def post(self):
user_uname = self.request.get('username')
user_psswrd = self.request.get('password')
valid_pwd = False
valid_user = False
#Get user and check password.
q = mydb.single_user_by_name(user_uname)
if not (q is None):
valid_user = True
valid_pwd = utils.valid_pw(user_uname, user_psswrd,
q.password_hash)
if valid_pwd and valid_user:
# Set cookie and redirect.
redir = self.request.cookies.get('Location')
if not redir:
redir = '/'
self.response.headers.add_header(
'Set-Cookie', "user_id=%s;Location=%s;Path=/" %
(utils.make_secure_val(str(q.key.id())), str(redir)))
self.redirect(str(redir))
else:
self.render_login(uname=cgi.escape(user_uname),
login_err="Invalid username or password")
def set_secure_cookie(self, name, val):
"""
Sets a secure cookie in the headers
"""
cookie_val = utils.make_secure_val(val)
self.response.headers.add_header('Set-Cookie',
'%s=%s; Path=/' % (name, cookie_val))
def signup(request):
if request.method == 'POST':
form = RegisterForm(request.POST)
username = form.data['username']
email = form.data['email']
password = form.data['password']
if form.is_valid():
# Create a new User object
if User.objects.filter(username=username).count():
form._errors['username'] = form.error_class(["Username Already Exists"])
else:
m = User.objects.create_user(username=username,
email=email,
password=password)
m.save()
response = redirect("final_wiki")
# Set the cookie
response.set_cookie("user_id", make_secure_val(str(m.pk)), path="/")
return response
else:
form = RegisterForm()
username = ""
email = ""
# Render template with username, email, form.errors
d=dict(username=username, email=email, error=form.errors)
return render_to_response("7_final/signup.html", d, context_instance=RequestContext(request))
def post(self):
username = self.request.get('username')
password = self.request.get('password')
userError = ''
passwordError = ''
invalidError = ''
user_id = ''
if not username:
userError = USERNAME_ER
if not password:
passwordError = PASSWORD_ER
if not (userError or passwordError):
u = User.by_name(username)
if not (u and utils.valid_pw(username, password, u.password)):
invalidError = INVALID_ER
else:
user_id = str(u.key().id())
if (userError or passwordError or invalidError):
self.render('login.html',
username=username,
usernameError=userError,
passwordError=passwordError,
invalidError=invalidError)
else:
id_string = user_id
cookieHsh = utils.make_secure_val(id_string)
self.response.headers.add_header('Set-Cookie',
'user_id=%s; Path=/' % cookieHsh)
self.redirect('/')
def post(self):
username = self.request.get('username')
password = self.request.get('password')
userError = ''
passwordError = ''
invalidError = ''
user_id = ''
if not username:
userError = USERNAME_ER
if not password:
passwordError = PASSWORD_ER
if not(userError or passwordError):
u = User.by_name(username)
if not (u and utils.valid_pw(username, password, u.password)):
invalidError = INVALID_ER
else:
user_id = str(u.key().id())
if(userError or passwordError or invalidError):
self.render('login.html', username=username,
usernameError=userError,
passwordError=passwordError,
invalidError=invalidError)
else:
id_string = user_id
cookieHsh = utils.make_secure_val(id_string)
self.response.headers.add_header('Set-Cookie', 'user_id=%s; Path=/' %
cookieHsh)
self.redirect('/')
def set_secure_cookie(self, name, val):
"""
Add to the response header the cookie with a name and value.
"""
cookie_val = utils.make_secure_val(val)
self.response.headers.add_header("Set-Cookie",
"%s=%s; Path=/" % (name, cookie_val))
def post(self):
username = self.request.get('username')
password = self.request.get('password')
firstname = self.request.get('firstname')
lastname = self.request.get('lastname')
verify = self.request.get('verify')
email = self.request.get('email')
userError = ''
passwordError = ''
verifyError = ''
emailError = ''
if not (username and valid_username(username)):
userError = USERNAME_ER
if not (password and valid_password(password)):
passwordError = PASSWORD_ER
if not (verify and (verify == password)):
verifyError = VERIFY_ER
if not (valid_email(email)):
emailError = EMAIL_ER
if (userError or passwordError or verifyError or emailError):
self.render('user-signup.html',
username=username,
firstname=firstname,
lastname=lastname,
email=email,
usernameError=userError,
passwordError=passwordError,
verifyError=verifyError,
emailError=emailError)
else:
pw_hash = utils.make_pw_hash(username, password)
if pw_hash:
u = User(username=username,
password=pw_hash,
firstname=firstname,
lastname=lastname,
email=email)
u.put()
id_string = str(u.key().id())
cookieHsh = utils.make_secure_val(id_string)
self.response.headers.add_header(
'Set-Cookie', 'user_id=%s; Path=/' % cookieHsh)
self.redirect('/')
else:
self.render('user-signup.html',
username=username,
email=email,
usernameError=userError,
passwordError=passwordError,
verifyError=verifyError,
emailError=emailError)
def post(self):
user_uname = self.request.get('username')
user_psswrd = self.request.get('password')
user_ver = self.request.get('verify')
user_email = self.request.get('email')
uname = utils.valid_uname(user_uname)
uname_ex = utils.user_exists(user_uname)
psswrd = utils.valid_psswrd(user_psswrd)
verified = utils.verify_psswrd(user_psswrd, user_ver)
email = utils.valid_email(user_email)
#Create error messages
if not uname:
uname_err = "That's not a valid username!"
if uname_ex:
uname_err = "This username already exists!"
if not psswrd:
psswrd_err = "That wasn't a valid password"
if not verified:
verify_err = "Passwords did not match"
if not email:
email_err = "That's not a valid email!"
if not (uname and not uname_ex and psswrd and verified and
(email or user_email == "")):
#There was an error in one of the fields.
self.render_signup(uname=cgi.escape(user_uname),
uname_err=uname_err,
psswrd_err=psswrd_err,
verify_err=verify_err,
email=cgi.escape(user_email),
email_err=email_err)
else:
#Create a new user.
password_hash = utils.make_pw_hash(user_uname, user_psswrd)
user = mydb.User(username=user_uname,
password_hash=password_hash,
salt=password_hash.split('|')[1],
email=user_email)
user.put()
mydb.allusers(update=True, newuser=user)
print "added new user %s" % user.username
#Redirect the user back to entry where they came from.
redir = self.request.cookies.get('Location')
if not redir:
redir = '/'
self.response.headers.add_header(
'Set-Cookie', "user_id=%s;Location=%s;Path=/" %
(utils.make_secure_val(str(user.key.id())), str(redir)))
self.redirect(str(redir))
def get(self):
self.response.headers['Content-Type'] = 'text/plain'
visits_cookie = self.request.cookies.get('visits','0')
visits = 0
if visits_cookie:
visits_cookie = utils.check_secure_val(visits_cookie)
if visits_cookie:
visits = int(visits_cookie)
visits += 1
visits_new = utils.make_secure_val(str(visits))
self.response.headers.add_header('Set-Cookie', 'visits=%s' %visits_new)
self.write("You have been here %s times" % visits)
def post(self):
username = self.request.get('username')
password = self.request.get('password')
firstname = self.request.get('firstname')
lastname = self.request.get('lastname')
verify = self.request.get('verify')
email = self.request.get('email')
userError = ''
passwordError = ''
verifyError = ''
emailError = ''
if not(username and valid_username(username)):
userError = USERNAME_ER
if not (password and valid_password(password)):
passwordError = PASSWORD_ER
if not (verify and (verify == password)):
verifyError = VERIFY_ER
if not (valid_email(email)):
emailError = EMAIL_ER
if(userError or passwordError or verifyError or emailError):
self.render('user-signup.html', username=username,
firstname=firstname,
lastname=lastname,
email=email,
usernameError=userError,
passwordError=passwordError,
verifyError=verifyError,
emailError=emailError)
else:
pw_hash = utils.make_pw_hash(username, password)
if pw_hash:
u = User(username=username, password=pw_hash, firstname=firstname, lastname=lastname, email=email)
u.put()
id_string = str(u.key().id())
cookieHsh = utils.make_secure_val(id_string)
self.response.headers.add_header('Set-Cookie', 'user_id=%s; Path=/' %
cookieHsh)
self.redirect('/')
else:
self.render('user-signup.html', username=username,
email=email,
usernameError=userError,
passwordError=passwordError,
verifyError=verifyError,
emailError=emailError)
def post(self):
formentries = {'username':"",
'err_username':"",
'err_password':"",
'err_verify':"",
'email':"",
'err_email':""
}
username = self.request.get('username')
password = self.request.get('password')
verify = self.request.get('verify')
email = self.request.get('email')
username_match = valid_username(username)
password_match = valid_password(password)
email_match = valid_email(email)
verify_match = False
if password_match:
verify_match = (password == verify)
if username_match and password_match and verify_match and (email == "" or email_match): ## Form is well
if users.get_user_by_name(username):
formentries['username'] = username
formentries['email'] = email;
formentries['err_username']="******"
self.write_signup_form(**formentries)
else:
user = users.put_user(username,password,email)
user_id_cookie = utils.make_secure_val(str(user.key().id()))
self.response.headers.add_header('Set-Cookie',str('user_id=%s; Path=/' % user_id_cookie))
self.redirect("/")
else:
formentries['username']=username
formentries['email']=email
if username_match == None:
formentries['err_username']="******"
if password_match == None:
formentries['err_password']="******"
elif verify_match == False:
formentries['err_verify']="Your passwords didn't match."
if email and email_match == None:
formentries['err_email'] = "That's not a valid email."
self.write_signup_form(**formentries)
def get(self):
valid_cookie = self.request.cookies.get('user_id')
if valid_cookie:
import globals
if globals.users != None:
visits = 0
visits_cookie_val = self.request.cookies.get('visits')
if visits_cookie_val:
cookie_valid = utils.check_secure_val(visits_cookie_val)
if cookie_valid:
visits = int(cookie_valid)
visits += 1
new_cookie_val = utils.make_secure_val(str(visits))
self.response.headers.add_header('Set-Cookie', 'visits=%s;Path=/' % new_cookie_val)
self.render("page_visits.html", visits = visits, user = globals.users)
else:
self.redirect('/')
def login(request):
if request.method == 'POST':
form = LoginForm(request.POST)
username = form.data['username']
if form.is_valid():
m = User.objects.get(username=username)
request = redirect('final_wiki')
# Set user_id cookie with encoded user pk id
request.set_cookie('user_id', make_secure_val(str(m.pk)), path='/')
return request
else:
form = LoginForm()
username = ""
# Render template with username, form.errors
d=dict(username=username, error=form.errors)
return render_to_response('7_final/login.html', d, context_instance=RequestContext(request))
def post(self):
username = self.request.get("username")
password = self.request.get("password")
error = False
if not utils.valid_username(username):
error = True
else:
user_data = db.GqlQuery("SELECT * FROM User WHERE username = '******'" %
username).get()
if not user_data:
error = True
elif not utils.valid_pw(username, password, user_data.hashed_pw):
error = True
if (error):
self.render("Week4/login.html", username=username, error="Invalid login")
else:
self.response.headers.add_header('Set-Cookie', str('user-id=%s; Path=/'
% utils.make_secure_val(utils.SECRET, username)))
self.redirect("/blog/welcome")
def post(self):
username = self.request.get("username")
password = self.request.get("password")
verify = self.request.get("verify")
email = self.request.get("email")
username_error = ""
password_error = ""
verify_error = ""
email_error = ""
if not utils.valid_username(username):
username_error = "That's not a valid username."
elif db.GqlQuery("SELECT * FROM User WHERE username = '******'" %
username).count() != 0:
username_error = "Username already exists."
if utils.valid_password(password):
if not password == verify:
verify_error = "Your passwords didn't match."
else:
password_error = "That wasn't a valid password."
if not utils.valid_email(email):
email_error = "That's not a valid email."
if (username_error != "" or password_error != "" or
verify_error != "" or email_error != ""):
self.write_form([username, username_error], password_error,
verify_error, [email, email_error])
else:
user = models.User(username=username,
hashed_pw=utils.make_pw_hash(username, password),
email=email)
user.put()
self.response.headers.add_header('Set-Cookie', str('user-id=%s; Path=/'
% utils.make_secure_val(utils.SECRET, username)))
self.redirect("/blog/welcome")
def get(self):
self.response.headers['Content-Type'] = 'text/plain'
visits = 0
visit_cookie_str = self.request.cookies.get('visits')
if visit_cookie_str:
cookie_val = check_secure_val(visit_cookie_str)
if cookie_val:
visits = int(cookie_val)
visits += 1
new_cookie_val = make_secure_val(str(visits))
self.response.headers.add_header('Set-Cookie', 'visits=%s'
% new_cookie_val)
if visits == 10:
self.write("Almost there, keep going!")
elif visits == 20:
self.response.headers['Content-Type'] = 'text/html'
self.response.out.write('<img src="http://media.tumblr.com/tumblr_l0xi7u49bX1qzso2v.jpg" alt="cookie">Please don\'t eat me!')
else:
self.write("I've seen you %s times.." % visits)
def set_cookie(self, key, val):
secure = utils.make_secure_val(val)
self.response.headers.add_header("Set-Cookie", "%s=%s; Path=/" % (key, secure))
def post(self):
if self.request.get('login_email') and self.request.get('login_password'):
user_email = self.request.get('login_email')
user_psswrd = self.request.get('login_password')
print user_email
valid_pwd = False
valid_email = False
q = mydb.User.get_by_email(user_email)
if not(q is None):
valid_email = True
valid_pwd = utils.valid_pw(user_email, user_psswrd, q.password_hash)
if valid_pwd and valid_email:
self.response.headers.add_header('Set-Cookie', "user_id=%s;Path=/" % utils.make_secure_val(str(q.key().id())))
self.redirect('/hello')
else:
self.render_signup(email=cgi.escape(user_email), login_err="Invalid username or password. Please sign up or try again.")
else:
user_email = self.request.get('email')
user_psswrd = self.request.get('password')
user_first_name = self.request.get('first_name')
user_last_name = self.request.get('last_name')
user_dob = self.request.get('dob')
user_gender = self.request.get('gender')
user_occupation = self.request.get('occupation')
user_confirmation = self.request.get('confirmation')
print user_email
print user_psswrd
print user_first_name
print user_last_name
print utils.convert_dob(user_dob)
print user_gender
print user_occupation
print user_confirmation
name = utils.valid_name(user_first_name) and utils.valid_name(user_last_name)
user_ex = utils.user_exists(user_email)
psswrd = utils.valid_psswrd(user_psswrd)
email = utils.valid_email(user_email)
# this will store the values to be returned
#ret = {"uname":cgi.escape(user_uname), "uname_err":"", "psswrd_err":"", "verify_err":"", "email":cgi.escape(user_email), "email_err":""}
if not name or user_ex or not psswrd or not email:
input_err = "Some input was incorrect. Further details to come soon."
if not(name and not user_ex and psswrd and email):
self.render_signup(first_name=first_name,
login_err=login_err,
input_err=input_err,
email=email,
last_name=last_name,
gender=gender,
occupation=occupation)
else:
password_hash = utils.make_pw_hash(user_email, user_psswrd)
user = mydb.User(first_name=user_first_name, last_name=user_last_name, dob=utils.convert_dob(user_dob), gender=user_gender, occupation=user_occupation, password_hash=password_hash, salt=password_hash.split('|')[1], email=user_email)
user.put()
print "added new user %s" % user.email
#mydb.allusers(True, user)
time.sleep(0.2)
self.response.headers.add_header('Set-Cookie', "user_id=%s;Path=/" % utils.make_secure_val(str(user.key().id())))
self.redirect('/hello')
def login(self, username, secret):
self.set_secure_cookie('username', u4.make_secure_val(username, secret))
def set_secure_cookie(self, key, val):
cookie_val = utils.make_secure_val(val)
self.response.set_cookie(key, cookie_val, path="/")
def set_secure_cookie(self, name, val):
cookie_val = utils.make_secure_val(val)
self.response.headers.add_header('Set-Cookie', '%s=%s; Path=/' % (name, cookie_val))# consider imcluding an expire time in cookie(now it closes with browser), see docs
def post(self):
user_uname = self.request.get('username')
user_psswrd = self.request.get('password')
user_ver = self.request.get('verify')
user_email = self.request.get('email')
uname = utils.valid_uname(user_uname)
uname_ex = utils.user_exists(user_uname)
psswrd = utils.valid_psswrd(user_psswrd)
verified = utils.verify_psswrd(user_psswrd, user_ver)
email = utils.valid_email(user_email)
# this will store the values to be returned
ret = {"uname":cgi.escape(user_uname), "uname_err":"", "psswrd_err":"", "verify_err":"", "email":cgi.escape(user_email), "email_err":""}
if not uname:
ret["uname_err"] = "That's not a valid username!"
if uname_ex:
ret["uname_err"] = "This username already exists!"
if not psswrd:
ret["psswrd_err"] = "That wasn't a valid password"
if not verified:
ret["verify_err"] = "Passwords did not match"
if not email:
ret["email_err"] = "That's not a valid email!"
if not(uname and not uname_ex and psswrd and verified and (email or user_email == "")):
self.render_signup(uname=ret["uname"], uname_err=ret["uname_err"], psswrd_err=ret["psswrd_err"], verify_err=ret["verify_err"], email=ret["email"], email_err=ret["email_err"])
else:
password_hash = utils.make_pw_hash(user_uname, user_psswrd)
user = mydb.User(username=user_uname, password_hash=password_hash, salt=password_hash.split('|')[1], email=user_email)
user.put()
print "added new user %s" % user.username
mydb.allusers(True, user)
redir = self.request.cookies.get('Location')
#time.sleep(1)
if not redir:
redir = '/'
self.response.headers.add_header('Set-Cookie', "user_id=%s;Location=%s;Path=/" % (utils.make_secure_val(str(user.key().id())), str(redir)))
print redir
self.redirect(str(redir))
def login(self, username, secret):
self.set_secure_cookie('username',
u4.make_secure_val(username, secret))
def set_secure_cookie(self, name, val):
cookie_val = make_secure_val(val)
self.response.set_cookie(name, cookie_val, path="/")
def set_secure_cookie(self, name, val):
self.set_cookie('%s=%s; Path=/' % (name, make_secure_val(val)))
def login(self, user):
user_hash = utils.make_secure_val(str(user.key().id()))
self.response.set_cookie('user_id', value=user_hash)
def set_secure_cookie(self, name, value):
self.response.headers.add_header('Set-Cookie', '%s=%s; Path=/' % (name, utils.make_secure_val(value)))
def post(self):
user_uname = self.request.get('username')
user_psswrd = self.request.get('password')
print user_uname
valid_pwd = False
valid_user = False
q = mydb.single_user_by_name(user_uname)
print q
if not(q is None):
valid_user = True
valid_pwd = utils.valid_pw(user_uname, user_psswrd, q.password_hash)
if valid_pwd and valid_user:
redir = self.request.cookies.get('Location')
if not redir:
redir = '/'
self.response.headers.add_header('Set-Cookie', "user_id=%s;Location=%s;Path=/" % (utils.make_secure_val(str(q.key().id())), str(redir)))
self.redirect(str(redir))
else:
self.render_login(uname=cgi.escape(user_uname), login_err="Invalid username or password")
def set_secure_cookie(self, name, val): cookie_val = utils.make_secure_val(val) self.response.headers.add_header( "Set-Cookie", "%s=%s; Path=/" % (name, cookie_val) )
def post(self):
username = self.request.get("username")
password = self.request.get("password")
if username and password:
u = users.get_valid_user(username,password)
if u:
self.response.headers.add_header('Set-Cookie',str('user_id=%s; Path=/' % utils.make_secure_val(str(u.key().id()))))
self.redirect("/")
error = "Invalid login!!!"
self.render_login(username,error)
def set_secure_cookie(self, name, val):
cookie_val = make_secure_val(val)
self.response.headers.add_header(
'Set-Cookie',
'%s=%s; Path=/' % (name, cookie_val))
def set_secure_cookie(self, name, val):
cookie_val = utils.make_secure_val(val)
self.response.headers.add_header('Set-Cookie',
'%s=%s; PATH=/' % (name, cookie_val))
def set_cookie(self, name, val):
"""Sets a cookie 'user_id' with the userid and val"""
cookie_val = make_secure_val(val)
self.response.headers.add_header(
'Set-Cookie',
'%s=%s; Path=/' % (name, cookie_val))
def set_secure_cookie(self,name,val):
cookie_val=make_secure_val(val)
self.response.set_cookie(name, cookie_val, path="/")