def do_POST(self): global sessionID self.headerFinished = False self.send_response(200) #Parse query try: ctype, pdict = cgi.parse_header(self.headers.getheader('content-type')) if ctype == 'multipart/form-data': query = cgi.parse_multipart(self.rfile, pdict) else: query = None except: query = None #Session Management authenticated = False #Check password if self.path.startswith("/pwd"): try: pwd = query.get("pwd")[0] except: pwd = None if password.isCorrect(pwd): sessionID = urandom(16).encode('base64').strip() self.send_header("Set-Cookie", "bitweb_sessionID=\"" + sessionID + "\"; Max-Age=2592000; Version=\"1\"; Secure; Port; HttpOnly") authenticated = True #Redirect to inbox self.path = "/inbox" sleep(1) #To slow down brutforce else: self.send_header('Content-type', 'text/html') self.write(password.enterHTML(True)) sleep(1) #To slow down brutforce return #Set password if self.path.startswith("/setpwd") and not password.isSet(): try: pwd = query["pwd"][0] password.set(pwd) authenticated = True except: authenticated = False #Check Authentication if (not authenticated) and (not self.isAuthenticated()) : return #End of session management. #The following code should only be executed when the user has passed authentication! #Check api if not self.initApi(): return #Header for text self.send_header('Content-type', 'text/html') #Handel called URL if self.path.startswith("/inbox") or self.path == "/": self.write(getPages.inbox()) elif self.path.startswith("/composer"): toAddress = False replyTo = False try: if query.has_key("to"): toAddress = query["to"][0] if query.has_key("replyto"): replyTo = query["replyto"][0] except: pass self.write(getPages.composeMsg(replyTo, toAddress)) elif self.path.startswith("/sendmsg"): try: if query.has_key("to"): toAddress = query["to"][0] else: #There is no reciever for broadcast messages toAddress = "" fromAddress = query["from"][0] subject = query["subject"][0] text = query["text"][0] if query["broadcast"][0] == "true": broadcast = True else: broadcast = False except: page = HTMLPage() page.addLine("<h1>Error while parsing message.") page.addLine("Message NOT send!</h1>") self.write(page.getPage()) return self.write(getPages.sendMsg(toAddress, fromAddress, subject, text, broadcast)) elif self.path.startswith("/unsubscribe"): try: addr = query["addr"][0] getPages.unsubscribe(addr) except: pass self.write(getPages.subscriptions()) elif self.path.startswith("/subscribe"): try: addr = query["addr"][0] label = query["label"][0] getPages.subscribe(addr, label) except: pass self.write(getPages.subscriptions()) elif self.path.startswith("/addaddressbookentry"): try: addr = query["addr"][0] label = query["label"][0] getPages.addAddressBookEntry(addr, label) except: pass self.write(getPages.addressBook()) elif self.path.startswith("/deladdressbookentry"): try: addr = query["addr"][0] getPages.delAddressBookEntry(addr) except: pass self.write(getPages.addressBook()) elif self.path.startswith("/createchan"): try: pw = query["pw"][0] getPages.createChan(pw) except: pass self.write(getPages.chans()) elif self.path.startswith("/joinchan"): try: pw = query["pw"][0] addr = query["addr"][0] getPages.joinChan(pw, addr) except: pass self.write(getPages.chans()) elif self.path.startswith("/leavechan"): try: addr = query["addr"][0] getPages.leaveChan(addr) except: pass self.write(getPages.chans()) elif self.path.startswith("/addrandomaddress"): try: label = query["label"][0] getPages.genRandomAddress(label) except: pass self.write(getPages.identities()) elif self.path.startswith("/deladdress"): try: addr = query["addr"][0] getPages.delAddress(addr) except: pass self.write(getPages.identities()) else: html = HTMLPage() html.addLine("<h1>Page not found!</h1>", False) self.write(html.getPage())
def do_GET(self): global sessionID self.headerFinished = False self.send_response(200) #return favicon.ico if self.path.startswith("/favicon.ico"): self.send_header('Content-type', 'image/x-icon') try: f = open("favicon.ico", "rb") self.write(f.read()) except: pass return #Parse query if '?' in self.path: qs = self.path[self.path.find('?')+1:] query = cgi.parse_qs(qs, keep_blank_values = True) else: query = None #Check Authentication if not self.isAuthenticated(): return #The following code should only be executed when the user has passed authentication! #Check api if not self.initApi(): return #Handel called URL #Return requested image if self.path.startswith("/getimage"): params = self.path.split("-") imageHash = params[1].split(".")[0] ret = getPages.getImage(imageHash) if not ret: return mimeType, image = ret self.send_header('Content-type', mimeType) self.write(image) return else: #Header for text self.send_header('Content-type', 'text/html') #Return requestet page if self.path.startswith("/inbox") or self.path == "/": self.write(getPages.inbox()) elif self.path.startswith("/outbox"): self.write(getPages.outbox()) elif self.path.startswith("/composer"): self.write(getPages.composeMsg()) elif self.path.startswith("/subscriptions"): self.write(getPages.subscriptions()) elif self.path.startswith("/addressbook"): self.write(getPages.addressBook()) elif self.path.startswith("/chans"): self.write(getPages.chans()) elif self.path.startswith("/identities"): self.write(getPages.identities()) elif self.path.startswith("/status"): self.write(getPages.connectionStatus()) elif self.path.startswith("/logout"): sessionID = None self.write(password.enterHTML()) elif self.path.startswith("/markread"): try: msgid = query["msgid"][0] except: return getPages.markRead(msgid) elif self.path.startswith("/markunread"): try: msgid = query["msgid"][0] except: return getPages.markUnread(msgid) elif self.path.startswith("/delmsg"): try: msgid = query["msgid"][0] except: return getPages.delMsg(msgid) elif self.path.startswith("/delsentmsg"): try: msgid = query["msgid"][0] except: return getPages.delSentMsg(msgid) else: html = HTMLPage() html.addLine("<h1>Page not found!</h1>", False) self.write(html.getPage())
def do_GET(self): global sessionID self.send_response(200) self.send_header('Content-type', 'text/html') authenticated = False #Session Management if self.path.startswith("/pwd"): query = parseQuery(self.path) try: pwd = query["pwd"][0] except: pwd = "" if password.isCorrect(pwd): sessionID = urandom(16).encode('base64').strip() self.send_header("Set-Cookie", "sessionID=" + sessionID) authenticated = True self.path = "/inbox" sleep(1) #To slow down brutforce else: self.wfile.write(password.enterHTML(True)) sleep(1) #To slow down brutforce return if self.path.startswith("/setpwd") and not password.isSet(): query = parseQuery(self.path) try: pwd = query["pwd"][0] password.set(pwd) authenticated = True except: authenticated = False if self.path.startswith("/logout"): sessionID = None if sessionID and not authenticated: try: cookie = Cookie.SimpleCookie(self.headers.getheader("cookie")) if sessionID == cookie['sessionID'].value: authenticated = True except: authenticated = False self.end_headers() if not authenticated: if password.isSet(): self.wfile.write(password.enterHTML()) else: self.wfile.write(password.setHTML()) return #End session management. #The following code should only be executed when the user has passed authentication! if (not getPages.apiIsInit): error = getPages.initApi(); if (error): self.wfile.write(error) return if self.path.startswith("/inbox") or self.path == "/": self.wfile.write(getPages.inbox()) elif self.path.startswith("/outbox"): self.wfile.write(getPages.outbox()) elif self.path.startswith("/composer"): query = parseQuery(self.path) toAddress = "" subject = "" text = "" try: if query.has_key("to"): toAddress = query["to"][0] if query.has_key("subject"): subject = query["subject"][0] if query.has_key("text"): text = query["text"][0] except: pass self.wfile.write(getPages.composeMsg(toAddress, subject, text)) elif self.path.startswith("/sendmsg"): query = parseQuery(self.path) try: toAddress = query["to"][0] fromAddress = query["from"][0] subject = query["subject"][0] text = query["text"][0] except: page = HTMLPage() page.addLine("<h1>Error while parsing message.") page.addLine("Message NOT send!</h1>") self.wfile.write(page.getPage()) return self.wfile.write(getPages.sendMsg(toAddress, fromAddress, subject, text)) elif self.path.startswith("/subscriptions"): self.wfile.write(getPages.subscriptions()) elif self.path.startswith("/unsubscribe"): query = parseQuery(self.path) try: addr = query["addr"][0] getPages.unsubscribe(addr) except: pass self.wfile.write(getPages.subscriptions()) elif self.path.startswith("/subscribe"): query = parseQuery(self.path) try: addr = query["addr"][0] label = query["label"][0] getPages.subscribe(addr, label) except: pass self.wfile.write(getPages.subscriptions()) elif self.path.startswith("/addressbook"): self.wfile.write(getPages.addressBook()) elif self.path.startswith("/addaddress"): query = parseQuery(self.path) try: addr = query["addr"][0] label = query["label"][0] getPages.addAddressBookEntry(addr, label) except: pass self.wfile.write(getPages.addressBook()) elif self.path.startswith("/deladdress"): query = parseQuery(self.path) try: addr = query["addr"][0] getPages.delAddressBookEntry(addr) except: pass self.wfile.write(getPages.addressBook()) elif self.path.startswith("/markread"): query = parseQuery(self.path) try: msgid = query["msgid"][0] except: return getPages.markRead(msgid) elif self.path.startswith("/markunread"): query = parseQuery(self.path) try: msgid = query["msgid"][0] except: return getPages.markUnread(msgid) elif self.path.startswith("/delmsg"): query = parseQuery(self.path) try: msgid = query["msgid"][0] except: return getPages.delMsg(msgid) elif self.path.startswith("/delsentmsg"): query = parseQuery(self.path) try: msgid = query["msgid"][0] except: return getPages.delSentMsg(msgid) else: html = HTMLPage() html.addLine("<h1>404 - Not found</h1>") self.wfile.write(html.getPage())