예제 #1
0
def register_post():

    if g.redis.exists("register:" + request.headers.get("X-Forwarded-For", request.remote_addr)):
        return redirect(referer_or_home() + "?register_error=ip")

    # Don't accept blank fields.
    if request.form["username"] == "" or request.form["password"] == "":
        return redirect(referer_or_home() + "?register_error=blank")

    # Make sure the two passwords match.
    if request.form["password"] != request.form["password_again"]:
        return redirect(referer_or_home() + "?register_error=passwords_didnt_match")

    # Check email address against email_validator.
    # Silently truncate it because the only way it can be longer is if they've hacked the front end.
    email_address = request.form.get("email_address").strip()[:100]
    if not email_address:
        return redirect(referer_or_home() + "?register_error=blank_email")
    if email_validator.match(email_address) is None:
        return redirect(referer_or_home() + "?register_error=invalid_email")

    # Check username against username_validator.
    # Silently truncate it because the only way it can be longer is if they've hacked the front end.
    username = request.form["username"][:50]
    if username_validator.match(username) is None:
        return redirect(referer_or_home() + "?register_error=invalid_username")

    # Make sure this username hasn't been taken before.
    # Also check against reserved usernames.
    if username.startswith("guest_") or g.db.query(User.id).filter(
        func.lower(User.username) == username.lower()
    ).count() == 1 or username.lower() in reserved_usernames:
        return redirect(referer_or_home() + "?register_error=username_taken")

    new_user = User(
        username=username,
        email_address=email_address,
        group="new",
        last_ip=request.headers.get("X-Forwarded-For", request.remote_addr),
    )
    new_user.set_password(request.form["password"])
    g.db.add(new_user)
    g.db.flush()
    g.redis.set("session:" + g.session_id, new_user.id, 2592000)
    g.redis.setex("register:" + request.headers.get("X-Forwarded-For", request.remote_addr), 86400, 1)

    g.user = new_user
    send_email("welcome", email_address)

    g.db.commit()

    redirect_url = referer_or_home()
    # Make sure we don't go back to the log in page.
    if redirect_url == url_for("register", _external=True):
        return redirect(url_for("home"))
    return redirect(redirect_url)
예제 #2
0
파일: characters.py 프로젝트: wnku/newparp
def validate_character_form(form):

    try:
        search_character_id = int(form["search_character_id"])
        g.db.query(SearchCharacter).filter(SearchCharacter.id == search_character_id).one()
    except (KeyError, ValueError, NoResultFound):
        # id 1 always exists so fall back to that.
        search_character_id = 1

    shortcut = form.get("shortcut", "").strip()
    if shortcut and not username_validator.match(shortcut):
        abort(400)

    # Don't allow a blank name.
    if form["name"] == "":
        abort(400)

    # Validate color.
    # <input type="color"> always prefixes with a #.
    color = form.get("color", "000000")
    if color and color[0] == "#":
        color = color[1:]
    if not color_validator.match(color):
        abort(400)

    # Validate case.
    case = form.get("case", "normal")
    if case not in case_options:
        abort(400)

    # XXX PUT LENGTH LIMIT ON REPLACEMENTS?
    # Zip replacements.
    replacements = list(zip(
        form.getlist("quirk_from"),
        form.getlist("quirk_to"),
    ))
    # Strip out any rows where from is blank or the same as to.
    replacements = [_ for _ in replacements if _[0] != "" and _[0] != _[1]]
    # And encode as JSON.
    json_replacements = json.dumps(replacements)

    # XXX PUT LENGTH LIMIT ON REGEXES?
    # Zip regexes.
    regexes = list(zip(
        form.getlist("regex_from"),
        form.getlist("regex_to"),
    ))
    # Strip out any rows where from is blank or the same as to.
    regexes = [_ for _ in regexes if _[0] != "" and _[0] != _[1]]
    # And encode as JSON.
    json_regexes = json.dumps(regexes)

    return {
        # There are length limits on the front end so silently truncate these.
        "title": form["title"][:50] if "title" in form else "",
        "search_character_id": search_character_id,
        "shortcut": shortcut if len(shortcut) != 0 else None,
        "name": form["name"][:50],
        "acronym": form["acronym"][:15],
        "color": color,
        "quirk_prefix": form.get("quirk_prefix", "")[:2000],
        "quirk_suffix": form.get("quirk_suffix", "")[:2000],
        "case": case,
        "replacements": json_replacements,
        "regexes": json_regexes,
    }