def insert_account():
"""
Stores a user's account into the Accounts table using the prepare statement
"""
# Generates a random number of bytes to be used to create a new hash
salt = os.urandom(64)
# Encrypts the password and email that was entered
enc_psw = enc.create_hash(psw1, salt)
enc_email = enc.create_hash(email, salt)
# Prepare INSERT Statement
prep_insert = "INSERT INTO accounts (uname, pwd, fname, lname, email, age, addr, city, state, zipCode, poliAffil) VALUES (%s, %s, %s, %s, %s, %s, %s, %s, %s, %s, %s)"
values = (
uname,
enc_psw,
fname,
lname,
enc_email,
age,
addr,
cty,
st,
zipcode,
polaffil,
)
cursor.execute(prep_insert, values)
db.commit() # saves changes
# Stores salt in the database
store_salt(salt)
def update_account():
"""
Updates accounts using the prepare statement
"""
# Determines if the salt used by an account in the Salt table should be updated
new_salt = False
accid = find_accid() # gets an ID
# Gets the original encrypted values to use for defaulting data
enc_values = find_encdata() # returns a tuple
(pwd, email_addr) = enc_values # unpacks the tuple
# Checks if the password and email address that were submitted should be encrypted
if psw1 != "" or email != "":
salt = os.urandom(64) # generates a new salt value
new_salt = True
if psw1 != "":
enc_psw = enc.create_hash(psw1, salt)
else:
# Re-encrypts data so validation still works
enc_psw = enc.create_hash(pwd, salt)
if email != "":
enc_email = enc.create_hash(email, salt)
else:
# Re-encrypts data so validation still works
enc_email = enc.create_hash(email_addr, salt)
else:
enc_psw = pwd
enc_email = email_addr
# Prepare UPDATE statement
prep_update = "UPDATE accounts SET uname = %s, pwd = %s, fname = %s, lname = %s, email = %s, age = %s, addr = %s, city = %s, state = %s, zipCode = %s, poliAffil = %s WHERE accId = %s"
values = (
uname,
enc_psw,
fname,
lname,
enc_email,
age,
addr,
cty,
st,
zipcode,
polaffil,
accid,
)
# A tuple should always be used when binding placeholders (%s)
cursor.execute(prep_update, values)
if new_salt:
update_salt(salt, accid)
db.commit() # saves changes
def update_cred(ccnum, cvv, salt):
"""
Re-Encrypts the credit card number and CVV that was entered
"""
accid = find_accid() # gets an ID
# Encrypts the credit card number and the CVV
enc_ccnum = enc.create_hash(ccnum, salt)
enc_cvv = enc.create_hash(cvv, salt)
# Prepare UPDATE statement
prep_update = "UPDATE donations SET credCardNum = %s, cvv = %s WHERE accId = %s"
# A tuple should always be used when binding placeholders (%s)
cursor.execute(prep_update, (enc_ccnum, enc_cvv, accid))
db.commit() # saves changes
def insert_donation():
"""
Stores the donation that was placed in the Donations table and uses a function to store donations
in the VoteDonate table
"""
global errctr
accid = find_accid() # gets an ID
try:
# Converts the string value that is returned in find_salt() back to bytes
salt = eval(find_salt())
if bitcoin == "":
# Encrypts the credit card number and CVV that was entered
enc_ccnum = enc.create_hash(ccnum, salt)
enc_cvv = enc.create_hash(cvv, salt)
# Prepare INSERT statement
prep_insert = "INSERT INTO donations (accId, amount, credCardNum, cvv, credExpMon, credExpYr) VALUES (%s, %s, %s, %s, %s, %s)"
values = (accid, amt, enc_ccnum, enc_cvv, expm, expy)
# A tuple should always be used for binding placeholders (%s)
cursor.execute(prep_insert, values)
else:
# Encrypts the Bitcoin address that was entered
enc_bitcoin = enc.create_hash(bitcoin, salt)
# Prepare INSERT statement
prep_insert = (
"INSERT INTO donations (accId, amount, bitcoin) VALUES (%s, %s, %s)"
)
# A tuple should always be used for binding placeholders (%s)
cursor.execute(prep_insert, (accid, amt, enc_bitcoin))
db.commit() # saves changes
insert_votedonate()
except mysql.Error as e:
errctr += 1
msg = " <p>" + str(e) + "</p>"
errmsgs.append(msg)
def insert_donation():
"""
Stores the donation that was placed in the Donations table
"""
global errctr
try:
accid = find_accid() # gets an ID
# Generates a random number of bytes to be used to create a new hash
salt = os.urandom(64)
if bitcoin == "":
# Encrypts the credit card number and CVV that was entered
enc_ccnum = enc.create_hash(ccnum, salt)
enc_cvv = enc.create_hash(cvv, salt)
# Prepare INSERT statement
prep_insert = "INSERT INTO donations (accId, amount, credCardNum, cvv, credExpMon, credExpYr) VALUES (%s, %s, %s, %s, %s, %s)"
values = (accid, amt, enc_ccnum, enc_cvv, expm, expy)
# A tuple should always be used for binding placeholders (%s)
cursor.execute(prep_insert, values)
else:
# Encrypts the Bitcoin address that was entered
enc_bitcoin = enc.create_hash(bitcoin, salt)
# Prepare INSERT statement
prep_insert = (
"INSERT INTO donations (accId, amount, bitcoin) VALUES (%s, %s, %s)"
)
# A tuple should always be used for binding placeholders (%s)
cursor.execute(prep_insert, (accid, amt, enc_bitcoin))
db.commit() # saves changes
except mysql.Error as e:
errctr += 1
msg = " <p>" + e + "</p>"
errmsgs.append(msg)
def update_psw(uname, psw):
"""
Updates the user's password in the Accounts table using the prepare statement
"""
salt = eval(find_salt()) # converts the value returned back to bytes
enc_psw = enc.create_hash(
psw, salt) # encrypts the new password that was entered
# Prepare UPDATE statement
prep_update = "UPDATE accounts SET pwd = %s WHERE uname = %s"
# A tuple should always be used when binding placeholders (%s)
cursor.execute(prep_update, (enc_psw, uname))
db.commit() # saves changes
def update_bitaddr(bitcoin, salt):
"""
Re-Encrypts the bitcoin address that was entered
"""
accid = find_accid() # gets an ID
# Encrypts the credit card number and the CVV
enc_bitcoin = enc.create_hash(bitcoin, salt)
# Prepare UPDATE statement
prep_update = "UPDATE donations SET bitcoin = %s WHERE accId = %s"
# A tuple should always be used when binding placeholders (%s)
cursor.execute(prep_update, (enc_bitcoin, accid))
db.commit() # saves changes
def update_psw(uname, psw):
"""
Updates the user's password in the Accounts table using the prepare statement
"""
salt = os.urandom(64) # generates a new salt value
enc_psw = enc.create_hash(
psw, salt) # encrypts the new password that was entered
# Prepare UPDATE statement
prep_update = "UPDATE accounts SET pwd = %s WHERE uname = %s"
# A tuple should always be used when binding placeholders (%s)
cursor.execute(prep_update, (enc_psw, uname))
update_salt(salt)
db.commit() # saves changes
