def confirm(theform, userdir, thisscript): """Confirm a login. Either from an invite or from a user who has registered.""" from modules.dataenc import pass_dec, pass_enc from login import encodestring fail = False try: theval, daynumber, timestamp = pass_dec(theform['id'].value) except: # FIXME: bare except.... newloginfail() tempstore = ConfigObj(userdir + 'temp.ini') if not tempstore.has_key(theval): newloginfail() uservals = tempstore[theval] del tempstore[theval] username = uservals['username'] if username in tempstore['pending']: tempstore['pending'].remove(username) tempstore.write() # newconfig = ConfigObj(userdir + 'default.ini') newpath = userdir + username + '.ini' if os.path.isfile(newpath): newloginfail() newconfig.filename = newpath # FIXME: should this be '' ? action = None for entry in uservals: if entry == 'action': action = uservals[entry] elif entry == 'password': password = uservals[entry] newconfig[entry] = pass_enc(password, timestamp=True, daynumber=True) else: newconfig[entry] = uservals[entry] newconfig.write() # # next we need to create the cookie header to return it from Cookie import SimpleCookie thecookie = SimpleCookie() thecookie['userid'] = encodestring(newconfig['username'], password) config = ConfigObj(userdir + 'config.ini') maxage = newconfig['max-age'] cookiepath = config['cookiepath'] if maxage and int(maxage): # possible cause of error here if the maxage value in a users file isn't an integer !! thecookie['userid']['max-age'] = int(maxage) if cookiepath: thecookie['userid']['path'] = cookiepath if config['adminmail']: msg = 'A new user has created a login - "%s".\n\n' % thisscript for entry in newconfig: if entry != 'password': msg += entry + ' : ' + newconfig[entry] + '\n' # FIXME: should be mailme sendmailme(config['adminmail'], msg, config['email_subject'], config['adminmail'], html=False) return action, newconfig, thecookie.output()
def createuser(userdir, realname, username, email, password, adminlev): """Create a new user.""" from time import time from modules.dataenc import pass_enc from modules.configobj import ConfigObj user = ConfigObj(userdir+'default.ini') user.filename = userdir + username + '.ini' # XXXX this does no checkign htat the name is valid and doesn't already exist !! user['username'] = username user['realname'] = realname user['email'] = email user['admin'] = adminlev user['password'] = pass_enc(password, timestamp=True, daynumber=True) user['created'] = str(time()) user.write()
def createuser(userdir, realname, username, email, password, adminlev): """Create a new user.""" from time import time from modules.dataenc import pass_enc from modules.configobj import ConfigObj user = ConfigObj(userdir + 'default.ini') user.filename = userdir + username + '.ini' # XXXX this does no checkign htat the name is valid and doesn't already exist !! user['username'] = username user['realname'] = realname user['email'] = email user['admin'] = adminlev user['password'] = pass_enc(password, timestamp=True, daynumber=True) user['created'] = str(time()) user.write()
def confirm(theform, userdir, thisscript): """Confirm a login. Either from an invite or from a user who has registered.""" from modules.dataenc import pass_dec, pass_enc from login import encodestring fail = False try: theval, daynumber, timestamp = pass_dec(theform['id'].value) except: # FIXME: bare except.... newloginfail() tempstore = ConfigObj(userdir + 'temp.ini') if not tempstore.has_key(theval): newloginfail() uservals = tempstore[theval] del tempstore[theval] username = uservals['username'] if username in tempstore['pending']: tempstore['pending'].remove(username) tempstore.write() # newconfig = ConfigObj(userdir + 'default.ini') newpath = userdir + username + '.ini' if os.path.isfile(newpath): newloginfail() newconfig.filename = newpath # FIXME: should this be '' ? action = None for entry in uservals: if entry == 'action': action = uservals[entry] elif entry == 'password': password = uservals[entry] pwd_hash = pwd_context.hash(password, salt="") newconfig[entry] = pass_enc(pwd_hash, timestamp=True, daynumber=True) else: newconfig[entry] = uservals[entry] newconfig.write() # # next we need to create the cookie header to return it from Cookie import SimpleCookie thecookie = SimpleCookie() pwd_hash = pwd_context.hash(password, salt="") thecookie['userid'] = encodestring(newconfig['username'], pwd_hash) config = ConfigObj(userdir + 'config.ini') maxage = newconfig['max-age'] cookiepath = config['cookiepath'] if maxage and int( maxage ): # possible cause of error here if the maxage value in a users file isn't an integer !! thecookie['userid']['max-age'] = int(maxage) if cookiepath: thecookie['userid']['path'] = cookiepath if config['adminmail']: msg = 'A new user has created a login - "%s".\n\n' % thisscript for entry in newconfig: if entry != 'password': msg += entry + ' : ' + newconfig[entry] + '\n' # FIXME: should be mailme sendmailme(config['adminmail'], msg, config['email_subject'], config['adminmail'], html=False) return action, newconfig, thecookie.output()
def doedituser(theform, userdir, thisscript, userconfig, action, newcookie): """Receives form submissions from the 'edit user' page.""" # parameters to get : # username, realname, email, adminlev, pass1, pass2 username = theform.getfirst('username') # the user we are editing loginname = theform.getfirst('loginname') # the new user name (won't usually change I guess) realname = theform.getfirst('realname') email = theform.getfirst('email') adminlev = theform.getfirst('adminlev') pass1 = theform.getfirst('pass1') pass2 = theform.getfirst('pass2') maxage = theform.getfirst('maxage') editable = theform.getfirst('editable') maxadminlev = min(int(userconfig['admin']), MAXADMINLEV) # check all the account values # this could be turned into a generic 'account checker' function if we wanted. email = validemail(email) if not email: edituser(theform, userdir, thisscript, userconfig, action, newcookie, 'The Email Address Appears to Be Invalid.') if not loginname: edituser(theform, userdir, thisscript, userconfig, action, newcookie, 'You Must Supply a Login Name.') for char in loginname.lower(): if not char in validchars: edituser(theform, userdir, thisscript, userconfig, action, newcookie, 'Login Name Contains Invalid Characters') if not realname: edituser(theform, userdir, thisscript, userconfig, action, newcookie, 'You Must Supply a Real Name') if (pass1 or pass2) and not (pass1 and pass2): edituser(theform, userdir, thisscript, userconfig, action, newcookie, 'To Change the Password - Enter it Twice') if pass1 != pass2: edituser(theform, userdir, thisscript, userconfig, action, newcookie, 'The Two Passwords Are Different') if pass1 and len(pass1) < 5: edituser(theform, userdir, thisscript, userconfig, action, newcookie, 'Password Must Be at Least Five Characters') if not adminlev.isdigit(): edituser(theform, userdir, thisscript, userconfig, action, newcookie, 'The Admin Level Must Be a Number') if int(adminlev) > maxadminlev: edituser(theform, userdir, thisscript, userconfig, action, newcookie, 'Admin Level is Higher than the Max (%s).' % maxadminlev) if not maxage.isdigit(): edituser(theform, userdir, thisscript, userconfig, action, newcookie, 'Cookie "max-age" Must Be a Number') if int(maxage) and int(maxage) < MINMAXAGE: edituser(theform, userdir, thisscript, userconfig, action, newcookie, 'Cookie "max-age" Must Be Greater Than %s' % MINMAXAGE) if editable: editable = 'Yes' else: editable = 'No' # let's just check if the username has changed thisuser = ConfigObj(userdir+username+'.ini') if loginname != username: pendinglist = ConfigObj(userdir + 'temp.ini').get('pending', []) if os.path.isfile(userdir+loginname+'.ini') or loginname in pendinglist or loginname.lower() in RESERVEDNAMES: edituser(theform, userdir, thisscript, userconfig, action, newcookie, 'Login Name Chosen Already Exists') thisuser.filename = userdir+loginname+'.ini' # change to new name os.remove(userdir+username+'.ini') # free up the old name if pass1: from dataenc import pass_enc thisuser['password'] = pass_enc(pass1, daynumber=True, timestamp=True) # thisuser['realname'] = realname thisuser['email'] = email thisuser['admin'] = adminlev thisuser['max-age'] = maxage thisuser['editable'] = editable thisuser.write() # edituser(theform, userdir, thisscript, userconfig, action, newcookie, '') edituser(theform, userdir, thisscript, userconfig, action, newcookie, 'Changes Made Successfully', True)