def login(request):
if request.method != 'POST': # Request is caused by lack of session. (Either corrupt or timed out).
message = "Request was aborted by lack of a valid session. Please login to access this page."
response = HttpResponse(message)
return response
username = request.POST.get('username') or ""
password = request.POST.get('password') or ""
keeploggedin = request.POST.get('keepmesignedin') or 0
csrfmiddlewaretoken = request.POST.get('csrfmiddlewaretoken', "")
db = utils.get_mongo_client()
uname = utils.authenticate(username, password)
if not uname: # Incorrect password - return user to login screen with an appropriate message.
message = err.error_msg('1002')
return HttpResponse(message)
else: # user will be logged in after checking the 'active' field
rec = db["users"].find({"username": username})
if not rec:
message = err.error_msg('1002')
return HttpResponse(message)
#r = rec.next()
for r in rec:
active = r["active"]
break
if active == "true":
sessionid = ""
clientip = utils.get_client_ip(request)
timestamp = int(time.time())
sessionid = utils.generatesessionid(username, csrfmiddlewaretoken,
clientip, timestamp.__str__())
sessionuserrec = db["users"].find({'username': username})
#sessuserrec = sessionuserrec.next()
for sessuserrec in sessionuserrec:
sessionuser = sessuserrec["userid"]
break
sessendtime = ''
timestamp = time.time()
useragent = request.META['HTTP_USER_AGENT']
insertd = {
'sessionid': sessionid,
'userid': sessionuser,
'sessionstarttime': timestamp,
'sessionendtime': sessendtime,
'sourceip': clientip,
'useragent': useragent,
'sessionactive': True,
'keeploggedin': keeploggedin
}
db.sessions.insert_one(insertd)
response = HttpResponseRedirect(
utils.gethosturl(request) + "/" + OPERATIONS_URL)
response.set_cookie('sessioncode', sessionid)
response.set_cookie('userid', sessionuser)
print("USERID: %s\nUSERNAME: %s\n" % (sessionuser, username))
return response
else:
message = err.error_msg('1003')
if DEBUG:
print(message)
return HttpResponse(message)
def checkavailability(request):
username = ""
if request.GET.has_key('username'):
username = request.GET['username']
db = utils.get_mongo_client()
rec = db.users.find({'username': username})
if rec.count() > 0: # Not available
return HttpResponse('0')
else: # Available
return HttpResponse('1')
def acctactivate(request):
vkey = ""
if request.GET.has_key('vkey'):
vkey = request.GET['vkey']
else:
return HttpResponse("Invalid request")
if vkey == "":
return HttpResponse("Invalid request")
tmpl = get_template("auth/activation.html")
db = utils.get_mongo_client()
tbl = db["emailvalidation"]
validationrec = tbl.find({'vkey': vkey})
if not validationrec or validationrec.count() < 1:
msg = "The request for account activation couldn't be entertained as there is a key mismatch. Please try once more or contact the admin at [email protected]."
c = {'message': msg}
c.update(csrf(request))
cxt = Context(c)
activation = tmpl.render(cxt)
for htmlkey in HTML_ENTITIES_CHAR_MAP.keys():
activation = activation.replace(htmlkey,
HTML_ENTITIES_CHAR_MAP[htmlkey])
return HttpResponse(activation)
emailid = validationrec[0]['email']
usrtbl = db["users"]
rec = usrtbl.find({'emailid': emailid})
if not rec or rec.count() < 1:
msg = "Couldn't find a emaid Id that matches the code given in the link. Please contact the admin at [email protected] with all the details."
c = {'message': msg}
c.update(csrf(request))
cxt = Context(c)
activation = tmpl.render(cxt)
for htmlkey in HTML_ENTITIES_CHAR_MAP.keys():
activation = activation.replace(htmlkey,
HTML_ENTITIES_CHAR_MAP[htmlkey])
return HttpResponse(activation)
if DEBUG:
print("emailid = " + emailid + "\n------------------------------\n")
usrtbl.update_one({'emailid': emailid}, {"$set": {'active': "true"}})
msg = "Welcome to CryptoCurry! Your account has been activated. Now you may start using it."
c = {'message': msg}
c.update(csrf(request))
cxt = Context(c)
activation = tmpl.render(cxt)
for htmlkey in HTML_ENTITIES_CHAR_MAP.keys():
activation = activation.replace(htmlkey,
HTML_ENTITIES_CHAR_MAP[htmlkey])
return HttpResponse(activation)
def logout(request):
if request.method != 'POST': # Illegal bad request...
message = err.ERR_INCORRECT_HTTP_METHOD
response = HttpResponseBadRequest(message)
return response
if request.POST.has_key('userid'):
userid = request.POST['userid']
else:
response = HttpResponse("2")
response.set_cookie('userid', "")
return response
if request.COOKIES.has_key('sessioncode'):
sessionid = request.COOKIES['sessioncode']
else:
response = HttpResponse("2")
response.set_cookie('userid', "")
return response
db = utils.get_mongo_client()
tbl = db["sessions"]
try:
timenow = datetime.datetime.now()
dtimestr = timenow.strftime("%Y-%m-%d %H:%M:%S")
if DEBUG:
print "UserId: " + userid + "\nSessionId: " + sessionid + "\nDatetimestring: " + dtimestr + "\n\n"
tbl.update_one({
'userid': userid,
'sessionid': sessionid
}, {
"$set": {
'sessionactive': 0,
'sessionendtime': dtimestr,
'keeploggedin': 0
},
"$currentDate": {
"lastModified": True
}
})
response = HttpResponse("1")
response.set_cookie('userid', "")
return response
except:
response = HttpResponse("0")
response.set_cookie('userid', "")
return response
def profileimagechange(request):
if request.method != 'POST':
message = error_msg('1004')
return HttpResponseBadRequest(message)
sesscode = request.COOKIES['sessioncode']
userid = request.COOKIES['userid']
db = utils.get_mongo_client()
rec = db["users"].find({'userid': userid})
if rec and rec.count() > 0:
username = rec[0]['username']
else:
message = "failed - Anonymous users can't upload profile pics."
return HttpResponse(message)
message = ""
fpath, message, profpic = "", "", ""
if request.FILES.has_key('profpic'):
retlist = utils.handleuploadedfile2(
request.FILES['profpic'], settings.MEDIA_ROOT + os.path.sep +
username + os.path.sep + "images")
if retlist.__len__() == 0:
message = "failed - Uploaded file is not an image file"
return HttpResponse(message)
fpath, message, profpic = retlist[0], retlist[1], retlist[2]
if DEBUG:
print(profpic + " in views.profileimagechange\n\n")
print(profpic + " in views.profileimagechange\n\n")
tbl = db["users"]
tbl.update_one({'userid': userid}, {
"$set": {
'userimagepath': profpic
},
"$currentDate": {
"lastModified": True
}
})
message = "success"
else:
message = "failed"
if DEBUG:
print(message + "\n************************\n")
return HttpResponse(message)
def check_passcode_usability(request):
if request.method != 'POST':
message = err.ERR_INCORRECT_HTTP_METHOD
response = HttpResponseBadRequest(message)
return response
"""
Get the passcode from the request and verify it is still usable (i.e., it is not stale yet).
MongoDB table db.passwdcodes, field: tsval
"""
currentts = int(time.time())
username, emailid, passcode = "", "", ""
if request.POST.has_key('username'):
username = request.POST['username']
if request.POST.has_key('emailid'):
emailid = request.POST['emailid']
if request.POST.has_key('passcode'):
passcode = request.POST['passcode']
if not username or not emailid or not passcode:
msg = "passcode validation:err:One or more of the required parameters are missing. Can't proceed further without that information."
response = HttpResponse(msg)
return response
db = utils.get_mongo_client()
tbl = db["passwdcodes"]
rec = tbl.find({
'username': username,
'emailid': emailid,
'passcode': passcode
})
if not rec or rec.count() < 1:
msg = "Invalid Data:err:Couldn't find any record in the database that matches the entered data. Please check your data before trying again."
response = HttpResponse(msg)
return response
if rec[0].has_key('tsval'):
passcodets = rec[0]['tsval']
if currentts - int(passcodets) > PASSCODE_EXPIRY_LIMIT:
msg = "Passcode Expired:err:Your passcode has expired as it has exceeded the expiry limit of %s minutes. Please try again by generating a new passcode." % str(
PASSCODE_EXPIRY_LIMIT)
response = HttpResponse(msg)
return response
return HttpResponse("true")
def confirm_passwd_change(request):
if request.method != 'POST':
message = err.ERR_INCORRECT_HTTP_METHOD
response = HttpResponseBadRequest(message)
return response
username = ""
emailid = ""
newpasswd = ""
confirmnewpasswd = ""
if request.POST.has_key('username'):
username = request.POST['username']
else:
message = "generatepasswd:err:Required field username is missing."
response = HttpResponse(message)
return response
if request.POST.has_key('emailid'):
emailid = request.POST['emailid']
else:
message = "generatepasswd:err:Required field emailId is missing."
response = HttpResponse(message)
return response
#Check if the emailId and username are related.
db = utils.get_mongo_client()
tbl = db["users"]
rec = tbl.find({'username': username})
if not rec or rec.count() < 1:
message = "confirm_password_change:err:No user with the given username ('%s') exists in our databases" % username
response = HttpResponse(message)
return response
email = rec[0]["emailid"]
if DEBUG:
print("EMAIL: %s\n++++++++++++++++++++++++++++\n" % email)
if not email or email != emailid:
message = "confirm_password_change:err:The email Id for the given username doesn't exist or there is a mismatch between the given email Id and the provided email Id"
response = HttpResponse(message)
return response
if request.POST.has_key('newpasswd'):
newpasswd = request.POST['newpasswd']
else:
message = "generatepasswd:err:Required field newpasswd is missing."
response = HttpResponse(message)
return response
if request.POST.has_key('confirmnewpasswd'):
confirmnewpasswd = request.POST['confirmnewpasswd']
else:
message = "generatepasswd:err:Required field confirmnewpasswd is missing."
response = HttpResponse(message)
return response
if newpasswd != confirmnewpasswd:
message = "Password Mismatch:err:The 2 passwords given do not match. Please rectify this issue and try again."
response = HttpResponse(message)
return response
#Create sha256 hashing of the given password and store it in the record identified by the username/emailid
passwd_digest = utils.make_password(newpasswd)
message = "The password has been successfully changed."
try:
tbl.update_one(
{
'username': username,
'emailid': emailid,
'active': "true"
}, {"$set": {
'password': passwd_digest
}})
except:
message = "The password change wasn't successfully done: %s\n" % sys.exc_info(
)[1].__str__()
response = HttpResponse(message)
return response
def generatepasswd(request):
if request.method != "POST":
message = err.ERR_INCORRECT_HTTP_METHOD
response = HttpResponseBadRequest(message)
return response
username = ""
emailid = ""
if request.POST.has_key('username'):
username = request.POST['username']
else:
message = "generatepasswd:err:Required field username is missing. Please fill in the username field and try again"
response = HttpResponse(message)
return response
if request.POST.has_key('emailid'):
emailid = request.POST['emailid']
else:
message = "generatepasswd:err:Required field emailId is missing. Please fill in the emailId field and try again"
response = HttpResponse(message)
return response
# First, check if the email Id is registered with the given user. If so, we will send the
# generated string. If not, we will send out an error message.
db = utils.get_mongo_client()
tbl = db["users"]
rec = tbl.find({'username': username})
if not rec or rec.count() < 1:
message = "generatepasswd:err:No user with the given username ('%s') exists in our databases"
response = HttpResponse(message)
return response
email = rec[0]["emailid"]
if DEBUG:
print("EMAIL: %s\n++++++++++++++++++++++++++++\n" % email)
if not email or email != emailid:
message = "generatepasswd:err:The email Id for the given username doesn't exist or there is a mismatch between the given email Id and the provided email Id"
response = HttpResponse(message)
return response
else: # Generate the 8 character random string and send it through an email to the given email Id
randompasscode = randomStringDigits(8)
# First, insert it into the DB
curdate = datetime.datetime.now()
strcurdate = curdate.strftime("%Y-%m-%d %H:%M:%S")
if request.COOKIES.has_key('sessioncode'):
sessionid = request.COOKIES['sessioncode']
else:
sessionid = ""
clientip = utils.get_client_ip(request)
tsval = int(time.time())
insertd = {
'username': username,
'emailid': emailid,
'passcode': randompasscode,
'datetime': strcurdate,
'sourceip': clientip,
'sessionid': sessionid,
'tsval': tsval
}
db.passwdcodes.insert_one(insertd)
# Send this to the registered email Id
fromaddr = "*****@*****.**"
subject = "Your temporary passcode"
message = "Hi %s,\n\nPlease copy the code (8 characters long) and paste it in the code box on the screen.\nThis will allow you to change your password through a given page\n that will be displayed to you when you submit this code using the 'Send Code' button. Your passcode is '%s'.\n\nThanks and Regards, \[email protected]\n" % (
username, randompasscode)
utils.sendemail(email, subject, message, fromaddr)
msg = "An email containing the passcode has been sent to your registered email Id. Please open the email and follow the instructions therein."
response = HttpResponse(msg)
return response
def register(request):
if request.method == "GET": # display the registration form
curdate = datetime.datetime.now()
strcurdate = curdate.strftime("%Y-%m-%d %H:%M:%S")
(username, password, password2, email, firstname, middlename, lastname,
mobilenum) = ("", "", "", "", "", "", "", "")
usertypes = MEMBERSHIP_TYPES.keys()
tmpl = get_template("auth/regform.html")
c = {'curdate' : strcurdate, 'login_url' : utils.gethosturl(request) + "/" + LOGIN_URL, 'hosturl' : utils.gethosturl(request),\
'register_url' : utils.gethosturl(request) + "/" + REGISTER_URL,\
'min_passwd_strength' : MIN_ALLOWABLE_PASSWD_STRENGTH, 'username' : username, 'password' : password, 'password2' : password2,\
'email' : email, 'firstname' : firstname, 'middlename' : middlename, 'lastname' : lastname, 'mobilenum' : mobilenum, \
'hosturl' : utils.gethosturl(request), 'profpicheight' : PROFILE_PHOTO_HEIGHT, 'profpicwidth' : PROFILE_PHOTO_WIDTH, 'availabilityURL' : utils.AVAILABILITY_URL, 'usertypes' : usertypes }
c.update(csrf(request))
cxt = Context(c)
registerhtml = tmpl.render(cxt)
for htmlkey in HTML_ENTITIES_CHAR_MAP.keys():
registerhtml = registerhtml.replace(
htmlkey, HTML_ENTITIES_CHAR_MAP[htmlkey])
return HttpResponse(registerhtml)
elif request.method == "POST": # Process registration form data
username = request.POST['username']
password = request.POST['password']
password2 = request.POST['password2']
email = request.POST['email']
firstname = request.POST['firstname']
middlename = request.POST['middlename']
lastname = request.POST['lastname']
sex = request.POST['sex']
mobilenum = request.POST['mobilenum']
profpic = ""
csrftoken = request.POST['csrfmiddlewaretoken']
usertype = request.POST['usertype']
message = ""
# Validate the collected data...
if password != password2:
message = error_msg('1011')
elif MULTIPLE_WS_PATTERN.search(username):
message = error_msg('1012')
elif not EMAIL_PATTERN.search(email):
message = error_msg('1013')
elif mobilenum != "" and not PHONENUM_PATTERN.search(mobilenum):
message = error_msg('1014')
elif sex not in ('m', 'f', 'u'):
message = error_msg('1015')
elif not REALNAME_PATTERN.search(
firstname) or not REALNAME_PATTERN.search(
lastname) or not REALNAME_PATTERN.search(middlename):
message = error_msg('1017')
elif utils.check_password_strength(
password) < MIN_ALLOWABLE_PASSWD_STRENGTH:
message = error_msg('1019')
if request.FILES.has_key('profpic'):
fpath, message, profpic = utils.handleuploadedfile2(
request.FILES['profpic'], settings.MEDIA_ROOT + os.path.sep +
username + os.path.sep + "images")
# User's images will be stored in "settings.MEDIA_ROOT/<Username>/images/".
if message != "" and DEBUG:
print message + "\n"
if message != "":
curdate = datetime.datetime.now()
strcurdate = curdate.strftime("%Y-%m-%d %H:%M:%S")
availabilityURL = utils.AVAILABILITY_URL
tmpl = get_template("auth/regform.html")
c = {'curdate' : strcurdate, 'msg' : "<font color='#FF0000'>%s</font>"%message, 'login_url' : utils.gethosturl(request) + "/" + LOGIN_URL,\
'register_url' : utils.gethosturl(request) + "/" + REGISTER_URL, \
'min_passwd_strength' : MIN_ALLOWABLE_PASSWD_STRENGTH, 'username' : username, 'password' : password, 'password2' : password2,\
'email' : email, 'firstname' : firstname, 'middlename' : middlename, 'lastname' : lastname, 'mobilenum' : mobilenum, \
'availabilityURL' : availabilityURL, 'hosturl' : utils.gethosturl(request), 'profpicheight' : PROFILE_PHOTO_HEIGHT, 'profpicwidth' : PROFILE_PHOTO_WIDTH }
c.update(csrf(request))
cxt = Context(c)
registerhtml = tmpl.render(cxt)
for htmlkey in HTML_ENTITIES_CHAR_MAP.keys():
registerhtml = registerhtml.replace(
htmlkey, HTML_ENTITIES_CHAR_MAP[htmlkey])
return HttpResponse(registerhtml)
else: # Create the user and redirect to the dashboard page with a status message.
db = utils.get_mongo_client()
rec = {}
rec['firstname'] = firstname
rec['middlename'] = middlename
rec['lastname'] = lastname
rec['username'] = username
rec['emailid'] = email
rec['password'] = utils.make_password(
password) # Store password as a hash.
rec['mobileno'] = mobilenum
rec['sex'] = sex
rec['active'] = False # Will become active when user verifies email Id.
rec['userimagepath'] = profpic
usercode = '0'
if usertype == 'SILVER':
usercode = '1'
elif usertype == 'GOLD':
usercode = '2'
elif usertype == 'PLATINUM':
usercode = '3'
else:
pass
rec['usertype'] = usercode
userid = str(sha256.sha256(str(username)).hexdigest())
if DEBUG:
print "type of userid is " + str(type(userid)) + "\n"
rec['userid'] = userid
rec["address"] = {}
rec["address"]['country'] = ""
rec['address']['State'] = ""
rec['address']['block_sector'] = ""
rec['address']['house_num'] = ""
rec['address']['street_address'] = ""
emailvalid = {}
emailvalid['email'] = email
emailvalid['vkey'] = utils.generate_random_string()
r = db.users.find({'username': username})
e = db.emailvalidation.find({'email': email})
if r.count() > 0 or e.count() > 0:
message = "Non unique email and/or username found."
tmpl = get_template("auth/regerror.html")
curdate = datetime.datetime.now()
strcurdate = curdate.strftime("%Y-%m-%d %H:%M:%S")
availabilityURL = utils.AVAILABILITY_URL
c = {'curdate' : strcurdate, 'msg' : message, 'login_url' : utils.gethosturl(request) + "/" + LOGIN_URL,\
'register_url' : utils.gethosturl(request) + "/" + REGISTER_URL, \
'min_passwd_strength' : MIN_ALLOWABLE_PASSWD_STRENGTH, 'username' : username, 'password' : password, 'password2' : password2,\
'email' : email, 'firstname' : firstname, 'middlename' : middlename, 'lastname' : lastname, 'mobilenum' : mobilenum, \
'availabilityURL' : availabilityURL, 'hosturl' : utils.gethosturl(request), 'profpicheight' : PROFILE_PHOTO_HEIGHT, 'profpicwidth' : PROFILE_PHOTO_WIDTH }
c.update(csrf(request))
cxt = Context(c)
reghtml = tmpl.render(cxt)
return HttpResponse(reghtml)
try:
db.users.insert_one(rec)
db.emailvalidation.insert_one(emailvalid)
except:
message = sys.exc_info()[1].__str__()
tmpl = get_template("auth/regform.html")
availabilityURL = utils.AVAILABILITY_URL
curdate = datetime.datetime.now()
strcurdate = curdate.strftime("%Y-%m-%d %H:%M:%S")
c = {'curdate' : strcurdate, 'msg' : "<font color='#FF0000'>%s</font>"%message, 'login_url' : utils.gethosturl(request) + "/" + LOGIN_URL,\
'register_url' : utils.gethosturl(request) + "/" + REGISTER_URL, \
'min_passwd_strength' : MIN_ALLOWABLE_PASSWD_STRENGTH, 'username' : username, 'password' : password, 'password2' : password2,\
'email' : email, 'firstname' : firstname, 'middlename' : middlename, 'lastname' : lastname, 'mobilenum' : mobilenum, \
'availabilityURL' : availabilityURL, 'hosturl' : utils.gethosturl(request), 'profpicheight' : PROFILE_PHOTO_HEIGHT, 'profpicwidth' : PROFILE_PHOTO_WIDTH }
c.update(csrf(request))
cxt = Context(c)
reghtml = tmpl.render(cxt)
return HttpResponse(reghtml)
subject = """ CryptoCurry Registration - Activate your account on CryptoCurry by verifying your email. """
message = """
Dear %s,
Thanks for creating your account on CryptoCurry. In order to be able to login and use it, you need
to verify this email address (which you have entered as an input during registration). You can
do this by clicking on the hyperlink here: <a href='%s/%s?vkey=%s'>Verify My Account</a>. Once you have ver-
ified your account, you would be able to use it.
If you feel this email has been sent to you in error, please get back to us at the email address
mentioned here: [email protected]
Thanks and Regards,
%s, CEO, CryptoCurry.
""" % (username, utils.gethosturl(request), ACCTACTIVATION_URL,
emailvalid['vkey'], MAILSENDER)
fromaddr = "*****@*****.**"
utils.sendemail(email, subject, message, fromaddr)
# Print a success message and ask user to validate email. The current screen is
# only a providential state where the user appears to be logged in but has no right
# to perform any action.
message = "<font color='#0000FF'>Hello %s, welcome on board CryptoCurry(™). We hope you will have a hassle-free association with us.<br /> \
In case of any issues, please feel free to drop us ([email protected]) an email regarding the matter. Our 24x7 <br />\
support center staff would only be too glad to help you out. Happy transacting at cyptocurry... </font>" % username
tmpl = get_template("auth/profile.html")
curdate = datetime.datetime.now()
strcurdate = curdate.strftime("%Y-%m-%d %H:%M:%S")
c = {'curdate' : strcurdate, 'msg' : message, 'login_url' : utils.gethosturl(request) + "/" + LOGIN_URL, \
'csrftoken' : csrftoken, 'username' : username, 'password' : password, 'password2' : password2, 'email' : email, \
'firstname' : firstname, 'middlename' : middlename, 'lastname' : lastname, 'mobilenum' : mobilenum, 'userid' : userid, 'active' : 0 }
c.update(csrf(request))
cxt = Context(c)
profile = tmpl.render(cxt)
for htmlkey in HTML_ENTITIES_CHAR_MAP.keys():
profile = profile.replace(htmlkey,
HTML_ENTITIES_CHAR_MAP[htmlkey])
return HttpResponse(profile)
else: # Process this as erroneous request
message = error_msg('1004')
if DEBUG:
print "Unhandled method call during registration.\n"
return HttpResponseBadRequest(
utils.gethosturl(request) + "/" + REGISTER_URL +
"?msg=%s" % message)