def main(): cgitb.enable() form = cgi.FieldStorage() s = form.getvalue('logout') if s != None: # Clear session cookie cookie = "Set-Cookie: pyblog_session=0; path=/; expires=Thu, 01 Jan 1970 00:00:00 GMT" pyblog.reply_ok("Logout OK", [cookie]) # Verify login and password s = form.getvalue('login') if s == None or s != conf.login: pyblog.err("Forbidden", 403) s = form.getvalue('pwd') if s == None or s != conf.pwd: pyblog.err("Forbidden", 403) session = Session() session.init() db.store_session(session) # Session is valid 12 hours end = time.gmtime(time.time() + 12 * 60 * 60) expires = time.strftime("%a, %d-%b-%Y %T GMT", end) cookie = "Set-Cookie: pyblog_session={}; Expires={}; Path=/;".format( session.id, expires) pyblog.reply_ok("Login ok", [cookie])
def get_session(): cursor.execute("SELECT session_id, session_start from main") r = cursor.fetchone() if r == None: pyblog.err("Failed to read session record from DB") session = auth.Session() session.id = r[0] session.start = r[1] return session
def assert_auth(): if not is_auth(): pyblog.err("Forbidden", 403)
import cgi import cgitb import db import pyblog import auth cgitb.enable() form = cgi.FieldStorage() id = -1 try: id = int(form.getvalue('id')) except: pyblog.err("Missing valid note id") note = db.get_note(id) if note == None: pyblog.err("No note with this id") is_auth = auth.is_auth() pyblog.send_http_headers() pyblog.send_header() pyblog.send_top_panel(is_auth, [ pyblog.TopPanelLink("/pyblog/edit_note.py?id={}".format(note.id), "Редактировать", True) ])
import auth cgitb.enable() auth.assert_auth() form = cgi.FieldStorage() id = -1 s = form.getvalue('id') if s != None: try: id = int(s) except: pyblog.err("Invalid note id") if id < 0: note = pyblog.Note() else: note = db.get_note(id) if note == None: pyblog_err("No note with this id") s = form.getvalue('title') if s != None: note.title = s s = form.getvalue('body') if s != None: note.body = markup.wiki2html(s)
import markup import auth cgitb.enable() auth.assert_auth() form = cgi.FieldStorage() s = form.getvalue('id') if s != None: id = -1 try: id = int(s) except: pyblog.err("Invalid note id", 400) note = db.get_note(id) if note == None: pyblog.err("No note with this id", 404) else: note = pyblog.Note() pyblog.send_http_headers() pyblog.send_header() pyblog.send_top_panel(True) print("<H2>Редактировать запись</H2>")