def image_link(image_id=None, image_id_36=None, thumbnail=True, extension=True, cursor=None): if not image_id and not image_id_36: return "" elif image_id: image_id_36 = web.to36(image_id) if extension: cursor.execute(""" SELECT mimetype FROM image WHERE image_id = %s """, (image_id or int(image_id_36, 36),)) mime = cursor.fetchone()[0] if mime == "image/png": suffix=".png" elif mime == "image/jpeg": suffix=".jpg" elif mime == "image/gif": suffix=".gif" else: suffix="" else: suffix="" if thumbnail: return """<span class="image"><a href="/i/%s"> <img alt="image" src="/it/%s"/> </a><a href="/view/%s" class="viewlink">More</a> </span>"""%(image_id_36+suffix, image_id_36+suffix, image_id_36) else: return """<a href="/i/%s"> <img alt="image" src="/i/%s"/> </a> </span>"""%(image_id_36+suffix, image_id_36+suffix)
def set_msg_id(self, msg_id, petition=False): #set msg id to trace the responses #msg_id should let's know whether msg is sent through petition signatures or /writerep #set msg_id to odd if msg is from signatures, even if msg is from /writerep msg_id = 2 * msg_id if petition: msg_id += 1 self.msg_id = web.to36(msg_id)
def create_url(): def safe36(s): for c in '0o1li': if c in s: return False return True s = '0' while not safe36(s): s = web.to36(random.randrange(50000, 60000000)) return s
def send(frm, to, subj, msg, user_details, source_id=None, env={}): """ Sends the given `msg` to `to`, with the `user_details` and saves it in DB. uses `env` if `to` has captcha. """ msgid = messages.save_msg(frm, to, subj, msg, source_id) user_details.email = '*****@*****.**' % web.to36(msgid) user_details.full_msg = compose_msg(to, msg) user_details.subject = user_details.ptitle status = writerep(to, user_details, env) if status: messages.update_msg_status(msgid, status) return msgid
def _make_token(user, timestamp): ts_b36 = web.to36(timestamp) # By hashing on the internal state of the user and using state # that is sure to change (the password hash and the last_login) # we produce a hash that will be invalid as soon as it --or the old # password-- is used. # By hashing also a secret key the system cannot be subverted # even if the database is compromised. items = [web.config.session_parameters.secret_key, unicode(user.user_id), u'@', user.user_password, unicode(user.user_last_login), unicode(timestamp)] hash_code = sha(''.join(items)).hexdigest() return "%s$%s" % (ts_b36, hash_code)
def _make_token(user, timestamp): ts_b36 = web.to36(timestamp) # By hashing on the internal state of the user and using state # that is sure to change (the password hash and the last_login) # we produce a hash that will be invalid as soon as it --or the old # password-- is used. # By hashing also a secret key the system cannot be subverted # even if the database is compromised. items = [ web.config.session_parameters.secret_key, unicode(user.user_id), u'@', user.user_password, unicode(user.user_last_login), unicode(timestamp) ] hash_code = sha(''.join(items)).hexdigest() return "%s$%s" % (ts_b36, hash_code)
def POST(self, path): # Handle cookies cookies = web.cookies() clientId = cookies.get('clientId') if not clientId: clientId = web.to36(random.randint(1, 4294967295)) web.setcookie('clientId', clientId, self.sessionTimeo) clientMap[clientId] = {} clientMap[clientId]['date'] = int(time.time()) myPage = page.Page() myPage.setTitle(u'Appliance Webgui - Login') myPage.setCSS('/static/styles.css') myPage.setBody(self._top()) myPage.setBody(u'<div id="login">') input = web.input(_method='post') myPage.setBody(u'Username: %s<br>' % input.username) myPage.setBody(u'Password: %s<br>' % input.password) myPage.setBody(u'<a href="/">Go to the main page</a>') myPage.setBody(u'</div>') web.output(myPage.output())
def unique_name(): review_count = len(list(edition.get('reviews', []))) id = web.to36(review_count + 1) return '%s/review/%s' % (edition.name, id)