def settings():
if session['log_in']==True:
_id = session['uuid']
user = User.get_by_id(_id)
currentpassword =request.form['currentpassword']
basePassword = user['password']
Newpassword = request.form['Newpassword']
ConfirmNewpassword = request.form['ConfirmNewpassword']
if general_check(Newpassword,7,20) and general_check(ConfirmNewpassword,7,20)and compare_strings(Newpassword,ConfirmNewpassword) and general_check(currentpassword,7,20) and password_check(currentpassword,basePassword):
User.update(_id,"password",hashpass(Newpassword))
return jsonify ({'success' : 'password successfully changed !'})
else:
return jsonify({'error' : 'Ops, Something wrong happened!'})
def contactus():
if session['log_in'] == True:
_id = session['uuid']
user = User.get_by_id(_id)
if user['admin'] == False:
messageOwner = user['_id']
messageContent = request.form['messageContent']
replymessageId = None
instantMessage = 0
viewed = 0
if messageContent:
newmessage = Chat.register_message(messageOwner,messageContent,replymessageId,instantMessage,viewed)
return jsonify({'success' : 'message has been sent'})
else:
return jsonify({'error': 'field must not be empty on Submit!'})
def new_report():
if session['log_in'] == True:
error=None
_id = session['uuid']
if request.method == 'POST':
if check_form_empty(request.form,ignore='reportContent'):
error='Please fill all the form before submiting!'
return view.render_template(view='add.html',error=error)
else:
reportOwner =_id
reportName =request.form['reportName']
reportType =request.form['reportType']
reportLevel =request.form['reportLevel']
AttackVector =request.form['AttackVector']
reportDescription =request.form['reportDescription']
getprivilege =request.form['getprivilege']
AttackComplexity =request.form['AttackComplexity']
# handle file upload section
if 'reportContent' in request.files:
file =request.files['reportContent']
else:
file = False
reportFile = None
if Report.get_reports_queue(_id)<=conf.REPORT_LIMIT:
if file:
reportFile = file.filename
if allowed_file(reportFile):
reportFile = secure_file_name(file.filename)
file.save(os.path.join(os.getcwd()+conf.UPLOAD_FOLDER,reportFile))
else:
error="File not allowed, INC ban"
return view.render_template(view='add.html',error=error)
report = Report.register_report(reportOwner,reportName,reportType,reportDescription,reportLevel,AttackComplexity,AttackVector,getprivilege,reportFile)
# this has being changed before
success = 'Reported submitted successfully!'
return view.render_template(view='add.html',success=success)
else:
error='Due to flooding threat every user is limited to only '+str(conf.REPORT_LIMIT)+' reports in pending queue, Sorry for the inconvenience.'
return view.render_template(view='add.html',error=error)
elif request.method == 'GET':
user = User.get_by_id(_id)
error = None
if user['banned'] == True:
error = "You are not allowed to add a report because you are banned!"
return view.render_template(view='banned.html',error=error)
return view.render_template(view='add.html',error=error)
return redirect(url_for('index'))
def get_username_from_message(message): user = message['messageOwner'] if user is not None: username = User.get_by_id(user) return username['username']
def get_username(report): user = report['reportOwner'] if user is not None: username = User.get_by_id(user) return username['username']