class edit:
newuser = form.Form(
form.Textbox('username', description="Username:"******"Password:"******"Password (Again):"),
form.Button('submit', type="submit", class_="form_control btn btn-primary", description="Add User" ),
validators = [
form.Validator("Passwords did't match", lambda i: i.password == i.password2)]
)
@IsAuthorized
def GET(self):
f = self.newuser()
users = model.listUsers()
return render.edit(users,f)
@IsAuthorized
def POST(self):
users = model.listUsers()
f = self.newuser()
if not f.validates():
print f.render_css()
return render.edit(users,f)
else:
success = model.insertuser( f.d.username, f.d.password )
web.seeother('/door')
def AdminUpdateForm(administrator):
""" 管理员账号更新表单
administrator_old_email 原邮箱
administrator_old_password 原密码
administrator_email 新邮箱
administrator_password 新密码
administrator_password_confirm 确认密码
administrator_submit 提交
"""
updateForm = form.Form(
form.Textbox("administrator_old_email",
readonly="true",
description=u"原邮箱:",
value=administrator.email),
form.Password("administrator_old_password",
Validation['password'],
description=u"原密码:"),
form.Textbox("administrator_email",
Validation['email'],
description=u"新邮箱:"),
form.Password("administrator_password",
Validation['password'],
description=u"新密码:"),
form.Password("administrator_password_confirm",
Validation['password'],
description=u"确认密码:"),
form.Button("administrator_submit", type="submit", html=u'提交'),
validators=[
form.Validator(
"确认密码不正确", lambda i: i.administrator_password == i.
administrator_password_confirm)
],
)
return updateForm
def register_form(self):
return form.Form(
form.Textbox('email',
form.notnull,
vemail,
form.Validator('This email address is already taken.',
lambda x: users.is_email_available(x)),
description=u'* 邮箱',
class_="form-control"),
form.Password('password',
form.notnull,
form.Validator(
'Password must at least 5 characters long.',
lambda x: users.is_valid_password(x)),
description=u'* 密码',
class_="form-control"),
form.Password('re_password',
form.notnull,
description=u"* 确认密码",
class_="form-control"),
form.Button('SingUp',
type='submit',
value='SignUp',
html=u"注册",
class_="btn btn-primary"),
validators=[
form.Validator('Password Not Match!.',
lambda i: i.password == i.re_password)
])
class Signup:
vpass = form.regexp(r".{3,20}$", 'must be between 3 and 20 characters')
vemail = form.regexp(r".*@.*", "must be a valid email address")
signup_form = form.Form(
form.Textbox("email", vemail, description="E-Mail"),
form.Textbox("username", description="Username"),
form.Password("password", vpass, description="Password"),
form.Password("password2", description="Repeat password"),
form.Textbox("sex", description="Sex"),
form.Button("submit", type="submit", description="Register"),
validators = [
form.Validator("Passwords did't match", lambda i: i.password == i.password2)]
)
def GET(self):
# do $:f.render() in the template
f =self.signup_form()
return render.signup(f)
def POST(self):
f =self.signup_form()
if not f.validates():
return render.signup(f)
else:
model.sign_up(f.d.username,f.d.email,f.d.password,f.d.sex)
raise web.seeother('/login')
class PageCreateUser:
_form = form.Form(form.Textbox('email'), form.Textbox('name'),
form.Textbox('username'), form.Password('password'),
form.Button('create account'))
def GET(self):
login()
form = self._form()
return ltpl('reg', form)
def POST(self):
login()
form = self._form()
if not form.validates():
return 'bad input'
if email_exists(form.d.email):
return 'email already exists'
if username_exists(form.d.username):
return 'username already exists'
user_id = create_user(form.d.email,
form.d.password,
name=form.d.name,
username=form.d.username)
if not user_id:
return 'couldn\'t create user'
raise web.seeother('/admin/user/%d' % user_id)
def __init__(self):
self._login_form = form.Form(
form.Textbox('username', form.notnull),
form.Password(
'password', form.notnull, form.regexp('\d+', 'Digits only'),
form.Validator('Must be larger or equal than 8',
lambda x: len(x) >= 8)))
def GET(self):
user_data = web.input(token="")
token = user_data.token
myform = form.Form(
form.Password("password",
form.notnull,
description = "New Password"),
form.Hidden("token",
form.notnull,
value=token,
description="Reset Token"),
form.Button("Reset Password",
description="Register"))
msg = ""
err = ""
if token not in token_dic:
err = "Invalid token."
return render.generic(self.nullform(), msg, err)
if token_dic[token].timeout <= datetime.datetime.now():
err = "Token expired."
return render.generic(self.nullform(), msg, err)
msg = "Reset Password for: " + token_dic[token].user
return render.generic(myform, msg, err)
class PageRegister:
_form = form.Form(form.Textbox('email'), form.Textbox('name'),
form.Textbox('username'), form.Password('password'),
form.Button('register'))
def GET(self):
force_login(sess, '/dashboard', True)
form = self._form()
return ltpl('reg', form)
def POST(self):
form = self._form()
if not form.validates():
return 'bad input'
if not all(form.d.email, form.d.password, form.d.name,
form.d.username):
return 'you have to enter an email, a password, and a username'
if email_exists(form.d.email):
return 'email already exists'
if username_exists(form.d.username):
return 'username already exists'
user_id = create_user(form.d.email,
form.d.password,
name=form.d.name,
username=form.d.username)
if not user_id:
return 'couldn\'t create user'
login_user(sess, user_id)
raise web.seeother('/dashboard')
class userInfo:
loginForm = form.Form(
form.Textbox("username", description="Username"),
form.Password("password", description="Password"),
form.Textbox("sqlInject", description="SQLInjection or not(1. yes, 0. no)"),
form.Button("submit", type="submit", description="Submit")
)
def GET(self):
f = self.loginForm()
return render.index(f)
def POST(self):
f = self.loginForm()
f.validates()
userInfo = {}
if int(f["sqlInject"].value) == 1:
userInfo = model.getUserInfo(f["username"].value, f["password"].value)
elif int(f["sqlInject"].value) == 0:
userInfo = model.getUserInfoSec(f["username"].value, f["password"].value)
if not userInfo:
return render.error()
else:
return render.info(userInfo)
class Index:
login = form.Form(
form.Textbox('username',form.notnull),
form.Password('password',form.notnull),
form.Button('Login'),
)
def GET(self):
if session.user!='username':
raise web.seeother('/home')
login = self.login()
return render.index(login)
def POST(self):
login = self.login()
if not login.validates():
return render.index(login)
else:
un=login.d.username
pwd=login.d.password
s= model.check_user(un,pwd)
if s['status']== "LoggedIn":
session.loggedin = True
session.user = s['username']
raise web.seeother('/home')
else:
raise web.seeother('/')
class register:
myform = form.Form(
form.Textbox("user",
form.notnull,
description = "Username"),
form.Password("password",
form.notnull,
description = "Password"),
form.Button("Register",
description="Register"))
nullform = form.Form()
def GET(self):
form = self.myform()
return render.generic(form, "Enter a username and password.", "")
def POST(self):
form = self.myform()
msg = ""
err = ""
if not form.validates():
err = "Invalid fields."
else:
if form.d.user in user_dic:
err = "User already registered."
else:
user_dic[form.d.user] = hashlib.sha1(form.d.password).hexdigest();
msg = "User registered."
return render.generic(self.nullform(), msg, err)
class login:
login_form = form.Form(
form.Password("token", form.notnull, description="Token")
)
def GET(self):
# check auth status
if globals.has_loggedin():
raise web.seeother("/contact/",True)
f = login.login_form()
return render.login(f)
def POST(self):
f = login.login_form()
if not f.validates():
return render.login(f)
token = f['token'].value
try:
if token and token_md5 == hashlib.md5(token).hexdigest():
# set auth cookie
encryption = hashlib.md5(web.ctx.host + token).hexdigest()
web.setcookie('auth', encryption, 60*60*24*7,path='/') #cookie expired in one week
auth_cache[encryption]=str(datetime.datetime.today()) # for clean up cache
raise web.seeother('/contact/',True)
else:
return render.login(f)
except TypeError as ex:
print ex
class Register:
register = form.Form(
form.Textbox('firstname',form.notnull),
form.Textbox('lastname',form.notnull),
form.Textbox('phone',form.notnull),
form.Textbox('email',form.notnull),
form.Textbox('username',form.notnull),
form.Password('password',form.notnull),
form.Button('Register'),
)
def GET(self):
register = self.register()
return render.register(register)
def POST(self):
register = self.register()
if not register.validates():
raise web.seeother('/')
fn=register.d.firstname
ln=register.d.lastname
ph=register.d.phone
eml=register.d.email
un=register.d.username
pwd=register.d.password
s=model.new_user(fn,ln,ph,eml,un,pwd,str(date.today()))
if s['status']== "Registered":
session.loggedin = True
session.user = s['username']
#return s
raise web.seeother('/updateprofile')
class index:
login_form = form.Form(
form.Textbox("user",
form.notnull,
description="Username",
id='usernameBox'),
form.Password("password",
form.notnull,
description="Password",
id='passwordBox'), form.Button("Login",
id='loginButton'))
nullform = form.Form()
def GET(self):
user, uid, role = verify_cookie()
if user != "":
return render.login(self.nullform, user, "Already logged in.")
return render.login(self.login_form(), "", "")
def POST(self):
form = self.login_form()
if not form.validates():
return render.login(form, "", "Invalid form data.")
user = form.d.user
pw = hashlib.sha1(form.d.password).hexdigest()
if user in user_db and user_db[user][0] == pw:
create_cookie(user, user_db[user][1], user_db[user][2])
raise web.seeother('/home')
return render.login(form, "", "Username/Password Incorrect")
class login:
loginform = form.Form(
form.Textbox('username', description="Username:"******"Password:"******"submit", class_="form_control btn btn-primary", description="Login"),
)
def GET(self):
f = self.loginform()
return render.login(f)
def POST(self):
f = self.loginform()
f.validates()
print f.d.username
print f.d.password
allow = model.getUserAuth(name=f.d.username, code=f.d.password)
if not (len(allow) == 1 and allow[0]['enabled'] == 1) :
session.login=0
return render.login(f)
session.login=1
session.privilege=allow[0]['permission']
session.user=f.d.username
web.seeother('/door')
class index:
myform = form.Form(
form.Textbox("username",
form.notnull,
description="Username",
id='usernameBox'),
form.Password("password",
form.notnull,
description="Password",
id='passwordBox'),
form.Button("Login",
id='loginButton'))
def GET(self):
form = self.myform()
return render.login(form, "")
def POST(self):
form = self.myform()
if not form.validates():
return render.login(form,"")
user = form.d.username
pw = hashlib.sha1(form.d.password).hexdigest()
if user == "admin" and user_dic["admin"] == pw:
return render.loggedin(user, True)
elif user in user_dic and user_dic[user] == pw:
return render.loggedin(user, False)
else:
return render.login(form,"Username/Password Incorrect")
class Login(BasePage):
"""
登录页面
"""
require = form.regexp(r"\S/", '输入框不能为空')
register_form = form.Form(
form.Textbox('userName', description='用户名'),
form.Password('password', description='密码'),
form.Button("submit", type="submit", description=u"登录", html=u"登录"),
)
def GET(self):
return Common.render.login(self.register_form())
def POST(self):
if self.register_form().validates():
# 登陆验证
userName = web.input().userName
password = web.input().password
if AuthorityManagement.login(userName, password):
# 登录成功
return web.seeother('/')
else:
# 登录失败
return Common.render.login(self.register_form())
else:
# 输入错误
print "输入错误"
return Common.render.login(self.register_form())
class register:
registration_form = form.Form(
form.Textbox("username", description="Login"),
form.Password("password1", description="Password"),
form.Password("password2", description="Repeat password"),
form.Button("submit", type="submit", description="Register!"),
validators = [
form.Validator("Passwords must match!", lambda i: i.password1 == i.password2),
form.Validator("Password is too short!", lambda i: len(i.password1) <= 9)
]
)
def GET(self):
f = register.registration_form()
return render.register(f)
def POST(self):
f = register.registration_form()
if not f.validates():
return render.register(f)
i = web.input()
username, passwd = i.username, i.password1
try:
namecheck = db.query("SELECT exists(SELECT 1 FROM gallery.users WHERE username=${un})", vars={'un':username})
profilecheck = db.query("SELECT exists(SELECT 1 FROM gallery.profiles WHERE urlname=${un})", vars={'un':username})
except Exception as e:
return "Unhandled database exception."
if namecheck[0]['exists'] or profilecheck[0]['exists']:
return "<p>This username is not available.</p>"
else:
self.createuser(i.username, i.password1)
return "<p>Created user! Try to <a href=/login>log in</a>.</p>"
def createuser(self, username, password):
from passlib.context import CryptContext
password_context = CryptContext(schemes=["pbkdf2_sha512"], deprecated="auto")
cryptedpassword = password_context.hash(password)
db.insert('gallery.users', admin=False, password=cryptedpassword, username=username)
createduser = db.select('gallery.users', where="username=${un}", vars={'un':username})
db.insert('gallery.userflags', userid=createduser[0]['id'], flagtype="newuser")
class user_panel:
login_form = form.Form(
form.Textbox('login', login_validator, description='Login'),
form.Password('password', password_validator, description=u'Hasło'),
form.Button('submit', type='submit', html=u'Zaloguj się'))
def GET(self):
if not session.user_id:
return render.login(user_panel.login_form())
try:
userrow = get_userrow()
devices = db.query(
'SELECT * FROM whois_devices WHERE user_id = $user_id',
vars={'user_id': userrow['id']})
except:
session.kill()
raise web.seeother('/panel')
return render.panel(userrow, devices)
def POST(self):
if session.user_id:
raise web.seeother('/panel')
f = user_panel.login_form()
if not f.validates():
f.password.value = ''
return render.login(f)
result = db.query(
'SELECT id FROM whois_users WHERE login == $login AND password == $password',
vars={
'login': f.d.login,
'password': hash_password(f.d.login, f.d.password)
})
try:
uid = result[0]['id']
except:
time.sleep(5) # to slow down brute-force attemps
f.password.value = ''
return render.login(f, True)
db.query(
'UPDATE whois_users SET last_login = strftime(\'%s\',\'now\'), access_key = $access_key WHERE id = $id',
vars={
'access_key': generate_access_key(),
'id': uid
})
session.user_id = uid
raise web.seeother('/panel')
def LoginForm():
"""登陆表单"""
newForm = form.Form(
form.Textbox("login_email", Validation['email'], description=u"邮箱:"),
form.Password("login_password",
Validation['password'],
description=u"密码:"),
form.Button("login_submit", type="submit", html=u'登陆'),
)
return newForm
class Index(object):
form = form.Form(
form.Textbox("Name",
form.notnull,
class_="form-control",
description=None,
placeholder="Your Name",
),
form.Password("pass1",
class_="form-control",
description=None,
placeholder="Password"),
form.Password("pass2",
class_="form-control",
description=None,
placeholder="Password Again"),
validators = [form.Validator("Password did'nt match", lambda i: i.pass1 == i.pass2),
form.Validator("User name already exist! Try something else.", lambda x: model.user_exist(x.Name))]
)
def GET(self):
register = self.form()
players_data = model.scores()
return render.login(register, notify=None, players_data=players_data)
# for submission of signup form only
def POST(self):
register = self.form()
if not register.validates():
players_data = model.scores()
return render.login(register, notify=None, players_data=players_data)
# incomming = web.input('Name', 'pass1')
# this is used to "setup" the session with starting values
session.room = map.START
session.username = register.d.Name
model.signup(register.d.Name, register.d.pass1)
raise web.seeother("/game")
def GET(self):
if logged():
raise web.seeother('/admin')
login = form.Form(
form.Textbox('username', description = 'Username', class_ = 'form-control'),
form.Password('password', description = 'Password', class_ = 'form-control'),
# form.Button('Login', class_ = "btn btn-primary"),
)
return render.login(login,web.ctx.session)
class register_user:
register_form = form.Form(form.Textbox('login',
login_validator,
description='Login'),
form.Textbox('display_name',
display_name_validator,
description=u'Nazwa wyświetlana'),
form.Password('password',
password_validator,
description=u'Hasło'),
form.Password('password2',
description=u'Powtórz hasło'),
form.Button('submit',
type='submit',
html='Zarejestruj'),
validators=[
password_match_validator,
unique_username_validator,
unique_display_name_validator
])
def GET(self):
f = register_user.register_form()
return render.register(f)
def POST(self):
f = register_user.register_form()
if not f.validates():
f.password.value = f.password2.value = ''
return render.register(f)
else:
data = f.d
del data['password2']
del data['submit']
data['password'] = hash_password(data['login'], data['password'])
data['registered_at'] = int(time.time())
data['access_key'] = generate_access_key()
session.user_id = db.insert('whois_users', **data)
raise web.seeother('/panel')
class reset:
myform = form.Form(
form.Password("password", form.notnull, description="New Password"),
form.Hidden("token", form.notnull, value="",
description="Reset Token"),
form.Button("Reset Password", description="Register"))
nullform = form.Form()
def GET(self):
user_data = web.input(token="")
token = user_data.token
myform = form.Form(
form.Password("password", form.notnull,
description="New Password"),
form.Hidden("token",
form.notnull,
value=token,
description="Reset Token"),
form.Button("Reset Password", description="Register"))
msg = ""
err = ""
if token not in token_dic:
err = "Invalid token."
return render.generic(self.nullform(), msg, err)
if token_dic[token].timeout <= datetime.datetime.now():
err = "Token expired."
return render.generic(self.nullform(), msg, err)
msg = "Reset Password for: " + token_dic[token].user
return render.generic(myform, msg, err)
def POST(self):
form = self.myform()
msg = ""
err = ""
if not form.validates():
err = "Invalid form data."
return render.generic(self.nullform, msg, err)
#Make sure it's a valid token, and remove it once used
if form.d.token in token_dic and token_dic[
form.d.token].timeout > datetime.datetime.now():
msg = "Password reset for user: "******"Invalid token."
return render.generic(self.nullform, msg, err)
def GET(self):
if web.ctx.session.login != 1:
raise web.seeother('/#login')
user = form.Form(
form.Textbox('username', description = 'Username', class_ = 'form-control'),
form.Password('password', description = 'Password', class_ = 'form-control'),
form.Textbox('real_name', description = 'Name', class_ = 'form-control'),
form.Textbox('contact_info', description = 'Contact info', class_ = 'form-control'),
# form.Button('Create', class_ = "btn btn-primary"),
)
return render.addadmin(user,web.ctx.session)
def validateform():
"""In manual merges: create a web based UI for the merge html form.
This will create the various selection boxes and input texts
to allow the user to manually merge branches.
Returns:
A web.py form representation of the input fields in the manual merge page.
"""
aform = form.Form(form.Dropdown('Branch to validate', get_versions()),
form.Textbox('SVN username', form.notnull),
form.Password('SVN password', form.notnull))
return aform
def reset_password_form(self):
return form.Form(form.Password(
'new_password',
form.notnull,
form.Validator('Your password must at least 5 characters long.',
lambda x: users.is_valid_password(x)),
description='新密码',
class_="form-control"),
form.Password('re_password',
form.notnull,
description='确认密码',
class_="form-control"),
form.Button('Reset Password',
submit='submit',
class_="btn btn-primary",
html=u"提交"),
validators=[
form.Validator(
'Password Not Match!.',
lambda i: i.new_password == i.re_password)
])
class Login:
login_form= form.Form(
form.Textbox('username'),
form.Password('password'),
form.Button('login')
)
def GET(self):
loginform= self.login_form()
return render.login(loginform)
def POST(self):
login_result= self.login_form()
if login_result.validates():
if login_result.d.username == 'admin' and login_result.d.password == 'admin':
web.setcookie('username', login_result.d.username)
raise web.seeother('/')
class PageLogin:
_form = form.Form(form.Password('password'), form.Button('login'))
def GET(self):
return ltpl('form', self._form(), 'Login')
def POST(self):
form = self._form()
if not form.validates():
return 'houston we have a problem'
if form.d.password != PASSWORD:
return 'password incorrect'
sess.ok = True
raise web.seeother('/admin/')
def check(self):
from web import form
validList=(
form.Textbox("username",form.regexp(r".{3,20}$", '用户名为3~20个字符')),
form.Password("password", form.regexp(r".{3,20}$", '密码为3~20个字符')),
)
if not self.validates(validList):
return self.error(self.errorMessage)
inputData = self.getInput()
settings = self.getSettings()
if settings.ADMIN_USERNAME == inputData['username'] and settings.ADMIN_PASSWORD == inputData['password']:
userData={'username':inputData['username']}
self.setLogin(userData)
return self.success('登陆成功',self.makeUrl('cms','list'))
else:
return self.error('账号或密码错误',self.makeUrl('admin',''))
