def process (self, email=None, password=None): # Clean up text for usage with database. email = sqlutils.quote (email) password = sqlutils.quote (password) # Encrypt password using the same encryption we used when the password # was stored in the database. password = crypt.crypt (password, "23") description = None results = None # Try to connect to the database. try: dbconnection = pgdb.connect (database_connect_fields) dbcursor = dbconnection.cursor() dbcursor.execute ("SELECT * FROM users WHERE email=%s", [email]) # Get the cursor description and results from the query. description = dbcursor.description results = dbcursor.fetchone() # Close the database cursor and connection. dbcursor.close() dbconnection.close() except: # FIXME: do something more useful here. pass # If we don't have any results, the email address wasn't on record. if (results == None): return self.index (errornotfound=True) else: stored_password = "" try: stored_password = results[sqlutils.getfieldindex ("password", description)] except: # FIXME: do something more useful here. raise cherrypy.HTTPRedirect ("/fatalerror") # Verify password equivalence. if (password <> stored_password): return self.index (errorbadpassword=True) else: # If we got this far, the email address was on record, and the password # matches it, so we deem the user to be logged in. Hooray! user_id = None user_level = 0 try: user_id = results[sqlutils.getfieldindex ("user_id", description)] user_level = results[sqlutils.getfieldindex ("level", description)] except: # FIXME: do something more useful here. raise cherrypy.HTTPRedirect ("/fatalerror") # If the user level is 2 or higher, the user is an admin user. pageutils.set_logged_in (user_id, (user_level > 1)) # FIXME: Might want to redirect to some sort of user dashboard page in the future. raise cherrypy.HTTPRedirect ("/")
def process (self, name=None, email=None, password=None, passwordverify=None, url=None): # If we got to this page through the /register form, all fields should be filled # in, with the possible exception of URL, which is optional. If they aren't all # filled in, then something unexpected happened, and we shouldn't continue processing # the form. if (name == None or email == None or password == None or passwordverify == None): return self.index (errormissing = True, name=name, email=email, password=password, passwordverify=passwordverify, url=url) else: # Store original values as given in case we need to represent the form. originalname = name originalemail = email originalpassword = password originalpasswordverify = passwordverify originalurl = url # Remove any leading/trailing spaces. name = string.strip(name) email = string.strip(email) password = string.strip(password) passwordverify = string.strip(passwordverify) url = string.strip(url) level = "1" # default level for regular user. # Verify all required fields are filled in. if (name == '' or email == '' or password == '' or passwordverify == ''): return self.index (errormissing = True, name=originalname, email=originalemail, password=originalpassword, passwordverify=originalpasswordverify, url=originalurl) # Verify email address is plausibly valid. if (re.match (pageutils.emailregex, email) == None): return self.index (erroremail = True, name=originalname, email=originalemail, password=originalpassword, passwordverify=originalpasswordverify, url=originalurl) # Verify passwords match. if (password <> passwordverify): return self.index (errorverify = True, name=originalname, email=originalemail, password=originalpassword, passwordverify=originalpasswordverify, url=originalurl) # Encypt the password. Once we do this, we can't get the original # password back out of the database, so we can't send the original # password back to the user if they lose it. We can generate a new # password and send them that. password = crypt.crypt (password, "23") # Add http:// to the URL if needed. if (url[0:7] =="http://" or url == ""): pass else: url = "http://" + url # Ensure that email address hasn't already been used in database. try: dbconnection = pgdb.connect (database_connect_fields) dbcursor = dbconnection.cursor() dbcursor.execute ("SELECT * FROM users WHERE email=%s", [email]) results = dbcursor.fetchone() # Close the database cursor and connection. dbcursor.close() dbconnection.close() if (results <> None): return self.index (errorduplicate=True, name=originalname, email=originalemail, password=originalpassword, passwordverify=originalpasswordverify, url=originalurl) except: return pageutils.generate_page ("Database Error", "Database Error") try: # Connect to the database and insert the values. dbconnection = pgdb.connect (database_connect_fields) dbcursor = dbconnection.cursor() dbcursor.execute ("INSERT INTO users (name, email, password, url, level) " + "VALUES (%s, %s, %s, %s, %s)", [name, email, password, url, level]) dbconnection.commit() # Now fetch the user_id so we can automatically log the user in. dbcursor.execute ("SELECT * FROM users WHERE email=%s", [email]) description = dbcursor.description results = dbcursor.fetchone() user_id = None user_level = 0 try: user_id = results[sqlutils.getfieldindex ("user_id", description)] user_level = results[sqlutils.getfieldindex ("level", description)] except: pass pageutils.set_logged_in (user_id, (user_level > 1)) # Close the database cursor and connection. dbcursor.close() dbconnection.close() except: # FIXME: this is a public user page; provide more interesting feedback in this event. return pageutils.generate_page ("Invalid SQL Query", "Invalid SQL Query!") raise cherrypy.HTTPRedirect ("/register/thanks")