def get_all_snipets():
db, cursor = pysql.database_connect()
cursor.execute('SELECT datetime, title, snippet FROM snippets')
snippets = cursor.fetchall()
# d_t, title, snippet = zip(*snippets)
db.close()
return snippets
def insert_log(ip, login, validation):
time = pysql.datetime_mysql()
db, cursor = pysql.database_connect()
cursor.execute(
'''INSERT INTO logs (ip, login, time, validation) VALUES (%s, %s, %s, %s)''',
(ip, login, time, validation))
db.commit()
db.close
def ban_ip(login):
db, cursor = pysql.database_connect()
cursor.execute(
'''SELECT COUNT(*) FROM logs WHERE validation="N" AND login = %s AND (TIMESTAMPDIFF(HOUR, time, Now()) < 1)''',
login
) # sprawdzamy ilość niepoprawnych walidacji w ciągu ostatniej godziny
num = int(str(cursor.fetchone()[0]))
if num < 5:
return True
else:
return False
def insert_new_passwd(headers, body, data):
db, cursor = pysql.database_connect()
token = str((AuthCookieFactory()).get_from_headers(headers).get_token())
if token is None:
return render_template(
'unauthorised_request.html',
body=body,
data=data,
message='Anauthorised try to change password!'), 200, {}
cursor.execute('''SELECT login FROM cookie WHERE token=%s''', token)
login = str(cursor.fetchone()[0])
passwd = str(data['pw']) if 'pw' in data else ''
passwd_r = str(data['pw-x']) if 'pw-x' in data else ''
salt = uuid.uuid4().hex
salt_bytes = salt.encode('utf-8')
if passwd == passwd_r:
strength, improvements = passwordmeter.test(passwd)
if strength < 0.3:
return render_template(
'passwordchange.html',
body=body,
data=data,
login=login,
message='Your password is too weak!'), 200, {}
for i in range(3):
pw_bytes = passwd.encode('utf-8')
passwd = hashlib.sha512(pw_bytes + salt_bytes).hexdigest()
cursor.execute(
'''UPDATE users SET password= %s, salt= %s WHERE login= %s''',
(passwd, salt, login))
db.commit()
db.close()
IP, time = pysql.print_ip(login)
return render_template(
'mainpage.html',
body=body,
data=data,
IP=IP,
time=time,
message='You successfully changed your password!'), 200, {}
else:
return render_template('passwordchange.html',
body=body,
data=data,
message='Passwords are not match!'), 200, {}
def check_auth(login, password, ip):
db, cursor = pysql.database_connect()
cursor.execute('SELECT password FROM users WHERE login = %s', (login))
x = cursor.fetchone()
if (x) is None:
return False
results = str(x[0])
cursor.execute('SELECT salt FROM users WHERE login = %s', (login))
salt = str(cursor.fetchone()[0])
salt_bytes = salt.encode('utf-8')
for i in range(3):
pw_bytes = password.encode('utf-8')
password = hashlib.sha512(pw_bytes + salt_bytes).hexdigest()
if results == password:
insert_log(ip, login, "Y")
return True
else:
insert_log(ip, login, "N")
return False
def put_snippet(headers, body, data):
db, cursor = pysql.database_connect()
time = pysql.datetime_mysql()
snippet = str(data['snippet']) if 'snippet' in data else ''
title = str(data['title']) if 'title' in data else ''
snippet = unidecode(snippet) # decode non-standard letters
if not check_title(title):
return render_template(
'new_snippet.html',
headers=headers,
body=body,
data=data,
message='Title can only contain letters or digits!'), 200, {}
if len(title) > 40:
return render_template('new_snippet.html',
headers=headers,
body=body,
data=data,
message='Title is too long!'), 200, {}
if len(snippet) > 1000:
return render_template('new_snippet.html',
headers=headers,
body=body,
data=data,
message='Snippet is too long!'), 200, {}
token = str((AuthCookieFactory()).get_from_headers(headers).get_token())
cursor.execute('''SELECT login FROM cookie WHERE token=%s''', token)
login = str(cursor.fetchone()[0])
cursor.execute(
'''INSERT INTO snippets(login, datetime, title, snippet) VALUES(%s, %s, %s, %s)''',
(login, time, title, snippet))
db.commit()
db.close()
IP, time = pysql.print_ip(login)
return render_template('mainpage.html',
headers=headers,
body=body,
data=data,
IP=IP,
time=time), 200, {}
def auth(headers, body, data):
login = str(data['name']) if 'name' in data else ''
passwd = str(data['pw']) if 'name' in data else ''
# ip = str(headers['http-x-forwarded-for']) if 'http-x-forwarded-for' in headers else 'PROXY'
ip = str(headers['remote-addr'])
if check_auth(login, passwd, ip):
if ban_ip(login):
IP, time = pysql.print_ip(login)
db, cursor = pysql.database_connect()
cookie = (AuthCookieFactory()).generate()
cursor.execute('INSERT INTO cookie(login, token) VALUES(%s, %s)',
(login, cookie.get_token()))
db.commit()
db.close()
return render_template('mainpage.html',
headers=headers,
body=body,
data=data,
IP=IP,
time=time), 200, {
'Set-Cookie': cookie.return_cookie()
}
else:
snippets = get_all_snipets()
return render_template(
'index.html',
body=body,
data=data,
snippets=snippets,
message='Too many wrong attemts to log in! You\'ve banned!')
else:
snippets = get_all_snipets()
return render_template(
'index.html',
headers=headers,
body=body,
data=data,
snippets=snippets,
message='Login or password is incorrect'), 200, {}
def insert_new_password(headers, body, data):
login = str(data['name']) if 'name' in data else ''
passwd = str(data['pw']) if 'pw' in data else ''
passwd_r = str(data['pw-x']) if 'pw-x' in data else ''
salt = uuid.uuid4().hex
salt_bytes = salt.encode('utf-8')
if passwd == passwd_r:
strength, improvements = passwordmeter.test(passwd)
if strength < 0.3:
return render_template(
'passwordchange.html',
body=body,
data=data,
login=login,
message='Your password is too weak!'), 200, {}
for i in range(3):
pw_bytes = passwd.encode('utf-8')
passwd = hashlib.sha512(pw_bytes + salt_bytes).hexdigest()
db, cursor = pysql.database_connect()
cursor.execute(
'''UPDATE users SET password= %s, salt= %s WHERE login= %s''',
(passwd, salt, login))
db.commit()
db.close()
snippets = get_all_snipets()
return render_template(
'index.html',
body=body,
data=data,
snippets=snippets,
message='You successfully changed your password!'), 200, {}
else:
return render_template('passwordchange.html',
body=body,
data=data,
login=login,
message='Passwords are not match!'), 200, {}
def forgot_password(headers, body, data):
login = str(data['name']) if 'name' in data else ''
a = str(data['answer']) if 'answer' in data else ''
db, cursor = pysql.database_connect()
cursor.execute('''SELECT * from users WHERE login = %s ''', login)
if cursor.fetchone() is not None:
cursor.execute('''SELECT answer FROM users WHERE login = %s''', login)
answerdb = str(cursor.fetchone()[0])
cursor.execute('SELECT salt FROM users WHERE login = %s', login)
salt = str(cursor.fetchone()[0])
salt_bytes = salt.encode('utf-8')
db.close()
for i in range(3):
a_bytes = a.encode('utf-8')
a = hashlib.sha512(a_bytes + salt_bytes).hexdigest()
if answerdb == a:
return render_template('passwordchange.html',
body=body,
data=data,
login=login), 200, {}
else:
questions_tuple = questions()
return render_template('recovery.html',
body=body,
data=data,
message='Wrong answer!',
questions=questions_tuple), 200, {}
else:
db.close()
questions_tuple = questions()
return render_template('recovery.html',
body=body,
data=data,
message='Wrong answer!',
questions=questions_tuple), 200, {}
def signup_db(headers, body, data):
db, cursor = database_connect()
login = str(data['name']) if 'name' in data else ''
password = str(data['pw']) if 'pw' in data else ''
password_conf = str(data['pwconf']) if 'pwconf' in data else ''
answer = str(data['answer']) if 'answer' in data else ''
cursor.execute('SELECT * FROM users WHERE login=%s', (login))
questions_tuple = questions()
if (cursor.fetchone()) is not None:
return render_template(
'signup.html',
body=body,
data=data,
questions=questions_tuple,
message='This login is already in use, please choose another one!'
), 200, {}
if not check_login_char(login):
return render_template(
'signup.html',
body=body,
data=data,
questions=questions_tuple,
message='Login can only contains lowarcase letters!'), 200, {}
if not check_login_length(login):
return render_template('signup.html',
body=body,
data=data,
questions=questions_tuple,
message='Login is too long!'), 200, {}
if not (password == password_conf):
return render_template('signup.html',
body=body,
data=data,
questions=questions_tuple,
message='Passwords are not match!'), 200, {}
strength, improvements = passwordmeter.test(password)
if strength < 0.3:
return render_template('signup.html',
body=body,
data=data,
questions=questions_tuple,
message='Your password is too weak!'), 200, {}
create_user_folder(login)
salt = uuid.uuid4().hex
salt_bytes = salt.encode('utf-8')
for i in range(3):
answer_bytes = answer.encode('utf-8')
pw_bytes = password.encode('utf-8')
password = hashlib.sha512(pw_bytes + salt_bytes).hexdigest()
answer = hashlib.sha512(answer_bytes + salt_bytes).hexdigest()
cursor.execute(
'INSERT INTO users(login, password, salt, answer) VALUES (%s, %s, %s, %s)',
(login, password, salt, answer))
db.commit()
db.close()
snippets = get_all_snipets()
return render_template(
'index.html',
body=body,
data=data,
snippets=snippets,
message='You successfully registered new user!'), 200, {}