def login(req, **params):
""" New login attempt. Clean out old session if present, and create new one. """
sess = Session(req)
if not sess.is_new():
sess.delete()
sess = Session(req)
if not sess.is_new():
req.status = apache.HTTP_BAD_REQUEST
return 'failed to create new session'
if 'u' not in params or 'p' not in params:
req.status = apache.HTTP_BAD_REQUEST
return 'some parameters were not provided'
ret = dict()
if params['u'] != 'einstein' or params['p'] != 'fuckbin':
ret['success'] = False
ret['error'] = 'bad username or password'
# note: session is not saved!
else:
ret['success'] = True
# keep some stuff in session...
sess['username'] = params['u']
sess['user_id'] = 1
sess.set_timeout(60 * 60 * 24 * 365 * 10) # 10 year
sess.save()
# grab the user's cookie, and save the seen leaks into the database
seen_ranges = urllib.unquote(Cookie.get_cookie(req, '__CJ_seen').value)
seen_ranges = json.loads(seen_ranges)
values = [[sess['user_id'], i] for seen_range in seen_ranges
for i in range(seen_range['start'], seen_range['end'] + 1)]
db = Database.get()
c = db.cursor()
c.executemany(
""" replace into user_seen (user_id, leak_id) values (%s, %s) """,
values)
db.commit()
c.close()
req.content_type = 'application/json'
return json.dumps(ret, ensure_ascii=False)
def login(req, **params):
""" New login attempt. Clean out old session if present, and create new one. """
sess = Session(req)
if not sess.is_new():
sess.delete()
sess = Session(req)
if not sess.is_new():
req.status = apache.HTTP_BAD_REQUEST
return 'failed to create new session'
if 'u' not in params or 'p' not in params:
req.status = apache.HTTP_BAD_REQUEST
return 'some parameters were not provided'
ret = dict()
if params['u'] != 'einstein' or params['p'] != 'fuckbin':
ret['success'] = False
ret['error'] = 'bad username or password'
# note: session is not saved!
else:
ret['success'] = True
# keep some stuff in session...
sess['username'] = params['u']
sess['user_id'] = 1
sess.set_timeout(60 * 60 * 24 * 365 * 10) # 10 year
sess.save()
# grab the user's cookie, and save the seen leaks into the database
seen_ranges = urllib.unquote(Cookie.get_cookie(req, '__CJ_seen').value)
seen_ranges = json.loads(seen_ranges)
values = [[sess['user_id'], i] for seen_range in seen_ranges for i in
range(seen_range['start'], seen_range['end'] + 1)]
db = Database.get()
c = db.cursor()
c.executemany(""" replace into user_seen (user_id, leak_id) values (%s, %s) """, values)
db.commit()
c.close()
req.content_type = 'application/json'
return json.dumps(ret, ensure_ascii=False)
class session(object):
session = None
def __init__(self, core):
self.request = core.request
self.core = core
try:
self.cookie_name = core.config.apache_options['mod_python.session.cookie_name']
except:
self.cookie_name = 'pysid'
try:
self.pysid = self.core.input.cookie(self.cookie_name)
except:
self.pysid = None
self.core.log_message(1, '------------ Session Handler Initialised')
def __init_session(self, pysid):
self.session = Session(req=self.request, sid=pysid, lock=self.core.config.settings['session']['lock'])
if self.session.is_new():
self.session.set_timeout(self.core.config.settings['session']['timeout'])
self.session.save()
def start(self):
try:
self.__init_session(self.pysid)
except ValueError:
self.__init_session(None)
def get_id(self):
if self.session == None:
self.start()
return self.session.id()
def set(self, name, value):
if self.session == None:
self.start()
self.session[name] = value
self.session.save()
def get(self, name = None):
if not self.session:
self.start()
try:
if not name:
return self.session
return self.session[name]
except:
return None
def destroy(self):
self.session.invalidate()
self.session.delete()
