def search_id(pif): cid = get_casting_id(pif.form.get_str('id')) mod = pif.dbh.fetch_casting(cid) var_id = pif.form.get_str('var') if mod: if var_id: raise useful.Redirect('/cgi-bin/vars.cgi?mod=%s&var=%s' % (mod['id'], var_id)) else: raise useful.Redirect('/cgi-bin/single.cgi?id=%s' % mod['id']) mod = pif.dbh.fetch_castings_by_alias(cid) if len(mod) == 1: mod = mod[0] if mod.get('alias.id'): if var_id: raise useful.Redirect('/cgi-bin/vars.cgi?mod=%s&var=%s' % (mod['casting.id'], var_id)) else: raise useful.Redirect('/cgi-bin/single.cgi?id=%s' % mod['casting.id']) if not mod: mod1 = pif.dbh.fetch_casting_list(where="casting.id like '%%%s%%'" % pif.form.get_str('id')) mod2 = pif.dbh.fetch_aliases(where="alias.id like '%%%s%%'" % pif.form.get_str('id')) mod = filter( lambda x: x.get('section.page_id', 'manno') in ['manls', 'manno'], mod1 + mod2) return [pif.dbh.modify_man_item(x) for x in mod]
def verify(pif, name, vkey): userrec = pif.dbh.fetch_user(vkey=vkey, name=name) if userrec: userrec = userrec[0] id = userrec['user.id'] pif.dbh.update_user(id, state=1) useful.warn( "Your account has been verified! Now please log in.<br><hr>") raise useful.Redirect("/cgi-bin/login.cgi") useful.warn( "You have not verified your account. Please contact [email protected] for help." ) raise useful.Redirect("/")
def login_main(pif): if pif.form.has('user_id') and pif.form.has('p'): user = pif.dbh.fetch_user(user_id=pif.form.get_str('user_id'), passwd=pif.form.get_str('p')) if user: pif.dbh.update_user_last_login(user.id) pif.create_cookie(user) if not user.flags & config.FLAG_USER_VERIFIED: raise useful.Redirect('/cgi-bin/validate.cgi') raise useful.Redirect(pif.form.get_str('dest', '/index.php')) useful.warn("Login Failed!") pif.render.print_html() return pif.render.format_template('login.html', dest=pif.form.get_str('dest', '/index.php'), register='signup.cgi?dest=' + pif.form.get_str('dest', '/index.php'), forgot='recover.cgi')
def change_password_main(pif): if not pif.form.get_str('n'): pif.render.print_html() return pif.render.format_template('chpass.html', dest=pif.form.get_str('dest')) if not pif.form.get_str( 'p1') or pif.form.get_str('p1') != pif.form.get_str('p2'): pif.render.print_html() return pif.render.format_template('chpass.html', dest=pif.form.get_str('dest')) id, privs = pif.dbh.login(pif.form.get_str('n'), pif.form.get_str('op')) if id and pif.form.get_str('p1') == pif.form.get_str('p2', -1): pif.dbh.update_user(id, email=pif.form.get_str('em'), passwd=pif.form.get_str('p1')) expire = (15 * 12 * 60 * 60) if ('a' in privs) else (60 * 365 * 24 * 60 * 60) pif.render.set_cookie( pif.render.secure.make_cookie(id, privs, expires=expire)) raise useful.Redirect(pif.form.get_str('dest', '/index.php')) cookie = pif.render.secure.clear_cookie(['id']) pif.render.print_html() return pif.render.format_template('chpass.html', dest=pif.form.get_str('dest'))
def create(pif): os.environ['PYTHON_EGG_CACHE'] = '/var/tmp' n = pif.form.get_str('n') p = pif.form.get_str('p') p2 = pif.form.get_str('p2') e = pif.form.get_str('e') if not n or not p or p != p2 or not e: pif.render.print_html() return pif.render.format_template('signup.html', dest=pif.form.get_str('dest')) vkey = useful.generate_token(10) id = pif.dbh.create_user(n, p, e, vkey) if id: gen_email(n, e, vkey) expire = (15 * 12 * 60 * 60) if ('a' in privs) else (60 * 365 * 24 * 60 * 60) pif.render.set_cookie( pif.render.secure.make_cookie(id, '', expires=expire)) useful.warn( "Your account has been created. Please check your email for the verification." ) raise useful.Redirect("/cgi-bin/login.cgi") pif.render.print_html() return pif.render.format_template('signup.html', dest=pif.form.get_str('dest'))
def recover_main(pif): pif.render.print_html() hide_vkey = recovering = False user_id = None if pif.form.has('user_id'): if pif.form.has('vkey'): user = pif.dbh.fetch_user(user_id=pif.form.get_alnum('user_id'), vkey=pif.form.get_alnum('vkey')) if user: if pif.form.has('p1') and pif.form.get_str('p1') == pif.form.get_str('p2'): pif.dbh.update_password(user.id, pif.form.get_str('p2')) pif.dbh.update_user(rec_id=user.id, flags=user.flags & ~config.FLAG_USER_PASSWORD_RECOVERY) pif.render.set_cookie(pif.render.secure.clear_cookie(['id'])) useful.warn("Your password has been changed.") raise useful.Redirect('/cgi-bin/login.cgi', delay=5) else: user_id = user.user_id recovering = hide_vkey = True else: user = pif.dbh.fetch_user(email=pif.form.get_str('user_id')) if not user: user = pif.dbh.fetch_user(user_id=pif.form.get_alnum('user_id')) if user: pif.dbh.update_user(rec_id=user.id, flags=user.flags | config.FLAG_USER_PASSWORD_RECOVERY) generate_recovery_email(pif, user) recovering = True user_id = user.user_id return pif.render.format_template('recover.html', recovering=recovering, user_id=user_id, show_vkey=not hide_vkey)
def validate_main(pif): pif.render.print_html() if not pif.user_id: raise useful.Redirect("/cgi-bin/login.cgi") user = pif.user if 'vkey' in pif.form: if user and user.vkey == pif.form.get_str('vkey'): rec_id = user.id pif.dbh.verify_user(rec_id) useful.warn("Your account has been verified!") raise useful.Redirect("/", delay=5) else: useful.warn("That code is not correct. Please try again.") if 'resend' in pif.form: generate_signup_email(pif, pif.user) useful.warn("The code has been resent.") return pif.render.format_template('validate.html', user_id=pif.user.user_id, dest=pif.form.get_str('dest'))
def login_main(pif): if pif.form.has('n'): id, privs = pif.dbh.login(pif.form.get_str('n'), pif.form.get_str('p')) if id: expire = (15 * 12 * 60 * 60) if ('a' in privs) else (60 * 365 * 24 * 60 * 60) pif.render.set_cookie( pif.render.secure.make_cookie(id, privs, expires=expire)) raise useful.Redirect(pif.form.get_str('dest', '/index.php')) useful.warn("Login Failed!") pif.render.print_html() return pif.render.format_template( 'login.html', dest=pif.form.get_str('dest', '/index.php'), register='signup.cgi?dest=' + pif.form.get_str('dest', '/index.php'))
def create(pif): # os.environ['PYTHON_EGG_CACHE'] = '/var/tmp' user_id = pif.form.get_str('user_id') p1 = pif.form.get_str('p') p2 = pif.form.get_str('p2') email = pif.form.get_str('email') if not user_id or (set(user_id) - set(string.ascii_letters + string.digits + '._')): raise useful.SimpleError('That is not a legal user ID.') if pif.dbh.fetch_user(user_id=user_id): raise useful.SimpleError('That ID is already in use.') if not email: raise useful.SimpleError('Please specify an email address.') if not p1 or p1 != p2: raise useful.SimpleError('Please specify the same password in both password boxes.') vkey = useful.generate_token(10) rec_id = pif.dbh.create_user(passwd=p1, vkey=vkey, privs='b', **pif.form.form) if rec_id: user = pif.dbh.fetch_user(id=rec_id) generate_signup_email(pif, user) useful.warn("Your account has been created. Please check your email for the verification.") raise useful.Redirect("/cgi-bin/validate.cgi") return pif.render.format_template('signup.html', dest=pif.form.get_str('dest'))
def call_main(page_id, form_key='', defval='', args='', dbedit=None): #useful.write_comment('PID', os.getpid()) pif = None try: import pifile if isinstance(page_id, pifile.PageInfoFile): pif = page_id else: pif = get_page_info(page_id, form_key, defval, args, dbedit) if '/etc/passwd' in os.environ.get( 'QUERY_STRING', '') or '%2fetc%2fpasswd' in os.environ.get( 'QUERY_STRING', '').lower(): raise useful.Redirect('http://www.nsa.gov/') except SystemExit: pass except useful.SimpleError as e: simple_html(status=e.status) print useful.render_template('error.html', error=[e.value], page={'tail': ''}) if pif: pif.log.debug.error('SimpleError: ' + str(e) + ' - ' + '''%s''' % os.environ.get('REQUEST_URI', '')) handle_exception(pif, True, False) return except MySQLdb.OperationalError: simple_html() print 'The database is currently down, and thus, this page is unable to be shown.<p>' str_tb = write_traceback_file(pif) handle_exception(pif, True) return except useful.Redirect as e: if not useful.is_header_done(): pif.render.print_html() print pif.render.format_template('forward.html', url=e.value, delay=e.delay) return except: handle_exception(pif) return try: ret = main_fn(pif) if not useful.is_header_done(): pif.render.print_html() useful.write_comment() if ret and not pif.unittest: print ret except SystemExit: pass except useful.SimpleError as e: if not useful.is_header_done(): pif.render.print_html(status=e.status) print pif.render.format_template('error.html', error=[e.value]) except useful.Redirect as e: if not useful.is_header_done(): pif.render.print_html() print pif.render.format_template('forward.html', url=e.value, delay=e.delay) except useful.DelayedRedirect as e: if not useful.is_header_done(): pif.render.print_html() print pif.render.format_template('forward.html', url=e.value, delay=e.delay) except MySQLdb.OperationalError: if not useful.is_header_done(): pif.render.print_html() print 'The database is currently done, and thus, this page is unable to be shown.<p>' str_tb = write_traceback_file(pif) except: handle_exception(pif) raise useful.header_done(True) useful.write_comment()
def call_main(page_id, form_key='', defval='', args='', dbedit=None): # useful.write_comment('PID', os.getpid(), 'GURU', config.GURU_ID) status_code = 'unset' pif = None try: pif = (page_id if isinstance(page_id, pifile.PageInfoFile) else get_page_info(page_id, form_key, defval, args, dbedit)) except SystemExit: pass except pymysql.OperationalError as e: status_code = 'db' simple_html() print( 'The database is currently down, and thus, this page is unable to be shown.<p>' ) write_traceback_file(pif, e) handle_exception(pif, e, True, status_code=status_code) return except Exception as e: status_code = 'exc' simple_html() handle_exception(pif, e, status_code=status_code) return pif.start() try: if ('/etc/passwd' in os.environ.get('QUERY_STRING', '') or '%2fetc%2fpasswd' in os.environ.get('QUERY_STRING', '').lower()): raise useful.Redirect('https://www.nsa.gov/') ret = main_fn(pif) if not useful.is_header_done(): pif.render.print_html() if pif.render.is_html: useful.write_comment("Page:", pif.page_id, 'Time:', time.time() - pif.start_seconds) if ret and not pif.unittest: print(ret) except SystemExit: pass # the happiest exception on earth status_code = 'exit' except useful.SimpleError as e: if not useful.is_header_done(): status_code = e.status pif.render.print_html(status=e.status) print(pif.render.format_template('error.html', error=[e.value])) except useful.Redirect as e: if not useful.is_header_done(): status_code = 302 pif.render.print_html(status=302) print( pif.render.format_template('forward.html', url=e.value, delay=e.delay)) except pymysql.OperationalError as e: if not useful.is_header_done(): status_code = 500 pif.render.print_html(status=500) print( 'The database is currently down, and thus, this page is unable to be shown.<p>' ) write_traceback_file(pif, e) except Exception as e: status_code = 'exc' handle_exception(pif, e, status_code=status_code) raise useful.header_done(True) useful.write_comment() log_page_call(pif, status_code=status_code)
def submit_comment(pif): if pif.method == 'GET': raise useful.Redirect('../pages/comment.php') pif.render.print_html() print(pif.render.format_head()) # useful.write_message(pif.form) ostr = "I am sending this comment for you. " mysubject = pif.form.get_str('mysubject') mycomment = pif.form.get_str('mycomment') myname = pif.form.get_str('myname') myemail = pif.form.get_str('myemail') credit = pif.form.get_str('credit') fname = pif.form.get_str('pic.name') fimage = pif.form.get_str('pic') pif.form.delete('pic') def comment_error(msg): return "<dl><dt>ERROR</dt><dd>%s</dd></dl>" % msg if myemail and '@' not in myemail: return comment_error('Badly formatted email address. Try again.') pif.form.change_key('page', 'page_id') fn = "../../comments/comment." + datetime.datetime.now().strftime( '%Y%m%d.%H%M%S') if any([ x in y for x in ('http://', 'https://') for y in (mysubject, mycomment, myemail) ]): return comment_error( "Whoa there. This isn't for submitting links. Please use the SUGGEST A LINK feature from the link list." ) ostr += "<dl><dt>My Subject</dt><dd>" + mysubject + "</dd>\n" ostr += "<dl><dt>My Comment</dt><dd>" + mycomment + "</dd>\n" ostr += "<dt>My Name</dt><dd>" + myname + "</dd>\n" ostr += "<dt>My Email</dt><dd>" + myemail + "</dd></dl>\n" if fimage: ostr += "<dt>Relevant File</dt><dd>" + fname + "<br>\n" direc = config.INC_DIR descriptions_file = config.LOG_ROOT + '/descr.log' dest_filename = images.get_next_upload_filename() dest_filename = useful.file_save(direc, dest_filename, fimage) images.file_log(direc + '/' + dest_filename, direc) cred = who = comment = '-' if mycomment: comment = squish_re.sub(' ', mycomment) if credit: cred = squish_re.sub(' ', credit) if myname: who = squish_re.sub(' ', myname) open(descriptions_file, 'a+').write( '\t'.join([dest_filename, '-', '-', '-', comment, cred, who]) + '\n') ostr = '<div class="warning">Thank you for submitting that file.</div><br>\n' ostr += "</dd></dl>\n" fh = open(fn, "wt") fh.write("_POST\n\n" + pprint.pformat(pif.form, indent=2, width=132) + "\n\n") fh.write("REMOTE_ADDR=" + os.getenv('REMOTE_ADDR') + "\n") ostr += "Thanks for sending that. Now please use the BACK button on your browser to return to where you were." return ostr
def publication_list(pif, mtype): sec = get_section_by_model_type(pif, mtype) if not sec: raise useful.SimpleError("That publication type was not found.") if sec.id == 'ads': raise useful.Redirect('ads.cgi?title=' + pif.form.get_str('title')) sobj = pif.form.search('title') pif.render.pic_dir = sec.page_info.pic_dir pubs = pif.dbh.fetch_publications(model_type=mtype) def pub_ent(pub): ret = pub.todict() ret.update(ret['base_id']) if not useful.search_match(sobj, ret['rawname']): return None ret['name'] = '<a href="pub.cgi?id=%s">%s</a>' % ( ret['id'], ret['rawname'].replace(';', ' ')) ret['description'] = useful.printablize(ret['description']) if (os.path.exists( os.path.join(pif.render.pic_dir, ret['id'].lower() + '.jpg')) or glob.glob( os.path.join(pif.render.pic_dir, '?_' + ret['id'].lower() + '_*.jpg')) or glob.glob( os.path.join(pif.render.pic_dir, '?_' + ret['id'].lower() + '.jpg'))): ret['picture'] = mbdata.comment_icon['c'] return ret if 1: entry = [pub_ent(pub) for pub in pubs] hdrs = { 'description': 'Description', 'first_year': 'Year', 'country': 'Country', 'flags': 'Flags', 'model_type': 'Type', 'id': 'ID', 'name': 'Name', 'picture': '' } cols = ['picture', 'name', 'description', 'first_year', 'country'] lrange = dict(entry=[x for x in entry if x], styles=dict(zip(cols, cols))) lsection = dict(columns=cols, headers=hdrs, range=[lrange], note='', name=sec.name) llistix = dict(section=[lsection]) return pif.render.format_template('simplelistix.html', llineup=llistix) cols = 4 def pub_text_link(pub): pic = pif.render.fmt_img(pub['id'], prefix='s') name = pic + '<br>' + pub['name'] if pic else pub['name'] return { 'text': pif.render.format_link("makes.cgi?make=" + pub['id'], name) } ents = [pub_text_link(pub_ent(x)) for x in pubs] llineup = { 'id': '', 'name': '', 'columns': cols, 'header': '', 'footer': '', 'section': [{ 'columns': cols, 'range': [{ 'entry': ents, 'id': 'makelist' }] }] } pif.render.format_matrix_for_template(llineup) return pif.render.format_template('simplematrix.html', llineup=llineup)
def restrict(self, priv): # pragma: no cover if not self.is_allowed(priv): raise useful.Redirect('/') if priv and self.user and not (self.user.flags & config.FLAG_USER_VERIFIED): raise useful.Redirect('/cgi-bin/validate.cgi')
def logout_main(pif): pif.render.set_cookie(pif.render.secure.clear_cookie(['id'])) raise useful.Redirect(pif.form.get_str('dest', '/'))
def restrict(self, priv): # pragma: no cover if not self.is_allowed(priv): raise useful.Redirect('/')
def logout_main(pif): pif.dbh.delete_cookie(pif.user_id, ip=pif.remote_addr) pif.render.set_cookie(pif.render.secure.clear_cookie(['id'])) raise useful.Redirect(pif.form.get_str('dest', '/'))