def update_to_hash():
cur_ver = funct.check_ver()
cur_ver = cur_ver.replace('.', '')
i = 1
ver = ''
for l in cur_ver:
ver += l
i += 1
if len(ver) < 4:
ver += '00'
if ver <= '3490':
con, cur = get_cur()
sql = """select id, password from user """
try:
cur.execute(sql)
except sqltool.Error as e:
out_error(e)
else:
for u in cur.fetchall():
sql = """ update user set password = '******' where id = '%s' """ % (
funct.get_hash(u[1]), u[0])
try:
cur.execute(sql)
con.commit()
except sqltool.Error as e:
if kwargs.get('silent') != 1:
print("An error occurred:", e)
def get_token():
try:
body = request.body.getvalue().decode('utf-8')
login_pass = json.loads(body)
login = login_pass['login']
password_from_user = login_pass['password']
except Exception as e:
return 'error getting credentials: '+str(e)
try:
group_name = login_pass['group']
group_id = sql.get_group_id_by_name(group_name)
except Exception as e:
return 'error getting group: '+str(e)
try:
users = sql.select_users(user=login)
password = funct.get_hash(password_from_user)
except Exception as e:
return 'error one more: '+str(e)
for user in users:
if user.activeuser == 0:
return False
if login in user.username and password == user.password:
import uuid
user_token = str(uuid.uuid4())
sql.write_api_token(user_token, group_id, user.role, user.username)
return user_token
else:
return False
def update_user_password(password, id): con, cur = get_cur() sql = """update user set password = '******' where id = '%s'""" % (funct.get_hash(password), id) try: cur.execute(sql) con.commit() except sqltool.Error as e: out_error(e) con.rollback() return False else: return True cur.close() con.close()
def check_login():
try:
login = request.headers.get('login')
password_from_user = request.headers.get('password')
USERS = sql.select_users(user=login)
password = funct.get_hash(password_from_user)
except:
return False
for users in USERS:
if users[7] == 0:
return False
if login in users[1] and password == users[3]:
return True
else:
return False
def update_user(user, email, password, role, group, id, activeuser): con, cur = create_db.get_cur() sql = """update user set username = '******', email = '%s', password = '******', role = '%s', groups = '%s', activeuser = '******' where id = '%s'""" % (user, email, funct.get_hash(password), role, group, activeuser, id) try: cur.execute(sql) con.commit() except sqltool.Error as e: out_error(e) con.rollback() return False else: return True cur.close() con.close()
def update_to_hash():
cur_ver = funct.check_ver()
cur_ver = cur_ver.replace('.', '')
i = 1
ver = ''
for l in cur_ver:
ver += l
if i == 4:
break
i += 1
if ver >= '3490' and check_hash():
con, cur = get_cur()
sql = """select id, password from user """
try:
cur.execute(sql)
except sqltool.Error as e:
out_error(e)
else:
for u in cur.fetchall():
sql = """ update user set password = '******' where id = '%s' """ % (
funct.get_hash(u[1]), u[0])
try:
cur.execute(sql)
con.commit()
except sqltool.Error as e:
if kwargs.get('silent') != 1:
print("An error occurred:", e)
con, cur = get_cur()
sql = """
ALTER TABLE `version` ADD COLUMN hash INTEGER NOT NULL DEFAULT 1;
"""
try:
cur.execute(sql)
con.commit()
except sqltool.Error as e:
if kwargs.get('silent') != 1:
print("An error occurred:", e)
cur.close()
con.close()
print('<meta http-equiv="refresh" content="0; url=/app/login.py">')
sys.exit()
if login is not None and password is not None:
USERS = sql.select_users(user=login)
for users in USERS:
if users[7] == 0:
print("Content-type: text/html\n")
print('Your login is disabled')
sys.exit()
if users[6] == 1:
if login in users[1]:
check_in_ldap(login, password)
else:
passwordHashed = funct.get_hash(password)
if login in users[1] and passwordHashed == users[3]:
send_cookie(login)
break
else:
ban()
sys.exit()
else:
ban()
sys.exit()
print("Content-type: text/html\n")
if login is None:
print("Content-type: text/html\n")
if create_db.check_db():
if create_db.create_table():
def add_user(user, email, password, role, group, activeuser):
con, cur = create_db.get_cur()
if password != 'aduser':
sql = """INSERT INTO user (username, email, password, role, groups, activeuser) VALUES ('%s', '%s', '%s', '%s', '%s', '%s')""" % (user, email, funct.get_hash(password), role, group, activeuser)
else:
sql = """INSERT INTO user (username, email, role, groups, ldap_user, activeuser) VALUES ('%s', '%s', '%s', '%s', '1', '%s')""" % (user, email, role, group, activeuser)
try:
cur.execute(sql)
con.commit()
except sqltool.Error as e:
out_error(e)
con.rollback()
return False
else:
return True
cur.close()
con.close()
if form.getvalue('logout'):
try:
sql.delete_uuid(user_id.value)
except:
pass
print("Set-cookie: uuid=; expires=Wed May 18 03:33:20 2003; path=/app/; httponly")
print("Content-type: text/html\n")
print('<meta http-equiv="refresh" content="0; url=/app/login.py">')
sys.exit()
if login is not None and password is not None:
USERS = sql.select_users(user=login)
password = funct.get_hash(password)
for users in USERS:
if users[7] == 0:
print("Content-type: text/html\n")
print('<center><div class="alert alert-danger">Your login is disabled</div><br /><br />')
sys.exit()
if users[6] == 1:
if login in users[1]:
check_in_ldap(login, password)
else:
if login in users[1] and password == users[3]:
send_cookie(login)
break
else:
ban()
