Пример #1
0
def userAdmin(request, userId2):
    WEB_FILES, LIVE_SITE, totalNumberOfGames, sendBackUrl, startOffset, \
    user, userId, message, topHits, topRated = initialVars(request)

    #log(request, 'USERADMINPAGE', 'just landed', sendBackUrl)

    # need to convert to strings otherwise methods are unhappy.
    # (should look into why this is.... TODO)
    userId = str(userId)
    userId2 = str(userId2)

    # set sendBackUrl to their userPage if they logout
    sendBackUrl = "/user/" + userId

    # This will see if the user who's page is queried exists.
    try:
        userAdmin = User.objects.get(id__exact=userId)
    except ObjectDoesNotExist:
        request.session['message'] = "Something is amiss with your session.\
      Please log in again!"

        return HttpResponseRedirect('/')

    if user == None:
        request.session['message'] = "Something is amiss with your session.\
      Please log in again."

        return HttpResponseRedirect('/')
    elif user != userAdmin:
        request.session['message'] = "You aren't allowed on that page!"
        return HttpResponseRedirect('/')
    elif int(userId) != int(userId2):
        # just another paranoid check
        request.session['message'] = "You aren't allowed on that page!"
        return HttpResponseRedirect('/')

    if request.method == 'GET':
        # forms to change password and description
        try:
            userDescription = UserProfile.objects.get(user=user)
        except ObjectDoesNotExist:
            userDescription = None

        passwordForm = ChangePassword(initial={'username': user.username})
        descriptionForm = UserDescription(initial={
            'userId': userId,
            'description': userDescription
        })

    elif request.method == 'POST':
        whichform = request.POST.get('descriptionName', '')

        if whichform:
            # Form is description form
            descriptionForm = UserDescription(request.POST)
            if descriptionForm.is_valid():
                userFromProfile = descriptionForm.cleaned_data['userId']
                description = descriptionForm.cleaned_data['description']

                try:
                    userDescription = UserProfile.objects.get(user=user)
                except ObjectDoesNotExist:
                    userDescription = None

                if userDescription == None:
                    userDescription = UserProfile(user=user,
                                                  description=description)
                else:
                    userDescription.description = description

                userDescription.save()

                #log(request, 'USERADMINPAGE', 'modified description', sendBackUrl)

                message = "The description has been changed. Perhaps to something\
            more meaningful. Perhaps to less. Tough to say."

            else:
                # need to reload to User Admin Page with all variables
                message = "Dude, something went wrong. Why you trying to hack our\
            system?"

                #log(request, 'USERADMINPAGEERROR', 'failed to modify description', sendBackUrl)
                # passwordForm = ChangePassword(initial={'username': user.username})
                # return render_to_response('useradmin.html' , locals())

            passwordForm = ChangePassword(initial={'username': user.username})
            return render_to_response('useradmin.html', locals())

        else:
            # Password form is submitted, POST
            # First reinitialize the description form.
            try:
                userDescription = UserProfile.objects.get(user=user)
            except ObjectDoesNotExist:
                userDescription = None

            descriptionForm = UserDescription(initial={
                'userId': userId,
                'description': userDescription
            })

            passwordForm = ChangePassword(request.POST)
            if passwordForm.is_valid():
                username = passwordForm.cleaned_data['username']
                passwordOld = passwordForm.cleaned_data['passwordOld']
                passwordNew1 = passwordForm.cleaned_data['passwordNew1']
                passwordNew2 = passwordForm.cleaned_data['passwordNew2']
            else:
                # need to reload to User Admin Page with all variables
                #log(request, 'USERADMINPAGEERROR', 'Password Form not valid', sendBackUrl)
                return render_to_response('useradmin.html', locals())

            if passwordNew1 != passwordNew2:
                #log(request, 'USERADMINPAGEERROR', 'Passwords do not match', sendBackUrl)
                message = "Passwords do not match!"
                return render_to_response('useradmin.html', locals())

            try:
                #Check username from hidden field against user.username from session
                if user.username != username:
                    message = "User Names don't match. Something Funny's going on."
                    return render_to_response('useradmin.html', locals())

                # get user again based upon username just to be sure.
                u = User.objects.get(username__exact=username)
                if u:
                    verifyOldPassword = u.check_password(passwordOld)
                    if verifyOldPassword:
                        u.set_password(passwordNew1)
                        u.save()
                        #log(request, 'USERADMINPAGE', 'Successfully Changed passwords', sendBackUrl)
                    else:
                        message = "Old Password did not match!"
                        #log(request, 'USERADMINPAGEERROR', 'Old Password did not match', sendBackUrl)
                        return render_to_response('useradmin.html', locals())

                    request.session[
                        'message'] = "Password has been changed. Now go do something productive!"
                    return HttpResponseRedirect("/useradmin/" + userId)
                    #return render_to_response('useradmin.html' , locals())

                else:  # No user id?!  Just return the user to the home page.
                    return HttpResponseRedirect('/')

            except:
                # TODO log that there was an invalid POST
                #log(request, 'USERADMINPAGEERROR', 'invalid form POST', sendBackUrl)
                return HttpResponseRedirect('/')

    return render_to_response('useradmin.html', locals())
Пример #2
0
def userAdmin(request, userId2):
   WEB_FILES, LIVE_SITE, totalNumberOfGames, sendBackUrl, startOffset, \
   user, userId, message, topHits, topRated = initialVars(request)

   #log(request, 'USERADMINPAGE', 'just landed', sendBackUrl)

   # need to convert to strings otherwise methods are unhappy.
   # (should look into why this is.... TODO)
   userId = str(userId)
   userId2 = str(userId2)

   # set sendBackUrl to their userPage if they logout
   sendBackUrl = "/user/" + userId

   # This will see if the user who's page is queried exists.
   try:
      userAdmin = User.objects.get(id__exact=userId)
   except ObjectDoesNotExist:
      request.session['message'] = "Something is amiss with your session.\
      Please log in again!"
      return HttpResponseRedirect('/')

   if user == None:
      request.session['message'] = "Something is amiss with your session.\
      Please log in again."
      return HttpResponseRedirect('/')
   elif user != userAdmin:
      request.session['message'] = "You aren't allowed on that page!"
      return HttpResponseRedirect('/')
   elif int(userId) != int(userId2):
      # just another paranoid check
      request.session['message'] = "You aren't allowed on that page!"
      return HttpResponseRedirect('/')

   if request.method == 'GET':
      # forms to change password and description
      try:
         userDescription = UserProfile.objects.get(user=user)
      except ObjectDoesNotExist:
         userDescription = None

      passwordForm = ChangePassword(initial={'username': user.username})
      descriptionForm = UserDescription(initial={
      'userId': userId, 
      'description': userDescription
      })

   elif request.method == 'POST':
      whichform = request.POST.get('descriptionName', '')

      if whichform: 
         # Form is description form
         descriptionForm = UserDescription(request.POST)
         if descriptionForm.is_valid():
            userFromProfile = descriptionForm.cleaned_data['userId']
            description = descriptionForm.cleaned_data['description']

            try:
               userDescription = UserProfile.objects.get(user=user)
            except ObjectDoesNotExist:
               userDescription = None

            if userDescription == None:
               userDescription = UserProfile(user=user, description=description)
            else:
               userDescription.description = description

            userDescription.save()

            #log(request, 'USERADMINPAGE', 'modified description', sendBackUrl)

            message = "The description has been changed. Perhaps to something\
            more meaningful. Perhaps to less. Tough to say."
         else:
            # need to reload to User Admin Page with all variables
            message = "Dude, something went wrong. Why you trying to hack our\
            system?"
            #log(request, 'USERADMINPAGEERROR', 'failed to modify description', sendBackUrl)
            # passwordForm = ChangePassword(initial={'username': user.username})
            # return render_to_response('useradmin.html' , locals())

         passwordForm = ChangePassword(initial={'username': user.username})
         return render_to_response('useradmin.html' , locals())

      else:
         # Password form is submitted, POST
         # First reinitialize the description form.
         try:
            userDescription = UserProfile.objects.get(user=user)
         except ObjectDoesNotExist:
            userDescription = None

         descriptionForm = UserDescription(initial={
         'userId': userId, 
         'description': userDescription
         })

         passwordForm = ChangePassword(request.POST)
         if passwordForm.is_valid():
            username = passwordForm.cleaned_data['username']
            passwordOld = passwordForm.cleaned_data['passwordOld']
            passwordNew1 = passwordForm.cleaned_data['passwordNew1']
            passwordNew2 = passwordForm.cleaned_data['passwordNew2']
         else:
            # need to reload to User Admin Page with all variables
            #log(request, 'USERADMINPAGEERROR', 'Password Form not valid', sendBackUrl)
            return render_to_response('useradmin.html' , locals())

         if passwordNew1 != passwordNew2:
            #log(request, 'USERADMINPAGEERROR', 'Passwords do not match', sendBackUrl)
            message = "Passwords do not match!"
            return render_to_response('useradmin.html' , locals())

         try:
            #Check username from hidden field against user.username from session
            if user.username != username:
               message = "User Names don't match. Something Funny's going on."
               return render_to_response('useradmin.html' , locals())

            # get user again based upon username just to be sure.
            u = User.objects.get(username__exact=username)
            if u:
               verifyOldPassword = u.check_password(passwordOld)
               if verifyOldPassword:
                  u.set_password(passwordNew1)
                  u.save()
                  #log(request, 'USERADMINPAGE', 'Successfully Changed passwords', sendBackUrl)
               else:
                  message = "Old Password did not match!"
                  #log(request, 'USERADMINPAGEERROR', 'Old Password did not match', sendBackUrl)
                  return render_to_response('useradmin.html' , locals())

               request.session['message'] = "Password has been changed. Now go do something productive!"
               return HttpResponseRedirect("/useradmin/" + userId)
               #return render_to_response('useradmin.html' , locals())

            else: # No user id?!  Just return the user to the home page.
               return HttpResponseRedirect('/')
         
         except:
            # TODO log that there was an invalid POST
            #log(request, 'USERADMINPAGEERROR', 'invalid form POST', sendBackUrl)
            return HttpResponseRedirect('/')

   return render_to_response('useradmin.html', locals())
Пример #3
0
def register(request):
    WEB_FILES, LIVE_SITE, totalNumberOfGames, sendBackUrl, startOffset, \
    user, userId, message, topHits, topRated = initialVars(request)

    #Need this in the event that they don't process the form and nav to login
    sendBackUrl = '/'

    if request.method == 'GET':
        # Form has no data yet.

        request.session['sendBackUrl'] = request.GET.get('sendBack', '/')

        captchaImageURL, captchaHash = makeCaptchaImage(
            request.META['REMOTE_ADDR'])
        form = RegisterUser(initial={'captchaHash': captchaHash})
        return render_to_response('register.html', locals())
    elif request.method == 'POST':
        # Form has data.
        form = RegisterUser(request.POST)
        if form.is_valid():
            name = form.cleaned_data['name']
            password1 = form.cleaned_data['password1']
            password2 = form.cleaned_data['password2']
            captchaHash = form.cleaned_data['captchaHash']
            captchaEntry = form.cleaned_data['captchaEntry']
            captchaEntry = captchaEntry.lower()
            description = form.cleaned_data['description']

            if password1 != password2:
                captchaImageURL, captchaHash = makeCaptchaImage(
                    request.META['REMOTE_ADDR'])
                form = RegisterUser(initial={
                    'captchaHash': captchaHash,
                    'name': name
                })
                error = 'Passwords do not match. Please re-enter.'

                #log(request, 'REGISTERUSERERROR', name, "Password don\'t match")

                return render_to_response('register.html', locals())

            SALT = flashburrito.settings.SECRET_KEY[:20]
            hashEntry = sha.new(SALT + captchaEntry).hexdigest()

            if captchaHash == hashEntry:
                # User entered valid Captcha code
                User.objects.create_user(name, '', password1)
                user = authenticate(username=name, password=password1)

                if description != "":
                    userProfile = UserProfile(user=user,
                                              description=description)
                    userProfile.save()

                #log(request, 'REGISTERUSER', name, 'Valid Registration')

                login(request, user)
            else:
                # User entered invalid Captcha code
                captchaImageURL, captchaHash = makeCaptchaImage(
                    request.META['REMOTE_ADDR'])
                form = RegisterUser(initial={
                    'captchaHash': captchaHash,
                    'name': name
                })
                error = 'Invalid Captcha Code. Please Enter again.'

                #log(request, 'REGISTERUSERERROR', name, "Invalid Captcha Code")

                return render_to_response('register.html', locals())

        else:
            # Form is not valid
            captchaImageURL, captchaHash = makeCaptchaImage(
                request.META['REMOTE_ADDR'])

            #TODO should parse through form and log exact error
            #log(request, 'REGISTERUSERERROR', "Bad Form", "Other: Form is Not Valid")

            return render_to_response('register.html', locals())

        sendBackUrl = request.session.get('sendBackUrl', '/')
        request.session['sendBackUrl'] = None
        return HttpResponseRedirect(sendBackUrl)
Пример #4
0
def register(request):
   WEB_FILES, LIVE_SITE, totalNumberOfGames, sendBackUrl, startOffset, \
   user, userId, message, topHits, topRated = initialVars(request)

   #Need this in the event that they don't process the form and nav to login
   sendBackUrl = '/'

   if request.method == 'GET':
      # Form has no data yet.

      request.session['sendBackUrl'] = request.GET.get('sendBack', '/')

      captchaImageURL, captchaHash = makeCaptchaImage(
         request.META['REMOTE_ADDR']
      )
      form = RegisterUser(initial={'captchaHash': captchaHash})
      return render_to_response('register.html', locals())
   elif request.method == 'POST':
      # Form has data.
      form = RegisterUser(request.POST)
      if form.is_valid():
         name = form.cleaned_data['name']
         password1 = form.cleaned_data['password1']
         password2 = form.cleaned_data['password2']
         captchaHash = form.cleaned_data['captchaHash']
         captchaEntry = form.cleaned_data['captchaEntry']
         captchaEntry  = captchaEntry.lower()
         description = form.cleaned_data['description']

         if password1 != password2:
            captchaImageURL, captchaHash = makeCaptchaImage(
               request.META['REMOTE_ADDR']
            )
            form = RegisterUser(initial={'captchaHash': captchaHash,
            'name': name})
            error = 'Passwords do not match. Please re-enter.'

            #log(request, 'REGISTERUSERERROR', name, "Password don\'t match")

            return render_to_response('register.html', locals())

         SALT = flashburrito.settings.SECRET_KEY[:20]
         hashEntry = sha.new(SALT+captchaEntry).hexdigest()

         if captchaHash == hashEntry:
            # User entered valid Captcha code
            User.objects.create_user(name, '', password1)
            user = authenticate(username=name, password=password1)
            
            if description != "":
               userProfile = UserProfile(
               user=user,
               description=description
               )
               userProfile.save()

            #log(request, 'REGISTERUSER', name, 'Valid Registration')

            login(request, user)
         else:
            # User entered invalid Captcha code
            captchaImageURL, captchaHash = makeCaptchaImage(
               request.META['REMOTE_ADDR']
            )
            form = RegisterUser(initial={'captchaHash': captchaHash,
            'name': name})
            error = 'Invalid Captcha Code. Please Enter again.'
            
            #log(request, 'REGISTERUSERERROR', name, "Invalid Captcha Code")

            return render_to_response('register.html', locals())

      else:
         # Form is not valid
         captchaImageURL, captchaHash = makeCaptchaImage(
            request.META['REMOTE_ADDR']
         )

         #TODO should parse through form and log exact error
         #log(request, 'REGISTERUSERERROR', "Bad Form", "Other: Form is Not Valid")

         return render_to_response('register.html', locals())

      sendBackUrl = request.session.get('sendBackUrl', '/')
      request.session['sendBackUrl'] = None
      return HttpResponseRedirect(sendBackUrl)