POST":
check_token(req, req.form.get("token"))
login = Login()
login.bind(req.form, req.cfg.login_rounds)
if not req.cfg.login_created_verify_link:
login.enabled = 1
login.rights = ["user"]
error = login.add(req)
if error:
return generate_page(req, "admin/logins_mod.html", token=token, rights=rights, item=login, error=error)
if req.cfg.login_created_verify_link:
send_login_created(req, login)
redirect(req, "/admin/logins/%d" % login.id)
# endif
return generate_page(req, "admin/logins_mod.html", token=token, rights=rights)
