def index():
user_id = session.get("user_id")
if user_id:
username = model.get_username(user_id)
return "User %s is logged in!"%username
else:
return render_template("index.html")
def POST(self):
if web.ctx.session.get('loggedin',0) == 1:
userid = web.ctx.session.get('userid',-1)
superuser = is_superuser(userid)
username = get_username(userid)
request = web.input()
old_password = request.old_password
new_password = request.new_password
new_password_confirm = request.new_password_confirm
if new_password != new_password_confirm:
msg = "Password doesn't match the confirmation"
error = True
elif len(new_password) < 6:
msg = "Password too short"
error = True
else:
user = User(username=username, password=old_password)
if user.is_authenticated() == True:
user.set_passwd(new_password)
user.save(update=True)
msg = "PassWord Changed"
error = False
else:
msg = "Old PassWord Error"
error = True
ctx = Storage(locals())
return render_fluid.change_passwd(ctx)
def GET(self):
userid = web.ctx.session.get('userid',-1)
superuser = is_superuser(userid)
if userid == -1:
raise web.seeother('/index', absolute=True)
username = get_username(userid=userid)
email = get_email(userid=userid)
ctx = Storage(locals())
return render_fluid.email(ctx)
def GET(self):
userid = web.ctx.session.get('userid',-1)
superuser = is_superuser(userid)
if userid == -1:
raise web.seeother("/login")
else:
username = get_username(userid=userid)
ctx = Storage(locals())
return render_fluid.change_passwd(ctx)
def GET(self):
userid = web.ctx.session.get('userid',-1)
superuser = is_superuser(userid)
if userid == -1:
raise web.seeother('/index', absolute=True)
username = get_username(userid=userid)
tenant_name = username
keypair = fingerprint(tenant_name)
ctx = Storage(locals())
return render_fluid.ssh(ctx)
def view_funeral():
security.is_logged_on()
data=[['id','name','healthcare_id','family_members','next_of_kin','approved']]+model.get_all_funeral()
page_heading='Funeral'
username = model.get_username(security.current_user())[1]
user_id = model.get_role(username)[0]
if model.get_role(username)[1] == 4:
return fEngine.load_and_render("table",page_heading=page_heading,data_rows=generate_table(data))
else:
return fEngine.load_and_render("invalid", reason = "Your account does not have access.")
def view_births():
security.is_logged_on()
data=[['id','b_time','place','father','mother','approved','name','healthcare_id']]+model.get_all_births()
page_heading='Births'
username = model.get_username(security.current_user())[1]
user_id = model.get_role(username)[0]
if model.get_role(username)[1] == 4:
return fEngine.load_and_render("table",page_heading=page_heading,data_rows=generate_table(data))
else:
return fEngine.load_and_render("invalid", reason = "Your account does not have access.")
def view_divorce():
security.is_logged_on()
data=[['id','d_time','place','husband','wife','approved']]+model.get_all_divorce()
page_heading='Divorce'
username = model.get_username(security.current_user())[1]
user_id = model.get_role(username)[0]
if model.get_role(username)[1] == 4:
return fEngine.load_and_render("table",page_heading=page_heading,data_rows=generate_table(data))
else:
return fEngine.load_and_render("invalid", reason = "Your account does not have access.")
def POST(self):
userid = web.ctx.session.get('userid',-1)
superuser = is_superuser(userid)
if userid == -1:
raise web.seeother('/index', absolute=True)
username = get_username(userid=userid)
request = web.input()
ssh_key = request.ssh_key
if ssh_key != '':
if not (ssh_key.startswith("ssh-rsa") or ssh_key.startswith("ssh-dss")):
msg = "SSH INPUT ERROR"
error = True
tenant_name = username
keypair = fingerprint(tenant_name)
ctx = Storage(locals())
return render_fluid.ssh(ctx)
else:
from uuid import uuid4
temp_name = uuid4().hex
try:
import_pubkey(temp_name, tenant_name=username ,pub_key=ssh_key)
delete_pubkey(temp_name, tenant_name=username) # Need to check again ?
except:
##the input ssh not validate
msg = "SSH INPUT ERROR"
error = True
tenant_name = username
keypair = fingerprint(tenant_name)
ctx = Storage(locals())
return render_fluid.ssh(ctx)
try:
delete_pubkey(username)
except:
pass
try:
import_pubkey(username,pub_key=ssh_key)
except:
msg = "SSH INPUT ERROR"
error = True
tenant_name = username
keypair = fingerprint(tenant_name)
ctx = Storage(locals())
return render_fluid.ssh(ctx)
raise web.seeother('')
else:
try:
delete_pubkey(username)
except:
pass
npk = import_pubkey(username,pub_key=None)
private_key = npk.private_key
ctx = Storage(locals())
return render_fluid.private_key(ctx)
def POST(self):
web.header('Content-type','text/plain')
if web.ctx.session.get('loggedin',0) == 1:
userid = web.ctx.session.get('userid',-1)
superuser = is_superuser(userid)
username = get_username(userid)
request = web.input()
old_password = request.old_password
user = User(username=username, password=old_password)
if user.is_authenticated() == True:
return 'ok'
else:
return 'fail'
def POST(self):
userid = web.ctx.session.get('userid',-1)
superuser = is_superuser(userid)
if userid == -1:
raise web.seeother('/index', absolute=True)
username = get_username(userid=userid)
request = web.input()
email = request.email
if email_re.match(email):
update_email(userid, email)
msg = "Email updated"
error = False
email = get_email(userid=userid)
ctx = Storage(locals())
return render_fluid.email(ctx)
else:
msg = "Email not validate, using the old"
error = True
email = get_email(userid=userid)
ctx = Storage(locals())
return render_fluid.email(ctx)
def admin_users():
if 'admin' in session:
page = request.args.get('page', 1, type=int)
# print("page is: ",page)
entriesPerPage = 50
allLogs = np.array(model.getLogsTable())
totalPages = math.ceil(len(allLogs) / entriesPerPage)
print("these are all logs")
print(totalPages)
# paginatedLogs = allLogs[entriesPerPage*(page-1), entriesPerPage*page-1]
paginatedLogs = allLogs[entriesPerPage * (page - 1):entriesPerPage *
page]
finalLogs = []
for i in range(len(paginatedLogs)):
finalLogs.append([
model.get_username(paginatedLogs[i][0]), paginatedLogs[i][1],
paginatedLogs[i][0]
])
return render_template('admin-userslist.html',
logs=finalLogs,
page=page,
totalPages=totalPages)
return redirect(url_for('admin_login'))
def before_request():
uid = session.get('uid')
g.username = model.get_username(uid)
g.uid = uid
def do_adminEdit():
security.is_logged_on()
username = request.forms.get('username')
currentUserName = model.get_username(security.current_user())[1]
reset = request.forms.get('reset')
if username:
userid = model.get_role(username)[0]
#change user's name
# check current user's privillege
if model.get_role(currentUserName)[1] == 4:
#reset database
if reset:
if reset == 'Y':
model.reset_table()
return fEngine.load_and_render("valid", reason="changes committed!")
else:
return fEngine.load_and_render("invalid", reason="invalid")
usernameNew = request.forms.get('usernameNew')
passwordNew = request.forms.get('passwordNew')
roleNew = request.forms.get('role')
if usernameNew:
if model.username_exists(usernameNew):
return fEngine.load_and_render("invalid", reason="invalid name")
else:
model.sql('''UPDATE USER
SET username = ?
WHERE id = ?
''', usernameNew, userid
)
model.commit()
#change password
if passwordNew:
userName1 = ''
if usernameNew:
valid_pwd, reason = security.secure_password(passwordNew, usernameNew)
userName1 = usernameNew
else:
valid_pwd, reason = security.secure_password(passwordNew, username)
userName1 = username
if valid_pwd:
salt = model.get_salt(userName1)[1]
hashPass= security.password_hash(passwordNew,salt)
model.sql('''UPDATE USER
SET password = ?
WHERE id = ?
''', hashPass, userid
)
model.commit()
else:
return fEngine.load_and_render("invalid", reason="invalid")
#change the role
if roleNew:
model.sql('''UPDATE USER
SET role = ?
WHERE id = ?
''', roleNew, userid
)
model.commit()
return fEngine.load_and_render("valid", reason="changes committed!")
else:
return fEngine.load_and_render("invalid", reason="you are not the admin")
def do_edituser():
security.is_logged_on()
newUsername = request.forms.get('username')
password = request.forms.get('password')
password2 = request.forms.get('password2')
role = request.forms.get('role')
curpassword = request.forms.get('curpassword')
# Check if required current password is provided
if not curpassword:
return fEngine.load_and_render("invalid", reason = "Please input your current password")
# Retrieve username of current user
username = model.get_username(security.current_user())[1]
# use salt and password to get hashed password
hashed = security.password_hash(curpassword, model.get_salt(username)[1])
# check database to see if user has input a valid password
valid = model.check_password(username,hashed)
# Check current password is matches
if valid:
password_filled = False
# If password field is filled
if password:
# If password matches the confirmation password
if password == pdoassword2:
password_filled = True
valid_pwd, reason = security.secure_password(password,username)
if not valid_pwd:
return fEngine.load_and_render("invalid", reason=reason)
else:
return fEngine.load_and_render("invalid", reason="New passwords do not match")
# Hashing and storing new pass
# If username field is filled
if newUsername:
#check if username already exists
if model.username_exists(newUsername):
return fEngine.load_and_render("invalid", reason="Username is already taken")
else:
# Update username
model.sql('''UPDATE USER
SET username = ?
WHERE id = ?
''', newUsername, security.current_user()
)
model.commit()
if password_filled:
# Check if new password is valid
valid_pwd, reason = security.secure_password(password,username)
if valid_pwd:
# Salt and hash password
salt = model.get_salt(username)[1]
hashPass = security.password_hash(password, salt)
# Update password
model.sql('''UPDATE USER
SET password = ?
WHERE id = ?
''', hashPass, security.current_user()
)
model.commit()
# Updates role if one has been selected
if role != "None":
model.sql('''UPDATE USER
SET role = ?
WHERE id = ?
''', role, security.current_user()
)
model.commit()
return fEngine.load_and_render("valid",reason="Info updated!")
else:
return fEngine.load_and_render("invalid", reason="Current password does not match")
def before_request():
uid = session.get('uid')
g.username = model.get_username(uid)
g.uid = uid