Пример #1
0
    def do_POST(self):
        global sessionID
        self.headerFinished = False
        self.send_response(200)

        #Parse query
        try:
            ctype, pdict = cgi.parse_header(self.headers.getheader('content-type'))
            if ctype == 'multipart/form-data':
                query = cgi.parse_multipart(self.rfile, pdict)
            else:
                query = None
        except:
            query = None

        #Session Management
        authenticated = False

        #Check password
        if self.path.startswith("/pwd"):
            try:
                pwd = query.get("pwd")[0]
            except:
                pwd = None

            if password.isCorrect(pwd):
                sessionID = urandom(16).encode('base64').strip()
                self.send_header("Set-Cookie", "bitweb_sessionID=\"" + sessionID + "\"; Max-Age=2592000; Version=\"1\"; Secure; Port; HttpOnly")
                authenticated = True
                #Redirect to inbox
                self.path = "/inbox"
                sleep(1) #To slow down brutforce
            else:
                self.send_header('Content-type', 'text/html')
                self.write(password.enterHTML(True))
                sleep(1) #To slow down brutforce
                return

        #Set password
        if self.path.startswith("/setpwd") and not password.isSet():
            try:
                pwd = query["pwd"][0]
                password.set(pwd)
                authenticated = True
            except:
                authenticated = False

        #Check Authentication
        if (not authenticated) and (not self.isAuthenticated()) :
            return

        #End of session management. 
        #The following code should only be executed when the user has passed authentication!

        #Check api
        if not self.initApi():
            return

        #Header for text
        self.send_header('Content-type', 'text/html')
                
        #Handel called URL
        if self.path.startswith("/inbox") or self.path == "/":
            self.write(getPages.inbox())

        elif self.path.startswith("/composer"):
            toAddress = False
            replyTo = False
            try:
                if query.has_key("to"):
                    toAddress = query["to"][0]
                if query.has_key("replyto"):
                    replyTo = query["replyto"][0]
            except:
                pass
                
            self.write(getPages.composeMsg(replyTo, toAddress))

        elif self.path.startswith("/sendmsg"):
            try:
                if query.has_key("to"):
                    toAddress = query["to"][0]
                else:
                    #There is no reciever for broadcast messages
                    toAddress = ""
                fromAddress = query["from"][0]
                subject = query["subject"][0]
                text = query["text"][0]
                if query["broadcast"][0] == "true":
                    broadcast = True
                else:
                    broadcast = False
            except:
                page = HTMLPage()
                page.addLine("<h1>Error while parsing message.")
                page.addLine("Message NOT send!</h1>")
                self.write(page.getPage())
                return

            self.write(getPages.sendMsg(toAddress, fromAddress, subject, text, broadcast))

        elif self.path.startswith("/unsubscribe"):
            try:
                addr = query["addr"][0]
                getPages.unsubscribe(addr)
            except:
                pass

            self.write(getPages.subscriptions())

        elif self.path.startswith("/subscribe"):
            try:
                addr = query["addr"][0]
                label = query["label"][0]
                getPages.subscribe(addr, label)
            except:
                pass

            self.write(getPages.subscriptions())

        elif self.path.startswith("/addaddressbookentry"):
            try:
                addr = query["addr"][0]
                label = query["label"][0]
                getPages.addAddressBookEntry(addr, label)
            except:
                pass

            self.write(getPages.addressBook())

        elif self.path.startswith("/deladdressbookentry"):
            try:
                addr = query["addr"][0]
                getPages.delAddressBookEntry(addr)
            except:
                pass

            self.write(getPages.addressBook())

        elif self.path.startswith("/createchan"):
            try:
                pw = query["pw"][0]
                getPages.createChan(pw)
            except:
                pass
            
            self.write(getPages.chans())

        elif self.path.startswith("/joinchan"):
            try:
                pw = query["pw"][0]
                addr = query["addr"][0]
                getPages.joinChan(pw, addr)
            except:
                pass
            
            self.write(getPages.chans())

        elif self.path.startswith("/leavechan"):
            try:
                addr = query["addr"][0]
                getPages.leaveChan(addr)
            except:
                pass
            
            self.write(getPages.chans())

        elif self.path.startswith("/addrandomaddress"):
            try:
                label = query["label"][0]
                getPages.genRandomAddress(label)
            except:
                pass

            self.write(getPages.identities())

        elif self.path.startswith("/deladdress"):
            try:
                addr = query["addr"][0]
                getPages.delAddress(addr)
            except:
                pass

            self.write(getPages.identities())

        else:
            html = HTMLPage()
            html.addLine("<h1>Page not found!</h1>", False)
            self.write(html.getPage())
Пример #2
0
    def do_GET(self):
        global sessionID
        self.headerFinished = False
        self.send_response(200)

        #return favicon.ico
        if self.path.startswith("/favicon.ico"):
            self.send_header('Content-type', 'image/x-icon')

            try: 
                f = open("favicon.ico", "rb")
                self.write(f.read())
            except:
                pass
            return

        #Parse query
        if '?' in self.path:
            qs = self.path[self.path.find('?')+1:]
            query = cgi.parse_qs(qs, keep_blank_values = True)
        else:
            query = None

        #Check Authentication
        if not self.isAuthenticated():
            return

        #The following code should only be executed when the user has passed authentication!

        #Check api
        if not self.initApi():
            return
                
        #Handel called URL

        #Return requested image
        if self.path.startswith("/getimage"):
            params = self.path.split("-")
            imageHash = params[1].split(".")[0]
            
            ret = getPages.getImage(imageHash)
            if not ret:
                return

            mimeType, image = ret
            
            self.send_header('Content-type', mimeType)
            self.write(image)
            return
        else:
            #Header for text
            self.send_header('Content-type', 'text/html')

        #Return requestet page
        if self.path.startswith("/inbox") or self.path == "/":
            self.write(getPages.inbox())

        elif self.path.startswith("/outbox"):
            self.write(getPages.outbox())

        elif self.path.startswith("/composer"):
            self.write(getPages.composeMsg())

        elif self.path.startswith("/subscriptions"):
            self.write(getPages.subscriptions())

        elif self.path.startswith("/addressbook"):
            self.write(getPages.addressBook())

        elif self.path.startswith("/chans"):
            self.write(getPages.chans())

        elif self.path.startswith("/identities"):
            self.write(getPages.identities())

        elif self.path.startswith("/status"):
            self.write(getPages.connectionStatus())

        elif self.path.startswith("/logout"):
            sessionID = None
            self.write(password.enterHTML())

        elif self.path.startswith("/markread"):
            try:
                msgid = query["msgid"][0]
            except:
                return

            getPages.markRead(msgid)

        elif self.path.startswith("/markunread"):
            try:
                msgid = query["msgid"][0]
            except:
                return

            getPages.markUnread(msgid)

        elif self.path.startswith("/delmsg"):
            try:
                msgid = query["msgid"][0]
            except:
                return

            getPages.delMsg(msgid)

        elif self.path.startswith("/delsentmsg"):
            try:
                msgid = query["msgid"][0]
            except:
                return

            getPages.delSentMsg(msgid)

        else:
            html = HTMLPage()
            html.addLine("<h1>Page not found!</h1>", False)
            self.write(html.getPage())
Пример #3
0
    def do_GET(self):
        global sessionID

        self.send_response(200)
        self.send_header('Content-type', 'text/html')

        authenticated = False

        #Session Management
        if self.path.startswith("/pwd"):
            query = parseQuery(self.path)
            try:
                pwd = query["pwd"][0]
            except:
                pwd = ""

            if password.isCorrect(pwd):
                sessionID = urandom(16).encode('base64').strip()
                self.send_header("Set-Cookie", "sessionID=" + sessionID)
                authenticated = True
                self.path = "/inbox"
                sleep(1) #To slow down brutforce
            else:
                self.wfile.write(password.enterHTML(True))
                sleep(1) #To slow down brutforce
                return


        if self.path.startswith("/setpwd") and not password.isSet():
            query = parseQuery(self.path)
            try:
                pwd = query["pwd"][0]
                password.set(pwd)
                authenticated = True
            except:
                authenticated = False

        if self.path.startswith("/logout"):
            sessionID = None

        if sessionID and not authenticated:
            try:
                cookie = Cookie.SimpleCookie(self.headers.getheader("cookie"))
                if sessionID == cookie['sessionID'].value:
                    authenticated = True
            except:
                authenticated = False

        self.end_headers()

        if not authenticated:
            if password.isSet():
                self.wfile.write(password.enterHTML())
            else:
                self.wfile.write(password.setHTML())
            return

        #End session management. 
        #The following code should only be executed when the user has passed authentication!

        if (not getPages.apiIsInit):
            error = getPages.initApi();

            if (error):
                self.wfile.write(error)
                return
                
        if self.path.startswith("/inbox") or self.path == "/":
            self.wfile.write(getPages.inbox())

        elif self.path.startswith("/outbox"):
            self.wfile.write(getPages.outbox())

        elif self.path.startswith("/composer"):
            query = parseQuery(self.path)
            toAddress = ""
            subject = ""
            text = ""
            try:
                if query.has_key("to"):
                    toAddress = query["to"][0]
                if query.has_key("subject"):
                    subject = query["subject"][0]
                if query.has_key("text"):
                    text = query["text"][0]
            except:
                pass
                
            self.wfile.write(getPages.composeMsg(toAddress, subject, text))

        elif self.path.startswith("/sendmsg"):
            query = parseQuery(self.path)
            
            try:
                toAddress = query["to"][0]
                fromAddress = query["from"][0]
                subject = query["subject"][0]
                text = query["text"][0]
            except:
                page = HTMLPage()
                page.addLine("<h1>Error while parsing message.")
                page.addLine("Message NOT send!</h1>")
                self.wfile.write(page.getPage())
                return

            self.wfile.write(getPages.sendMsg(toAddress, fromAddress, subject, text))

        elif self.path.startswith("/subscriptions"):
            self.wfile.write(getPages.subscriptions())

        elif self.path.startswith("/unsubscribe"):
            query = parseQuery(self.path)

            try:
                addr = query["addr"][0]
                getPages.unsubscribe(addr)
            except:
                pass

            self.wfile.write(getPages.subscriptions())

        elif self.path.startswith("/subscribe"):
            query = parseQuery(self.path)

            try:
                addr = query["addr"][0]
                label = query["label"][0]
                getPages.subscribe(addr, label)
            except:
                pass

            self.wfile.write(getPages.subscriptions())

        elif self.path.startswith("/addressbook"):
            self.wfile.write(getPages.addressBook())

        elif self.path.startswith("/addaddress"):
            query = parseQuery(self.path)

            try:
                addr = query["addr"][0]
                label = query["label"][0]
                getPages.addAddressBookEntry(addr, label)
            except:
                pass

            self.wfile.write(getPages.addressBook())

        elif self.path.startswith("/deladdress"):
            query = parseQuery(self.path)

            try:
                addr = query["addr"][0]
                getPages.delAddressBookEntry(addr)
            except:
                pass

            self.wfile.write(getPages.addressBook())

        elif self.path.startswith("/markread"):
            query = parseQuery(self.path)

            try:
                msgid = query["msgid"][0]
            except:
                return

            getPages.markRead(msgid)

        elif self.path.startswith("/markunread"):
            query = parseQuery(self.path)

            try:
                msgid = query["msgid"][0]
            except:
                return

            getPages.markUnread(msgid)

        elif self.path.startswith("/delmsg"):
            query = parseQuery(self.path)

            try:
                msgid = query["msgid"][0]
            except:
                return

            getPages.delMsg(msgid)

        elif self.path.startswith("/delsentmsg"):
            query = parseQuery(self.path)

            try:
                msgid = query["msgid"][0]
            except:
                return

            getPages.delSentMsg(msgid)

        else:
            html = HTMLPage()
            html.addLine("<h1>404 - Not found</h1>")
            self.wfile.write(html.getPage())