Exemplo n.º 1
0
#!/usr/bin/env python3

import uuid
import database
import api
import encrypt

db = database.Database()
api = api.Api("json")

# Ensure the correct post keys were sent
if api.check_keys(
    ("member_id", "session_id", "name", "mobile", "emergency_ph")):
    member_id = api.request["member_id"].value
    session_id = api.request["session_id"].value
    name = api.request["name"].value
    mobile = api.request["mobile"].value
    emergency_ph = api.request["emergency_ph"].value

    # Ensure user is logged in
    if db.check_session(member_id, session_id):
        sql = ("UPDATE member SET " + "name = '" + name + "', " +
               "mobile = '" + mobile + "', " + "emergency_ph = '" +
               emergency_ph + "' " + "WHERE member_id = " + member_id + ";")
        db.cur.execute(sql)

        response = api.set_returncode(0)
    else:
        response = api.set_return_code(1)
else:
    response = api.set_returncode(5)
Exemplo n.º 2
0
#!/usr/bin/env python3

import uuid
import database
import api
import encrypt

db = database.Database()
api = api.Api("json")

# Ensure the correct post keys were sent
if api.check_keys(("email", "password", "student_num", "name", "dob", "mobile",
                   "emergency_ph", "full_part_time")):
    student_num = api.request["student_num"].value
    password = api.request["password"].value
    name = api.request["name"].value
    email = api.request["email"].value
    dob = api.request["dob"].value
    mobile = api.request["mobile"].value
    emergency_ph = api.request["emergency_ph"].value
    full_part_time = api.request["full_part_time"].value

    # Generate salt and password hash
    salt = str(uuid.uuid4().hex)
    pass_hash = encrypt.generate_hash(password, salt)

    sql = "SELECT email FROM member WHERE(email = '" + email + "');"
    db.cur.execute(sql)
    if db.cur.rowcount != 0:
        response = api.set_returncode(3)
    else:
Exemplo n.º 3
0
#!/usr/bin/env python3

import uuid
import database
import api
import encrypt

db = database.Database()
api = api.Api("json")

# Ensure the correct post keys were sent
if api.check_keys(("email", "password")):
    email = api.request["email"].value
    password = api.request["password"].value

    # Check user's password, and that they are verified
    sql = "SELECT verified, pass_hash, salt, member_id FROM member WHERE( email = '" + email + "');"
    db.cur.execute(sql)
    if db.cur.rowcount == 1:
        row = db.cur.fetchone()
        if row[0] == 'N':
            response = api.set_returncode(4)
        else:
            # Check the users password
            pass_hash = row[1]
            salt = row[2]
            check_hash = encrypt.generate_hash(password, salt)
            if pass_hash == check_hash:

                # Clear any old session IDs before generating a new one
                member_id = row[3]
Exemplo n.º 4
0
#!/usr/bin/env python3

import database
from qrcode import *
import api
import uuid
import delete_qr  # Deletes old QR codes

db = database.Database()
api = api.Api("json")

# Ensure the correct request keys were sent
if api.check_keys(("member_id", "session_id", "society_id")):
    member_id = api.request["member_id"].value
    session_id = api.request["session_id"].value
    society_id = api.request["society_id"].value
    # Ensure user is a committee member for the society
    if db.check_session(member_id, session_id):
        if db.check_committee(member_id, society_id):
            token = str(uuid.uuid4().hex)
            qrdata = "{ \"token\": \"" + token + "\", \"society_id\": \"" + society_id + "\"}"

            # Generate qr code
            qr = QRCode(version=None,
                        box_size=10,
                        error_correction=ERROR_CORRECT_L)
            qr.add_data(qrdata)
            qr.make(fit=True)

            im = qr.make_image()
            im.save("/var/www/html/img/" + token + ".png")
Exemplo n.º 5
0
#!/usr/bin/env python3

import database
import api

db = database.Database()
api = api.Api("json")

# Ensure the correct post keys were sent
if api.check_keys(
    ("member_id", "session_id", "society_id", "committee_email")):
    chair_id = api.request["member_id"].value
    session_id = api.request["session_id"].value
    society_id = api.request["society_id"].value
    member_email = api.request["committee_email"].value

    if db.check_session(chair_id, session_id):
        if db.check_chair(chair_id, society_id):
            sql = "SELECT member_id FROM member WHERE email LIKE '" + member_email + "'"

            try:
                db.cur.execute(sql)
                api.set_returncode(0)
            except:
                api.set_returncode(6)

            if db.cur.rowcount == 1:
                row = db.cur.fetchone()
                member_id = str(row[0])
                # Add member as committee member
                sql = "INSERT INTO committee_society(member_id, society_id) VALUES(" + member_id + ", " + society_id + ");"