def insert_account(): """ Stores a user's account into the Accounts table using the prepare statement """ # Generates a random number of bytes to be used to create a new hash salt = os.urandom(64) # Encrypts the password and email that was entered enc_psw = enc.create_hash(psw1, salt) enc_email = enc.create_hash(email, salt) # Prepare INSERT Statement prep_insert = "INSERT INTO accounts (uname, pwd, fname, lname, email, age, addr, city, state, zipCode, poliAffil) VALUES (%s, %s, %s, %s, %s, %s, %s, %s, %s, %s, %s)" values = ( uname, enc_psw, fname, lname, enc_email, age, addr, cty, st, zipcode, polaffil, ) cursor.execute(prep_insert, values) db.commit() # saves changes # Stores salt in the database store_salt(salt)
def update_account(): """ Updates accounts using the prepare statement """ # Determines if the salt used by an account in the Salt table should be updated new_salt = False accid = find_accid() # gets an ID # Gets the original encrypted values to use for defaulting data enc_values = find_encdata() # returns a tuple (pwd, email_addr) = enc_values # unpacks the tuple # Checks if the password and email address that were submitted should be encrypted if psw1 != "" or email != "": salt = os.urandom(64) # generates a new salt value new_salt = True if psw1 != "": enc_psw = enc.create_hash(psw1, salt) else: # Re-encrypts data so validation still works enc_psw = enc.create_hash(pwd, salt) if email != "": enc_email = enc.create_hash(email, salt) else: # Re-encrypts data so validation still works enc_email = enc.create_hash(email_addr, salt) else: enc_psw = pwd enc_email = email_addr # Prepare UPDATE statement prep_update = "UPDATE accounts SET uname = %s, pwd = %s, fname = %s, lname = %s, email = %s, age = %s, addr = %s, city = %s, state = %s, zipCode = %s, poliAffil = %s WHERE accId = %s" values = ( uname, enc_psw, fname, lname, enc_email, age, addr, cty, st, zipcode, polaffil, accid, ) # A tuple should always be used when binding placeholders (%s) cursor.execute(prep_update, values) if new_salt: update_salt(salt, accid) db.commit() # saves changes
def update_cred(ccnum, cvv, salt): """ Re-Encrypts the credit card number and CVV that was entered """ accid = find_accid() # gets an ID # Encrypts the credit card number and the CVV enc_ccnum = enc.create_hash(ccnum, salt) enc_cvv = enc.create_hash(cvv, salt) # Prepare UPDATE statement prep_update = "UPDATE donations SET credCardNum = %s, cvv = %s WHERE accId = %s" # A tuple should always be used when binding placeholders (%s) cursor.execute(prep_update, (enc_ccnum, enc_cvv, accid)) db.commit() # saves changes
def insert_donation(): """ Stores the donation that was placed in the Donations table and uses a function to store donations in the VoteDonate table """ global errctr accid = find_accid() # gets an ID try: # Converts the string value that is returned in find_salt() back to bytes salt = eval(find_salt()) if bitcoin == "": # Encrypts the credit card number and CVV that was entered enc_ccnum = enc.create_hash(ccnum, salt) enc_cvv = enc.create_hash(cvv, salt) # Prepare INSERT statement prep_insert = "INSERT INTO donations (accId, amount, credCardNum, cvv, credExpMon, credExpYr) VALUES (%s, %s, %s, %s, %s, %s)" values = (accid, amt, enc_ccnum, enc_cvv, expm, expy) # A tuple should always be used for binding placeholders (%s) cursor.execute(prep_insert, values) else: # Encrypts the Bitcoin address that was entered enc_bitcoin = enc.create_hash(bitcoin, salt) # Prepare INSERT statement prep_insert = ( "INSERT INTO donations (accId, amount, bitcoin) VALUES (%s, %s, %s)" ) # A tuple should always be used for binding placeholders (%s) cursor.execute(prep_insert, (accid, amt, enc_bitcoin)) db.commit() # saves changes insert_votedonate() except mysql.Error as e: errctr += 1 msg = " <p>" + str(e) + "</p>" errmsgs.append(msg)
def insert_donation(): """ Stores the donation that was placed in the Donations table """ global errctr try: accid = find_accid() # gets an ID # Generates a random number of bytes to be used to create a new hash salt = os.urandom(64) if bitcoin == "": # Encrypts the credit card number and CVV that was entered enc_ccnum = enc.create_hash(ccnum, salt) enc_cvv = enc.create_hash(cvv, salt) # Prepare INSERT statement prep_insert = "INSERT INTO donations (accId, amount, credCardNum, cvv, credExpMon, credExpYr) VALUES (%s, %s, %s, %s, %s, %s)" values = (accid, amt, enc_ccnum, enc_cvv, expm, expy) # A tuple should always be used for binding placeholders (%s) cursor.execute(prep_insert, values) else: # Encrypts the Bitcoin address that was entered enc_bitcoin = enc.create_hash(bitcoin, salt) # Prepare INSERT statement prep_insert = ( "INSERT INTO donations (accId, amount, bitcoin) VALUES (%s, %s, %s)" ) # A tuple should always be used for binding placeholders (%s) cursor.execute(prep_insert, (accid, amt, enc_bitcoin)) db.commit() # saves changes except mysql.Error as e: errctr += 1 msg = " <p>" + e + "</p>" errmsgs.append(msg)
def update_psw(uname, psw): """ Updates the user's password in the Accounts table using the prepare statement """ salt = eval(find_salt()) # converts the value returned back to bytes enc_psw = enc.create_hash( psw, salt) # encrypts the new password that was entered # Prepare UPDATE statement prep_update = "UPDATE accounts SET pwd = %s WHERE uname = %s" # A tuple should always be used when binding placeholders (%s) cursor.execute(prep_update, (enc_psw, uname)) db.commit() # saves changes
def update_bitaddr(bitcoin, salt): """ Re-Encrypts the bitcoin address that was entered """ accid = find_accid() # gets an ID # Encrypts the credit card number and the CVV enc_bitcoin = enc.create_hash(bitcoin, salt) # Prepare UPDATE statement prep_update = "UPDATE donations SET bitcoin = %s WHERE accId = %s" # A tuple should always be used when binding placeholders (%s) cursor.execute(prep_update, (enc_bitcoin, accid)) db.commit() # saves changes
def update_psw(uname, psw): """ Updates the user's password in the Accounts table using the prepare statement """ salt = os.urandom(64) # generates a new salt value enc_psw = enc.create_hash( psw, salt) # encrypts the new password that was entered # Prepare UPDATE statement prep_update = "UPDATE accounts SET pwd = %s WHERE uname = %s" # A tuple should always be used when binding placeholders (%s) cursor.execute(prep_update, (enc_psw, uname)) update_salt(salt) db.commit() # saves changes