def login_mod(req): check_login(req) login = Login(req.login.id) token = do_create_token(req, "/login") state = None if req.method == "POST": check_token(req, req.form.get("token")) login.bind(req.form, req.cfg.login_rounds) email = login.email if login.email != req.login.email else None state = login.pref(req, email=email) if 0 < state < 64: return generate_page(req, "login/login_mod.html", token=token, item=login, error=state) state = 0 if state is None else state if email: host = "%s (%s)" % (req.remote_host, req.remote_addr) send_verify_email(req, login, req.login.email, host=host, browser=req.user_agent) state |= REQUEST_FOR_EMAIL else: email = None # endif login.get(req) req.login = login return generate_page(req, "login/login_mod.html", token=token, item=login, state=state, email=email)
def login(req): referer = req.args.getfirst("referer", "", str) data = Object(referer=referer, email="") if req.method == "POST": login = Login() login.bind(req.form, req.cfg.login_rounds) ip = "ip" in req.form if login.find(req): do_login(req, login.simple(), ip) if referer: redirect(req, referer) if "admin" in login.rights or "super" in login.rights: redirect(req, "/admin") redirect(req, "/") data.ip = ip data.email = login.email data.error = BAD_LOGIN return generate_page( req, "login.html", data=data, sign_up=req.cfg.login_sign_up, password_link=req.cfg.login_forget_password_link )
def sign_up(req): if req.method == "POST": robot = True if req.form.getfirst("robot", "", str) else False qid = int(req.form.getfirst("qid", "0", str), 16) question, answer = robot_questions[qid] check = req.form.getfirst("answer", "", str) == answer login = Login() login.bind(req.form, req.cfg.login_rounds) if robot or not check: return generate_page( req, "/login/login_mod.html", item=login, question=question, answer=answer, check=check, qid=hex(qid), form=req.form, ) error = login.add(req, True) if error: return generate_page( req, "/login/login_mod.html", item=login, error=error, question=question, answer=answer, check=check, qid=hex(qid), form=req.form, password_link=req.cfg.login_forget_password_link, ) send_login_created(req, login) return generate_page(req, "/login/waiting_for_verification.html", item=login) # endif qid = randint(0, len(robot_questions) - 1) question, answer = robot_questions[qid] return generate_page( req, "/login/login_mod.html", item=Object(), question=question, answer=answer, qid=hex(qid), form=Object() )
def admin_logins_mod(req, id): check_login(req) check_right(req, R_ADMIN) token = do_create_token(req, "/admin/logins/%d" % id) login = Login(id) if req.login.id == login.id: # not good idea to remove raise SERVER_RETURN(state.HTTP_FORBIDDEN) # rights himself done = None if req.method == "POST": check_token(req, req.form.get("token")) login.bind(req.form, req.cfg.login_rounds) done = login.mod(req) if 0 < done < 64: return generate_page(req, "admin/logins_mod.html", token=token, rights=rights, item=login, error=done) # endif # endif if not login.get(req): raise SERVER_RETURN(state.HTTP_NOT_FOUND) return generate_page(req, "admin/logins_mod.html", token=token, rights=rights, item=login, state=done)
def admin_logins_add(req): check_login(req) check_right(req, R_ADMIN) token = do_create_token(req, "/admin/logins/add") if req.method == "POST": check_token(req, req.form.get("token")) login = Login() login.bind(req.form, req.cfg.login_rounds) if not req.cfg.login_created_verify_link: login.enabled = 1 login.rights = ["user"] error = login.add(req) if error: return generate_page(req, "admin/logins_mod.html", token=token, rights=rights, item=login, error=error) if req.cfg.login_created_verify_link: send_login_created(req, login) redirect(req, "/admin/logins/%d" % login.id) # endif return generate_page(req, "admin/logins_mod.html", token=token, rights=rights)