def get_all_snipets(): db, cursor = pysql.database_connect() cursor.execute('SELECT datetime, title, snippet FROM snippets') snippets = cursor.fetchall() # d_t, title, snippet = zip(*snippets) db.close() return snippets
def insert_log(ip, login, validation): time = pysql.datetime_mysql() db, cursor = pysql.database_connect() cursor.execute( '''INSERT INTO logs (ip, login, time, validation) VALUES (%s, %s, %s, %s)''', (ip, login, time, validation)) db.commit() db.close
def ban_ip(login): db, cursor = pysql.database_connect() cursor.execute( '''SELECT COUNT(*) FROM logs WHERE validation="N" AND login = %s AND (TIMESTAMPDIFF(HOUR, time, Now()) < 1)''', login ) # sprawdzamy ilość niepoprawnych walidacji w ciągu ostatniej godziny num = int(str(cursor.fetchone()[0])) if num < 5: return True else: return False
def insert_new_passwd(headers, body, data): db, cursor = pysql.database_connect() token = str((AuthCookieFactory()).get_from_headers(headers).get_token()) if token is None: return render_template( 'unauthorised_request.html', body=body, data=data, message='Anauthorised try to change password!'), 200, {} cursor.execute('''SELECT login FROM cookie WHERE token=%s''', token) login = str(cursor.fetchone()[0]) passwd = str(data['pw']) if 'pw' in data else '' passwd_r = str(data['pw-x']) if 'pw-x' in data else '' salt = uuid.uuid4().hex salt_bytes = salt.encode('utf-8') if passwd == passwd_r: strength, improvements = passwordmeter.test(passwd) if strength < 0.3: return render_template( 'passwordchange.html', body=body, data=data, login=login, message='Your password is too weak!'), 200, {} for i in range(3): pw_bytes = passwd.encode('utf-8') passwd = hashlib.sha512(pw_bytes + salt_bytes).hexdigest() cursor.execute( '''UPDATE users SET password= %s, salt= %s WHERE login= %s''', (passwd, salt, login)) db.commit() db.close() IP, time = pysql.print_ip(login) return render_template( 'mainpage.html', body=body, data=data, IP=IP, time=time, message='You successfully changed your password!'), 200, {} else: return render_template('passwordchange.html', body=body, data=data, message='Passwords are not match!'), 200, {}
def check_auth(login, password, ip): db, cursor = pysql.database_connect() cursor.execute('SELECT password FROM users WHERE login = %s', (login)) x = cursor.fetchone() if (x) is None: return False results = str(x[0]) cursor.execute('SELECT salt FROM users WHERE login = %s', (login)) salt = str(cursor.fetchone()[0]) salt_bytes = salt.encode('utf-8') for i in range(3): pw_bytes = password.encode('utf-8') password = hashlib.sha512(pw_bytes + salt_bytes).hexdigest() if results == password: insert_log(ip, login, "Y") return True else: insert_log(ip, login, "N") return False
def put_snippet(headers, body, data): db, cursor = pysql.database_connect() time = pysql.datetime_mysql() snippet = str(data['snippet']) if 'snippet' in data else '' title = str(data['title']) if 'title' in data else '' snippet = unidecode(snippet) # decode non-standard letters if not check_title(title): return render_template( 'new_snippet.html', headers=headers, body=body, data=data, message='Title can only contain letters or digits!'), 200, {} if len(title) > 40: return render_template('new_snippet.html', headers=headers, body=body, data=data, message='Title is too long!'), 200, {} if len(snippet) > 1000: return render_template('new_snippet.html', headers=headers, body=body, data=data, message='Snippet is too long!'), 200, {} token = str((AuthCookieFactory()).get_from_headers(headers).get_token()) cursor.execute('''SELECT login FROM cookie WHERE token=%s''', token) login = str(cursor.fetchone()[0]) cursor.execute( '''INSERT INTO snippets(login, datetime, title, snippet) VALUES(%s, %s, %s, %s)''', (login, time, title, snippet)) db.commit() db.close() IP, time = pysql.print_ip(login) return render_template('mainpage.html', headers=headers, body=body, data=data, IP=IP, time=time), 200, {}
def auth(headers, body, data): login = str(data['name']) if 'name' in data else '' passwd = str(data['pw']) if 'name' in data else '' # ip = str(headers['http-x-forwarded-for']) if 'http-x-forwarded-for' in headers else 'PROXY' ip = str(headers['remote-addr']) if check_auth(login, passwd, ip): if ban_ip(login): IP, time = pysql.print_ip(login) db, cursor = pysql.database_connect() cookie = (AuthCookieFactory()).generate() cursor.execute('INSERT INTO cookie(login, token) VALUES(%s, %s)', (login, cookie.get_token())) db.commit() db.close() return render_template('mainpage.html', headers=headers, body=body, data=data, IP=IP, time=time), 200, { 'Set-Cookie': cookie.return_cookie() } else: snippets = get_all_snipets() return render_template( 'index.html', body=body, data=data, snippets=snippets, message='Too many wrong attemts to log in! You\'ve banned!') else: snippets = get_all_snipets() return render_template( 'index.html', headers=headers, body=body, data=data, snippets=snippets, message='Login or password is incorrect'), 200, {}
def insert_new_password(headers, body, data): login = str(data['name']) if 'name' in data else '' passwd = str(data['pw']) if 'pw' in data else '' passwd_r = str(data['pw-x']) if 'pw-x' in data else '' salt = uuid.uuid4().hex salt_bytes = salt.encode('utf-8') if passwd == passwd_r: strength, improvements = passwordmeter.test(passwd) if strength < 0.3: return render_template( 'passwordchange.html', body=body, data=data, login=login, message='Your password is too weak!'), 200, {} for i in range(3): pw_bytes = passwd.encode('utf-8') passwd = hashlib.sha512(pw_bytes + salt_bytes).hexdigest() db, cursor = pysql.database_connect() cursor.execute( '''UPDATE users SET password= %s, salt= %s WHERE login= %s''', (passwd, salt, login)) db.commit() db.close() snippets = get_all_snipets() return render_template( 'index.html', body=body, data=data, snippets=snippets, message='You successfully changed your password!'), 200, {} else: return render_template('passwordchange.html', body=body, data=data, login=login, message='Passwords are not match!'), 200, {}
def forgot_password(headers, body, data): login = str(data['name']) if 'name' in data else '' a = str(data['answer']) if 'answer' in data else '' db, cursor = pysql.database_connect() cursor.execute('''SELECT * from users WHERE login = %s ''', login) if cursor.fetchone() is not None: cursor.execute('''SELECT answer FROM users WHERE login = %s''', login) answerdb = str(cursor.fetchone()[0]) cursor.execute('SELECT salt FROM users WHERE login = %s', login) salt = str(cursor.fetchone()[0]) salt_bytes = salt.encode('utf-8') db.close() for i in range(3): a_bytes = a.encode('utf-8') a = hashlib.sha512(a_bytes + salt_bytes).hexdigest() if answerdb == a: return render_template('passwordchange.html', body=body, data=data, login=login), 200, {} else: questions_tuple = questions() return render_template('recovery.html', body=body, data=data, message='Wrong answer!', questions=questions_tuple), 200, {} else: db.close() questions_tuple = questions() return render_template('recovery.html', body=body, data=data, message='Wrong answer!', questions=questions_tuple), 200, {}
def signup_db(headers, body, data): db, cursor = database_connect() login = str(data['name']) if 'name' in data else '' password = str(data['pw']) if 'pw' in data else '' password_conf = str(data['pwconf']) if 'pwconf' in data else '' answer = str(data['answer']) if 'answer' in data else '' cursor.execute('SELECT * FROM users WHERE login=%s', (login)) questions_tuple = questions() if (cursor.fetchone()) is not None: return render_template( 'signup.html', body=body, data=data, questions=questions_tuple, message='This login is already in use, please choose another one!' ), 200, {} if not check_login_char(login): return render_template( 'signup.html', body=body, data=data, questions=questions_tuple, message='Login can only contains lowarcase letters!'), 200, {} if not check_login_length(login): return render_template('signup.html', body=body, data=data, questions=questions_tuple, message='Login is too long!'), 200, {} if not (password == password_conf): return render_template('signup.html', body=body, data=data, questions=questions_tuple, message='Passwords are not match!'), 200, {} strength, improvements = passwordmeter.test(password) if strength < 0.3: return render_template('signup.html', body=body, data=data, questions=questions_tuple, message='Your password is too weak!'), 200, {} create_user_folder(login) salt = uuid.uuid4().hex salt_bytes = salt.encode('utf-8') for i in range(3): answer_bytes = answer.encode('utf-8') pw_bytes = password.encode('utf-8') password = hashlib.sha512(pw_bytes + salt_bytes).hexdigest() answer = hashlib.sha512(answer_bytes + salt_bytes).hexdigest() cursor.execute( 'INSERT INTO users(login, password, salt, answer) VALUES (%s, %s, %s, %s)', (login, password, salt, answer)) db.commit() db.close() snippets = get_all_snipets() return render_template( 'index.html', body=body, data=data, snippets=snippets, message='You successfully registered new user!'), 200, {}