Пример #1
0
def crop(request, upload=False):
    if upload and (not request.user.avatar_temp or not 'upload' in settings.avatars_types):
        return error404(request)

    if not upload and request.user.avatar_type != 'upload':
        messages.error(request, _("Crop Avatar option is avaiable only when you use uploaded image as your avatar."), 'usercp_avatar')
        return redirect(reverse('usercp_avatar'))

    message = request.messages.get_message('usercp_avatar')
    if request.method == 'POST':
        if request.csrf.request_secure(request):
            try:
                image_path = settings.MEDIA_ROOT + 'avatars/'
                if upload:
                    source = Image.open(image_path + request.user.avatar_temp)
                else:
                    source = Image.open(image_path + request.user.avatar_original)
                width, height = source.size

                aspect = float(width) / float(request.POST['crop_b'])
                crop_x = int(aspect * float(request.POST['crop_x']))
                crop_y = int(aspect * float(request.POST['crop_y']))
                crop_w = int(aspect * float(request.POST['crop_w']))
                crop = source.crop((crop_x, crop_y, crop_x + crop_w, crop_y + crop_w))

                if upload:
                    image_name, image_extension = path(request.user.avatar_temp).splitext()
                else:
                    image_name, image_extension = path(request.user.avatar_original).splitext()
                image_name = '%s_%s%s' % (request.user.pk, random_string(8), image_extension)
                resizeimage(crop, settings.AVATAR_SIZES[0], image_path + image_name, info=source.info, format=source.format)
                for size in settings.AVATAR_SIZES[1:]:
                    resizeimage(crop, size, image_path + str(size) + '_' + image_name, info=source.info, format=source.format)

                request.user.delete_avatar_image()
                if upload:
                    request.user.delete_avatar_original()
                    request.user.avatar_type = 'upload'
                    request.user.avatar_original = '%s_org_%s%s' % (request.user.pk, random_string(8), image_extension)
                    source.save(image_path + request.user.avatar_original)
                request.user.delete_avatar_temp()
                request.user.avatar_image = image_name
                request.user.avatar_crop = [str(float(request.POST[x])) for x in ('crop_x', 'crop_y', 'crop_w')]
                request.user.save(force_update=True)
                messages.success(request, _("Your avatar has been cropped."), 'usercp_avatar')
                return redirect(reverse('usercp_avatar'))
            except Exception:
                message = Message(_("Form contains errors."), messages.ERROR)
        else:
            message = Message(_("Request authorisation is invalid."), messages.ERROR)


    return render_to_response('usercp/avatar_crop.html',
                              context_instance=RequestContext(request, {
                                  'message': message,
                                  'after_upload': upload,
                                  'avatar_size': settings.AVATAR_SIZES[0],
                                  'avatar_crop': request.user.avatar_crop if not upload else None,
                                  'source': 'avatars/%s' % (request.user.avatar_temp if upload else request.user.avatar_original),
                                  'tab': 'avatar'}));
Пример #2
0
    def action_reset(self, items, checked):
        # First loop - check for errors
        for user in items:
            if user.pk in checked:
                if user.is_protected() and not self.request.user.is_god():
                    return Message(
                        _('You cannot reset protected members passwords.'),
                        'error'), reverse('admin_users')

        # Second loop - reset passwords
        for user in items:
            if user.pk in checked:
                new_password = random_string(8)
                user.set_password(new_password)
                user.save(force_update=True)
                user.email_user(
                    self.request,
                    'users/password/new_admin',
                    _("Your New Password"),
                    {
                        'password': new_password,
                    },
                )

        return Message(
            _('Selected users passwords have been reset successfully.'),
            'success'), reverse('admin_users')
Пример #3
0
def credentials(request):
    message = request.messages.get_message('usercp_credentials')
    if request.method == 'POST':
        form = CredentialsChangeForm(request.POST, request=request)
        if form.is_valid():
            token = random_string(12)
            request.user.email_user(
                                    request,
                                    'users/new_credentials',
                                    _("Activate new Sign-In Credentials"),
                                    {'token': token}
                                    )
            request.session['new_credentials'] = {
                                                  'token': token,
                                                  'email_hash': request.user.email_hash,
                                                  'new_email': form.cleaned_data['new_email'],
                                                  'new_password': form.cleaned_data['new_password'],
                                                  }
            if form.cleaned_data['new_email']:
                request.user.email = form.cleaned_data['new_email']
                request.messages.set_flash(Message(_("We have sent e-mail message to your new e-mail address with link you have to click to confirm change of your sign-in credentials. This link will be valid only for duration of this session, do not sign out until you confirm change!")), 'success', 'usercp_credentials')
            else:
                request.messages.set_flash(Message(_("We have sent e-mail message to your e-mail address with link you have to click to confirm change of your sign-in credentials. This link will be valid only for duration of this session, do not sign out until you confirm change!")), 'success', 'usercp_credentials')
            return redirect(reverse('usercp_credentials'))
        message = Message(form.non_field_errors()[0], 'error')
    else:
        form = CredentialsChangeForm(request=request)

    return request.theme.render_to_response('usercp/credentials.html',
                                            context_instance=RequestContext(request, {
                                             'message': message,
                                             'form': FormLayout(form),
                                             'tab': 'credentials',
                                             }));
Пример #4
0
def form(request):
    message = None

    if request.method == 'POST':
        form = UserResetPasswordForm(request.POST, request=request)

        if form.is_valid():
            user = form.found_user
            user_ban = Ban.objects.check_ban(username=user.username, email=user.email)

            if user_ban:
                return error_banned(request, user, user_ban)
            elif user.activation != User.ACTIVATION_NONE:
                return redirect_message(request, messages.INFO, _("%(username)s, your account has to be activated in order for you to be able to request new password.") % {'username': user.username})

            user.token = random_string(12)
            user.save(force_update=True)
            user.email_user(
                            request,
                            'users/password/confirm',
                            _("Confirm New Password Request")
                            )

            return redirect_message(request, messages.INFO, _("%(username)s, new password request confirmation has been sent to %(email)s.") % {'username': user.username, 'email': user.email})
        else:
            message = Message(form.non_field_errors()[0], messages.ERROR)
    else:
        form = UserResetPasswordForm(request=request)
    return render_to_response('reset_password.html',
                              {
                              'message': message,
                              'form': form,
                              },
                              context_instance=RequestContext(request));
Пример #5
0
def reset(request, username="", user="******", token=""):
    user = int(user)
    try:
        user = User.objects.get(pk=user)
        user_ban = Ban.objects.check_ban(username=user.username, email=user.email)

        if user_ban:
            return error_banned(request, user, user_ban)

        if user.activation != User.ACTIVATION_NONE:
            return redirect_message(request, messages.INFO, _("%(username)s, your account has to be activated in order for you to be able to request new password.") % {'username': user.username})

        if not token or not user.token or user.token != token:
            return redirect_message(request, messages.ERROR, _("%(username)s, request confirmation link is invalid. Please request new confirmation link.") % {'username': user.username})

        new_password = random_string(6)
        user.token = None
        user.set_password(new_password)
        user.save(force_update=True)

        # Logout signed in and kill remember me tokens
        Session.objects.filter(user=user).update(user=None)
        Token.objects.filter(user=user).delete()

        # Set flash and mail new password
        user.email_user(
                        request,
                        'users/password/new',
                        _("Your New Password"),
                        {'password': new_password}
                        )

        return redirect_message(request, messages.SUCCESS, _("%(username)s, your password has been changed with new one that was sent to %(email)s.") % {'username': user.username, 'email': user.email})
    except User.DoesNotExist:
        return error404(request)
Пример #6
0
    def create_user(self, username, email, password, timezone=False, ip='127.0.0.1', agent='', no_roles=False, activation=0, request=False):
        token = ''
        if activation > 0:
            token = random_string(12)

        timezone = timezone or settings.default_timezone

        # Get first rank
        try:
            from misago.models import Rank
            default_rank = Rank.objects.filter(special=0).order_by('-order')[0]
        except IndexError:
            default_rank = None

        # Store user in database
        new_user = User(
                        last_sync=tz_util.now(),
                        join_date=tz_util.now(),
                        join_ip=ip,
                        join_agent=agent,
                        activation=activation,
                        token=token,
                        timezone=timezone,
                        rank=default_rank,
                        subscribe_start=settings.subscribe_start,
                        subscribe_reply=settings.subscribe_reply,
                        )

        validate_username(username)
        validate_password(password)
        new_user.set_username(username)
        new_user.set_email(email)
        new_user.set_password(password)
        new_user.full_clean()
        new_user.default_avatar()
        new_user.save(force_insert=True)

        # Set user roles?
        if not no_roles:
            from misago.models import Role
            new_user.roles.add(Role.objects.get(_special='registered'))
            new_user.make_acl_key()
            new_user.save(force_update=True)

        # Update forum stats
        with UpdatingMonitor() as cm:
            if activation == 0:
                monitor.increase('users')
                monitor['last_user'] = new_user.pk
                monitor['last_user_name'] = new_user.username
                monitor['last_user_slug'] = new_user.username_slug
            else:
                monitor.increase('users_inactive')

        # Return new user
        return new_user
Пример #7
0
    def create_user(self, username, email, password, timezone=False, ip='127.0.0.1', agent='', no_roles=False, activation=0, request=False):
        token = ''
        if activation > 0:
            token = random_string(12)

        timezone = timezone or settings.default_timezone

        # Get first rank
        try:
            from misago.models import Rank
            default_rank = Rank.objects.filter(special=0).order_by('-order')[0]
        except IndexError:
            default_rank = None

        # Store user in database
        new_user = User(
                        last_sync=tz_util.now(),
                        join_date=tz_util.now(),
                        join_ip=ip,
                        join_agent=agent,
                        activation=activation,
                        token=token,
                        timezone=timezone,
                        rank=default_rank,
                        subscribe_start=settings.subscribe_start,
                        subscribe_reply=settings.subscribe_reply,
                        )

        validate_username(username)
        validate_password(password)
        new_user.set_username(username)
        new_user.set_email(email)
        new_user.set_password(password)
        new_user.full_clean()
        new_user.default_avatar()
        new_user.save(force_insert=True)

        # Set user roles?
        if not no_roles:
            from misago.models import Role
            new_user.roles.add(Role.objects.get(_special='registered'))
            new_user.make_acl_key()
            new_user.save(force_update=True)

        # Update forum stats
        with UpdatingMonitor() as cm:
            if activation == 0:
                monitor.increase('users')
                monitor['last_user'] = new_user.pk
                monitor['last_user_name'] = new_user.username
                monitor['last_user_slug'] = new_user.username_slug
            else:
                monitor.increase('users_inactive')

        # Return new user
        return new_user
Пример #8
0
    def process_request(self, request):
        if request.user.is_crawler():
            return None

        if 'csrf_token' in request.session:
            csrf_token = request.session['csrf_token']
        else:
            csrf_token = random_string(16)
            request.session['csrf_token'] = csrf_token

        request.csrf = CSRFProtection(csrf_token)
Пример #9
0
    def process_request(self, request):
        if request.user.is_crawler():
            return None

        if 'csrf_token' in request.session:
            csrf_token = request.session['csrf_token']
        else:
            csrf_token = random_string(16);
            request.session['csrf_token'] = csrf_token
        
        request.csrf = CSRFProtection(csrf_token)
Пример #10
0
def reset(request, username="", user="******", token=""):
    user = int(user)
    try:
        user = User.objects.get(pk=user)
        user_ban = Ban.objects.check_ban(username=user.username,
                                         email=user.email)

        if user_ban:
            return error_banned(request, user, user_ban)

        if user.activation != User.ACTIVATION_NONE:
            return redirect_message(
                request,
                Message(
                    _("%(username)s, your account has to be activated in order for you to be able to request new password."
                      ) % {'username': user.username}), 'info')

        if not token or not user.token or user.token != token:
            return redirect_message(
                request,
                Message(
                    _("%(username)s, request confirmation link is invalid. Please request new confirmation link."
                      ) % {'username': user.username}), 'error')

        new_password = random_string(6)
        user.token = None
        user.set_password(new_password)
        user.save(force_update=True)

        # Logout signed in and kill remember me tokens
        Session.objects.filter(user=user).update(user=None)
        Token.objects.filter(user=user).delete()

        # Set flash and mail new password
        user.email_user(request, 'users/password/new', _("Your New Password"),
                        {'password': new_password})

        return redirect_message(
            request,
            Message(
                _("%(username)s, your password has been changed with new one that was sent to %(email)s."
                  ) % {
                      'username': user.username,
                      'email': user.email
                  }), 'success')
    except User.DoesNotExist:
        return error404(request)
Пример #11
0
def post_markdown(text):
    md = markdown.Markdown(safe_mode='escape',
                           output_format=settings.OUTPUT_FORMAT,
                           extensions=['nl2br', 'fenced_code'])

    remove_unsupported(md)
    md.mi_token = random_string(16)
    for extension in settings.MARKDOWN_EXTENSIONS:
        module = '.'.join(extension.split('.')[:-1])
        extension = extension.split('.')[-1]
        module = import_module(module)
        attr = getattr(module, extension)
        ext = attr()
        ext.extendMarkdown(md)
    text = md.convert(text)
    md, text = tidy_markdown(md, text)
    return md, text
Пример #12
0
def post_markdown(request, text):
    md = markdown.Markdown(
                           safe_mode='escape',
                           output_format=settings.OUTPUT_FORMAT,
                           extensions=['nl2br', 'fenced_code'])

    remove_unsupported(md)
    md.mi_token = random_string(16)
    for extension in settings.MARKDOWN_EXTENSIONS:
        module = '.'.join(extension.split('.')[:-1])
        extension = extension.split('.')[-1]
        module = import_module(module)
        attr = getattr(module, extension)
        ext = attr()
        ext.extendMarkdown(md)
    text = md.convert(text)
    return tidy_markdown(md, text)
Пример #13
0
def form(request):
    message = None

    if request.method == 'POST':
        form = UserResetPasswordForm(request.POST, request=request)

        if form.is_valid():
            user = form.found_user
            user_ban = Ban.objects.check_ban(username=user.username,
                                             email=user.email)

            if user_ban:
                return error_banned(request, user, user_ban)
            elif user.activation != User.ACTIVATION_NONE:
                return redirect_message(
                    request,
                    Message(
                        _("%(username)s, your account has to be activated in order for you to be able to request new password."
                          ) % {'username': user.username}), 'info')

            user.token = random_string(12)
            user.save(force_update=True)
            user.email_user(request, 'users/password/confirm',
                            _("Confirm New Password Request"))

            return redirect_message(
                request,
                Message(
                    _("%(username)s, new password request confirmation has been sent to %(email)s."
                      ) % {
                          'username': user.username,
                          'email': user.email
                      }), 'info')
        else:
            message = Message(form.non_field_errors()[0], 'error')
    else:
        form = UserResetPasswordForm(request=request)
    return request.theme.render_to_response(
        'reset_password.html', {
            'message': message,
            'form': FormLayout(form),
        },
        context_instance=RequestContext(request))
Пример #14
0
    def action_deactivate(self, items, checked):
        # First loop - check for errors
        for user in items:
            if user.pk in checked:
                if user.is_protected() and not self.request.user.is_god():
                    return Message(_('You cannot force validation of protected members e-mails.'), messages.ERROR), reverse('admin_users')

        # Second loop - reset passwords
        for user in items:
            if user.pk in checked:
                user.activation = user.ACTIVATION_USER
                user.token = token = random_string(12)
                user.save(force_update=True)
                user.email_user(
                                self.request,
                                'users/activation/invalidated',
                                _("Account Activation"),
                                )

        return Message(_('Selected users accounts have been deactivated and new activation links have been sent to them.'), messages.SUCCESS), reverse('admin_users')
Пример #15
0
    def action_deactivate(self, items, checked):
        # First loop - check for errors
        for user in items:
            if user.pk in checked:
                if user.is_protected() and not self.request.user.is_god():
                    return Message(_('You cannot force validation of protected members e-mails.'), messages.ERROR), reverse('admin_users')

        # Second loop - reset passwords
        for user in items:
            if user.pk in checked:
                user.activation = user.ACTIVATION_USER
                user.token = token = random_string(12)
                user.save(force_update=True)
                user.email_user(
                                self.request,
                                'users/activation/invalidated',
                                _("Account Activation"),
                                )

        return Message(_('Selected users accounts have been deactivated and new activation links have been sent to them.'), messages.SUCCESS), reverse('admin_users')
Пример #16
0
def credentials(request):
    message = request.messages.get_message("usercp_credentials")
    if request.method == "POST":
        form = CredentialsChangeForm(request.POST, request=request)
        if form.is_valid():
            token = random_string(12)
            request.user.email_user(
                request, "users/new_credentials", _("Activate new Sign-In Credentials"), {"token": token}
            )
            request.session["new_credentials"] = {
                "token": token,
                "email_hash": request.user.email_hash,
                "new_email": form.cleaned_data["new_email"],
                "new_password": form.cleaned_data["new_password"],
            }
            if form.cleaned_data["new_email"]:
                request.user.email = form.cleaned_data["new_email"]
                messages.success(
                    request,
                    _(
                        "We have sent e-mail message to your new e-mail address with link you have to click to confirm change of your sign-in credentials. This link will be valid only for duration of this session, do not sign out until you confirm change!"
                    ),
                    "usercp_credentials",
                )
            else:
                messages.success(
                    request,
                    _(
                        "We have sent e-mail message to your e-mail address with link you have to click to confirm change of your sign-in credentials. This link will be valid only for duration of this session, do not sign out until you confirm change!"
                    ),
                    "usercp_credentials",
                )
            return redirect(reverse("usercp_credentials"))
        message = Message(form.non_field_errors()[0], messages.ERROR)
    else:
        form = CredentialsChangeForm(request=request)

    return render_to_response(
        "usercp/credentials.html",
        context_instance=RequestContext(request, {"message": message, "form": form, "tab": "credentials"}),
    )
Пример #17
0
def credentials(request):
    message = request.messages.get_message('usercp_credentials')
    if request.method == 'POST':
        form = CredentialsChangeForm(request.POST, request=request)
        if form.is_valid():
            token = random_string(12)
            request.user.email_user(request, 'users/new_credentials',
                                    _("Activate new Sign-In Credentials"),
                                    {'token': token})
            request.session['new_credentials'] = {
                'token': token,
                'email_hash': request.user.email_hash,
                'new_email': form.cleaned_data['new_email'],
                'new_password': form.cleaned_data['new_password'],
            }
            if form.cleaned_data['new_email']:
                request.user.email = form.cleaned_data['new_email']
                request.messages.set_flash(
                    Message(
                        _("We have sent e-mail message to your new e-mail address with link you have to click to confirm change of your sign-in credentials. This link will be valid only for duration of this session, do not sign out until you confirm change!"
                          )), 'success', 'usercp_credentials')
            else:
                request.messages.set_flash(
                    Message(
                        _("We have sent e-mail message to your e-mail address with link you have to click to confirm change of your sign-in credentials. This link will be valid only for duration of this session, do not sign out until you confirm change!"
                          )), 'success', 'usercp_credentials')
            return redirect(reverse('usercp_credentials'))
        message = Message(form.non_field_errors()[0], 'error')
    else:
        form = CredentialsChangeForm(request=request)

    return request.theme.render_to_response('usercp/credentials.html',
                                            context_instance=RequestContext(
                                                request, {
                                                    'message': message,
                                                    'form': FormLayout(form),
                                                    'tab': 'credentials',
                                                }))
Пример #18
0
    def action_reset(self, items, checked):
        # First loop - check for errors
        for user in items:
            if user.pk in checked:
                if user.is_protected() and not self.request.user.is_god():
                    return Message(_('You cannot reset protected members passwords.'), messages.ERROR), reverse('admin_users')

        # Second loop - reset passwords
        for user in items:
            if user.pk in checked:
                new_password = random_string(8)
                user.set_password(new_password)
                user.save(force_update=True)
                user.email_user(
                                self.request,
                                'users/password/new_admin',
                                _("Your New Password"),
                                {
                                 'password': new_password,
                                 },
                                )

        return Message(_('Selected users passwords have been reset successfully.'), messages.SUCCESS), reverse('admin_users')
Пример #19
0
def signin(request):
    message = request.messages.get_message('security')
    bad_password = False
    not_active = False
    banned_account = False

    if request.method == 'POST':
        form = SignInForm(
                          request.POST,
                          show_remember_me=not request.firewall.admin and settings.remember_me_allow,
                          request=request
                          )

        if form.is_valid():
            try:
                # Configure correct auth and redirect links
                if request.firewall.admin:
                    auth_method = auth_admin
                    success_redirect = reverse(site.get_admin_index())
                else:
                    auth_method = auth_forum
                    success_redirect = reverse('index')

                # Authenticate user
                user = auth_method(
                                  request,
                                  form.cleaned_data['user_email'],
                                  form.cleaned_data['user_password'],
                                  )

                sign_user_in(request, user)
                remember_me_token = False

                if not request.firewall.admin and settings.remember_me_allow and form.cleaned_data['user_remember_me']:
                    remember_me_token = random_string(42)
                    remember_me = Token(
                                        id=remember_me_token,
                                        user=user,
                                        created=timezone.now(),
                                        accessed=timezone.now(),
                                        )
                    remember_me.save()
                if remember_me_token:
                    request.cookiejar.set('TOKEN', remember_me_token, True)
                messages.success(request, _("Welcome back, %(username)s!") % {'username': user.username}, 'security')
                return redirect(success_redirect)
            except AuthException as e:
                message = Message(e.error, messages.ERROR)
                bad_password = e.password
                banned_account = e.ban
                not_active = e.activation

                # If not in Admin, register failed attempt
                if not request.firewall.admin and e.type == auth.CREDENTIALS:
                    SignInAttempt.objects.register_attempt(request.session.get_ip(request))

                    # Have we jammed our account?
                    if SignInAttempt.objects.is_jammed(request.session.get_ip(request)):
                        request.jam.expires = timezone.now()
                        return redirect(reverse('sign_in'))
        else:
            message = Message(form.non_field_errors()[0], messages.ERROR)
    else:
        form = SignInForm(
                          show_remember_me=not request.firewall.admin and settings.remember_me_allow,
                          request=request
                          )
    return render_to_response('signin.html',
                              {
                              'message': message,
                              'bad_password': bad_password,
                              'banned_account': banned_account,
                              'not_active': not_active,
                              'form': form,
                              'hide_signin': True,
                              },
                              context_instance=RequestContext(request));
Пример #20
0
def upload(request):
    if not 'upload' in request.settings.avatars_types:
        return error404(request)
    message = request.messages.get_message('usercp_avatar')
    if request.method == 'POST':
        form = UploadAvatarForm(request.POST, request.FILES, request=request)
        if form.is_valid():
            request.user.delete_avatar_temp()
            image = form.cleaned_data['avatar_upload']
            image_name, image_extension = path(smart_str(image.name.lower())).splitext()
            image_name = '%s_tmp_%s%s' % (request.user.pk, random_string(8), image_extension)
            image_path = settings.MEDIA_ROOT + 'avatars/' + image_name
            request.user.avatar_temp = image_name

            with open(image_path, 'wb+') as destination:
                for chunk in image.chunks():
                    destination.write(chunk)
            request.user.save()
            try:
                if is_zipfile(image_path):
                    # Composite file upload
                    raise ValidationError()                 
                image = Image.open(image_path)
                if not image.format in ['GIF', 'PNG', 'JPEG']:
                    raise ValidationError()
                image.seek(0)
                image.save(image_path)
                if request.POST.get('js_check'):
                    return redirect(reverse('usercp_avatar_upload_crop'))
                # Redirect to crop page didnt happen, handle avatar with old school hollywood way
                image_path = settings.MEDIA_ROOT + 'avatars/'
                source = Image.open(image_path + request.user.avatar_temp)
                image_name, image_extension = path(request.user.avatar_temp).splitext()
                image_name = '%s_%s%s' % (request.user.pk, random_string(8), image_extension)
                resizeimage(source, settings.AVATAR_SIZES[0], image_path + image_name, info=source.info, format=source.format)
                for size in settings.AVATAR_SIZES[1:]:
                    resizeimage(source, size, image_path + str(size) + '_' + image_name, info=source.info, format=source.format)
                # Update user model one more time
                request.user.delete_avatar_image()
                request.user.delete_avatar_original()
                request.user.avatar_type = 'upload'
                request.user.avatar_original = '%s_org_%s%s' % (request.user.pk, random_string(8), image_extension)
                source.save(image_path + request.user.avatar_original)
                request.user.delete_avatar_temp()
                request.user.avatar_image = image_name
                request.user.save(force_update=True)
                # Set message and adios!
                request.messages.set_flash(Message(_("Your avatar has changed.")), 'success', 'usercp_avatar')
                return redirect(reverse('usercp_avatar'))
            except ValidationError:
                request.user.delete_avatar()
                request.user.default_avatar(request.settings)
                message = Message(_("Only gif, jpeg and png files are allowed for member avatars."), 'error')
        else:
            message = Message(form.non_field_errors()[0], 'error')
    else:
        form = UploadAvatarForm(request=request)

    return request.theme.render_to_response('usercp/avatar_upload.html',
                                            context_instance=RequestContext(request, {
                                             'message': message,
                                             'form': FormLayout(form),
                                             'tab': 'avatar',
                                             }));
Пример #21
0
 def generate_token(self):
     self.token = random_string(32)
Пример #22
0
 def _get_new_session_key(self):
     return random_string(42)
Пример #23
0
    def create_user(self, username, email, password, timezone=False, ip='127.0.0.1', agent='', no_roles=False, activation=0, request=False):
        token = ''
        if activation > 0:
            token = random_string(12)

        try:
            db_settings = request.settings
        except AttributeError:
            from misago.dbsettings import DBSettings
            db_settings = DBSettings()

        if timezone == False:
            timezone = db_settings['default_timezone']

        # Get first rank
        try:
            from misago.models import Rank
            default_rank = Rank.objects.filter(special=0).order_by('order')[0]
        except IndexError:
            default_rank = None

        # Store user in database
        new_user = User(
                        last_sync=tz_util.now(),
                        join_date=tz_util.now(),
                        join_ip=ip,
                        join_agent=agent,
                        activation=activation,
                        token=token,
                        timezone=timezone,
                        rank=default_rank,
                        subscribe_start=db_settings['subscribe_start'],
                        subscribe_reply=db_settings['subscribe_reply'],
                        )

        validate_username(username, db_settings)
        validate_password(password, db_settings)
        new_user.set_username(username)
        new_user.set_email(email)
        new_user.set_password(password)
        new_user.full_clean()
        new_user.default_avatar(db_settings)
        new_user.save(force_insert=True)

        # Set user roles?
        if not no_roles:
            from misago.models import Role
            new_user.roles.add(Role.objects.get(_special='registered'))
            new_user.make_acl_key()
            new_user.save(force_update=True)

        # Load monitor
        try:
            monitor = request.monitor
        except AttributeError:
            from misago.monitor import Monitor
            monitor = Monitor()

        # Update forum stats
        if activation == 0:
            monitor['users'] = int(monitor['users']) + 1
            monitor['last_user'] = new_user.pk
            monitor['last_user_name'] = new_user.username
            monitor['last_user_slug'] = new_user.username_slug
        else:
            monitor['users_inactive'] = int(monitor['users_inactive']) + 1

        # Return new user
        return new_user