Exemplo n.º 1
0
    def process (self, email=None, password=None):
        # Clean up text for usage with database.
        email = sqlutils.quote (email)
        password = sqlutils.quote (password)

        # Encrypt password using the same encryption we used when the password
        # was stored in the database.
        password = crypt.crypt (password, "23")

        description = None
        results = None
        # Try to connect to the database.
        try:
            dbconnection = pgdb.connect (database_connect_fields)
            dbcursor = dbconnection.cursor()
            dbcursor.execute ("SELECT * FROM users WHERE email=%s", [email])
            # Get the cursor description and results from the query.
            description = dbcursor.description
            results = dbcursor.fetchone()
            
            # Close the database cursor and connection.
            dbcursor.close()
            dbconnection.close()
        except:
            # FIXME: do something more useful here.
            pass        
        
        # If we don't have any results, the email address wasn't on record.
        if (results == None):
            return self.index (errornotfound=True)
        else:
            stored_password = ""
            try:
                stored_password = results[sqlutils.getfieldindex ("password", description)]
            except:
                # FIXME: do something more useful here.
                raise cherrypy.HTTPRedirect ("/fatalerror")
            # Verify password equivalence.
            if (password <> stored_password):
                return self.index (errorbadpassword=True)
            else:
                # If we got this far, the email address was on record, and the password
                # matches it, so we deem the user to be logged in.  Hooray!
                user_id = None
                user_level = 0
                try:
                    user_id = results[sqlutils.getfieldindex ("user_id", description)]
                    user_level = results[sqlutils.getfieldindex ("level", description)]
                except:
                    # FIXME: do something more useful here.
                    raise cherrypy.HTTPRedirect ("/fatalerror")
                # If the user level is 2 or higher, the user is an admin user.
                pageutils.set_logged_in (user_id, (user_level > 1))

        # FIXME: Might want to redirect to some sort of user dashboard page in the future.
        raise cherrypy.HTTPRedirect ("/")
Exemplo n.º 2
0
    def index (self):
        # Verify user is logged-in admin.
        if (not pageutils.is_admin_p()):
            raise cherrypy.HTTPRedirect ("/")

        description = None
        results = None
        # Try to connect to the database.
        try:
            dbconnection = pgdb.connect (database_connect_fields)
            dbcursor = dbconnection.cursor()
            dbcursor.execute ("SELECT * FROM articles")
            
            # Get the cursor description and results from the query.
            description = dbcursor.description
            results = dbcursor.fetchall()
            
            # Close the database cursor and connection.
            dbcursor.close()
            dbconnection.close()
        except:
            pass

        pagecontents = "<p><a href=\"/admin/articles/new\">Create New Article</a></p>\n"
        pagecontents += "<h3>Article Listing</h3>\n"
        pagecontents += "<ul>\n"
        if (results == []):
            pagecontents += "<li>No articles found in database.</li>\n"
        for result in results:
            try:
                title = result[sqlutils.getfieldindex ("title", description)]
                slug = result[sqlutils.getfieldindex ("slug", description)]
                article_id = result[sqlutils.getfieldindex ("article_id", description)]
                pagecontents += "<li><a href=\"/admin/articles/edit/" + slug + "\">" + title + "</a>\n"
                pagecontents += "[<a href=\"/admin/articles/delete/" + article_id + "\">Delete</a>]</li>\n"
            except:
                pass
        pagecontents += "</ul>\n"

        # Present listing of all articles.
        return pageutils.generate_page ("Articles Administration", pagecontents)
Exemplo n.º 3
0
    def edit (self, article_slug = None):
        # Verify user is logged-in admin.
        if (not pageutils.is_admin_p()):
            raise cherrypy.HTTPRedirect ("/")
        
        # Verify we have an article to work with.
        if (article_slug == None):
            raise cherrypy.HTTPRedirect ("/articles/")

        description = None
        results = None
        # Try to connect to the database.
        try:
            dbconnection = pgdb.connect (database_connect_fields)
            dbcursor = dbconnection.cursor()
            dbcursor.execute ("SELECT * FROM articles WHERE slug=%s", [article_slug])
            
            # Get the cursor description and results from the query.
            description = dbcursor.description
            results = dbcursor.fetchone()
            
            # Close the database cursor and connection.
            dbcursor.close()
            dbconnection.close()
        except:
            pass

        if (results == None):
            return pageutils.generate_page ("Invalid Article Specified", "Invalid Article Specified")

        # Obtain the article title from the database results.
        title = ""
        try:
            title = results[sqlutils.getfieldindex ("title", description)]
        except:
            pass

        # Obtain the article body from the database results.
        body = ""
        try:
            body = results[sqlutils.getfieldindex ("body", description)]
        except:
            pass

        # Obtain the article display value.
        display = ""
        try:
            display = str(results[sqlutils.getfieldindex ("display", description)])
        except:
            pass

        # Obtain the article_id.
        article_id = ""
        try:
            article_id = str(results[sqlutils.getfieldindex ("article_id", description)])
        except:
            pass

        slug = article_slug

        return self.new (edit=True, title=title, body=body, display=display, slug=slug, article_id=article_id)
Exemplo n.º 4
0
    def index (self, discussion_id=None):
        # If discussion_id is None, display main discussion table of contents.
        # Else, display specified discussion.
        # Available to all, logged in or not.
        
        # Toplevel index.
        if (discussion_id == None):
            description = None
            results = None
            author_description = None
            author_results = []

            # Get discussion listing from database
            try:
                # Try to connect to the database.
                dbconnection = pgdb.connect (database_connect_fields)
                dbcursor = dbconnection.cursor()
                dbcursor.execute ("SELECT * FROM discussions WHERE refers_to IS null ORDER BY creation_date")
                
                # Get the cursor description and results from the query.
                description = dbcursor.description
                results = dbcursor.fetchall()

                # Get and store the user (author) data.
                for result in results:
                    dbcursor.execute ("SELECT * FROM users WHERE user_id=%s",
                                      [str(result[sqlutils.getfieldindex("author_id", description)])])
                    if (dbcursor.description <> None):
                        author_description = dbcursor.description
                    author_results.append (dbcursor.fetchone())

                # Close the database cursor and connection.
                dbcursor.close()
                dbconnection.close()
            except:
                return pageutils.generate_page ("Database Error",
                                                "<div class=\"error\">Can't get discussion data.</div>\n")

            # Build the page.
            pagetext = ""
            if (pageutils.is_logged_in_p()):
                pagetext += "<a href=\"/discussions/new\">Start New Discussion</a>\n"
            else:
                pagetext += "<a href=\"/login\">Log In</a> to start a new discussion</a>\n"
            pagetext += "<ul>\n"
            for result in results:
                pagetext += "<li>\n"
                pagetext += ("<a href=\"/discussions/" +
                             str(result[sqlutils.getfieldindex ("discussion_id", description)]) +
                             "\">" + result[sqlutils.getfieldindex ("subject", description)] + "</a> (posted by ")
                for author in author_results:
                    if author == None:
                        continue
                    if author[0] == result[sqlutils.getfieldindex ("author_id", description)]:
                        pagetext += author[sqlutils.getfieldindex ("name", author_description)]
                pagetext += " on " + result[sqlutils.getfieldindex ("creation_date", description)] + ")\n"
                pagetext += "</li>\n"
            pagetext += "</ul>\n"
            return pageutils.generate_page ("Discussions", pagetext)
        
        # Display a specific discussion.
        else:
            # Make sure we have a potentially-valid discussion id.
            try:
                discussion_id = str(int(discussion_id))
            except:
                return pageutils.generate_page ("Invalid Discussion",
                                                "<div class=\"error\">Can't present the requested discussion.</div>\n")
            
            description = None
            results = None
            reply_results = []
            author_description = None
            author_results = []

            # Get discussion listing from database
            try:
                # Try to connect to the database.
                dbconnection = pgdb.connect (database_connect_fields)
                dbcursor = dbconnection.cursor()
                dbcursor.execute ("SELECT * FROM discussions WHERE discussion_id=%s", [discussion_id])
                description = dbcursor.description
                results = dbcursor.fetchone()

                # Get the user (author) data for the main discussion.
                dbcursor.execute ("SELECT * FROM users WHERE user_id=%s",
                                  [str(results[sqlutils.getfieldindex("author_id", description)])])
                author_description = dbcursor.description
                author_results.append (dbcursor.fetchone())

                # Get any comments/replies for this discussion thread.
                dbcursor.execute ("SELECT * FROM discussions WHERE refers_to=%s", [discussion_id])
                reply_results = dbcursor.fetchall()
                

                # Get and store the user (author) data.
                for result in reply_results:
                    dbcursor.execute ("SELECT * FROM users WHERE user_id=%s",
                                      [str(result[sqlutils.getfieldindex("author_id", description)])])
                    author_results.append (dbcursor.fetchone())

                # Close the database cursor and connection.
                dbcursor.close()
                dbconnection.close()
            except:
                return pageutils.generate_page ("Database Error",
                                                "<div class=\"error\">Can't get discussion data.</div>\n")
            
            # Build page.
            pagetitle = results[sqlutils.getfieldindex("subject", description)]
            pagetext = "<p>" + results[sqlutils.getfieldindex("body", description)] + "</p>\n"
            for author in author_results:
                if author == None:
                    continue
                # Find the author info to display.
                if author[0] == results[sqlutils.getfieldindex ("author_id", description)]:
                    pagetext += "<p><i>posted by " + author[sqlutils.getfieldindex ("name", author_description)]
                    pagetext += (" on " + results[sqlutils.getfieldindex ("creation_date", description)] +
                                 "</i></p>\n")
                    break
            if (pageutils.is_admin_p()):
                pagetext += ("<p>[<a href=\"/admin/discussions/delete/" +
                             str(results[sqlutils.getfieldindex("discussion_id", description)]) +
                             "\">Delete Discussion</a>]</p>")
            pagetext += "<hr width=\"50%\">\n"
            pagetext += "<h3>Replies</h3>\n"
            # Do we have any replies to show?
            if (reply_results <> None):
                for result in reply_results:
                    pagetext += "<p>"
                    pagetext += result[sqlutils.getfieldindex ("body", description)]
                    for author in author_results:
                        if author == None:
                            continue
                        # Find the author info to display.
                        if author[0] == result[sqlutils.getfieldindex ("author_id", description)]:
                            pagetext += "<p><i>posted by " + author[sqlutils.getfieldindex ("name", author_description)]
                            pagetext += (" on " +
                                         result[sqlutils.getfieldindex ("creation_date", description)] +
                                         "</i></p>\n")
                            break
                    pagetext += "</p>\n"
                    # If the user is admin, post link to delete the reply.
                    if (pageutils.is_admin_p()):
                        pagetext += ("<p>[<a href=\"/admin/discussions/delete/" +
                                     str(result[sqlutils.getfieldindex ("discussion_id", description)]) +
                                     "\">Delete Reply</a>]</p>\n")
                    pagetext += "<hr width=50%>\n"
            # If user is logged in, post link to add a reply.
            if (pageutils.is_logged_in_p()):
                pagetext += "<p><a href=\"/discussions/reply/" + discussion_id + "\">Add a reply</a></p>\n"
            else:
                pagetext += "<p><a href=\"/login\">Log in</a> to add a reply</a></p>\n"
            
            # Generate page
            return pageutils.generate_page (pagetitle, pagetext)
Exemplo n.º 5
0
    def index(self, event_id=None):
        # If event_id is None, display main event table of contents.
        # Else, display specified event details.
        # Available to all, logged in or not.

        # Build table of contents.
        if event_id == None:
            description = None
            results = None

            # Get event listing from database
            try:
                # Try to connect to the database.
                dbconnection = pgdb.connect(database_connect_fields)
                dbcursor = dbconnection.cursor()
                dbcursor.execute("SELECT * FROM events ORDER BY start_date")

                # Get the cursor description and results from the query.
                description = dbcursor.description
                results = dbcursor.fetchall()

                # Close the database cursor and connection.
                dbcursor.close()
                dbconnection.close()
            except:
                return pageutils.generate_page("Database Error", '<div class="error">Can\'t get event data.</div>\n')
            # Build the page.
            pagetext = ""
            if pageutils.is_logged_in_p():
                pagetext += '<a href="/events/new">Add New Event</a>\n'
            else:
                pagetext += '<a href="/login">Log In</a> to add a new event</a>\n'
            pagetext += "<ul>\n"
            most_recent_month = None
            most_recent_year = None
            for result in results:
                start_date = result[sqlutils.getfieldindex("start_date", description)]
                end_date = result[sqlutils.getfieldindex("end_date", description)]
                if most_recent_year <> pageutils.get_year(start_date):
                    most_recent_year = pageutils.get_year(start_date)
                    pagetext += "</ul><h2>" + str(most_recent_year) + "</h2><ul>\n"
                if most_recent_month <> pageutils.get_month(start_date):
                    most_recent_month = pageutils.get_month(start_date)
                    pagetext += "</ul><h3>" + most_recent_month + "</h3><ul>\n"
                pagetext += (
                    "<li>"
                    + '<a href="/events/'
                    + str(result[sqlutils.getfieldindex("event_id", description)])
                    + '">'
                    + result[sqlutils.getfieldindex("title", description)]
                    + "</a> ("
                    + str(pageutils.get_month(start_date))
                    + " "
                    + str(pageutils.get_day(start_date))
                )
                if result[sqlutils.getfieldindex("end_date", description)] <> None:
                    pagetext += " - " + pageutils.get_month(end_date) + " " + str(pageutils.get_day(end_date))
                pagetext += ")</li>\n"
            pagetext += "</ul>\n"
            return pageutils.generate_page("Events", pagetext)

        # Show specific event.
        else:
            description = None
            result = None

            # Get event listing from database
            try:
                # Try to connect to the database.
                dbconnection = pgdb.connect(database_connect_fields)
                dbcursor = dbconnection.cursor()
                dbcursor.execute("SELECT * FROM events WHERE event_id=%s", [str(event_id)])

                # Get the cursor description and results from the query.
                description = dbcursor.description
                result = dbcursor.fetchone()

                # Close the database cursor and connection.
                dbcursor.close()
                dbconnection.close()
            except:
                return pageutils.generate_page("Database Error", '<div class="error">Can\'t get event data.</div>\n')
            # Build the page.
            pagetext = ""
            start_date = result[sqlutils.getfieldindex("start_date", description)]
            end_date = result[sqlutils.getfieldindex("end_date", description)]
            pagetext += "<h3>" + pageutils.get_month(start_date) + " " + str(pageutils.get_day(start_date))
            if end_date <> None:
                pagetext += " - " + pageutils.get_month(end_date) + " " + str(pageutils.get_day(end_date))
                pagetext += ", " + pageutils.get_year(end_date)
            else:
                pagetext += ", " + pageutils.get_year(start_date)
            pagetext += "</h3>\n"
            pagetext += "<p>" + result[sqlutils.getfieldindex("description", description)]
            pagetitle = result[sqlutils.getfieldindex("title", description)]

            if pageutils.is_admin_p():
                pagetext += (
                    '<p>[<a href="/admin/events/delete/'
                    + str(result[sqlutils.getfieldindex("event_id", description)])
                    + '">Delete Event</a>]</p>'
                )

            return pageutils.generate_page(pagetitle, pagetext)
Exemplo n.º 6
0
    def index (self, article_slug=None):
        # If article_slug is None, display main article table of contents.
        # Else, display specified article.
        # Available to all, logged in or not.

        if (article_slug == None):
            article_slug = "map"

        description = None
        results = None
        comments_description = None
        comments_results = None
        author_results = []
        author_description = None
       
        # Get article, comment, and comment-author data from database.
        try:
            # Try to connect to the database.
            dbconnection = pgdb.connect (database_connect_fields)
            dbcursor = dbconnection.cursor()
            dbcursor.execute ("SELECT * FROM articles WHERE slug=%s", [article_slug])
            # Get the cursor description and results from the query.
            description = dbcursor.description
            results = dbcursor.fetchone()

            # Get any comments for the article.
            if (results <> None):
                dbcursor.execute ("SELECT * FROM articles WHERE refers_to=%s",
                                  [str(results[sqlutils.getfieldindex ("article_id", description)])])
                comments_description = dbcursor.description
                comments_results = dbcursor.fetchall()
                # Store the user info for the author of the comment, for use when we display the comment.
                for result in comments_results:
                    dbcursor.execute ("SELECT * FROM users WHERE user_id=%s",
                                      [str(result[sqlutils.getfieldindex ("author_id", comments_description)])])
                    author_description = dbcursor.description
                    author_results.append (dbcursor.fetchone())

            # Close the database cursor and connection.
            dbcursor.close()
            dbconnection.close()
        except:
            pass

        if (results == None):
            # The "welcome" article is the main front page.  We need to have this page.
            if (article_slug == "welcome"):
                return pageutils.generate_page ("Welcome",
                                                "You will need to create an article with the slug: welcome")
            # We also need a "map" page.
            elif (article_slug == "map"):
                return pageutils.generate_page ("Map",
                                                "You will need to create an article with the slug: map")
            else:
                raise cherrypy.HTTPRedirect ("/404")

        # Obtain the article title from the database results.
        pagetitle = ""
        try:
            pagetitle += results[sqlutils.getfieldindex ("title", description)]
        except:
            pagetitle = "Database Error."

        # Obtain the article body from the database results.
        pagetext = ""
        try:
            pagetext += results[sqlutils.getfieldindex ("body", description)]
        except:
            pagetext += "<p>Database Error.</p>"

        # Do we want to show comments on this page?
        try:
            if (int(results[sqlutils.getfieldindex ("display", description)]) > 1):
                pagetext += "<hr><h3>User Comments</h3>"
                # Do we have any comments to show?
                if (comments_results <> None):
                    for result in comments_results:
                        pagetext += "<p>"
                        pagetext += result[sqlutils.getfieldindex ("body", comments_description)]
                        for author in author_results:
                            if author == None:
                                continue
                            # Find the author info to display.
                            if author[0] == result[sqlutils.getfieldindex ("author_id", comments_description)]:
                                pagetext += "<p><i>posted by " + author[sqlutils.getfieldindex ("name", author_description)]
                                pagetext += " on " + result[sqlutils.getfieldindex ("creation_date", comments_description)] + "</i></p>\n"
                                break
                        # If the user is admin, post link to delete the comment.
                        if (pageutils.is_admin_p()):
                            pagetext += ("<p>[<a href=\"/admin/articles/delete/" +
                                         str(result[sqlutils.getfieldindex ("article_id", comments_description)]) +
                                         "\">Delete Comment</a>]</p>\n")
                        pagetext += "</p>"
                        pagetext += "<hr width=50%>\n"
                        # If user is logged in, post link to add a comment.
                if (pageutils.is_logged_in_p()):
                    pagetext += "<p><a href=\"/articles/comment/" + article_slug + "\">Add a comment</a></p>\n"
                else:
                    pagetext += "<p><a href=\"/login\">Log in</a> to add a comment</a></p>\n"
        except:
            pass

        # Build the whole page and return it.
        return pageutils.generate_page (pagetitle, pagetext)
Exemplo n.º 7
0
    def process (self, name=None, email=None, password=None, passwordverify=None, url=None):
        # If we got to this page through the /register form, all fields should be filled
        # in, with the possible exception of URL, which is optional.  If they aren't all
        # filled in, then something unexpected happened, and we shouldn't continue processing
        # the form.
        if (name == None or email == None or password == None or passwordverify == None):
            return self.index (errormissing = True, name=name, email=email,
                                   password=password, passwordverify=passwordverify,
                                   url=url)
        else:
            # Store original values as given in case we need to represent the form.
            originalname = name
            originalemail = email
            originalpassword = password
            originalpasswordverify = passwordverify
            originalurl = url

            # Remove any leading/trailing spaces.
            name = string.strip(name)
            email = string.strip(email)
            password = string.strip(password)
            passwordverify = string.strip(passwordverify)
            url = string.strip(url)
            level = "1" # default level for regular user.

            # Verify all required fields are filled in.
            if (name == '' or email == '' or password == '' or passwordverify == ''):
                return self.index (errormissing = True, name=originalname, email=originalemail,
                                   password=originalpassword, passwordverify=originalpasswordverify,
                                   url=originalurl)

            # Verify email address is plausibly valid.
            if (re.match (pageutils.emailregex, email) == None):
                return self.index (erroremail = True, name=originalname, email=originalemail,
                                   password=originalpassword, passwordverify=originalpasswordverify,
                                   url=originalurl)

            # Verify passwords match.
            if (password <> passwordverify):
                return self.index (errorverify = True, name=originalname, email=originalemail,
                                   password=originalpassword, passwordverify=originalpasswordverify,
                                   url=originalurl)

            # Encypt the password.  Once we do this, we can't get the original
            # password back out of the database, so we can't send the original
            # password back to the user if they lose it.  We can generate a new
            # password and send them that.
            password = crypt.crypt (password, "23")

            # Add http:// to the URL if needed.
            if (url[0:7] =="http://" or url == ""):
                pass
            else:
                url = "http://" + url

            # Ensure that email address hasn't already been used in database.
            try:
                dbconnection = pgdb.connect (database_connect_fields)
                dbcursor = dbconnection.cursor()
                dbcursor.execute ("SELECT * FROM users WHERE email=%s", [email])
                
                results = dbcursor.fetchone()

                # Close the database cursor and connection.
                dbcursor.close()
                dbconnection.close()

                if (results <> None):
                    return self.index (errorduplicate=True, name=originalname, email=originalemail,
                                   password=originalpassword, passwordverify=originalpasswordverify,
                                   url=originalurl)
            except:
                return pageutils.generate_page ("Database Error", "Database Error")

            try:
                # Connect to the database and insert the values.
                dbconnection = pgdb.connect (database_connect_fields)
                dbcursor = dbconnection.cursor()
                dbcursor.execute ("INSERT INTO users (name, email, password, url, level) " +
                                  "VALUES (%s, %s, %s, %s, %s)",
                                  [name, email, password, url, level])
                dbconnection.commit()

                # Now fetch the user_id so we can automatically log the user in.
                dbcursor.execute ("SELECT * FROM users WHERE email=%s", [email])
                description = dbcursor.description
                results = dbcursor.fetchone()
                
                user_id = None
                user_level = 0
                try:
                    user_id = results[sqlutils.getfieldindex ("user_id", description)]
                    user_level = results[sqlutils.getfieldindex ("level", description)]
                except:
                    pass
                pageutils.set_logged_in (user_id, (user_level > 1))
                    
                # Close the database cursor and connection.
                dbcursor.close()
                dbconnection.close()
            except:
                # FIXME: this is a public user page; provide more interesting feedback in this event.
                return pageutils.generate_page ("Invalid SQL Query", "Invalid SQL Query!")
        
        raise cherrypy.HTTPRedirect ("/register/thanks")