def post(self):
user = databases.User.get_by_id(int(self.request.cookies.get('user').split('|')[0]))
firstname = user.name.split(' ')[0]
lastname = user.name.split(' ')[1]
if self.request.get('user_password') == '' or util.valid_pw(user.email, self.request.get('user_password'), user.pw_hash) == False:
self.render('profile.html', password = '******', user = user, firstname = firstname, lastname = lastname)
else:
user.name = self.request.get('user_first') + " " + self.request.get('user_last')
user.email = self.request.get('user_email')
user.pw_hash = util.make_pw_hash(user.email, self.request.get('user_password'))
user.put()
if not self.request.POST[u'image'] == "":
try:
data = self.request.POST[u'image'].file.read()
name = self.request.POST[u'image'].filename
filetype = self.request.POST[u'image'].type
image = databases.userImage(name = name, data = data, filetype = filetype, user = user)
for i in databases.userImage.all():
if i.user.key().id() == user.key().id():
logging.debug('Deleted: ' + i.name)
i.delete()
logging.debug("Put: " + image.name)
image.put()
self.redirect('/')
except Exception as e:
error = "Image must be smaller than 1mb."
logging.error(e)
self.render('profile.html', user = user, firstname = firstname, lastname = lastname, error = error)
else:
logging.debug('No image')
self.redirect('/')
def post(self):
params = {}
error = False
if not self.request.get('oldpass'):
params['oldpass'] = '******'
error = True
if not self.request.get('newpass'):
params['newpass'] = "******"
error = True
if not self.request.get('passval'):
params['valpass'] = '******'
error = True
if not self.request.get('valpass') == self.request.get('newpass'):
params['errorMessage'] = "Passwords didn't match"
if(self.request.cookies.get('user') and self.check_secure_val(self.request.cookies.get('user'))):
user = databases.User.get_by_id(int(self.request.cookies.get('user').split('|')[0]))
oldpass = self.request.get('oldpass')
newpass = self.request.get('newpass')
passval = self.request.get('passval')
if error:
self.render("changepass.html", **params)
else:
if util.valid_pw(user.email, oldpass, user.pw_hash) and (newpass == newpass):
passhash = util.make_pw_hash(user.email, newpass)
user.pw_hash = passhash
user.put()
self.redirect('/')
def signup(request):
error = ""
if request.method == 'POST':
form = blogForms.SignupForm(request.POST)
#Auth prevents arbitrary users from signing up,
#guarantees only poeple that wanted to post can create an account
if form.is_valid() and request.POST['auth'] == 'connectedwiresignup':
if not util.comparePassword(request.POST['password'], request.POST['verify']):
error = "Passwords did not match"
else:
password = util.make_pw_hash(request.POST['username'], request.POST['password'])
user = User(username = request.POST['username'], password = password)
user.save()
#UID is used to store the user in a cookie
uid = user.id
#Gets a hashed value for the user to prevent anyone from setting a cookie and logging in
val = util.make_secure_val(str(uid))
response = HttpResponseRedirect('/')
response.set_cookie("user",val, max_age=2629740)
return response
else:
error = "Invalid Information"
else:
form = blogForms.SignupForm()
return render_to_response("signup.html", {"form": form, "error": error}, context_instance=RequestContext(request))
def get(self):
pw_hash = util.make_pw_hash(config.admin_username, config.admin_pw)
admin = models.Admin(admin_username=config.admin_username,
admin_pw_hash=pw_hash,
key_name='admin_key_name')
admin.put()
self.redirect('/')
return
def get(self):
pw_hash = util.make_pw_hash(config.admin_username,
config.admin_pw)
admin = models.Admin(admin_username=config.admin_username,
admin_pw_hash=pw_hash,
key_name='admin_key_name')
admin.put()
self.redirect('/')
return
def sigup():
if flask.request.method == "GET":
return flask.render_template("signup.html")
elif flask.request.method == "POST":
have_error = False
email = flask.request.form.get('email')
password = flask.request.form.get('password')
verify = flask.request.form.get('verify')
secretcode = flask.request.form.get('secretcode')
params = dict(email=email,
password=password,
verify=verify,
secretcode=secretcode)
if not util.valid_email(email):
params['error_email'] = "That's not a valid email."
have_error = True
else:
# Check if this email has been already been registered.
#### This is ugly! There must be a better way, and maybe cached
emails = fetch_registered_emails()
if email in emails:
params[
'error_email'] = "This email has already been registered."
have_error = True
if not util.valid_password(password):
params['error_password'] = "******"
have_error = True
elif password != verify:
params['error_verify'] = "Your passwords didn't match."
have_error = True
if not util.valid_secretcode(secretcode):
params['error_secretcode'] = "secret code is wrong."
have_error = True
if have_error:
return flask.render_template("signup.html", **params)
else:
pw_hash = util.make_pw_hash(email, password)
account = Account(email, pw_hash, datetime.datetime.now())
db.session.add(account)
db.session.commit()
# FYI, url_for("report") will be return "/report", seems I don't
# need url_for very much
# u = flask.url_for("report")
response = set_account_cookie_and_redirect(account.id, "/report")
return response
def change_password(cls, password, verify_password):
"""Function to change Admin password in preferences page"""
if password != verify_password:
return 'Passwords do not match. Please retry.'
elif len(password) < 6:
return 'Password must be greater than 6 characters.'
else:
admin_key = db.Key.from_path('Admin', 'admin_key_name')
admin = Admin.get(admin_key)
pw_hash = util.make_pw_hash(admin.admin_username, password)
admin.admin_pw_hash = pw_hash
admin.put()
return 'Password changed.'
def change_password(cls, password, verify_password):
"""Function to change Admin password in preferences page"""
if password != verify_password:
return 'Passwords do not match. Please retry.'
elif len(password) < 6:
return 'Password must be greater than 6 characters.'
else:
admin_key = db.Key.from_path('Admin', 'admin_key_name')
admin = Admin.get(admin_key)
pw_hash = util.make_pw_hash(admin.admin_username, password)
admin.admin_pw_hash = pw_hash
admin.put()
return 'Password changed.'
def sigup():
if flask.request.method == "GET":
return flask.render_template("signup.html")
elif flask.request.method == "POST":
have_error = False
email = flask.request.form.get('email')
password = flask.request.form.get('password')
verify = flask.request.form.get('verify')
secretcode = flask.request.form.get('secretcode')
params = dict(email = email, password=password,
verify = verify, secretcode=secretcode)
if not util.valid_email(email):
params['error_email'] = "That's not a valid email."
have_error = True
else:
# Check if this email has been already been registered.
#### This is ugly! There must be a better way, and maybe cached
emails = fetch_registered_emails()
if email in emails:
params['error_email'] = "This email has already been registered."
have_error=True
if not util.valid_password(password):
params['error_password'] = "******"
have_error = True
elif password != verify:
params['error_verify'] = "Your passwords didn't match."
have_error = True
if not util.valid_secretcode(secretcode):
params['error_secretcode'] = "secret code is wrong."
have_error = True
if have_error:
return flask.render_template("signup.html", **params)
else:
pw_hash = util.make_pw_hash(email, password)
account = Account(email, pw_hash, datetime.datetime.now())
db.session.add(account)
db.session.commit()
# FYI, url_for("report") will be return "/report", seems I don't
# need url_for very much
# u = flask.url_for("report")
response = set_account_cookie_and_redirect(account.id, "/report")
return response
def post(self):
user_username = self.request.get('username')
user_password = self.request.get('password')
user_verify = self.request.get('verify')
user_email = self.request.get('email')
errors = util.check_signup(user_username, user_password, user_verify, user_email)
if errors:
self.render("register.html",error = errors[0],error2 = errors[1],error3 = errors[2],error4 = errors[3],username = user_username)
else:
u = User(username = user_username, password = util.make_pw_hash(user_username,user_password), email = user_email)
u.put()
user_id = u.key().id()
new_cookie_val = util.make_secure_val(str(user_id))
self.response.headers.add_header('Set-Cookie', 'user_id=%s; Path=/' % new_cookie_val)
self.redirect("/blog/welcome")
def post(self):
#get all the parameters
username = self.request.get("username")
password = self.request.get("password")
verifypw = self.request.get("verify")
email = self.request.get("email")
#process all the possible error
error_username = self.check_username(username)
error_password = self.check_password(password)
error_verifypw = self.check_verifypw(password, verifypw)
error_email = self.check_email(email)
#print out the error
if error_username:
self.render_front(error_username=error_username)
elif error_password:
self.render_front(username = username, error_password = error_password)
elif error_verifypw:
self.render_front(username = username, password= password, error_verifypw = error_verifypw)
elif error_email:
self.render_front(username=username, password = password, verifypw = verifypw,
error_email = error_email)
else:
#hash the password
password = util.make_pw_hash(password)
#everything is right on its way
if email:
user = User(username = username, password = password, email= email)
else:
user= User(username = username, password = password)
#here should be some technique to prevent collision
user.put()
user_id = str(user.key().id())
cookie = util.make_secure_val(user_id)
self.response.headers.add_header('Set-Cookie','user_id=%s'%cookie)
#redirect to the HomePage
self.redirect("/")
def change_username(cls, new_username, pw):
"""Function to change Admin username in preferences page.
Password re-hashing is required since the stored password
hashes are a function of the username.
"""
if not new_username or not pw:
return 'A new username and or password is required. Retry.'
elif len(new_username) < 6:
return 'Username must be greater than 6 characters'
else:
admin_key = db.Key.from_path('Admin', 'admin_key_name')
admin = Admin.get(admin_key)
if not util.valid_pw(admin.admin_username, pw,
admin.admin_pw_hash):
return 'Invalid Password. Please Retry.'
else:
admin.admin_username = new_username
pw_hash = util.make_pw_hash(new_username, pw)
admin.admin_pw_hash = pw_hash
admin.put()
return 'Username change was successful!'
def change_username(cls, new_username, pw):
"""Function to change Admin username in preferences page.
Password re-hashing is required since the stored password
hashes are a function of the username.
"""
if not new_username or not pw:
return 'A new username and or password is required. Retry.'
elif len(new_username) < 6:
return 'Username must be greater than 6 characters'
else:
admin_key = db.Key.from_path('Admin', 'admin_key_name')
admin = Admin.get(admin_key)
if not util.valid_pw(admin.admin_username, pw,
admin.admin_pw_hash):
return 'Invalid Password. Please Retry.'
else:
admin.admin_username = new_username
pw_hash = util.make_pw_hash(new_username, pw)
admin.admin_pw_hash = pw_hash
admin.put()
return 'Username change was successful!'
def register(cls, name, password, email):
pw_hash = util.make_pw_hash(email, password)
return User(name=name,
pw_hash=pw_hash,
email=email,
permissions="User")
def post( self ):
user = self.get_user( )
if user == self.OVER_QUOTA_ERROR:
self.error( 403 )
self.render( "403.html" )
return
username = self.request.get( 'username' )
password = self.request.get( 'password' )
verify = self.request.get( 'verify' )
twitter = self.request.get( 'twitter' )
if twitter[ 0:1 ] == '@':
twitter = twitter[ 1: ]
youtube = self.request.get( 'youtube' )
youtube = youtube.split( '/' )[ -1 ]
twitch = self.request.get( 'twitch' )
twitch = twitch.split( '/' )[ -1 ]
hitbox = self.request.get( 'hitbox' )
hitbox = hitbox.split( '/' )[ -1 ]
timezone = self.request.get( 'timezone' )
gravatar = self.request.get( 'gravatar' )
if user is not None:
username_code = util.get_code( user.username )
else:
username_code = util.get_code( username )
return_url = self.request.get( 'from' )
if not return_url:
return_url = "/"
elif user is not None and user.is_mod:
# Mod is editing a user's profile, possibly his or her own
username_code = return_url.split( '/' )[ -1 ]
user = self.get_runner( username_code )
if user == self.OVER_QUOTA_ERROR:
self.error( 403 )
self.render( "403.html" )
return
params = dict( user = user,
username = username,
password = password,
verify = verify,
twitter = twitter,
youtube = youtube,
twitch = twitch,
hitbox = hitbox,
gravatar = gravatar,
timezone = timezone,
return_url = return_url )
valid = True
if user is None and not valid_username( username ):
params['user_error'] = ( "Username must be between "
+ "1 and 20 alphanumeric, dash, or "
+ "underscore characters." )
valid = False
elif user is None:
# Check if username already exists
runner = self.get_runner( username_code )
if runner == self.OVER_QUOTA_ERROR:
self.error( 403 )
self.render( "403.html", user=user )
return
if runner is not None:
params['user_error'] = "That user already exists."
valid = False
if not valid_password( password ):
if user is None or len( password ) > 0:
params['pass_error'] = ( "Password must be between "
+ "3 and 20 characters." )
valid = False
if password != verify:
params['ver_error'] = "Passwords do not match."
valid = False
if gravatar != "" and not valid_email( gravatar ):
if( user is None or not user.gravatar
or gravatar != '<private email>' ):
params['gravatar_error'] = "That's not a valid email."
valid = False
if user is not None and gravatar == '<private email>':
params['gravatar_url'] = util.get_gravatar_url( user.gravatar,
30 )
if timezone != '' and timezone not in pytz.common_timezones:
params['timezone_error'] = "Invalid timezone."
valid = False
if not valid:
self.render( "signup.html", timezones=pytz.common_timezones,
**params )
return
if not user:
# Add a new runner to the database
runner = runners.Runners( username = username,
password = util.make_pw_hash(
username_code, password ),
twitter = twitter,
youtube = youtube,
twitch = twitch,
hitbox = hitbox,
timezone = timezone,
num_pbs = 0,
parent = runners.key(),
key_name = username_code )
if gravatar:
runner.gravatar = hashlib.md5( gravatar.lower( ) ).hexdigest( )
runner.put( )
# Update runner in memcache
self.update_cache_runner( username_code, runner )
# Update runnerlist in memcache. Note that this puts the runner
# at the end of the list, rather than in alphabetical order among
# those runners with 0 pbs. The runner will be sorted properly
# if the memcache gets flushed, which is good enough
runnerlist = self.get_runnerlist( no_refresh=True )
if runnerlist == self.OVER_QUOTA_ERROR:
self.update_cache_runnerlist( None )
elif runnerlist is not None:
runnerlist.append( dict( username = username,
username_code = username_code,
num_pbs = 0,
gravatar_url = util.get_gravatar_url(
runner.gravatar ) ) )
self.update_cache_runnerlist( runnerlist )
# Update runs for runner in memcache
self.update_cache_runlist_for_runner( username, [ ] )
self.login( username_code )
else:
# Editing the current user
if len( password ) > 0:
user.password = util.make_pw_hash( username_code, password )
user.twitter = twitter
user.youtube = youtube
user.twitch = twitch
user.hitbox = hitbox
user.timezone = timezone
if gravatar and gravatar != '<private email>':
user.gravatar = hashlib.md5( gravatar.lower( ) ).hexdigest( )
elif not gravatar:
user.gravatar = None
user.put( )
# Update user in memcache
self.update_cache_runner( username_code, user )
# Update runnerlist in memcache if gravatar updated
if gravatar != '<private email>':
runnerlist = self.get_runnerlist( no_refresh=True )
if runnerlist == self.OVER_QUOTA_ERROR:
self.update_cache_runnerlist( None )
elif runnerlist is not None:
for runnerdict in runnerlist:
if runnerdict['username'] == user.username:
runnerdict['gravatar_url'] = util.get_gravatar_url(
user.gravatar )
break
self.update_cache_runnerlist( runnerlist )
self.redirect( return_url )
def post(self):
user = self.get_user()
if user == self.OVER_QUOTA_ERROR:
self.error(403)
self.render("403.html")
return
username = self.request.get('username')
password = self.request.get('password')
verify = self.request.get('verify')
twitter = self.request.get('twitter')
if twitter[0:1] == '@':
twitter = twitter[1:]
youtube = self.request.get('youtube')
youtube = youtube.split('/')[-1]
twitch = self.request.get('twitch')
twitch = twitch.split('/')[-1]
hitbox = self.request.get('hitbox')
hitbox = hitbox.split('/')[-1]
timezone = self.request.get('timezone')
gravatar = self.request.get('gravatar')
if user is not None:
username_code = util.get_code(user.username)
else:
username_code = util.get_code(username)
return_url = self.request.get('from')
if not return_url:
return_url = "/"
elif user is not None and user.is_mod:
# Mod is editing a user's profile, possibly his or her own
username_code = return_url.split('/')[-1]
user = self.get_runner(username_code)
if user == self.OVER_QUOTA_ERROR:
self.error(403)
self.render("403.html")
return
params = dict(user=user,
username=username,
password=password,
verify=verify,
twitter=twitter,
youtube=youtube,
twitch=twitch,
hitbox=hitbox,
gravatar=gravatar,
timezone=timezone,
return_url=return_url)
valid = True
if user is None and not valid_username(username):
params['user_error'] = ("Username must be between " +
"1 and 20 alphanumeric, dash, or " +
"underscore characters.")
valid = False
elif user is None:
# Check if username already exists
runner = self.get_runner(username_code)
if runner == self.OVER_QUOTA_ERROR:
self.error(403)
self.render("403.html", user=user)
return
if runner is not None:
params['user_error'] = "That user already exists."
valid = False
if not valid_password(password):
if user is None or len(password) > 0:
params['pass_error'] = ("Password must be between " +
"3 and 20 characters.")
valid = False
if password != verify:
params['ver_error'] = "Passwords do not match."
valid = False
if gravatar != "" and not valid_email(gravatar):
if (user is None or not user.gravatar
or gravatar != '<private email>'):
params['gravatar_error'] = "That's not a valid email."
valid = False
if user is not None and gravatar == '<private email>':
params['gravatar_url'] = util.get_gravatar_url(user.gravatar, 30)
if timezone != '' and timezone not in pytz.common_timezones:
params['timezone_error'] = "Invalid timezone."
valid = False
if not valid:
self.render("signup.html",
timezones=pytz.common_timezones,
**params)
return
if not user:
# Add a new runner to the database
runner = runners.Runners(username=username,
password=util.make_pw_hash(
username_code, password),
twitter=twitter,
youtube=youtube,
twitch=twitch,
hitbox=hitbox,
timezone=timezone,
num_pbs=0,
parent=runners.key(),
key_name=username_code)
if gravatar:
runner.gravatar = hashlib.md5(gravatar.lower()).hexdigest()
runner.put()
# Update runner in memcache
self.update_cache_runner(username_code, runner)
# Update runnerlist in memcache. Note that this puts the runner
# at the end of the list, rather than in alphabetical order among
# those runners with 0 pbs. The runner will be sorted properly
# if the memcache gets flushed, which is good enough
runnerlist = self.get_runnerlist(no_refresh=True)
if runnerlist == self.OVER_QUOTA_ERROR:
self.update_cache_runnerlist(None)
elif runnerlist is not None:
runnerlist.append(
dict(username=username,
username_code=username_code,
num_pbs=0,
gravatar_url=util.get_gravatar_url(runner.gravatar)))
self.update_cache_runnerlist(runnerlist)
# Update runs for runner in memcache
self.update_cache_runlist_for_runner(username, [])
self.login(username_code)
else:
# Editing the current user
if len(password) > 0:
user.password = util.make_pw_hash(username_code, password)
user.twitter = twitter
user.youtube = youtube
user.twitch = twitch
user.hitbox = hitbox
user.timezone = timezone
if gravatar and gravatar != '<private email>':
user.gravatar = hashlib.md5(gravatar.lower()).hexdigest()
elif not gravatar:
user.gravatar = None
user.put()
# Update user in memcache
self.update_cache_runner(username_code, user)
# Update runnerlist in memcache if gravatar updated
if gravatar != '<private email>':
runnerlist = self.get_runnerlist(no_refresh=True)
if runnerlist == self.OVER_QUOTA_ERROR:
self.update_cache_runnerlist(None)
elif runnerlist is not None:
for runnerdict in runnerlist:
if runnerdict['username'] == user.username:
runnerdict['gravatar_url'] = util.get_gravatar_url(
user.gravatar)
break
self.update_cache_runnerlist(runnerlist)
self.redirect(return_url)
def register(cls, name, password, email):
pw_hash = util.make_pw_hash(email, password)
return User(name = name, pw_hash = pw_hash, email = email, permissions = "User")
def register(cls, name, password):
pw_hash = util.make_pw_hash(name, password)
return User(username = name, pw_hash = pw_hash)
def register(cls, name, pw, email=None):
pw_hash = make_pw_hash(name, pw)
return cls(parent=users_key(), name=name, pw_hash=pw_hash, email=email)
