def update_to_hash(): cur_ver = funct.check_ver() cur_ver = cur_ver.replace('.', '') i = 1 ver = '' for l in cur_ver: ver += l i += 1 if len(ver) < 4: ver += '00' if ver <= '3490': con, cur = get_cur() sql = """select id, password from user """ try: cur.execute(sql) except sqltool.Error as e: out_error(e) else: for u in cur.fetchall(): sql = """ update user set password = '******' where id = '%s' """ % ( funct.get_hash(u[1]), u[0]) try: cur.execute(sql) con.commit() except sqltool.Error as e: if kwargs.get('silent') != 1: print("An error occurred:", e)
def get_token(): try: body = request.body.getvalue().decode('utf-8') login_pass = json.loads(body) login = login_pass['login'] password_from_user = login_pass['password'] except Exception as e: return 'error getting credentials: '+str(e) try: group_name = login_pass['group'] group_id = sql.get_group_id_by_name(group_name) except Exception as e: return 'error getting group: '+str(e) try: users = sql.select_users(user=login) password = funct.get_hash(password_from_user) except Exception as e: return 'error one more: '+str(e) for user in users: if user.activeuser == 0: return False if login in user.username and password == user.password: import uuid user_token = str(uuid.uuid4()) sql.write_api_token(user_token, group_id, user.role, user.username) return user_token else: return False
def update_user_password(password, id): con, cur = get_cur() sql = """update user set password = '******' where id = '%s'""" % (funct.get_hash(password), id) try: cur.execute(sql) con.commit() except sqltool.Error as e: out_error(e) con.rollback() return False else: return True cur.close() con.close()
def check_login(): try: login = request.headers.get('login') password_from_user = request.headers.get('password') USERS = sql.select_users(user=login) password = funct.get_hash(password_from_user) except: return False for users in USERS: if users[7] == 0: return False if login in users[1] and password == users[3]: return True else: return False
def update_user(user, email, password, role, group, id, activeuser): con, cur = create_db.get_cur() sql = """update user set username = '******', email = '%s', password = '******', role = '%s', groups = '%s', activeuser = '******' where id = '%s'""" % (user, email, funct.get_hash(password), role, group, activeuser, id) try: cur.execute(sql) con.commit() except sqltool.Error as e: out_error(e) con.rollback() return False else: return True cur.close() con.close()
def update_to_hash(): cur_ver = funct.check_ver() cur_ver = cur_ver.replace('.', '') i = 1 ver = '' for l in cur_ver: ver += l if i == 4: break i += 1 if ver >= '3490' and check_hash(): con, cur = get_cur() sql = """select id, password from user """ try: cur.execute(sql) except sqltool.Error as e: out_error(e) else: for u in cur.fetchall(): sql = """ update user set password = '******' where id = '%s' """ % ( funct.get_hash(u[1]), u[0]) try: cur.execute(sql) con.commit() except sqltool.Error as e: if kwargs.get('silent') != 1: print("An error occurred:", e) con, cur = get_cur() sql = """ ALTER TABLE `version` ADD COLUMN hash INTEGER NOT NULL DEFAULT 1; """ try: cur.execute(sql) con.commit() except sqltool.Error as e: if kwargs.get('silent') != 1: print("An error occurred:", e) cur.close() con.close()
print('<meta http-equiv="refresh" content="0; url=/app/login.py">') sys.exit() if login is not None and password is not None: USERS = sql.select_users(user=login) for users in USERS: if users[7] == 0: print("Content-type: text/html\n") print('Your login is disabled') sys.exit() if users[6] == 1: if login in users[1]: check_in_ldap(login, password) else: passwordHashed = funct.get_hash(password) if login in users[1] and passwordHashed == users[3]: send_cookie(login) break else: ban() sys.exit() else: ban() sys.exit() print("Content-type: text/html\n") if login is None: print("Content-type: text/html\n") if create_db.check_db(): if create_db.create_table():
def add_user(user, email, password, role, group, activeuser): con, cur = create_db.get_cur() if password != 'aduser': sql = """INSERT INTO user (username, email, password, role, groups, activeuser) VALUES ('%s', '%s', '%s', '%s', '%s', '%s')""" % (user, email, funct.get_hash(password), role, group, activeuser) else: sql = """INSERT INTO user (username, email, role, groups, ldap_user, activeuser) VALUES ('%s', '%s', '%s', '%s', '1', '%s')""" % (user, email, role, group, activeuser) try: cur.execute(sql) con.commit() except sqltool.Error as e: out_error(e) con.rollback() return False else: return True cur.close() con.close()
if form.getvalue('logout'): try: sql.delete_uuid(user_id.value) except: pass print("Set-cookie: uuid=; expires=Wed May 18 03:33:20 2003; path=/app/; httponly") print("Content-type: text/html\n") print('<meta http-equiv="refresh" content="0; url=/app/login.py">') sys.exit() if login is not None and password is not None: USERS = sql.select_users(user=login) password = funct.get_hash(password) for users in USERS: if users[7] == 0: print("Content-type: text/html\n") print('<center><div class="alert alert-danger">Your login is disabled</div><br /><br />') sys.exit() if users[6] == 1: if login in users[1]: check_in_ldap(login, password) else: if login in users[1] and password == users[3]: send_cookie(login) break else: ban()