def init_user_session(form={}):
'''Initiates a session using the cookie session module. If a form is passed in it trys to
log the user in. The function will return a session dictionary and a user dictionary. If
the current session has no user information associated with it the user dictionary will be
empty. Note this function prints the header information, if you need to set custom cookies
then you cannot currently use this function.'''
cookie = Cookie.SimpleCookie()
cookieHdr = os.environ.get("HTTP_COOKIE", "") #get the cookie from the enviroment
cookie.load(cookieHdr) #load it into a Cookie class
user_id = verify_login(form, cookie) #only actually gives you a user_id if you are logging in
c, ses_dict = cookie_session.init_session(cookie, user_id) #initializes the session returns the session dictionary and the cookie to push to browser
logger.writeln('ses_dict: ', ses_dict)
cookie_session.print_header(c) #print the header
if user_id == ses_dict['usr_id']: #means you are logging in with good credentials
logger.writeln('logging in')
update_last_login_time(user_id) #so update the time
user_id = ses_dict['usr_id'] #if you are logged in gives you the current user_id
logger.writeln('user_id: ', user_id)
user_dict = get_user_byid(user_id) #get the user dictionary
logger.writeln('user_dict: ', user_dict)
return ses_dict, user_dict
def verify_login(form, cookie):
'''This function takes a form (ie the return value of cgi.FieldStorage()) or an empty dictionary.
If the dictionary is empty it simply returns None. If there is no user by the name passed in it
returns None. If the passwords do not match it returns None. If the username is valid and the
password validates then it returns the user_id.'''
usr_id = None #set a default value for the user_id
if cookie_session.verify_session(): # check to see if there is a valid session. you cannot
# log in with out one.
if form.has_key('email') and form.has_key('passwd'): # see if the correct form info got
# passed to the server
logger.writeln('about to try and log in')
try:
email = templater.validators.Email(resolve_domain=True,
not_empty=True).to_python(form["email"].value)
except templater.formencode.Invalid, e:
logger.writeln("email did not pass validation: ")
c, ses_dict = cookie_session.init_session(cookie, None)
cookie_session.print_header(c)
templater.print_error("email: "+str(e))
sys.exit()
passwd = form['passwd'].value #get the password
logger.writeln(' email:', email)
valid, user_dict = verify_passwd(email, passwd) #verify the password and get the
#user_dict as well
logger.writeln(' valid:', valid)
if valid:
usr_id = user_dict['usr_id'] #if it is valid grab the user_id from the user_dict
else:
logger.writeln("Password or email not correct")
c, ses_dict = cookie_session.init_session(cookie, None)
cookie_session.print_header(c)
templater.print_error("Password or email not correct")
sys.exit(0)
elif form.has_key('email') or form.has_key('passwd'):
logger.writeln("All of the fields were not filled out.")
c, ses_dict = cookie_session.init_session(cookie, None)
cookie_session.print_header(c)
templater.print_error("All fields must be filled out.")
sys.exit(0)
