def is_valid_user(self, username, password):
stmt = """
SELECT
user_password
FROM
%susers
WHERE
username='******'
""" % (settings.nuke_table_prefix, username)
num_rows = self.cursor.execute(stmt)
if num_rows == 0 or num_rows is None:
settings.logEvent('Error - Authentication failed for username \'%s\' (user not found)' % (username))
return 0
db_password = self.cursor.fetchone()[0]
if db_password != md5.new(password).hexdigest():
settings.logEvent('Error - Authentication failed for username \'%s\' (incorrect password)' % (username))
return 0
else:
return 1
def is_valid_user(self, username, password):
stmt = """
SELECT
password
FROM
papercut_groups_auth
WHERE
username='******'
""" % (username)
num_rows = self.cursor.execute(stmt)
if num_rows == 0 or num_rows is None:
settings.logEvent('Error - Authentication failed for username \'%s\' (user not found)' % (username))
return 0
db_password = self.cursor.fetchone()[0]
if db_password != password:
settings.logEvent('Error - Authentication failed for username \'%s\' (incorrect password)' % (username))
return 0
else:
return 1
def is_valid_user(self, username, password):
stmt = """
SELECT
password
FROM
papercut_groups_auth
WHERE
username='******'
""" % (username)
num_rows = self.cursor.execute(stmt)
if num_rows == 0 or num_rows is None:
settings.logEvent(
'Error - Authentication failed for username \'%s\' (user not found)'
% (username))
return 0
db_password = self.cursor.fetchone()[0]
if db_password != password:
settings.logEvent(
'Error - Authentication failed for username \'%s\' (incorrect password)'
% (username))
return 0
else:
return 1
def is_valid_user(self, username, password):
stmt = """
SELECT
password
FROM
forums_auth
WHERE
username='******'
""" % (username)
num_rows = self.cursor.execute(stmt)
if num_rows == 0 or num_rows is None:
settings.logEvent('Error - Authentication failed for username \'%s\' (user not found)' % (username))
return 0
db_password = self.cursor.fetchone()[0]
# somehow detect the version of phorum being used and guess the encryption type
if len(db_password) == 32:
result = (db_password != md5.new(password).hexdigest())
else:
result = (db_password != crypt.crypt(password, password[:settings.PHP_CRYPT_SALT_LENGTH]))
if result:
settings.logEvent('Error - Authentication failed for username \'%s\' (incorrect password)' % (username))
return 0
else:
return 1
def handle(self):
settings.logEvent('Connection from %s' % (self.client_address[0]))
if settings.server_type == 'read-only':
self.send_response(STATUS_READYNOPOST %
(settings.nntp_hostname, __VERSION__))
else:
self.send_response(STATUS_READYOKPOST %
(settings.nntp_hostname, __VERSION__))
while not self.terminated:
if self.sending_article == 0:
self.article_lines = []
if os.name == 'posix':
signal.signal(signal.SIGALRM, self.handle_timeout)
signal.alarm(__TIMEOUT__)
try:
self.inputline = self.rfile.readline()
except IOError:
continue
if os.name == 'posix':
signal.alarm(0)
if __DEBUG__:
print "client>", repr(self.inputline)
# Strip spaces only if NOT receiving article
if not self.sending_article:
line = self.inputline.strip()
else:
line = self.inputline
# somehow outlook express sends a lot of newlines (so we need to kill those users when this happens)
if (not self.sending_article) and (line == ''):
self.broken_oe_checker += 1
if self.broken_oe_checker == 10:
self.terminated = 1
continue
self.tokens = line.split(' ')
# NNTP commands are case-insensitive
command = self.tokens[0].upper()
# don't save the password in the log file
match = authinfo_regexp.search(line)
if not match:
settings.logEvent('Received request: %s' % (line))
if command == 'POST':
if settings.server_type == 'read-only':
settings.logEvent(
'Error - Read-only server received a post request from \'%s\''
% self.client_address[0])
self.send_response(STATUS_READONLYSERVER)
else:
if settings.nntp_auth == 'yes' and self.auth_username == '':
self.send_response(STATUS_AUTH_REQUIRED)
else:
self.sending_article = 1
self.send_response(STATUS_SENDARTICLE)
else:
if settings.nntp_auth == 'yes' and self.auth_username == '' and command not in (
'AUTHINFO', 'MODE'):
self.send_response(STATUS_AUTH_REQUIRED)
else:
if self.sending_article:
if self.inputline == '.\r\n':
self.sending_article = 0
try:
self.do_POST()
except:
# use a temporary file handle object to store the traceback information
temp = StringIO.StringIO()
traceback.print_exc(file=temp)
temp_msg = temp.getvalue()
# save on the log file
settings.logEvent(
'Error - Posting failed for user from \'%s\' (exception triggered)'
% self.client_address[0])
settings.logEvent(temp_msg)
if __DEBUG__:
print 'Error - Posting failed for user from \'%s\' (exception triggered; details below)' % self.client_address[
0]
print temp_msg
self.send_response(ERR_POSTINGFAILED)
continue
self.article_lines.append(line)
else:
if command in self.commands:
getattr(self, "do_%s" % (command))()
else:
self.send_response(ERR_NOTCAPABLE)
settings.logEvent('Connection closed (IP Address: %s)' %
(self.client_address[0]))
def handle_timeout(self, signum, frame):
self.terminated = 1
settings.logEvent('Connection timed out from %s' %
(self.client_address[0]))
def handle(self):
settings.logEvent('Connection from %s' % (self.client_address[0]))
if settings.server_type == 'read-only':
self.send_response(STATUS_READYNOPOST % (settings.nntp_hostname, __VERSION__))
else:
self.send_response(STATUS_READYOKPOST % (settings.nntp_hostname, __VERSION__))
while not self.terminated:
if self.sending_article == 0:
self.article_lines = []
if os.name == 'posix':
signal.signal(signal.SIGALRM, self.handle_timeout)
signal.alarm(__TIMEOUT__)
try:
self.inputline = self.rfile.readline()
except IOError:
continue
if os.name == 'posix':
signal.alarm(0)
if __DEBUG__:
print "client>", repr(self.inputline)
# Strip spaces only if NOT receiving article
if not self.sending_article:
line = self.inputline.strip()
else:
line = self.inputline
# somehow outlook express sends a lot of newlines (so we need to kill those users when this happens)
if (not self.sending_article) and (line == ''):
self.broken_oe_checker += 1
if self.broken_oe_checker == 10:
self.terminated = 1
continue
self.tokens = line.split(' ')
# NNTP commands are case-insensitive
command = self.tokens[0].upper()
# don't save the password in the log file
match = authinfo_regexp.search(line)
if not match:
settings.logEvent('Received request: %s' % (line))
if command == 'POST':
if settings.server_type == 'read-only':
settings.logEvent('Error - Read-only server received a post request from \'%s\'' % self.client_address[0])
self.send_response(STATUS_READONLYSERVER)
else:
if settings.nntp_auth == 'yes' and self.auth_username == '':
self.send_response(STATUS_AUTH_REQUIRED)
else:
self.sending_article = 1
self.send_response(STATUS_SENDARTICLE)
else:
if settings.nntp_auth == 'yes' and self.auth_username == '' and command not in ('AUTHINFO', 'MODE'):
self.send_response(STATUS_AUTH_REQUIRED)
else:
if self.sending_article:
if self.inputline == '.\r\n':
self.sending_article = 0
try:
self.do_POST()
except:
# use a temporary file handle object to store the traceback information
temp = StringIO.StringIO()
traceback.print_exc(file=temp)
temp_msg = temp.getvalue()
# save on the log file
settings.logEvent('Error - Posting failed for user from \'%s\' (exception triggered)' % self.client_address[0])
settings.logEvent(temp_msg)
if __DEBUG__:
print 'Error - Posting failed for user from \'%s\' (exception triggered; details below)' % self.client_address[0]
print temp_msg
self.send_response(ERR_POSTINGFAILED)
continue
self.article_lines.append(line)
else:
if command in self.commands:
getattr(self, "do_%s" % (command))()
else:
self.send_response(ERR_NOTCAPABLE)
settings.logEvent('Connection closed (IP Address: %s)' % (self.client_address[0]))
def handle_timeout(self, signum, frame):
self.terminated = 1
settings.logEvent('Connection timed out from %s' % (self.client_address[0]))