def POST_EDIT(username, **k): form = config.web.input() # get form data username = config.check_secure_val(str(username)) # HMAC user validate user = config.model_users.get_users(username) # search for the user pwd = user.password # get database user password if pwd == form.password: # compare the database user password with form new password pwdhash = pwd # its the same password else: # has a new password pwdhash = hashlib.md5(form.password + config.secret_key).hexdigest() # encrypt the new password form.username = config.check_secure_val(str(form.username)) # validate HMAC username # edit user with new data result = config.model_users.edit_users( form['username'], pwdhash, form['privilege'], form['status'], form['name'], form['email'], form['other_data'], form['user_hash'], form['change_pwd'], form['api_access'], ) if result == None: # Error on udpate values username = config.check_secure_val(str(username)) # validate HMAC username result = config.model_users.get_users(username) # search for username data result.username = config.make_secure_val(str(result.username)) # apply HMAC to username message = "Error al editar el registro" # Error message return config.render.edit(result, message) # render edit.html again else: # update user data succefully raise config.web.seeother('/users') # render users index.html
def GET(self, username): if app.session.loggedin is True: # validate if the user is logged # get now time now = datetime.datetime.now() now_str = str(now).split('.')[0] expires = config.check_secure_val(app.session.expires) print "now : ", now_str print "expires: ", expires expires = config.check_secure_val(app.session.expires) if (now_str > expires): # compare now with time login raise config.web.seeother('/logout') # session_username = config.check_secure_val(app.session.username) # get the session_username session_privilege = int( config.check_secure_val( app.session.privilege)) # get the session_privilege if session_privilege == 0: # admin user return self.GET_VIEW(username) # call GET_VIEW() function elif session_privilege == 1: # guess user raise config.web.seeother('/guess') # render guess.html else: # the user dont have logged raise config.web.seeother('/login') # render login.html
def POST(self, **k): if app.session.loggedin is True: # validate if the user is logged session_username = config.check_secure_val( app.session.username) # get the session_username session_privilege = int( config.check_secure_val( app.session.privilege)) # get the session_privilege if session_privilege == 0: # admin user return self.POST_CHANGE_PWD( session_username) # call POST_CHANGE_PWD() function elif session_privilege == 1: # guess user return self.POST_CHANGE_PWD( session_username) # call POST_CHANGE_PWD() function else: # the user is not logged raise config.web.seeother('/login') # render login.html
def GET_VIEW(username): username = config.check_secure_val(str(username)) # HMAC username validate result = config.model.get_users(username) # search for the user data user_hash = str(result.user_hash) print user_hash config.create_tsa(username, user_hash) return config.render.view(result) # render view.html with user data
def POST_DELETE(username, **k): form = config.web.input() # get form data username = config.check_secure_val(str( form['username'])) # HMAC user validate session_username = app.session.username # get session_username if username != session_username: # compare username with sesion_username result = config.model_users.delete_users( username) # call model delelete if result is None: # delete error message = "Can not delete" # Error messate result = config.model_users.get_users( username) # get username data result.username = config.make_secure_val(str( result.username)) # apply HMAC to username return config.render.delete( result, message) # render delete.html again else: # user delete correctly raise config.web.seeother('/users') # render index.html else: # username and session_username its the same message = "User active, it can not be deleted" # Error message result = config.model_users.get_users( username) # get username data result.username = config.make_secure_val(str( result.username)) # apply HMAC to username return config.render.delete(result, message) # render delete.html
def GET_EDIT(user, **k): message = None # Error message user = config.check_secure_val(str(user)) # HMAC user validate result = config.model.get_users(user) # search for the user result.user = config.make_secure_val(str( result.user)) # apply HMAC for username return config.render.edit(result, message) # render edit.html
def GET_DELETE(username, **k): message = None # Error message username = config.check_secure_val(str(username)) # HMAC user validate result = config.model.get_users(username) # search for the user result.username = config.make_secure_val(str( result.username)) # apply HMAC for username return config.render.delete( result, message) # render delete.html with user data
def POST(self, user, **k): if app.session.loggedin is True: # validate if the user is logged # get now time now = datetime.datetime.now() now_str = str(now).split('.')[0] expires = config.check_secure_val(app.session.expires) print "now : ", now_str print "expires: ", expires if (now_str > expires): # compare now with time login raise config.web.seeother('/logout') # session_user = app.session.user session_privilege = app.session.privilege if session_privilege == 0: # admin user return self.POST_DELETE(user) # call POST_DELETE function elif session_privilege == 1: # guess user raise config.web.seeother('/') # render guess.html else: # the user dont have logged raise config.web.seeother('/login') # render login.html
def GET(self): if app.session.loggedin is True: # get now time now = datetime.datetime.now() now_str = str(now).split('.')[0] expires = config.check_secure_val(app.session.expires) print "now : ", now_str print "expires: ", expires if (now_str > expires): # compare now with time login raise config.web.seeother('/logout') session_user = app.session.user session_user = app.session.privilege # get the session_privilege if session_user == 0: # admin user return self.GET_INSERT() # call GET_INSERT() function elif session_user == 1: # guess user raise config.web.seeother('/') # render guess.html else: # the user dont have logged raise config.web.seeother('/login') # render login.html
def POST_DELETE(user, **k): form = config.web.input() # get form data user = config.check_secure_val(str(form['user'])) # HMAC user validate print "User " + str(user) session_user = app.session.user # get session_username if user != session_user: # compare username with sesion_username result = config.model.delete_users(user) # call model delelete print "Result delete " + str(result) if result is None: # delete error message = "The row can't be deleted!!" # Error messate result = config.model.get_users(user) # get username data result.user = config.make_secure_val(str( result.user)) # apply HMAC to username return config.render.delete( result, message) # render delete.html again else: # user delete correctly raise config.web.seeother('/users') # render index.html else: # username and session_username its the same message = "The active user can't be deleted!!" # Error message result = config.model.get_users(user) # get username data result.user = config.make_secure_val(str( result.user)) # apply HMAC to username return config.render.delete(result, message) # render delete.html
def GET_VIEW(username): username = config.check_secure_val( str(username)) # HMAC username validate result = config.model_users.get_users( username) # search for the user data return config.render.view(result) # render view.html with user data
def POST_EDIT(user, **k): form = config.web.input() # get form data user = config.check_secure_val(str(user)) # HMAC user validate user_hash = hashlib.md5( form.user + config.secret_key).hexdigest() # create a new user_hash form.user = config.check_secure_val(str( form.user)) # validate HMAC username session_user = app.session.user # get session_username message = None if user != session_user: # compare username with sesion_username # edit user with new data result = config.model.edit_users(form['user'], form['privilege'], form['status'], form['username'], form['email'], form['other_data'], user_hash) if result == None: # Error on udpate values user = config.check_secure_val( str(user)) # validate HMAC username result = config.model.get_users( user) # search for username data result.user = config.make_secure_val(str( result.user)) # apply HMAC to username message = "Error in Update" # Error message return config.render.edit(result, message) # render edit.html again else: # update user data succefully raise config.web.seeother('/users') # render users index.html elif user == session_user: if form['status'] == '0': message = "Can't change logged user to disabled user" # Error message result = config.model.get_users(user) # get username data result.user = config.make_secure_val(str( result.user)) # apply HMAC to username return config.render.edit(result, message) # render edit.html elif form['privilege'] == '1': message = "Can't change logged user to guess privilge user" # Error message result = config.model.get_users(user) # get username data result.user = config.make_secure_val(str( result.user)) # apply HMAC to username return config.render.edit(result, message) # render edit.html else: # edit user with new data result = config.model.edit_users(form['user'], 0, 1, form['username'], form['email'], form['other_data'], user_hash) if result == None: # Error on udpate values user = config.check_secure_val( str(user)) # validate HMAC username result = config.model.get_users( user) # search for username data result.user = config.make_secure_val(str( result.user)) # apply HMAC to username message = "Error in Update" # Error message return config.render.edit( result, message) # render edit.html again else: # update user data succefully raise config.web.seeother( '/users') # render users index.html