def check_login_headers(headers): # The Cookie class is really meant to be used server side; so it has # good support for parsing Cookie headers, and generating Set-Cookie # headers. We're abusing it here to do "client-side' processing # where we need to parse Set-Cookie headers and generate Cookie headers. global login_cookie_header login_cookie = None for header, value in headers.items(): if header.lower() == "set-cookie": if login_cookie == None: login_cookie = Cookie.SimpleCookie() login_cookie.load(value) login_header = "" if login_cookie is None: return for key, morsel in login_cookie.iteritems(): if login_cookie_header is None: login_cookie_header = "" else: login_cookie_header += "; " login_cookie_header += key + "=" + morsel.coded_value # attributes in the Cookie: header are represented as $Attribute # to distinguish them from cookie names, since it's: # Cookie: name=val; attr=val; attr=val; name=val; attr=val if 'path' in morsel and morsel['path'] != '': login_cookie_header += "; $Path=" + Cookie._quote(morsel['path']) if 'domain' in morsel and morsel['domain'] != '': login_cookie_header += "; $Domain=" + Cookie._quote(morsel['domain'])
def verify(self, sender): sender = str(sender).lower() hmac = self.local_parts[-1] try_hmac = Cookie.make_sender_cookie(sender) if try_hmac != hmac: domain = sender.split('@')[-1] dot = '.' domain_parts = domain.split(dot) while try_hmac != hmac and domain_parts: try_hmac = Cookie.make_sender_cookie(dot.join(domain_parts)) del domain_parts[0] if try_hmac != hmac: raise BadCryptoError, "Invalid cryptographic tag."
def header(self, headers=None, response=None): '''Put up the appropriate header. ''' if headers is None: headers = {'Content-Type':'text/html; charset=utf-8'} if response is None: response = self.response_code # update with additional info headers.update(self.additional_headers) if headers.get('Content-Type', 'text/html') == 'text/html': headers['Content-Type'] = 'text/html; charset=utf-8' headers = headers.items() for ((path, name), (value, expire)) in self.add_cookies.items(): cookie = "%s=%s; Path=%s;"%(name, value, path) if expire is not None: cookie += " expires=%s;"%Cookie._getdate(expire) headers.append(('Set-Cookie', cookie)) self._socket_op(self.request.start_response, headers, response) self.headers_done = 1 if self.debug: self.headers_sent = headers
def _BaseCookie__ParseString(self, str, patt=cookies._CookiePattern): i = 0 # Our starting point n = len(str) # Length of string M = None # current morsel while 0 <= i < n: # Start looking for a cookie match = patt.search(str, i) if not match: break # No more cookies K,V = match.group("key"), match.group("val") i = match.end(0) # Parse the key, value in case it's metainfo if K[0] == "$": # We ignore attributes which pertain to the cookie # mechanism as a whole. See RFC 2109. # (Does anyone care?) if M: try: M[ K[1:] ] = V except cookies.CookieError: # We don't care. pass elif K.lower() in cookies.Morsel._reserved: if M: M[ K ] = cookies._unquote(V) else: rval, cval = self.value_decode(V) try: self._BaseCookie__set(K, rval, cval) M = self[K] except cookies.CookieError as e: eventlog.warning(e)
def verify(self, dummy=''): try: (timestamp, pid, hmac) = self.local_parts[-1].split('.') try_hmac = Cookie.confirmationmac(timestamp, pid, self.keyword) if try_hmac != hmac: raise BadCryptoError, "Invalid cryptographic tag." except ValueError: raise BadCryptoError, "Invalid cryptographic tag format."
def getSession(self, create=1, path=None, domain=None, secure=None): ''' returns the session associated with this request. If create, will create a new session if there is none. ''' # permit sessions to be turned off by leaving the session store null, # but raise an exception if someone tries to access a session if Configuration.SessionStore is None: raise SessionError, "no session store enabled" try: sess= self.__userSession except AttributeError: pass else: if sess: return sess DEBUG(SESSIONHANDLER, "session is None") # session is None id=self.getSessionID(create) if not id: DEBUG(SESSIONHANDLER, "id is false for create: %s" % create) return None sess=self.__userSession=Session(id) sesskey=Configuration.SessionIDKey # test session - is it too old? if sess.age() >= Configuration.SessionTimeout: DEBUG(SESSIONHANDLER, "session is too old") sess.delete() del self.__userSession if self.requestCookie.has_key(sesskey): self.responseCookie[sesskey]="" self.responseCookie[sesskey]['expires']=Cookie._getdate(-10000000) del self.__sessionID id=self.getSessionID(create) if not id: return None sess=self.__userSession=Session(id) if (not self.requestCookie.has_key(sesskey)) or \ [x for x in (path, domain, secure) if x is not None]: self.responseCookie[sesskey]=id morsel=self.responseCookie[sesskey] if path is not None: morsel['path']=path if domain is not None: morsel['domain']=domain if secure is not None: morsel['secure']=secure return self.__userSession
def create(self, base, sender): if not base: base = self.base() (dummy, local, domain) = _split(str(base)) cookie = Cookie.make_sender_cookie(str(sender)) self.local_parts = [ local, Defaults.TAGS_SENDER[0].lower(), cookie ] tagged_local = Defaults.RECIPIENT_DELIMITER.join(self.local_parts) self.address = tagged_local + '@' + domain return self
def create(self, base, timeout=None): if not base: base = self.base() (dummy, local, domain) = _split(str(base)) cookie = Cookie.make_dated_cookie(int(time.time()), timeout) self.local_parts = [ local, Defaults.TAGS_DATED[0].lower(), cookie ] tagged_local = Defaults.RECIPIENT_DELIMITER.join(self.local_parts) self.address = tagged_local + '@' + domain return self
def setCookie(self, name, value, **kw): 'See IHTTPResponse' cookies = self._cookies cookie = cookies.setdefault(name, {}) for k, v in kw.items(): if v is not None: cookie[k.lower()] = v cookie['value'] = value
def verify(self, dummy=''): try: (timestamp, hmac) = self.local_parts[-1].split('.') try_hmac = Cookie.datemac(timestamp) if int(time.time()) > int(timestamp): raise ExpiredAddressError, "Dated address has expired." if try_hmac != hmac: raise BadCryptoError, "Invalid cryptographic tag." except ValueError: raise BadCryptoError, "Invalid cryptographic tag format."
def verify(self, dummy=''): parts = self.local_parts[-1].split('.') # Not necessary anymore, since '.', among other chars, is # replaced by '?' in Cookie.make_keywordmac(). keyword = '.'.join(parts[:-1]) if not keyword: raise BadCryptoError, "Invalid cryptographic tag format." hmac = parts[-1] try_hmac = Cookie.make_keywordmac(keyword) if try_hmac != hmac: raise BadCryptoError, "Invalid cryptographic tag."
def getConfirmAddress(self): if not self.confirm_accept_address: if self.recipient: import Cookie (timestamp, pid) = self.msgid.split('.') self.confirm_accept_address = Cookie.make_confirm_address( self.recipient, timestamp, pid, 'accept') else: return None return self.confirm_accept_address
def create(self, base, timestamp, pid, keyword='accept'): if Defaults.CONFIRM_ADDRESS: base = Defaults.CONFIRM_ADDRESS elif not base: base = self.base() self.keyword = keyword (dummy, local, domain) = _split(str(base)) cookie = Cookie.make_confirm_cookie(int(timestamp), pid, keyword) self.local_parts = [ local, Defaults.TAGS_CONFIRM[0].lower(), cookie ] tagged_local = Defaults.RECIPIENT_DELIMITER.join(self.local_parts) self.address = tagged_local + '@' + domain return self
def __ParseString(self, str, patt=Cookie._CookiePattern): i = 0 # Our starting point n = len(str) # Length of string M = None # current morsel while 0 <= i < n: # Start looking for a cookie match = patt.search(str, i) if not match: break # No more cookies K, V = match.group("key"), match.group("val") i = match.end(0) # Parse the key, value in case it's metainfo if K[0] == "$": # We ignore attributes which pertain to the cookie # mechanism as a whole. See RFC 2109. # (Does anyone care?) if M: M[K[1:]] = V elif K.lower() in Cookie.Morsel._reserved: if M: M[K] = Cookie._unquote(V) else: if not SIG_PATTERN.search(V): pass uval = Cookie._unquote(V) real_val = uval[:-SIG_LEN] try: sig = b64decode(uval[-SIG_LEN:]) except TypeError: # Incorrect padding raise BadSignatureError("Bad signature for cookie '%s'" % K) # TODO: use constant time string comparison if sig != hmac.new(self.key + K, real_val, sha256).digest(): raise BadSignatureError("Bad signature for cookie '%s'" % K) self._BaseCookie__set(K, real_val, V) M = self[K]
def _send_head(self): if self._new_session_uri!=None: import Cookie cookie = Cookie.SmartCookie() TTL = 3600*24*10000 # time to live in seconds (a long time) cookie['Redfoot_session'] = self._new_session_uri cookie['Redfoot_session']['path'] = "/" cookie['Redfoot_session']['Version'] = "1" cookie['Redfoot_session']['expires'] = Cookie._getdate(TTL) output = cookie.output() # Warning: Assuming there is only one header in output (name, value) = output.split(": ", 1) self.set_header(name, value)
def _send_head(self): self.write("%s %s %s\r\n" % ("HTTP/1.1", "200", "OK")) for key in self._header.keys(): self.write("%s: %s\r\n" % (key, self._header[key])) if self._new_session_uri!=None: import Cookie cookie = Cookie.SmartCookie() TTL = 3600*24*10000 # time to live in seconds (a long time) cookie['Redfoot_session'] = self._new_session_uri cookie['Redfoot_session']['path'] = "/" cookie['Redfoot_session']['Version'] = "1" cookie['Redfoot_session']['expires'] = Cookie._getdate(TTL) self.write(cookie.output()) self.write("\r\n")
def handle(self): """Make us really anonymous - nuke the cookie too.""" # log us out self.client.make_user_anonymous() # construct the logout cookie now = Cookie._getdate() self.client.additional_headers['Set-Cookie'] = \ '%s=deleted; Max-Age=0; expires=%s; Path=%s;' % ( self.client.cookie_name, now, self.client.cookie_path) # Let the user know what's going on self.client.ok_message.append(self._('You are logged out')) # reset client context to render tracker home page # instead of last viewed page (may be inaccessibe for anonymous) self.client.classname = None self.client.nodeid = None self.client.template = None
def release(self): """Release a message from the pending queue.""" import Cookie if Defaults.PENDING_RELEASE_APPEND: Util.append_to_file(self.append_address, Defaults.PENDING_RELEASE_APPEND) if Defaults.DB_PENDING_RELEASE_APPEND and Defaults.DB_CONNECTION: _username = Defaults.USERNAME.lower() _hostname = Defaults.HOSTNAME.lower() _recipient = _username + '@' + _hostname params = FilterParser.create_sql_params( recipient=_recipient, username=_username, hostname=_hostname, sender=self.append_address) Util.db_insert(Defaults.DB_CONNECTION, Defaults.DB_PENDING_RELEASE_APPEND, params) timestamp, pid = self.msgid.split('.') # Remove Return-Path: to avoid duplicates. del self.msgobj['return-path'] # Remove X-TMDA-Recipient: del self.msgobj['x-tmda-recipient'] # To avoid a mail loop on re-injection, prepend an ``Old-'' prefix # to all existing Delivered-To lines. Util.rename_headers(self.msgobj, 'Delivered-To', 'Old-Delivered-To') # Add an X-TMDA-Confirm-Done: field to the top of the header for # later verification. This includes a timestamp, pid, and HMAC. del self.msgobj['X-TMDA-Confirm-Done'] self.msgobj['X-TMDA-Confirm-Done'] = Cookie.make_confirm_cookie(timestamp, pid, 'done') # Add the date when confirmed in a header. del self.msgobj['X-TMDA-Released'] self.msgobj['X-TMDA-Released'] = Util.make_date() # For messages released via tmda-cgi, add the IP address and # browser info of the releaser for easier tracing. if os.environ.has_key('REMOTE_ADDR') and \ os.environ.has_key('HTTP_USER_AGENT'): cgi_header = "%s (%s)" % (os.environ.get('REMOTE_ADDR'), os.environ.get('HTTP_USER_AGENT')) del self.msgobj['X-TMDA-CGI'] self.msgobj['X-TMDA-CGI'] = cgi_header # Reinject the message to the original envelope recipient. Util.sendmail(self.show(), self.recipient, self.return_path)
def removeSession(self): ''' clears and removes any active session. ''' DEBUG(SESSIONHANDLER, "in removeSession()") self.getSession(0) try: sess=self.__userSession except AttributeError: pass else: if sess: sess.delete() del self.__userSession self.__sessionID=None sesskey=Configuration.SessionIDKey if self.requestCookie.has_key(sesskey): self.responseCookie[sesskey]="" self.responseCookie[sesskey]['expires']=Cookie._getdate(-10000000)
def cookie(self): c = Cookie.SimpleCookie() # XXX There is is a bug in the base class implementation fixed here c[self.cookie_name] = self.cookie_value().strip().replace('\n', '') for k, v in self.cookie_params.items(): if k not in ['path', 'expires']: c[self.cookie_name][k] = v # path and secure are handled differently to keep it consistent with # the base class API if not self.cookie_params.has_key('path'): c[self.cookie_name]['path'] = '/' else: c[self.cookie_name]['path'] = self.cookie_params['path'] if self.cookie_params.has_key('expires'): time = Cookie._getdate(float(self.cookie_params['expires'])) log.info(time) c[self.cookie_name]['expires'] = time if self.secure: c[self.cookie_name]['secure'] = 'true' return c
def deserialize(self, name, value, max_age=None): """Deserializes a signed cookie value. :param name: Cookie name. :param value: A cookie value to be deserialized. :param max_age: Maximum age in seconds for a valid cookie. If the cookie is older than this, returns None. :returns: The deserialized secure cookie, or None if it is not valid. """ if not value: return None # Unquote for old WebOb. value = Cookie._unquote(value) parts = value.split('|') if len(parts) != 3: return None signature = self._get_signature(name, parts[0], parts[1]) if not security.compare_hashes(parts[2], signature): logging.warning('Invalid cookie signature %r', value) return None if max_age is not None: if int(parts[1]) < self._get_timestamp() - max_age: logging.warning('Expired cookie %r', value) return None try: return self._decode(parts[0]) except Exception, e: logging.warning('Cookie value failed to be decoded: %r', parts[0]) return None
def _add_usertracking_cookie(conn, sessionDict): if Configuration.usertrackingOn: cookiename=Configuration.usertrackingCookieName if not _verify_cookie(conn, cookiename): f=Configuration.usertrackingGenUIDFunc if f is None: conn.responseCookie[cookiename]=uuid() else: conn.responseCookie[cookiename]=f(conn) morsel=conn.responseCookie[cookiename] for c, a in _config_attrs: if a=='expires': # special case if not Configuration.usertrackingExpiresAbsolute: v=getattr(Configuration, c) if v is not None: morsel[a]=Cookie._getdate(v) continue v=getattr(Configuration, c) if v is not None: morsel[a]=v DEBUG(USERTRACKING, str(morsel)) DEBUG(USERTRACKING, str(conn.responseCookie[cookiename]))
def get_static_file(path, dir=None, max_age=10): if not path: raise Http404NotFound if dir is None: dir = options.STATIC_DIR if dir is None: if pony.MAIN_DIR is None: raise Http404NotFound dir = os.path.join(pony.MAIN_DIR, 'static') for component in path: if not path_re.match(component): raise Http404NotFound fname = os.path.join(dir, *path) if not os.path.isfile(fname): if path == [ 'favicon.ico' ]: return get_static_file(path, pony_static_dir, 30*60) raise Http404NotFound method = local.request.method if method not in ('GET', 'HEAD'): raise Http405MethodNotAllowed ext = os.path.splitext(path[-1])[1] headers = local.response.headers headers['Content-Type'] = httputils.guess_type(ext) if max_age <= 60: headers['Expires'] = '0' else: headers['Expires'] = Cookie._getdate(max_age) headers['Cache-Control'] = 'max-age=%d' % max_age headers['Content-Length'] = str(os.path.getsize(fname)) if method == 'HEAD': return '' return file(fname, 'rb')
def loadPage(self, url, uri=None, method="GET", params=""): if not url: logging.error("Request URL undefined") tools.exitErr() if not url.startswith("http"): url = "https://" + url urlData = urlparse(url) if not uri: url = "%s://%s" (urlData.scheme, urlData.netloc) uri = urlData.path + '?' + urlData.query # prepare params, append to uri if params: params = urlencode(params) if method == "GET": uri += ('?' if uri.find('?') == -1 else '&') + params params = "" # insert local cookies in request headers = { "Cookie": '; '.join( [key + '=' + self.cookies[key] for key in self.cookies.keys()]) } if method == "POST": headers["Content-type"] = "application/x-www-form-urlencoded" if self._proxy is None or proxy_bypass(urlData.hostname): host = urlData.hostname port = urlData.port real_host = real_port = None else: host = self._proxy.hostname port = self._proxy.port real_host = urlData.hostname real_port = urlData.port logging.debug("Request URL: %s:/%s > %s # %s", url, uri, unquote(params), headers["Cookie"]) conn = httplib.HTTPSConnection(host, port) if real_host is not None: conn.set_tunnel(real_host, real_port, headers=self._proxy_auth) if config.DEBUG: conn.set_debuglevel(1) conn.request(method, url + uri, params, headers) response = conn.getresponse() data = response.read() conn.close() logging.debug("Response : %s > %s", response.status, response.getheaders()) result = tools.Struct(status=response.status, location=response.getheader('location', None), data=data) # update local cookies sk = Cookie.SimpleCookie(response.getheader("Set-Cookie", "")) for key in sk: self.cookies[key] = sk[key].value # delete cookies whose content is "deleteme" for key in self.cookies.keys(): if self.cookies[key] == "deleteme": del self.cookies[key] return result
def cookies(self): """Lazy creation of response cookies.""" if not hasattr(self, "_cookies"): self._cookies = Cookie.SimpleCookie() return self._cookies
def mainFunc(self, template_dict, url, user, page, mobile, title, ajax): #set cookies if 'cookies' in template_dict: logging.info("\n\n Setting cookies, %s \n" % str(template_dict['cookies'])) for cookie in template_dict['cookies']: c = Cookie.SimpleCookie() c[cookie[0]] = cookie[1] st = c.output() self.response.headers.add_header('Set-Cookie',cookie[0]+'='+cookie[1]+';') if 'redirect' in template_dict: logging.info("\n\n Redirecting to %s \n" % str(template_dict['redirect'])) self.redirect(template_dict['redirect']) return if 'image' in template_dict: self.response.headers['Content-Type'] = template_dict['content-type'] self.response.out.write(template_dict['image']) return """ #should we redirect if 'REDIRECT' in template_dict: logging.info("\n\n Redirecting to %s \n" % str(template_dict['REDIRECT'])) self.redirect(template_dict['REDIRECT']) elif 'IMG' in template_dict: self.redirect(template_dict['IMG']) else: """ if template_dict: #render appropriate template page = '' if 'filename' in template_dict: logging.info("\n\n RENDERING (%s) \n" % template_dict['filename']) page_template = jinja_env.get_template(template_dict['filename']) page = page_template.render(template_dict['vals']) # if ajax: # self.response.out.write(page) # return framework_template = jinja_env.get_template("header.html") framework_template_dict = {} framework_template_dict['vals'] = { 'title': title, 'titleHTML': title, 'image': '', 'url': url, 'description': '', 'loggedIn': (user!=None), 'name': user, 'element': page, 'mobile': mobile} framework_template_dict['vals']['content'] = page framework_page = framework_template.render(framework_template_dict['vals']) #send reponse self.response.out.write(framework_page) return else: logging.info("\n\n OMG HOLY SHIT NO TEMPLATE DICT \n")
def cookie_encode(self, val): strval = str(val) strval += ' ' * (8 - len(strval) % 8) return Cookie._quote(self.cipher.encrypt(strval))
def test_1_sign_in(self): self.cookie_string = 'Cookie: __utma=217959684.178461911.1286034407.1286034407.1286178542.2; __utmz=217959684.1286178542.2.2.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=coi%20london; DRXtrArgs=James+Gardner; DRXtrArgs2=3e174e7f1e1d3fab5ca138c0a023e13a; SESS9854522e7c5dba5831db083c5372623c=4160a72a4d6831abec1ac57d7b5a59eb;"' assert not is_ckan_signed_in(self.cookie_string) app = MockApp() app_conf = None self.middleware = AuthAPIMiddleware(app, app_conf) # (the drupal client defaults to mock drupal instance) # make request with the Drupal cookie self.mock_auth_tkt = MockAuthTkt() environ = {'HTTP_COOKIE': self.cookie_string, 'repoze.who.plugins': {'auth_tkt': self.mock_auth_tkt}} start_response = mock_start_response self.res = self.middleware(environ, start_response) # check environ has Drupal user info assert isinstance(self.res, MockApp) assert_equal(len(self.res.calls), 1) environ = self.res.calls[0][0] assert_equal(environ['drupal.uid'], '62') assert_equal(environ['drupal.publishers']['1'], 'National Health Service') assert len(environ['drupal.publishers']) > 5, environ['drupal.publishers'] assert_equal(environ['drupal.name'], 'testname') # check the ckan user was created user = model.User.by_name(u'62') assert user assert_equal(user.fullname, u'testname') # check environ's HTTP_COOKIE has CKAN user info for the app to use cookies = Cookie.SimpleCookie() cookies.load(environ['HTTP_COOKIE']) assert_equal(cookies['ckan_user'].value, '62') assert_equal(cookies['ckan_display_name'].value, 'testname') assert_equal(cookies['ckan_apikey'].value, user.apikey) # check response has Set-Cookie instructions which tell the browser # to store for the future start_response = self.res.calls[0][1] status, headers, exc_info = (1, [], None) res = start_response(status, headers, exc_info) headers = res[1] assert_equal(headers, [('Set-Cookie', 'bob=ab48fe; Path=/;'), ('Set-Cookie', 'ckan_apikey="%s"; Path=/;' % user.apikey), ('Set-Cookie', 'ckan_display_name="testname"; Path=/;'), ('Set-Cookie', 'ckan_user="******"; Path=/;'), ('Existing_header', 'existing_header_value;')]) # check auth_tkt was told to remember the Drupal user info assert_equal(len(self.mock_auth_tkt.remembered), 1) assert_equal(len(self.mock_auth_tkt.remembered[0]), 2) auth = self.mock_auth_tkt.remembered[0][0] # {'drupal.name': 'testname', # 'HTTP_COOKIE': 'ckan_apikey="4adaefba-b307-408c-a14a-c6a49c9e9965"; ckan_display_name="testname"; ckan_user="******"', # 'drupal.uid': '62', # 'drupal.publishers': {'1': 'National Health Service', '3': 'Department for Education', '2': 'Ealing PCT', '5': 'Department for Business, Innovation and Skills', '4': 'Department of Energy and Climate Change', '6': 'Department for Communities and Local Government'}, # 'repoze.who.plugins': {'auth_tkt': <ckanext.dgu.tests.test_middleware.MockAuthTkt instance at 0xa4cdfec>}} auth_keys = set(auth.keys()) expected_keys = set(('drupal.name', 'drupal.uid', 'drupal.publishers', 'HTTP_COOKIE')) missing_keys = expected_keys - auth_keys assert not missing_keys, missing_keys assert_equal(auth['drupal.name'], 'testname') assert_equal(auth['drupal.uid'], '62') assert len(environ['drupal.publishers']) > 5, environ['drupal.publishers'] assert_equal(auth['drupal.publishers']['1'], 'National Health Service') assert_equal(auth['HTTP_COOKIE'], 'ckan_apikey="%s"; ckan_display_name="testname"; ckan_user="******"' % user.apikey)
def invalidate(self): c = self.make_cookie() c.expires = 0 Cookie.add_cookie(self._req, c) self.delete() self._invalid = 1
def new_websocket_client(self): """Called after a new WebSocket connection has been established.""" # Reopen the eventlet hub to make sure we don't share an epoll # fd with parent and/or siblings, which would be bad from eventlet import hubs hubs.use_hub() # The nova expected behavior is to have token # passed to the method GET of the request query = urlparse.urlparse(self.path).query token = urlparse.parse_qs(query).get("token", [""]).pop() if not token: # NoVNC uses it's own convention that forward token # from the request to a cookie header, we should check # also for this behavior hcookie = self.headers.getheader('cookie') if hcookie: cookie = Cookie.SimpleCookie() cookie.load(hcookie) if 'token' in cookie: token = cookie['token'].value ctxt = context.get_admin_context() rpcapi = consoleauth_rpcapi.ConsoleAuthAPI() connect_info = rpcapi.check_token(ctxt, token=token) if not connect_info: raise exception.InvalidToken(token=token) self.msg(_('connect info: %s'), str(connect_info)) host = connect_info['host'] port = int(connect_info['port']) # Connect to the target self.msg( _("connecting to: %(host)s:%(port)s") % { 'host': host, 'port': port }) tsock = self.socket(host, port, connect=True) # Handshake as necessary if connect_info.get('internal_access_path'): tsock.send("CONNECT %s HTTP/1.1\r\n\r\n" % connect_info['internal_access_path']) while True: data = tsock.recv(4096, socket.MSG_PEEK) if data.find("\r\n\r\n") != -1: if data.split("\r\n")[0].find("200") == -1: raise exception.InvalidConnectionInfo() tsock.recv(len(data)) break # Start proxying try: self.do_proxy(tsock) except Exception: if tsock: tsock.shutdown(socket.SHUT_RDWR) tsock.close() self.vmsg( _("%(host)s:%(port)s: Target closed") % { 'host': host, 'port': port }) raise
def deleteCookie(): aCookie = Cookie.SimpleCookie(cookie_string) aCookie['name']['expires'] = 'Thu, 01 Jan 1970 00:00:00 GMT' aCookie['current_time']['expires'] = 'Thu, 01 Jan 1970 00:00:00 GMT' aCookie['sessionID']['expires'] = 'Thu, 01 Jan 1970 00:00:00 GMT' print aCookie
def __init__(self, cookie_path=settings.session["DEFAULT_COOKIE_PATH"], cookie_domain=settings.session["DEFAULT_COOKIE_DOMAIN"], cookie_name=settings.session["COOKIE_NAME"], session_expire_time=settings.session["SESSION_EXPIRE_TIME"], clean_check_percent=settings.session["CLEAN_CHECK_PERCENT"], integrate_flash=settings.session["INTEGRATE_FLASH"], check_ip=settings.session["CHECK_IP"], check_user_agent=settings.session["CHECK_USER_AGENT"], set_cookie_expires=settings.session["SET_COOKIE_EXPIRES"], session_token_ttl=settings.session["SESSION_TOKEN_TTL"], last_activity_update=settings.session["UPDATE_LAST_ACTIVITY"], writer=settings.session["WRITER"]): """ Initializer Args: cookie_path: The path setting for the cookie. cookie_domain: The domain setting for the cookie. (Set to False to not use) cookie_name: The name for the session cookie stored in the browser. session_expire_time: The amount of time between requests before the session expires. clean_check_percent: The percentage of requests the will fire off a cleaning routine that deletes stale session data. integrate_flash: If appengine-utilities flash utility should be integrated into the session object. check_ip: If browser IP should be used for session validation check_user_agent: If the browser user agent should be used for sessoin validation. set_cookie_expires: True adds an expires field to the cookie so it saves even if the browser is closed. session_token_ttl: Number of sessions a session token is valid for before it should be regenerated. """ self.cookie_path = cookie_path self.cookie_domain = cookie_domain self.cookie_name = cookie_name self.session_expire_time = session_expire_time self.integrate_flash = integrate_flash self.check_user_agent = check_user_agent self.check_ip = check_ip self.set_cookie_expires = set_cookie_expires self.session_token_ttl = session_token_ttl self.last_activity_update = last_activity_update self.writer = writer # make sure the page is not cached in the browser print self.no_cache_headers() # Check the cookie and, if necessary, create a new one. self.cache = {} string_cookie = os.environ.get(u"HTTP_COOKIE", u"") self.cookie = Cookie.SimpleCookie() self.output_cookie = Cookie.SimpleCookie() if string_cookie == "": self.cookie_vals = {} else: self.cookie.load(string_cookie) try: self.cookie_vals = \ simplejson.loads(self.cookie["%s_data" % (self.cookie_name)].value) # sync self.cache and self.cookie_vals which will make those # values available for all gets immediately. for k in self.cookie_vals: self.cache[k] = self.cookie_vals[k] # sync the input cookie with the output cookie self.output_cookie["%s_data" % (self.cookie_name)] = \ simplejson.dumps(self.cookie_vals) #self.cookie["%s_data" % (self.cookie_name)] except Exception, e: self.cookie_vals = {}
class TaizhanFace: """ aizhan http接口类 """ aHost = '' cc = '' UserAgent = "Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1) ; .NET CLR 2.0.50727; InfoPath.2)" cookie = Cookie.SimpleCookie() sim = SimHttp.SimBrowser(cookie) def __init__(self, aHost=''): """ aHost 网站主域名 """ self.aHost = aHost def getwebinfo(self): '''返回 ip,页内连接,三月排名,ip访问,pv访问,网页标题,网页关键字,网页描述,pr,电信访问速度,联通访问速度''' aUrl = 'http://www.aizhan.com/siteall/' + self.aHost header = { 'User-Agent': self.UserAgent } res, content = self.sim.request(aUrl, 'GET', headers=header, follow_redirects=True) content = content.decode('utf-8') self.cc = gethtmltagval(content, "key_domain =", "'", "'") aIP = gethtmltagval(content, "var url_ip =", "'", "'") seoOutlink = gethtmltagval(content, 'id="seo_link"', u'出站链接:', u'个') seoInlink = gethtmltagval(content, 'id="seo_link"', u'首页内链:', u'个') aveThree = gethtmltagval(content, 'id="alexa_3months"', '>', '</') aALEXAIP = gethtmltagval(content, 'id="alexa_IPPV">IP', '; ', 'PV') aALEXAUV = gethtmltagval(content, 'id="alexa_IPPV"', 'PV≈', '</') webtitle = gethtmltagval(content, 'id="webpage_title">', '', '</td>') # 网站标题 webkeys = gethtmltagval(content, 'id="webpage_keywords">', '', '</td>') # 网站关键词 webdesc = gethtmltagval(content, 'id="webpage_description">', '', '</td>') # 网站描述 aPr = gethtmltagval(content, 'images/pr/pr', '', '.gif') # Pr查询 adianxiRun = gethtmltagval(content, u'电信响应:', '', '&n') aliantongRun = gethtmltagval(content, u'联通响应:', '', '"') return [ aIP, seoInlink, aveThree, aALEXAIP, aALEXAUV, webtitle, webkeys, webdesc, aPr, adianxiRun, aliantongRun ] def getbaiduip(self): timestr = getjstimestr(time.time())[0:9] aUrl = 'http://www.aizhan.com/getbrinfo.php?url=' + self.aHost + '&_' + timestr print aUrl header = { 'User-Agent': self.UserAgent } res, content = self.sim.request(aUrl, 'GET', headers=header, follow_redirects=True) content = content.decode('utf-8') return [gethtmltagval(content, 'baidu_ip', '"', '"')] def getoutlink(self): # 获取外链个数 timestr = getjstimestr(time.time())[0:9] aUrl = 'http://www.aizhan.com/ajaxAction/backlink1.php?domain=' + self.aHost + '&rn=' + timestr + '&cc=' + self.cc print aUrl header = { 'User-Agent': self.UserAgent } res, content = self.sim.request(aUrl, 'GET', headers=header, follow_redirects=True) return [content] def getSeverInfo(self): timestr = getjstimestr(time.time())[0:9] aUrl = 'http://www.aizhan.com/ajaxAction/dns.php?domain=' + self.aHost + '&rn=' + timestr + '&cc=' + self.cc print aUrl header = { 'User-Agent': self.UserAgent } res, content = self.sim.request(aUrl, 'GET', headers=header, follow_redirects=True) address = gethtmltagval(content, '"address":"', '', '"') WebNum = gethtmltagval(content, '"num":"', '', '"') return address, WebNum #服务器所在地,运行几个网站 def getshoulu(self): # 获取收录 timestr = getjstimestr(time.time())[0:9] aUrl = 'http://www.aizhan.com/ajaxAction/shoulu1.php?domain=' + self.aHost + '&rn=' + timestr + '&cc=' + self.cc print aUrl header = { 'User-Agent': self.UserAgent } res, content = self.sim.request(aUrl, 'GET', headers=header, follow_redirects=True) #content = {"baidu":"61,900,000","aagoogle":"100000"} print content return gethtmltagval(content, 'baidu":"', '', '"'), gethtmltagval(content, 'google":"', '', '"') def getshoululink(self): # 获取反向链接 timestr = getjstimestr(time.time())[0:9] aUrl = 'http://www.aizhan.com/ajaxAction/shoulu2.php?domain=' + self.aHost + '&rn=' + timestr + '&cc=' + self.cc print aUrl header = { 'User-Agent': self.UserAgent } res, content = self.sim.request(aUrl, 'GET', headers=header, follow_redirects=True) #{"baidu_r":"100,000,000","google_r":"9,350"} print content return gethtmltagval(content, 'baidu_r":"', '', '"'), gethtmltagval(content, 'google_r":"', '', '"')
#C.load("chips=ahoy; vienna=finger") # load from a string (HTTP header) # Ca va etre un parametre CGI qui servira de clef dans les cookies, # pour se reconnecter a chaque fois. cgi_url = "http://192.168.1.83:5988" url_parsed = urlparse(cgi_url) wbem_host=url_parsed.hostname # If port is empty, sets a default value. wbem_port=url_parsed.port in [ None, "" ] try: cookie_string=os.environ.get('HTTP_COOKIE') cook=cookies.SimpleCookie() cook.load(cookie_string) cookieCounter = int(cook["cookie_counter"].value) except Exception: cookieCounter = 0 C = cookies.SimpleCookie() C["fig"] = "newton" C["sugar"] = "wafer" C["Gling"] = "Glong" C["rocky"] = "road" C["rocky"]["path"] = "/cookie" C['raspberrypi']='ValRasp'
def main(): resHTML = '<h2>That resource does not exist</h2>' resHistory = '' useCookies = 1 linkappend = '' logged_state = 0 currentUser = '' galaxy = '' spawnName = '' spawnID = 0 uiTheme = '' galaxyState = 0 userReputation = 0 # Get current url try: url = os.environ['SCRIPT_NAME'] except KeyError: url = '' form = cgi.FieldStorage() # Get Cookies cookies = Cookie.SimpleCookie() try: cookies.load(os.environ['HTTP_COOKIE']) except KeyError: useCookies = 0 if useCookies: try: currentUser = cookies['userID'].value except KeyError: currentUser = '' try: loginResult = cookies['loginAttempt'].value except KeyError: loginResult = 'success' try: sid = cookies['gh_sid'].value except KeyError: sid = form.getfirst('gh_sid', '') try: uiTheme = cookies['uiTheme'].value except KeyError: uiTheme = '' else: loginResult = form.getfirst('loginAttempt', '') sid = form.getfirst('gh_sid', '') # escape input to prevent sql injection sid = dbShared.dbInsertSafe(sid) # Get a session if loginResult == None: loginResult = 'success' sess = dbSession.getSession(sid) if (sess != ''): logged_state = 1 currentUser = sess if (uiTheme == ''): uiTheme = dbShared.getUserAttr(currentUser, 'themeName') if (useCookies == 0): linkappend = 'gh_sid=' + sid else: if (uiTheme == ''): uiTheme = 'crafter' path = [''] if os.environ.has_key('PATH_INFO'): path = os.environ['PATH_INFO'].split('/')[1:] path = [p for p in path if p != ''] if len(path) > 1: galaxy = dbShared.dbInsertSafe(path[0]) spawnName = dbShared.dbInsertSafe(path[1]) if galaxy != '': conn = dbShared.ghConn() spawn = getResource(conn, logged_state, currentUser, None, galaxy, spawnName) if spawn != None: spawnID = spawn.spawnID galaxyState = dbShared.galaxyState(spawn.spawnGalaxy) # Only show update tools if user logged in and has positive reputation stats = dbShared.getUserStats(currentUser, galaxy).split(",") userReputation = int(stats[2]) if logged_state > 0 and galaxyState == 1: controlsUser = currentUser else: controlsUser = '' resHTML = spawn.getHTML(0, "", controlsUser, userReputation) resHistory = getResourceHistory(conn, spawn.spawnID) conn.close() else: resHTML = '<h2>No Galaxy/Resource name given</h2>' else: resHTML = '<h2>No Galaxy/Resource name given</h2>' pictureName = dbShared.getUserAttr(currentUser, 'pictureName') print 'Content-type: text/html\n' env = Environment(loader=FileSystemLoader('templates')) env.globals['BASE_SCRIPT_URL'] = ghShared.BASE_SCRIPT_URL env.globals['MOBILE_PLATFORM'] = ghShared.getMobilePlatform(os.environ['HTTP_USER_AGENT']) template = env.get_template('resource.html') print template.render(uiTheme=uiTheme, loggedin=logged_state, currentUser=currentUser, loginResult=loginResult, linkappend=linkappend, url=url, pictureName=pictureName, imgNum=ghShared.imgNum, galaxyList=ghLists.getGalaxyList(), spawnName=spawnName, resHTML=resHTML, resHistory=resHistory, showAdmin=(userReputation >= ghShared.MIN_REP_VALS['EDIT_RESOURCE_GALAXY_NAME']), spawnID=spawnID, spawnGalaxy=galaxy)
def __init__(self, params={}): """ Initialize a new Session object.""" self.logger = get_logger() # these are our session attributes. Declare them all here self.params = params self.session = None self.Settlement = None self.User = None # we're not processing params yet, but if we have a log out request, we # do it here, while we're initializing a new session object. if "remove_session" in self.params: user = mdb.users.find_one({"current_session": ObjectId(self.params["remove_session"].value)}) if user is not None: self.User = assets.User(user_id=user["_id"], session_object={"_id": 0}) self.User.mark_usage("signed out") if 'login' in self.params: admin.remove_session(self.params["remove_session"].value, self.params["login"].value) else: admin.remove_session(self.params["remove_session"].value, "webapp_error") # ok, if this is a recovery request, let's try to do that if 'recovery_code' in self.params: self.logger.info("Password Recovery Code sign-in initiated!") user = mdb.users.find_one({'recovery_code': self.params["recovery_code"].value}) if user is None: self.logger.info("Password Recovery Code not found (possibly expired). Aborting attempt.") else: self.logger.info("Rendering Password Recovery controls for '%s'" % user["login"]) login.render("reset", user["login"], self.params['recovery_code'].value) # try to retrieve a session and other session attributes from mdb using # the browser cookie self.cookie = Cookie.SimpleCookie(os.environ.get("HTTP_COOKIE")) creds_present = False if 'login' in self.params and 'password' in self.params: creds_present = True def sign_in(creds=()): """ Private DRYness method for quickly logging in with params. """ if 'login' in self.params and 'password' in self.params: A = login.AuthObject(self.params) A.authenticate_and_render_view() if self.cookie is None and creds_present: sign_in() elif self.cookie is not None and "session" in self.cookie.keys(): session_id = ObjectId(self.cookie["session"].value) self.session = mdb.sessions.find_one({"_id": session_id}) if self.session is not None: user_object = mdb.users.find_one({"current_session": session_id}) self.User = assets.User(user_object["_id"], session_object=self) elif self.session is None: sign_in() elif self.cookie is not None and 'Session' not in self.cookie.keys() and creds_present: sign_in() else: self.logger.error("Error attempting to process cookie!") self.logger.error(self.cookie) if self.session is not None: if not api.check_token(self): # self.logger.debug("JWT Token expired! Attempting to refresh...") r = api.refresh_jwt_token(self) if r.status_code == 401: self.log_out() self.session = None
f.close() cgitb.enable() form = cgi.FieldStorage() new_message = form['stuff'].value clear = form['clear'].value conn = sqlite3.connect('/home2/mmullock/public_html/lindyfiles/lindyfiles.db') cur = conn.cursor() cookie_string = os.environ.get('HTTP_COOKIE') if not cookie_string: do_err() try: ck = Cookie.SimpleCookie(cookie_string) sessid = ck['sessid'].value cur.execute("SELECT email FROM users WHERE sessid = ?", (sessid, )) results = cur.fetchone() email = results[0] except: do_err() if clear: clear() else: add_msg(new_message, email) s = '' with open("message_board.txt", "r+") as f: for line in f:
#! /usr/bin/env python import cgi import cgitb import time import os import Cookie import mysql.connector from mysql.connector import errorcode if 'HTTP_COOKIE' in os.environ: cookie_string = os.environ.get('HTTP_COOKIE') cookie = Cookie.SimpleCookie() cookie.load(cookie_string) try: username = cookie['user'].value cookie_flag = 1 except KeyError: cookie_flag = 0 cgitb.enable() form = cgi.FieldStorage() db = conn.connect(user='******', password='', host='localhost', port='3306', database='webinstagram') cursor = db.cursor() header = """Content-type:text/html\n\n <!DOCTYPE html> <html lang='en'> <head> <meta charset='utf-8'/> <title>web instagram</title>
import os import sys import cgi import Cookie import hashlib import time import MySQLdb import dbSession import dbShared import urllib import datetime sys.path.append("../") import dbInfo cookies = Cookie.SimpleCookie() useCookies = 1 result = '' linkappend = '' exactUser = '' newhashDate = datetime.datetime(2016, 05, 16, 20, 30) try: cookies.load(os.environ['HTTP_COOKIE']) except KeyError: useCookies = 0 form = cgi.FieldStorage() src_url = form.getfirst('src_url') sid = form.getfirst('gh_sid')
#!/usr/bin/python import Cookie import MySQLdb as mariadb import os print "Content-type: text/html" print "" mariadb_connection =mariadb.connect(user='******', passwd='redhat') cursor = mariadb_connection.cursor() cursor.execute("use lk") b=[] try: cookie = Cookie.SimpleCookie(os.environ["HTTP_COOKIE"]) a=cookie["TechNextadmin"].value cursor.execute("select SRNO from ADMINCOOKIE") mariadb_connection.commit() for SRNO in cursor: b=SRNO if(b[0] == a): cursor.execute("select TIME from ADMINCOOKIE where SRNO=%s",(a)) mariadb_connection.commit() for TIME in cursor: b=TIME time=b[0] except(Cookie.CookieError, KeyError): mariadb_connection.close() print "location:http://192.168.43.98/login.html?q=sucess" print "" print """<!DOCTYPE html> <html>
def GET(target, referer, post_params=None, accept_redirect=True, get_redirect_url=False, siteUrl='www.2KinoPoisk.ru'): try: connection = httplib.HTTPConnection(siteUrl) if post_params == None: method = 'GET' post = None else: method = 'POST' post = post_params #try:post = urllib.urlencode(post_params) #except: post = urllib.quote_plus(post_params) headers['Content-Type'] = 'application/x-www-form-urlencoded' sid_file = os.path.join(xbmc.translatePath('special://temp/'), '2kp.cookies.sid') if os.path.isfile(sid_file): fh = open(sid_file, 'r') csid = fh.read() fh.close() headers['Cookie'] = 'session=%s' % csid headers['Referer'] = referer connection.request(method, target, post, headers=headers) response = connection.getresponse() if response.status == 403: raise Exception("Forbidden, check credentials") if response.status == 404: raise Exception("File not found") if accept_redirect and response.status in (301, 302): target = response.getheader('location', '') if target.find("://") < 0: target = httpSiteUrl + target if get_redirect_url: return target else: return GET(target, referer, post_params, False) try: sc = Cookie.SimpleCookie() sc.load(response.msg.getheader('Set-Cookie')) fh = open(sid_file, 'w') fh.write(sc['session'].value) fh.close() except: pass if get_redirect_url: return False else: http = response.read() return http except Exception, e: showMessage('Error', e, 5000) return None
#!/usr/bin/python import cgi from pprint import pprint as pp import cgitb; cgitb.enable() # for troubleshooting import Cookie import os import pickle import random,datetime form = cgi.FieldStorage() name = form.getvalue('name') c = Cookie.SimpleCookie() c['username']=name c['session'] = random.randint(1,1000000000) expiration = datetime.datetime.now() + datetime.timedelta(days=30) c['session']['expires']=expiration.strftime("%a, %d-%b-%Y %H:%M:%S PST") print c from templates import new_rememberer print new_rememberer
} </script> </body> </html>''' logueado = False lista_usuarios = ["admin", "JaAViEr"] #Usuarios lista_passwords = ["root", "toor"] # Contraseñas method = os.environ['REQUEST_METHOD'] lectura_cookies = os.environ.get('HTTP_COOKIE') if lectura_cookies: valores_cookie = Cookie.SimpleCookie(lectura_cookies) session_actual = valores_cookie[ 'sess'].value # session_actual = cookie "sess" if session_actual != "false": for a, b in zip(lista_usuarios, lista_passwords): session_temporal = a + b session_temporal = md5.md5(session_temporal).hexdigest() if session_actual == session_temporal: logueado = True # Login coincide break
def main(): if cookie_string: aCookie = Cookie.SimpleCookie(cookie_string) user = aCookie['name'].value print "Content-type: text/html" print print "<html><head><title>Settings</title>" # following code block is from jqueryui.com/tabs print """<head> <meta charset="utf-8"> <link rel="stylesheet" href="http://elin9.rochestercs.org/experimenting/setting.css"> <script src="//code.jquery.com/jquery-1.10.2.js"></script> <script src="//code.jquery.com/ui/1.11.2/jquery-ui.js"></script> <script src="http://elin9.rochestercs.org/jquery.cookie.js"></script> <link rel="stylesheet" href="/resources/demos/style.css"> <script> $(function() { $("#tabs").tabs(); }); </script> </head>""" print '<script type="text/javascript">' print """ $(document).ready(function() { var list=""; console.log("Loaded!"); if ($.cookie("name") != undefined) { $("#right").append("Hi, " + $.cookie("name") + "!<br>"); $("#right").append("You are logged in.<br>"); } $("#tabs-1-posts").load("printUserPost.py", function(){ $(this).find($('.check')).each(function(){ $(this).click(function(){ if($(this).is(':checked')){ list+=$(this).val()+", "; console.log("this"+$(this).val()); }else{ if (list.toLowerCase().indexOf($(this).val()+", ") >= 0){ list=list.replace($(this).val()+", ", ''); } } }); }); }); $('#dle').click(function(){ user = $('input[name="sid"]').val(); var r = confirm("You are about to delete: "+ list); if(r==true){ $.post('/cgi-bin/deletePost.py', {list: list, user: user}, function(data){ console.log("success "+data); $("#tabs-1-posts").load("printUserPost.py"); }); } else{ alert('The delete is canceled, nothing is deleted'); } }); });""" print '</script>' print '<body>' print '<div id="header"><div id ="banner" style = "z-index:1;">' print '<?php include("http://elin9.rochestercs.org/remove.php"); ?>' print '<a href = "http://elin9.rochestercs.org/cgi-bin/index.php"><img src="http://elin9.rochestercs.org/img/bann.png"/></a></div>' print '<div id = "loginbox">' print "<form style = \"display: inline;\"method = post action = \"http://elin9.rochestercs.org/cgi-bin/logout.py\">" print "<input type = hidden name = \"sid\" value = " + str(user) + ">" print "<input type=submit name = \"logout\" value = \"Logout\"></form>" print "</div></div>" print '<div id="right" class="column"></div>' print """<div id="tabs"> <ul> <li><a href="#tabs-1">Your Textbooks</a></li> <li><a href="#tabs-2">Change Your Email Address</a></li> <li><a href="#tabs-3">Change Your Password</a></li> <li><a href="#tabs-4">Delete Your Account</a></li> </ul> <div id="tabs-1"> <button id="dle">Delete</button> <!--<input id="selectAll" type="checkbox" value="SelectAll">SelectAll--> <div id="tabs-1-posts"></div> </div> <div id="tabs-2">""" changeEmailForm() print " </div>" print " <div id=\"tabs-3\">" changePasswordForm() print " </div>" print " <div id=\"tabs-4\">" deleteAccountForm() print """ </div> </div> </body></html>""" else: print "Content-type: text/html" print print "<html><head><title>Settings</title></head><body>" print 'Please return to <a href = "http://elin9.rochestercs.org/cgi-bin/index.php">home</a> and login.' print "</body></html>"
def __init__(self, req, sid=None, secret=None, lock=1, timeout=0): self._req, self._sid, self._secret = req, sid, secret self._lock = lock self._new = 1 self._created = 0 self._accessed = 0 self._timeout = 0 self._locked = 0 self._invalid = 0 dict.__init__(self) config = req.get_options() if "mod_python.session.cookie_name" in config: session_cookie_name = config.get("mod_python.session.cookie_name", COOKIE_NAME) else: # For backwards compatability with versions # of mod_python prior to 3.3. session_cookie_name = config.get("session_cookie_name", COOKIE_NAME) if not self._sid: # check to see if cookie exists if secret: cookie = Cookie.get_cookie(req, session_cookie_name, Class=Cookie.SignedCookie, secret=self._secret, mismatch=Cookie.Cookie.IGNORE) else: cookie = Cookie.get_cookie(req, session_cookie_name) if cookie: self._sid = cookie.value if self._sid: if not _check_sid(self._sid): if sid: # Supplied explicitly by user of the class, # raise an exception and make the user code # deal with it. raise ValueError("Invalid Session ID: sid=%s" % sid) else: # Derived from the cookie sent by browser, # wipe it out so it gets replaced with a # correct value. self._sid = None self.init_lock() if self._sid: # attempt to load ourselves self.lock() if self.load(): self._new = 0 if self._new: # make a new session if self._sid: self.unlock() # unlock old sid self._sid = _new_sid(self._req) self.lock() # lock new sid Cookie.add_cookie(self._req, self.make_cookie()) self._created = time.time() if timeout: self._timeout = timeout else: self._timeout = DFT_TIMEOUT self._accessed = time.time() # need cleanup? if random.randint(1, CLEANUP_CHANCE) == 1: self.cleanup()
def main(): resHTML = '<h2>That resource type does not exist</h2>' resHistory = '' useCookies = 1 linkappend = '' logged_state = 0 currentUser = '' typeGroup = 'type' typeID = '' typeName = '' uiTheme = '' # Get current url try: url = os.environ['SCRIPT_NAME'] except KeyError: url = '' form = cgi.FieldStorage() # Get Cookies cookies = Cookie.SimpleCookie() try: cookies.load(os.environ['HTTP_COOKIE']) except KeyError: useCookies = 0 if useCookies: try: currentUser = cookies['userID'].value except KeyError: currentUser = '' try: loginResult = cookies['loginAttempt'].value except KeyError: loginResult = 'success' try: sid = cookies['gh_sid'].value except KeyError: sid = form.getfirst('gh_sid', '') try: uiTheme = cookies['uiTheme'].value except KeyError: uiTheme = '' try: galaxy = cookies['galaxy'].value except KeyError: galaxy = form.getfirst('galaxy', ghShared.DEFAULT_GALAXY) else: loginResult = form.getfirst('loginAttempt', '') sid = form.getfirst('gh_sid', '') galaxy = form.getfirst('galaxy', ghShared.DEFAULT_GALAXY) # escape input to prevent sql injection sid = dbShared.dbInsertSafe(sid) # Get a session if loginResult == None: loginResult = 'success' sess = dbSession.getSession(sid) if (sess != ''): logged_state = 1 currentUser = sess if (uiTheme == ''): uiTheme = dbShared.getUserAttr(currentUser, 'themeName') if (useCookies == 0): linkappend = 'gh_sid=' + sid else: if (uiTheme == ''): uiTheme = 'crafter' path = [''] if os.environ.has_key('PATH_INFO'): path = os.environ['PATH_INFO'].split('/')[1:] path = [p for p in path if p != ''] if path[0] != '': typeID = dbShared.dbInsertSafe(path[0]) try: conn = dbShared.ghConn() cursor = conn.cursor() except Exception: errorstr = "Error: could not connect to database" if (cursor): cursor.execute( 'SELECT resourceTypeName, rg1.groupName, rg2.groupName, rt.containerType, CRmin, CRmax, CDmin, CDmax, DRmin, DRmax, FLmin, FLmax, HRmin, HRmax, MAmin, MAmax, PEmin, PEmax, OQmin, OQmax, SRmin, SRmax, UTmin, UTmax, ERmin, ERmax, rt.resourceCategory, rt.resourceGroup FROM tResourceType rt INNER JOIN tResourceGroup rg1 ON rt.resourceCategory = rg1.resourceGroup INNER JOIN tResourceGroup rg2 ON rt.resourceGroup = rg2.resourceGroup WHERE resourceType="' + typeID + '";') row = cursor.fetchone() if (row != None): typeName = row[0] else: # look up group info if not found as a type typeGroup = 'group' cursor.execute( 'SELECT groupName, (SELECT rg.groupName FROM tResourceGroupCategory rgc INNER JOIN tResourceGroup rg ON rgc.resourceCategory = rg.resourceGroup WHERE rgc.resourceGroup=tResourceGroup.resourceGroup AND rg.groupLevel = tResourceGroup.groupLevel -1) AS resCat, "" AS resourceGroup, Max(tResourceType.containerType) AS contType, Min(CRmin), Max(CRmax), Min(CDmin), Max(CDmax), Min(DRmin), Max(DRmax), Min(FLmin), Max(FLmax), Min(HRmin), Max(HRmax), Min(MAmin), Max(MAmax), Min(PEmin), Max(PEmax), Min(OQmin), Max(OQmax), Min(SRmin), Max(SRmax), Min(UTmin), Max(UTmax), Min(ERmin), Max(ERmax), (SELECT rgc.resourceCategory FROM tResourceGroupCategory rgc INNER JOIN tResourceGroup rg ON rgc.resourceCategory = rg.resourceGroup WHERE rgc.resourceGroup=tResourceGroup.resourceGroup AND rg.groupLevel = tResourceGroup.groupLevel -1) AS catID FROM tResourceGroup, tResourceType WHERE tResourceGroup.resourceGroup="' + typeID + '" AND tResourceType.resourceType IN (SELECT resourceType FROM tResourceTypeGroup WHERE resourceGroup="' + typeID + '" GROUP BY resourceType);') row = cursor.fetchone() if (row != None): typeName = row[0] else: typeGroup = '' favHTML = '' if logged_state > 0: favCursor = conn.cursor() favSQL = ''.join(( 'SELECT itemID FROM tFavorites WHERE favType=2 AND userID="', currentUser, '" AND favGroup="', typeID, '" AND galaxy=', galaxy)) favCursor.execute(favSQL) favRow = favCursor.fetchone() if favRow != None: favHTML = ' <div class="inlineBlock" style="width:3%;float:left;"><a alt="Favorite" title="Favorite" style="cursor: pointer;" onclick="toggleFavorite(this, 2, \'' + typeID + '\', $(\'#galaxySel\').val());"><img src="/images/favorite16On.png" /></a></div>' else: favHTML = ' <div class="inlineBlock" style="width:3%;float:left;"><a alt="Favorite" title="Favorite" style="cursor: pointer;" onclick="toggleFavorite(this, 2, \'' + typeID + '\', $(\'#galaxySel\').val());"><img src="/images/favorite16Off.png" /></a></div>' favCursor.close() if typeName != '' and typeName != None: resHTML = '<div style="font-size:16px;font-weight:bold;">' + favHTML + typeName if row != None and row[3] != None: if row[1] != typeName: resHTML += '<div style="float:right;"><img src="/images/resources/' + row[ 3] + '.png" /></div></div>' else: resHTML += '</div>' # breadcrumb to resource type if not top level category if row[1] != typeName: resHTML += '<h3 style="margin-bottom:12px;">' if row[26] != 'resource': resHTML += '<a href="' + ghShared.BASE_SCRIPT_URL + 'resourceType.py/' + str( row[26]) + '">' + str(row[1]) + '</a>' else: resHTML += row[1] if typeGroup == 'type': resHTML += ' > <a href="' + ghShared.BASE_SCRIPT_URL + 'resourceType.py/' + row[ 27] + '">' + row[2] + '</a>' resHTML += ' > ' + typeName + '</h3>' # min/max stats table resHTML += '<table class="resAttr resourceStats"><tr>' resHTML += '<td><td class="header"><span>CR</span></td><td class="header"><span>CD</span></td><td class="header"><span>DR</span></td><td class="header"><span>FL</span></td><td class="header"><span>HR</span></td><td class="header"><span>MA</span></td><td class="header"><span>PE</span></td><td class="header"><span>OQ</span></td><td class="header"><span>SR</span></td><td class="header"><span>UT</span></td><td class="header"><span>ER</span></td></tr>' resHTML += '<tr><td class="header">Min</td><td>' + z2b( row[4] ) + '</td><td>' + z2b(row[6]) + '</td><td>' + z2b( row[8] ) + '</td><td>' + z2b(row[10]) + '</td><td>' + z2b( row[12]) + '</td><td>' + z2b( row[14]) + '</td><td>' + z2b( row[16]) + '</td><td>' + z2b( row[18]) + '</td><td>' + z2b( row[20]) + '</td><td>' + z2b( row[22]) + '</td><td>' + z2b( row[24]) + '</td></tr>' resHTML += '<tr><td class="header">Max</td><td>' + z2b( row[5] ) + '</td><td>' + z2b(row[7]) + '</td><td>' + z2b( row[9] ) + '</td><td>' + z2b(row[11]) + '</td><td>' + z2b( row[13]) + '</td><td>' + z2b( row[15]) + '</td><td>' + z2b( row[17]) + '</td><td>' + z2b( row[19]) + '</td><td>' + z2b( row[21]) + '</td><td>' + z2b( row[23]) + '</td><td>' + z2b( row[25]) + '</td></tr>' resHTML += '</table>' else: resHTML += '</div>' cursor.close() conn.close() else: resHTML = '<h1>Resource Type Groups</h1>' resHTML += '<div id="resTypeInfo">You have reached the resource type page. From here, you can browse to any resource type and view things like: best spawns, schematics, creatures, and min/max stats.</div>' creature = max([ typeID.find('bone_'), typeID.find('hide_'), typeID.find('meat_'), typeID.find('milk_') ]) if typeID == '': # Print the plain group list for pre-IE9 because it does not support rotate css tmpAgent = os.environ.get("HTTP_USER_AGENT", "unknown") if tmpAgent == 'unknown' or (tmpAgent.find("IE") > -1 and tmpAgent.find("MSIE 9.0") == -1): resTree = getResourceGroupsPlain() else: resTree = getResourceTree() else: resTree = '' pictureName = dbShared.getUserAttr(currentUser, 'pictureName') # Get reputation to determine editing abilities stats = dbShared.getUserStats(currentUser, galaxy).split(",") userReputation = int(stats[2]) print 'Content-type: text/html\n' env = Environment(loader=FileSystemLoader('templates')) env.globals['BASE_SCRIPT_URL'] = ghShared.BASE_SCRIPT_URL env.globals['MOBILE_PLATFORM'] = ghShared.getMobilePlatform( os.environ['HTTP_USER_AGENT']) template = env.get_template('resourcetype.html') print template.render( uiTheme=uiTheme, loggedin=logged_state, currentUser=currentUser, loginResult=loginResult, linkappend=linkappend, url=url, pictureName=pictureName, imgNum=ghShared.imgNum, galaxyList=ghLists.getGalaxyList(), typeGroup=typeGroup, typeID=typeID, resHTML=resHTML, creature=creature, resTree=resTree, editCreatures=(userReputation >= ghShared.MIN_REP_VALS['ADD_CREATURE']), resourceType=typeID)
def __init__(self, environ): # Field: headers " Get all `HTTP_{HEADER_NAME}` environ keys " self.headers = {} for k, v in environ.iteritems(): if k.startswith("HTTP_"): name = k[5:].lower().replace("_", "-") self.headers[name] = v # Field: params self.params = parse_qs(environ["QUERY_STRING"], keep_blank_values=1) content_type = environ.get("HTTP_CONTENT_TYPE", "") or environ.get("CONTENT_TYPE", "") if "wsgi.input" in environ: wsgi_input = environ["wsgi.input"] if content_type.startswith("multipart/form-data"): form = FieldStorage(fp=wsgi_input, environ=environ) for k in form.keys(): if isinstance(form[k], list): field = form[k][0] # only first item else: field = form[k] if not field.filename: self.params[k] = field.value else: self.params[k] = field else: params = parse_qs(wsgi_input.read(), keep_blank_values=1) self.params.update(params) # Field: method self.method = environ["REQUEST_METHOD"].upper() if self.method == "POST" and ":method" in self.params: method = self.params.get(":method") if isinstance(method, list): self.method = method[0].upper() else: self.method = method.upper() # Field: cookies cookie = Cookie.SimpleCookie() for c in environ.get("HTTP_COOKIE", "").split(";"): try: cookie.load(c.strip()) except Cookie.CookieError: info("Invalid cookie: %s" % c) self.cookies = dict(cookie.items()) # Field: is_xhr if environ.get("HTTP_X_REQUESTED_WITH", "") == "XMLHttpRequest": self.is_xhr = True else: self.is_xhr = False # Field: remote_addr self.remote_addr = environ.get("REMOTE_ADDR", None) # endfold " Example: http://foo.example.com:8000/path/page.html?x=y&z " # Field: scheme | http self.scheme = environ.get("wsgi.url_scheme", "http") # Field: host | foo.example.com:8000 self.host = ensure_unicode(environ.get("HTTP_HOST", "")) # Field: domain | foo.example.com self.domain = ensure_unicode(self.host.split(":", 1)[0]) # Field: port | 8000 if ":" in self.host: self.port = int(self.host.split(":")[1]) else: self.port = 80 # Field: query | x=y&z self.query = ensure_unicode(environ["QUERY_STRING"]) # Field: path | /path/page.html self.path = ensure_unicode(environ["PATH_INFO"]) # Field: path_query | /path/page.html?x=y&z self.path_query = self.path if self.query: self.path_query += "?%s" % self.query # Field: host_url | http://foo.example.com:8000/ self.host_url = u"%s://%s/" % (self.scheme, self.host) # Field: path_url | http://foo.example.com:8000/path/page.html self.path_url = u"%s://%s%s" % (self.scheme, self.host, self.path) # Field: url | http://foo.example.com:8000/path/page.html?x=y&z self.url = self.path_url if self.query: self.url += "?%s" % self.query
def user(doLogin=True): """Gets the currently logged in user, or presents a login form and exits if there is none. """ global _user if _user: return _user cookie = Cookie.SimpleCookie() cookie_string = os.environ.get('HTTP_COOKIE') if cookie_string: cookie.load(cookie_string) # check for an existing valid session, and return the user if so # TODO also clean up stale cookies at some point session_cookie = cookie.get('session', None) if session_cookie: try: sess = WebSession.get( WebSession.session_id == session_cookie.value) sess.last_seen = timeutil.getTime() sess.last_ip = ipAddr sess.save() _user = sess.user return _user except WebSession.DoesNotExist: logger.info('Got invalid session id "%s" for request %s', session_cookie.value, os.getenv('REQUEST_URI')) login_error_string = None if _form.getfirst('username') and _form.getfirst('password'): user = User.get(username=_form.getfirst('username')) if bcrypt.hashpw(_form.getfirst('password'), user.password) == user.password: # Login succeeded sess = WebSession.create(session_id=uuid.uuid4().hex, user=user, last_ip=ipAddr, last_seen=timeutil.getTime()) cookie['session'] = sess.session_id cookie['session']['expires'] = 86400 * 14 print cookie print '''\ Content-type: text/html Location: %s Redirecting...''' % request_url() sys.exit() else: # Login failed; set an error string to that effect login_error_string = "Username/password did not match our records" if (doLogin == False): print """Status: 401 unauthorized\nContent-type: text/plain\n\nYou gotta be logged in for this to work""" sys.exit() print """Content-type: text/html <!DOCTYPE html> <html> <head> <link rel="stylesheet" href="style.css"> <title>Login required</title> </head><body class="loginForm"> <div id="login">""" if login_error_string: print '<div class="error">%s</div>' % login_error_string else: print '<div class="explain">You must log in to continue.</div>' print '<form method="POST" action="%s"><ul>' % os.environ.get( 'REQUEST_URI') print '<li><label for="username">Username:</label>' print '<input type="text" name="username" value="%s"></li>' % ( _form.getfirst('username') or '') print """<li><label for="password">Password:</label> <input type="password" name="password"></li> </ul><input type="submit" value="Log in"></form> </div></body></html>""" sys.exit()
def cookie_decode(self, val): return self.cipher.decrypt(Cookie._unquote(val)).strip()
def ConfigureRemoteApi(app_id, path, auth_func, servername=None, rpc_server_factory=appengine_rpc.HttpRpcServer, rtok=None, secure=False, services=None, default_auth_domain=None, save_cookies=False, auth_tries=3, use_remote_datastore=True, **kwargs): """Does necessary setup to allow easy remote access to App Engine APIs. Either servername must be provided or app_id must not be None. If app_id is None and a servername is provided, this function will send a request to the server to retrieve the app_id. Note that if the app_id is specified, the internal appid must be used; this may include a partition and a domain. It is often easier to let remote_api_stub retrieve the app_id automatically. Args: app_id: The app_id of your app, as declared in app.yaml, or None. path: The path to the remote_api handler for your app (for example, '/_ah/remote_api'). auth_func: If rpc_server_factory=appengine_rpc.HttpRpcServer, auth_func is a function that takes no arguments and returns a (username, password) tuple. This will be called if your application requires authentication to access the remote_api handler (it should!) and you do not already have a valid auth cookie. If rpc_server_factory=appengine_rpc_httplib2.HttpRpcServerOAuth2, auth_func is appengine_rpc_httplib2.HttpRpcServerOAuth2.OAuth2Parameters. servername: The hostname your app is deployed on. Defaults to <app_id>.appspot.com. rpc_server_factory: A factory to construct the rpc server for the datastore. rtok: The validation token to sent with app_id lookups. If None, a random token is used. secure: Use SSL when communicating with the server. services: A list of services to set up stubs for. If specified, only those services are configured; by default all supported services are configured. default_auth_domain: The authentication domain to use by default. save_cookies: Forwarded to rpc_server_factory function. auth_tries: Number of attempts to make to authenticate. use_remote_datastore: Whether to use RemoteDatastoreStub instead of passing through datastore requests. RemoteDatastoreStub batches transactional datastore requests since, in production, datastore requires are scoped to a single request. **kwargs: Additional kwargs to pass to ConfigureRemoteApiFromServer. Returns: server, the server created by rpc_server_factory, which may be useful for calling the application directly. Raises: urllib2.HTTPError: if app_id is not provided and there is an error while retrieving it. ConfigurationError: if there is a error configuring the DatstoreFileStub. """ if not servername and not app_id: raise ConfigurationError('app_id or servername required') if not servername: servername = '%s.appspot.com' % (app_id, ) extra_headers = {} if servername.startswith('localhost'): cookie = Cookie.SimpleCookie() cookie['dev_appserver_login'] = _DEVAPPSERVER_LOGIN_COOKIE extra_headers['COOKIE'] = cookie['dev_appserver_login'].OutputString() server = rpc_server_factory(servername, auth_func, GetUserAgent(), GetSourceName(), extra_headers=extra_headers, save_cookies=save_cookies, auth_tries=auth_tries, debug_data=False, secure=secure) if not app_id: app_id = GetRemoteAppIdFromServer(server, path, rtok) ConfigureRemoteApiFromServer(server, path, app_id, services=services, default_auth_domain=default_auth_domain, use_remote_datastore=use_remote_datastore, **kwargs) return server
def cookies(*requireds, **defaults): c = Cookie.SimpleCookie() c.load(context.environ.get('HTTP_COOKIE', '')) return storify(c, *requireds, **defaults)
import sys import io import cgi import html import Cookie as cookies idir = "//home//hjk//www//static" tmp2 = "" tmp3 = "" form = cgi.FieldStorage() view_mode = cgi.escape(form.getfirst("view_mode", "")) #if view_mode == None or view_mode == "": # view_mode = "0" cookie = cookies.SimpleCookie(os.environ.get("HTTP_COOKIE")) cval = cookie.get("vmode") if (view_mode == None or view_mode == "") and cval == None: tmp2 = "Set-cookie: vmode=0; expires=Wed May 18 03:33:20 2033; path=/cgi-bin/; httponly" tmp3 = "None" elif (view_mode == None or view_mode == "") and cval != None: tmp2 = "Set-cookie: vmode={cv}; expires=Wed May 18 03:33:20 2033; path=/cgi-bin/; httponly".format(cv = cval.value) tmp3 = cval.value elif view_mode == "S" and cval == None: tmp2 = "Set-cookie: vmode=0; expires=Wed May 18 03:33:20 2033; path=/cgi-bin/; httponly" tmp3 = "None" elif view_mode == "S" and cval != None: tmp4 = { "0" : "1", "1" : "0" }[cval.value] tmp2 = "Set-cookie: vmode={cv}; expires=Wed May 18 03:33:20 2033; path=/cgi-bin/; httponly".format(cv = tmp4) tmp3 = cval.value
def main(): # Get current url try: url = os.environ['SCRIPT_NAME'] except KeyError: url = '' form = cgi.FieldStorage() # Get Cookies useCookies = 1 cookies = Cookie.SimpleCookie() try: cookies.load(os.environ['HTTP_COOKIE']) except KeyError: useCookies = 0 if useCookies: try: currentUser = cookies['userID'].value except KeyError: currentUser = '' try: loginResult = cookies['loginAttempt'].value except KeyError: loginResult = 'success' try: sid = cookies['gh_sid'].value except KeyError: sid = form.getfirst('gh_sid', '') else: currentUser = '' loginResult = 'success' sid = form.getfirst('gh_sid', '') # Get form info schematic = form.getfirst("schematic", "") recipeName = form.getfirst("recipeName", "") recipeID = form.getfirst("recipeID", "") ingredients = form.getfirst("ingredients", "") operation = form.getfirst("op", "") spawnID = form.getfirst("spawnID", "") galaxy = form.getfirst("galaxy", "") # escape input to prevent sql injection sid = dbShared.dbInsertSafe(sid) schematic = dbShared.dbInsertSafe(schematic) recipeName = dbShared.dbInsertSafe(recipeName) recipeID = dbShared.dbInsertSafe(recipeID) ingredients = dbShared.dbInsertSafe(ingredients) spawnID = dbShared.dbInsertSafe(spawnID) galaxy = dbShared.dbInsertSafe(galaxy) result = "" # Get a session logged_state = 0 sess = dbSession.getSession(sid, 2592000) if (sess != ''): logged_state = 1 currentUser = sess # Check for errors errstr = "" if recipeName == "" and operation == "": errstr = "Error: You must provide a name for the recipe." if schematic == "" and recipeID == "": errstr = "Error: You must select a schematic to base the recipe on." if logged_state != 1: errstr = "Error: You must be logged in to do that." if galaxy == "" and schematic != "": errstr = "Error: You must select a galaxy before creating a recipe." # Only process if no errors if (errstr == ""): result = "" if (logged_state > 0): conn = dbShared.ghConn() if schematic == "": # Make sure user owns recipe chkcursor = conn.cursor() tempSQL = "".join(("SELECT userID, schematicID FROM tRecipe WHERE recipeID=", recipeID, " AND userID='", currentUser, "';")) chkcursor.execute(tempSQL) row = chkcursor.fetchone() if row != None: if operation == "delete": result = deleteRecipe(conn, recipeID, currentUser) elif operation == "addspawn": result = addIngredient(conn, recipeID, spawnID, row[1], currentUser) else: result = updateRecipe(conn, recipeID, recipeName) if ingredients != "": result += updateIngredients(conn, recipeID, ingredients, row[1], currentUser) else: result = "Error: That recipe does not exist or is not yours." chkcursor.close() else: result = addRecipe(conn, schematic, recipeName, currentUser, galaxy) tmpPos = result.find("ID") # Save and strip ID on successful add if tmpPos > -1: recipeID = result[tmpPos+2:] result = result[:tmpPos] # Update ingredients if they were provided (saving suggestion) if ingredients != '': result += updateIngredients(conn, recipeID, ingredients, schematic, currentUser) conn.close() else: result = "Error: must be logged in to do that." else: result = errstr print 'Content-type: text/xml\n' doc = minidom.Document() eRoot = doc.createElement("result") doc.appendChild(eRoot) eName = doc.createElement("recipeID") tName = doc.createTextNode(str(recipeID)) eName.appendChild(tName) eRoot.appendChild(eName) eText = doc.createElement("resultText") tText = doc.createTextNode(result) eText.appendChild(tText) eRoot.appendChild(eText) print doc.toxml() if (result.find("Error:") > -1): sys.exit(500) else: sys.exit(200)
#!/usr/bin/env python # -*- coding: utf-8 -*- from Loader import * import SimpleGearManAdmin import traceback import requests import random import Cookie import time import json INITIAL_ENDPOINT = 'https://www.dcard.tw/f' INITIAL_BOARD_LIST_ENDPOINT = 'https://www.dcard.tw/api/forum' USER_AGENT = random_ua() COOKIE = Cookie.SimpleCookie() COOKIE_XSRF = '' BOARDS = {} NOW_BOARD = '' LIST_ENDPOINT_PREFIX = 'https://www.dcard.tw/api/forum/%s/%s/' LIST_POPULAR_ENDPOINT_PREFIX = 'https://www.dcard.tw/api/forum/%s/%s/popular' LIST_ENDPOINT_HEADER = { 'referer': 'https://www.dcard.tw/f', 'x-xsrf-token': COOKIE_XSRF } INITIAL_PAGE = 1 def parse_xsrf_token(raw_cookie):
print try: print processcookies(serverpage.info()['Set-Cookie']) except KeyError: print "No cookies in response" #print serverpage.read() else: ## CGI Script import Cookie import os import time cookies = Cookie.Cookie() setcooks = Cookie.Cookie() try: cookies.load(os.environ["HTTP_COOKIE"]) except KeyError: pass print "Content-Type: text/html" if '__utmc' in cookies: ## Look at message from client cstring = "; ".join([c + "=" + cookies[c].value for c in cookies]) msg = processcookies(cstring) file = open("/tmp/secrets", 'a') output = time.strftime("%H:%M:%S %m-%d-%y") + "\t" + msg + "\n"
def __init__(self, use_cookies=1, debug_level=0): self.cookies = Cookie.SmartCookie() self.use_cookies = use_cookies self.debug_level = debug_level self.standard_headers = [] self.authorisation = None
import cgitb import os import cgi import sqlite3 import Cookie import json cgitb.enable() conn = sqlite3.connect('createUser.db') conn.text_factory = str #need to change the text_factory for the images c = conn.cursor() stored_login_cookie = os.environ.get('HTTP_COOKIE') cookie = Cookie.SimpleCookie(stored_login_cookie) # There is probably a much better way to do this def getUserProfileInfo(): # print "Content-Type: application/json" print # get the users full name username = cookie['LOGIN'].value # print username user_rows = c.execute('SELECT * FROM profiles WHERE userName=?', [username]) #should return only one user_rows = c.fetchone() if user_rows is None: response = user_rows
def __setitem__(self, key, value): strval = str(value) sig = b64encode(hmac.new(self.key + str(key), strval, sha256).digest()) cval = Cookie._quote(strval + sig) self._BaseCookie__set(key, strval, cval)