#############Collect field data##########
form=cgi.FieldStorage()
keys=form.keys()
if debug:
print 'Content-type: text/html\n\n'
print 'Received the following:\n<br />'
for i in keys:
print i+'='+form[i].value+'<br />'
sys.exit()
try:
moltext=form['moltext'].value.replace('\r','').split('\n')
molfig64=form['molfig'].value.split(',')[1]
except Exception:
config.returnhome(64)
sys.exit()
if 'molnotes' in keys:
molnotes=form['molnotes'].value
else:
molnotes=0
if 'userid' in keys:
authorid=form['userid'].value
else:
authorid=0
if 'token' in keys:
token = form['token'].value
else:
token = ''
if 'select_targetid' in keys:
userid = 0
if 'token' in keys:
token = form['token'].value
else:
token=''
if 'inviteemail' in keys:
inviteemail = form['inviteemail'].value
else:
inviteemail=''
if 'datesent' in keys:
datesent = form['datesent'].value
else:
datesent=''
if (not userid or not token or not inviteemail or not datesent):
config.returnhome(60)
exit()
try:
dbconn=psycopg2.connect(config.dsn)
q=dbconn.cursor()
#Check that request is from admin user with valid token.
q.execute('SELECT count(*) FROM tokens t LEFT JOIN users u ON t.userid=u.userid WHERE u.userid=%s AND u.isadmin=true AND t.token=%s',[userid,token])
r = q.fetchone()
assert(r[0]==1)
#Request seems valid, delete the deleteuserid
q.execute('DELETE FROM invites WHERE datejoined IS NULL AND email=%s AND datesent=%s',[inviteemail,datesent])
dbconn.commit()
if 'userid' in keys:
userid = int(form['userid'].value)
else:
userid = 0
if 'token' in keys:
token = form['token'].value
else:
token=''
if 'upgradeuserid' in keys:
upgradeuserid = form['upgradeuserid'].value
else:
upgradeuserid=''
if (not userid or not token or not upgradeuserid):
config.returnhome(52)
exit()
try:
dbconn=psycopg2.connect(config.dsn)
q=dbconn.cursor()
#Check that request is from admin user with valid token.
q.execute('SELECT count(*) FROM tokens t LEFT JOIN users u ON t.userid=u.userid WHERE u.userid=%s AND u.isadmin=true AND t.token=%s',[userid,token])
r = q.fetchone()
assert(r[0]==1)
#Request seems valid, promote the upgradeuserid
q.execute('UPDATE users SET isadmin=true WHERE userid=%s',[upgradeuserid])
dbconn.commit()
def __init__(self):
self.datatypeid=0
self.obj=0
self.filename=0
self.notes=0
self.notesid=0
self.moldataid=0
#############Collect field data##########
form=cgi.FieldStorage()
keys=form.keys()
try:
moltext=form['moltext'].value.replace('\r','').split('\n')
molfig64=form['molfig'].value.split(',')[1]
except Exception:
config.returnhome(63)
sys.exit()
if debug:
print 'Content-type: text/html\n\n'
print 'Received the following:\n<br />'
for i in keys:
print i+'='+form[i].value+'<br />'
sys.exit()
if 'molname' in keys:
molname=form['molname'].value.strip().replace(' ','_')
else:
molname=''
if 'iupacname' in keys:
iupacname=form['iupacname'].value.strip()
targetid=0
if 'deletedocdatatype' in keys:
datatype= int(form['deletedocdatatype'].value)
else:
datatype=0
if 'userid' in keys:
userid=int(form['userid'].value)
else:
userid=0
if 'token' in keys:
token = form['token'].value
else:
token=''
if (not dataid or not targetid or not userid or not token):
config.returnhome(32)
exit()
try:
dbconn = psycopg2.connect(config.dsn)
q = dbconn.cursor()
#Must have a valid token.
q.execute('SELECT token FROM tokens WHERE userid=%s',[userid])
r = q.fetchone()
assert(r[0]==token)
#Try to delete entry from database.
#If this user isn't the author or the targetid doesn't match (?) then nothing happens.
#Return 1 on success.
q.execute('DELETE FROM targetdata WHERE targetdataid=%s and authorid=%s and targetid=%s returning 1',[dataid,userid,targetid])
success=len(q.fetchone())
if 'userid' in keys:
userid = int(form['userid'].value)
else:
userid = 0
if 'token' in keys:
token = form['token'].value
else:
token=''
if 'email_addresses' in keys:
email_addresses = form['email_addresses'].value
else:
email_addresses=''
if(not email_addresses or not userid or not token):
config.returnhome(50)
exit()
list_of_addresses = config.find_email_addresses(email_addresses).split(',')
list_of_keys = []
try:
dbconn=psycopg2.connect(config.dsn)
q=dbconn.cursor()
#Check that request is from valid admin user.
q.execute('SELECT u.username FROM tokens t LEFT JOIN users u ON t.userid=u.userid WHERE u.userid=%s AND u.isadmin=true AND t.token=%s',[userid,token])
assert(q.rowcount==1)
r = q.fetchone()
inviter = r[0]
#Check that the email isn't already registered.
if 'molfig' in keys:
molfig64 = form['molfig'].value.split(',')[1]
else:
molfig64=0
if 'molid' in keys:
molid = int(form['molid'].value)
else:
molid=0
if 'dest' in keys:
dest = form['dest'].value
else:
dest=0
if (not molfig64 or not molid):
config.returnhome(20)
sys.exit()
try:
with open('../public/uploads/sketches/{}.png'.format(molid),'w') as img:
img.write(decodestring(molfig64))
subprocess.Popen([os.path.join(config.convertdir,'convert'),
'../public/uploads/sketches/{}.png'.format(molid),
'-trim',
'../public/uploads/sketches/{}.jpg'.format(molid)],
stdout=open(os.devnull,'w'),stderr=open(os.devnull,'w'))
if dest=='am':
print 'Location: ../addmolecule.php \n\n'
elif dest=='vm':
print 'Location: ../viewmolecule.php?molid={} \n\n'.format(molid)
userid=0
if 'token' in keys:
token=form['token'].value
else:
token=0
if 'textarea_addmolcomment' in keys:
comment=form['textarea_addmolcomment'].value
else:
comment=0
if 'molid' in keys:
molid=int(form['molid'].value)
else:
molid=0
if(not molid or not userid or not token):
config.returnhome(16)
exit()
if(not comment):
print 'Location: ../viewmolecule.php?molid='+str(molid)+' \n\n'
exit()
try:
dbconn=psycopg2.connect(config.dsn)
q=dbconn.cursor()
#Check for token
q.execute('SELECT token FROM tokens WHERE userid=%s',[userid])
dbtoken = q.fetchone()[0]
assert(dbtoken==token)
q.execute("INSERT INTO molcomments (molid,molcomment,dateadded,authorid) VALUES(%s,%s,localtimestamp,%s)",[molid,comment,userid])
dbconn.commit()
q.close()
if "molid" in keys:
molid = int(form["molid"].value)
else:
molid = 0
if "userid" in keys:
userid = int(form["userid"].value)
else:
userid = 0
if "token" in keys:
token = form["token"].value
else:
token = 0
if not userid or not molid or not token:
config.returnhome(28)
exit()
try:
dbconn = psycopg2.connect(config.dsn)
q = dbconn.cursor()
# Must be author to delete this molecule
q.execute("SELECT authorid FROM molecules WHERE molid=%s", [molid])
authorid = q.fetchone()[0]
assert userid == authorid
# Must have valid token.
q.execute("SELECT token FROM tokens WHERE userid=%s", [userid])
dbtoken = q.fetchone()[0]
assert token == dbtoken
q.execute("DELETE FROM molecules WHERE molid=%s", [molid])
if "bid" in keys:
bid = int(form["bid"].value)
else:
bid = 0
if "userid" in keys:
userid = int(form["userid"].value)
else:
userid = 0
if "token" in keys:
token = form["token"].value
else:
token = ""
if not userid or not bid or not token:
config.returnhome(24)
exit()
try:
dbconn = psycopg2.connect(config.dsn)
q = dbconn.cursor()
# Only the person who placed the bounty can delete it.
q.execute("SELECT placed_by_id FROM bounties WHERE bountyid=%s", [bid])
authorid = q.fetchone()[0]
assert userid == authorid
# Must have valid token.
q.execute("SELECT token FROM tokens WHERE userid=%s", [userid])
dbtoken = q.fetchone()[0]
assert token == dbtoken
q.execute("DELETE FROM bounties WHERE bountyid=%s ", [bid])
q.execute("DELETE FROM bountycomments WHERE bountyid=%s", [bid])
molcommentid=0
if 'molid' in keys:
molid=int(form['molid'].value)
else:
molid=0
if 'userid' in keys:
userid=int(form['userid'].value)
else:
userid=0
if 'token' in keys:
token=form['token'].value
else:
token=0
if (not token or not userid or not molcommentid or not molid):
config.returnhome(44)
exit()
try:
dbconn=psycopg2.connect(config.dsn)
q=dbconn.cursor()
#Check for token.
q.execute('SELECT token FROM tokens WHERE userid=%s',[userid])
dbtoken = q.fetchone()[0]
assert(dbtoken==token)
#Delete comment. If this fails, nothing happens, and the user is sent back to viewmolecule.
q.execute('DELETE FROM molcomments WHERE molcommentid=%s and molid=%s and authorid=%s',[molcommentid,molid,userid])
dbconn.commit()
q.close()
dbconn.close()
except Exception:
molid=0
if 'deletedocdatatype' in keys:
datatype= int(form['deletedocdatatype'].value)
else:
datatype=0
if 'userid' in keys:
userid=int(form['userid'].value)
else:
userid=0
if 'token' in keys:
token = form['token'].value
else:
token=''
if (not dataid or not molid or not userid or not token):
config.returnhome(26)
exit()
try:
dbconn = psycopg2.connect(config.dsn)
q = dbconn.cursor()
#Only authors of data can delete data entries.
q.execute('SELECT authorid FROM moldata WHERE moldataid=%s',[dataid])
r = q.fetchone()
assert(r[0]==userid)
#Must have a valid token.
q.execute('SELECT token FROM tokens WHERE userid=%s',[userid])
r = q.fetchone()
assert(r[0]==token)
series = ""
if "userid" in keys:
authorid = int(form["userid"].value)
else:
authorid = 0
if "token" in keys:
token = form["token"].value
else:
token = 0
if not nickname:
print "Location: ../addtarget.php?status=nonickname\n\n"
sys.exit()
if not authorid or not token:
config.returnhome(18)
sys.exit()
try:
dbconn = psycopg2.connect(config.dsn)
q = dbconn.cursor()
# Check for token.
q.execute("SELECT token FROM tokens WHERE userid=%s", [authorid])
dbtoken = q.fetchone()[0]
assert dbtoken == token
# Add target to database.
query = "INSERT INTO targets (nickname,fullname,targetclass,series,authorid,dateadded) VALUES(%s,%s,%s,%s,%s,localtimestamp)"
options = [nickname, fullname, class_, series, authorid]
q.execute(query, options)
dbconn.commit()
targetdatas.append(docdata())
targetdatas[-1].datatype=form['docdata_datatypeid_new_'+str(i)].value
targetdatas[-1].obj=form['docdata_value_new_'+str(i)]
targetdatas[-1].filename=form['docdata_value_new_'+str(i)].filename
if 'textarea_docdata_notes_new_'+str(i) in keys and form['textarea_docdata_notes_new_'+str(i)].value!='':
targetdatas[-1].notes=form['textarea_docdata_notes_new_'+str(i)].value
##################
##DEBUG
if debug:
print 'Content-type: text/html\n\n'
print form
sys.exit()
##################
if (not targetid or not userid or not token):
config.returnhome(31)
sys.exit()
if (not nickname.strip()):
print 'Location: ../edittarget.php?targetid='+str(targetid)+'&status=nonickname\n\n'
sys.exit()
try:
dbconn = psycopg2.connect(config.dsn)
q = dbconn.cursor()
except Exception:
config.returnhome(66)
sys.exit()
#Check for valid token.
q.execute('SELECT token FROM tokens WHERE userid=%s',[userid])
dbtoken = q.fetchone()[0]
userid=0
if 'token' in keys:
token = form['token'].value
else:
token=''
if 'textarea_addbountycomment' in keys:
comment=form['textarea_addbountycomment'].value
else:
comment=''
if 'bid' in keys:
bid=int(form['bid'].value)
else:
bid=''
if(not bid or not userid or not token):
config.returnhome(14)
exit()
if(not comment):
print 'Location: ../bountypage.php?bid='+str(bid)+' \n\n'
exit()
try:
dbconn=psycopg2.connect(config.dsn)
q=dbconn.cursor()
#Check token
q.execute('SELECT token FROM tokens WHERE userid=%s',[userid])
dbtoken = q.fetchone()[0]
assert(dbtoken==token)
q.execute("INSERT INTO bountycomments (bountyid,bountycomment,dateadded,authorid) VALUES(%s,%s,localtimestamp,%s)",[bid,comment,userid])
import config
form = cgi.FieldStorage()
keys = form.keys()
if "userid" in keys:
userid = int(form["userid"].value)
else:
userid = 0
if "token" in keys:
token = form["token"].value
else:
token = ""
if not userid or not token:
config.returnhome(54)
exit()
try:
dbconn = psycopg2.connect(config.dsn)
q = dbconn.cursor()
# Check that request is from admin user with valid token.
q.execute(
"SELECT count(*) FROM tokens t LEFT JOIN users u ON t.userid=u.userid WHERE u.userid=%s AND u.isadmin=true AND t.token=%s",
[userid, token],
)
r = q.fetchone()
assert r[0] == 1
# Request seems valid, revoke admin status
if 'userid' in keys:
userid = int(form['userid'].value)
else:
userid = 0
if 'token' in keys:
token = form['token'].value
else:
token=''
if 'deleteuserid' in keys:
deleteuserid = form['deleteuserid'].value
else:
deleteuserid=''
if (not userid or not token or not deleteuserid):
config.returnhome(56)
exit()
try:
dbconn=psycopg2.connect(config.dsn)
q=dbconn.cursor()
#Check that request is from admin user with valid token.
q.execute('SELECT count(*) FROM tokens t LEFT JOIN users u ON t.userid=u.userid WHERE u.userid=%s AND u.isadmin=true AND t.token=%s',[userid,token])
r = q.fetchone()
assert(r[0]==1)
#Request seems valid, delete the deleteuserid
q.execute('DELETE FROM users WHERE userid=%s',[deleteuserid])
dbconn.commit()
export=''
if 'molids' in keys:
molids=form['molids'].value.split(',')
else:
molids=''
if 'userid' in keys:
userid=str(int(form['userid'].value))
else:
userid=0
if 'token' in keys:
token = form['token'].value
else:
token = ''
if (not userid or not token or not export or not molids):
config.returnhome(58)
if export == 'structures':
#Create zip file with 2d and 3d structures and an sdf file.
temp_path='/tmp/structures-{}'.format(userid)
if(os.path.isdir(temp_path)):
shutil.rmtree(temp_path)
os.mkdir(temp_path)
os.mkdir(os.path.join(temp_path,'3d'))
os.mkdir(os.path.join(temp_path,'2d'))
with open(os.path.join(temp_path,'notebook.sdf'),'w') as sdf:
for imol in molids:
molfile3d=os.path.join(uploaddir,'structures','{}-3d.mol'.format(imol))
molfile2d=os.path.join(uploaddir,'structures','{}.mol'.format(imol))
if(os.path.isfile(molfile3d)):
shutil.copyfile(molfile3d,os.path.join(temp_path,'3d','{}-3d.mol'.format(imol)))
import string
import random
import psycopg2
import config
cgitb.enable(display=0,logdir="../log/",format="text")
form=cgi.FieldStorage()
keys=form.keys()
if 'email' in keys:
email = form['email'].value
else:
email=0
if not email:
config.returnhome(33)
sys.exit()
try:
dbconn=psycopg2.connect(config.dsn)
q=dbconn.cursor()
#Get userid matching this email address
q.execute('SELECT userid FROM users WHERE email=%s',[email])
if(q.rowcount==0):
print 'Location: ../changepasswordrequestpage.php?status=bademail \n\n'
sys.exit()
r = q.fetchone()
userid = str(r[0])
#Check for open requests from this user in the last 24 hours.
q.execute("""SELECT daterequested
bid = 0
if "bountycommentid" in keys:
cid = int(form["bountycommentid"].value)
else:
cid = 0
if "userid" in keys:
userid = int(form["userid"].value)
else:
userid = 0
if "token" in keys:
token = form["token"].value
else:
token = ""
if not userid or not bid or not cid or not token:
config.returnhome(37)
exit()
try:
dbconn = psycopg2.connect(config.dsn)
q = dbconn.cursor()
# Check token.
q.execute("SELECT token FROM tokens WHERE userid=%s", [userid])
dbtoken = q.fetchone()[0]
assert dbtoken == token
# Check author.
q.execute("SELECT authorid FROM bountycomments WHERE bountycommentid=%s", [cid])
aid = q.fetchone()[0]
assert aid == userid
q.execute("DELETE FROM bountycomments WHERE bountycommentid=%s ", [cid])
dbconn.commit()
if 'userid' in keys:
userid=int(form['userid'].value)
else:
userid=0
if 'bid' in keys:
bid=int(form['bid'].value)
else:
bid=0
if 'token' in keys:
token = form['token'].value
else:
token=''
if(not bid or not userid or not token):
config.returnhome(35)
exit()
try:
dbconn=psycopg2.connect(config.dsn)
q=dbconn.cursor()
#Check token
q.execute('SELECT token FROM tokens WHERE userid=%s',[userid])
dbtoken = q.fetchone()[0]
assert(dbtoken==token)
q.execute("UPDATE bounties SET pursued_by_id=%s, date_pursued=localtimestamp WHERE bountyid=%s",[userid,bid])
dbconn.commit()
q.close()
dbconn.close()
print 'Location: ../bountypage.php?bid='+str(bid)+' \n\n'
except Exception:
#############Collect field data##########
form=cgi.FieldStorage()
keys=form.keys()
if debug: #print received variables
print 'Content-type: text/html\n\n'
print 'Received the following:\n<br />'
for i in keys:
print i+'='+form[i].value+'<br />'
sys.exit()
try:
moltext=form['moltext'].value.replace('\r','').split('\n')
molfig64=form['molfig'].value.split(',')[1]
except Exception:
config.returnhome(62)
sys.exit()
if 'molname' in keys:
molname=form['molname'].value.strip().replace(' ','_')
else:
molname=0
if 'iupacname' in keys:
iupacname=form['iupacname'].value.strip()
else:
iupacname=0
if 'cas' in keys:
cas=form['cas'].value.strip()
else:
cas=0
if 'molnotes' in keys:
if "userid" in keys:
userid = int(form["userid"].value)
else:
userid = 0
if "token" in keys:
token = form["token"].value
else:
token = ""
if "bid" in keys:
bid = int(form["bid"].value)
else:
bid = ""
if not bid or not userid or not token:
config.returnhome(22)
sys.exit()
try:
dbconn = psycopg2.connect(config.dsn)
q = dbconn.cursor()
# Check token
q.execute("SELECT token FROM tokens WHERE userid=%s", [userid])
dbtoken = q.fetchone()[0]
assert dbtoken == token
# Check pursued by. Only pursuer can claim.
q.execute("SELECT pursued_by_id from bounties where bountyid=%s", [bid])
pid = q.fetchone()[0]
assert int(pid) == userid
# Bounty now becomes molecule. Default molname is "Bounty-$bid"
molname = "Bounty-{}".format(bid)
