def main():
# get the form data
form = cgi.FieldStorage()
cookie = Cookie.SimpleCookie()
cookie.load(os.environ.get('HTTP_COOKIE'))
# check the file type
if form['file'].filename.split('.')[-1].lower() in ['jpg', 'gif', 'png']:
user = cookie['user'].value
file_path = ""
# get the user's avatar from mysql
try:
mysql_connect = MySQLdb.connect(host=my_conf.mysql_server,
user=my_conf.mysql_user,
passwd=my_conf.mysql_password,
db=my_conf.mysql_database)
cursor = mysql_connect.cursor()
cursor.execute("""select * from UserPath where UserID = %d;""" %
int(cookie['userid'].value))
result = cursor.fetchone()
if result[1]:
os.remove(os.path.join(my_conf.http_doc_path + '/data/',
result[1]))
filename = sha.new(cookie['user'].value).hexdigest()
file_path = os.path.join(my_conf.http_doc_path + '/data/',
filename)
with open(file_path, 'w+b') as fp:
fp.write(form['file'].file.read())
cur_datetime = datetime.datetime.today()
cursor.execute("""update UserPath set Path = '%s',
UpdateTime = '%s'
where UserID = %d;""" % (
filename,
cur_datetime,
int(cookie['userid'].value))
)
mysql_connect.commit()
cursor.close()
print my_cgifunc.content_type()
print my_cgifunc.html_header("upload success")
print '<h1>upload your new avatar successful!!!</h1>'
print """<form method=get action=showPage.py>
<input type=submit value="Back">
</form>"""
print my_cgifunc.html_tail()
except Exception, e:
print my_cgifunc.content_type()
print my_cgifunc.html_header('Upload error')
print '<h1>%s</h1>' % file_path
print '<h3>Error : %s</h3>' % repr(e)
print """<form method=get action=showPage.py>
<input type=submit value="Back">
</form>"""
print my_cgifunc.html_tail()
finally:
def main():
form = cgi.FieldStorage()
cookie = Cookie.SimpleCookie()
cookie.load(os.environ.get('HTTP_COOKIE'))
if cookie.get('userid') == "":
my_cgifunc.output_error(message="user error, please login in again.",
back_page="index.py")
return
if 'old_password' in form and \
'new_password' in form and \
'password_again' in form and \
form['new_password'].value == form['password_again'].value:
try:
# get password from database and check the identity
mysql_connect = MySQLdb.connect(host=my_conf.mysql_server,
user=my_conf.mysql_user,
passwd=my_conf.mysql_password,
db=my_conf.mysql_database)
cursor = mysql_connect.cursor()
cursor.execute("""select * from UserInfo where UserID = %d;""" %
int(cookie['userid'].value))
result = cursor.fetchone()
salt = result[5]
old_password = sha.new(form['old_password'].value + salt).hexdigest()
new_password = sha.new(form['new_password'].value + salt).hexdigest()
if result and result[2] == old_password:
cursor.execute("""update UserInfo set Password = '******'
where UserID = %d;""" % (
new_password, int(cookie['userid'].value)))
cursor.execute("""update Cache set Password = '******'
where UserID = %d;""" % (
new_password, int(cookie['userid'].value)))
mysql_connect.commit()
print my_cgifunc.content_type()
print my_cgifunc.html_header("Reset success")
print "<h1>Reset user(%s) password successful!</h1>" % \
cookie['user'].value
print """<FORM METHOD=GET ACTION=showPage.py>
<INPUT TYPE=SUBMIT VALUE="Back">
</FORM>"""
print my_cgifunc.html_tail()
else:
if not result:
raise Exception("fetch user information from database error!")
elif result[2] != old_password:
raise Exception("old password is not right!")
else:
raise Exception("something error")
except Exception, e:
my_cgifunc.output_error(message = repr(e),
back_page="/reset_password.html")
finally:
def main():
form = cgi.FieldStorage()
if 'new_password' in form and \
'password_again' in form and \
form['new_password'].value == form['password_again'].value:
try:
mysql_connect = MySQLdb.connect(host=my_conf.mysql_server,
user=my_conf.mysql_user,
passwd=my_conf.mysql_password,
db=my_conf.mysql_database)
cursor = mysql_connect.cursor()
cursor.execute("""select * from UserInfo
where UserID = %d;""" % int(form['UserID'].value))
result = cursor.fetchone()
if not result:
raise Exception("Connect to database error!")
if result[2] == form['Finger'].value:
salt = result[5]
password = sha.new(form['new_password'].value+salt).hexdigest()
cursor.execute("""update UserInfo set Password = '******'
where UserID = %d;""" % (
password,
int(form['UserID'].value)
)
)
cursor.execute("""update Cache set Password = '******'
where UserID = %d;""" % (
password,
int(form['UserID'].value)
)
)
else:
raise Exception("Findger is not right, contact the admin!")
cursor.close()
mysql_connect.commit()
print my_cgifunc.content_type()
print my_cgifunc.html_header('Reset password success')
print """<H1>Reset password ok</h1>
<form method=get action=/index.html>
<input type=submit value="首页">
</form>
"""
print my_cgifunc.html_tail()
except Exception, e:
my_cgifunc.output_error(
message=repr(e),
back_page="/index.html"
)
finally:
where UserID = %d;""" %
(form['mail'].value, int(result[0])))
mysql_connect.commit()
cursor.close()
else:
raise Exception("connect to database error")
except Exception, e:
my_cgifunc.output_error(
message=repr(e),
back_page="/reset_mail.html"
)
return
finally:
mysql_connect.close()
print cookie
print my_cgifunc.content_type()
print my_cgifunc.html_header('Reset email')
print "<h1>Reset User:%s 's e-mail successful</h1>" % cookie['user'].value
print "<form method=get action=showPage.py>"
print '<input type=submit value="Back">'
print "</form>"
print my_cgifunc.html_tail()
else:
my_cgifunc.output_error(
message="form data is not right!",
back_page="/reset_mail.html"
)
if __name__ == '__main__':
main()
where UserID = %d;""" % int(form['userid'].value))
result = cursor.fetchone()
cursor.close()
if not result or result[2] != form['finger'].value:
raise Exception
except Exception, e:
my_cgifunc.output_error(
message="link error, please contact the admin again",
back_page="/index.html"
)
return
finally:
mysql_connect.close()
print my_cgifunc.content_type()
print my_cgifunc.html_header('Reset password')
print """
<FORM METHOD=POST ACTION=reset_withoutpass.py>
<INPUT TYPE=HIDDEN VALUE="%s" NAME="UserID">
<INPUT TYPE=HIDDEN VALUE="%s" NAME="Finger">
<B>输入新密码:</B>
<INPUT TYPE=PASSWORD NAME="new_password">
<br/>
<B>再次输入新密码:</B>
<INPUT TYPE=PASSWORD NAME="password_again">
<br/>
<INPUT TYPE=SUBMIT VALUE="提交">
<INPUT TYPE=RESET VALUE="重置">
</FORM>
""" % (form['userid'].value, form['finger'].value)
print my_cgifunc.html_tail()
print my_cgifunc.html_header("upload success")
print '<h1>upload your new avatar successful!!!</h1>'
print """<form method=get action=showPage.py>
<input type=submit value="Back">
</form>"""
print my_cgifunc.html_tail()
except Exception, e:
print my_cgifunc.content_type()
print my_cgifunc.html_header('Upload error')
print '<h1>%s</h1>' % file_path
print '<h3>Error : %s</h3>' % repr(e)
print """<form method=get action=showPage.py>
<input type=submit value="Back">
</form>"""
print my_cgifunc.html_tail()
finally:
mysql_connect.close()
else:
print my_cgifunc.content_type()
print my_cgifunc.html_header('Upload error')
print '<h2>The file is not a (.jpg, .gif, .png) file</h2>'
print """<form method=get action=showPage.py>
<input type=submit value="Back">
</form>"""
print my_cgifunc.html_tail()
if __name__ == '__main__':
main()
http://%s:%s/cgi-bin/findout.py?userid=%d&finger=%s
Please delete this e-mail after reset your password as soon as possible.
If you have any question about Yagra, please send mail to '%s' to contact administrator %s.
""" % (
user,
os.environ.get('SERVER_NAME'),
os.environ.get('SERVER_PORT'),
userid,
finger,
my_conf.AdminEMail,
my_conf.AdminName
)
if send_mail(tolist, subject, content):
print my_cgifunc.content_type()
print my_cgifunc.html_header('Success')
print """已发送找回密码的邮件到您的邮箱,请尽快查收"""
print """<form method=get action=/index.html>
<input type=submit value="首页">
</form>"""
print my_cgifunc.html_tail()
else:
my_cgifunc.output_error(
message="Send mail failed!",
back_page="/findout.html"
)
else:
my_cgifunc.output_error(
message="Mail information is not right!",
back_page="/findout.html"
)