parser = mailtools.MailParser() addrhdrs = ('From', 'To', 'Cc', 'Bcc') # decode name only quoted = '\n-----Original Message-----\n' for hdr in ('From', 'To', 'Date'): rawhdr = getfield(form, hdr) if hdr not in addrhdrs: dechdr = parser.decodeHeader(rawhdr) # 3.0: decode for display else: # encoded on sends dechdr = parser.decodeAddrHeader(rawhdr) # email names only quoted += '%s: %s\n' % (hdr, dechdr) quoted += '\n' + getfield(form, 'text') quoted = '\n' + quoted.replace('\n', '\n> ') return quoted form = cgi.FieldStorage() # parse form or URL data user, pswd, site = commonhtml.getstandardpopfields(form) pswd = secret.decode(pswd) try: if form['action'].value == 'Reply': headers = {'From': mailconfig.myaddress, # 3.0: commonhtml decodes 'To': getfield(form, 'From'), 'Cc': mailconfig.myaddress, 'Subject': 'Re: ' + getfield(form, 'Subject')} commonhtml.editpage('Reply', headers, quotetext(form)) elif form['action'].value == 'Forward': headers = {'From': mailconfig.myaddress, # 3.0: commonhtml decodes 'To': '', 'Cc': mailconfig.myaddress, 'Subject': 'Fwd: ' + getfield(form, 'Subject')}
############################################################ # On submit in pop password input window--make view list; # in 2.0 we only fetch mail headers here, and fetch 1 full # message later upon request; we still fetch all headers # each time the index page is made: caching requires a db; ############################################################ import cgi import loadmail, commonhtml from externs import mailtools from secret import encode # user-defined encoder module MaxHdr = 35 # max length of email hdrs in list # only pswd comes from page here, rest usually in module formdata = cgi.FieldStorage() mailuser, mailpswd, mailsite = commonhtml.getstandardpopfields(formdata) try: newmails = loadmail.loadmailhdrs(mailsite, mailuser, mailpswd) mailnum = 1 maillist = [] for mail in newmails: # list of hdr text msginfo = [] hdrs = mailtools.MailParser().parseHeaders(mail) # email.Message for key in ('Subject', 'From', 'Date'): msginfo.append(hdrs.get(key, '?')[:MaxHdr]) msginfo = ' | '.join(msginfo) maillist.append(( msginfo, commonhtml.urlroot + 'onViewListLink.py', {
# password here, and only ever sends both as URL params or # hidden fields after the password has been encrypted by a # user-uploadable encryption module; put html in commonhtml? ############################################################## # page template pswdhtml = """ <form method=get action=%sonViewPswdSubmit.py> <p> Please enter POP account password below, for user "%s" and site "%s". <p><input name=pswd type=password> <input type=submit value="Submit"></form></p> <hr><p><i>Security note</i>: The password you enter above will be transmitted over the Internet to the server machine, but is not displayed, is never transmitted in combination with a username unless it is encrypted, and is never stored anywhere: not on the server (it is only passed along as hidden fields in subsequent pages), and not on the client (no cookies are generated). This is still not guaranteed to be totally safe; use your browser's back button to back out of PyMailCgi at any time.</p> """ # generate the password input page import commonhtml # usual parms case: user, pswd, site = commonhtml.getstandardpopfields({}) # from module here, commonhtml.pageheader(kind='POP password input') # from html|url later print pswdhtml % (commonhtml.urlroot, user, site) commonhtml.pagefooter()
# On submit in pop password input window--make view list; # in 2.0 we only fetch mail headers here, and fetch 1 full # message later upon request; we still fetch all headers # each time the index page is made: caching requires a db; ############################################################ import cgi import loadmail, commonhtml from externs import mailtools from secret import encode # user-defined encoder module MaxHdr = 35 # max length of email hdrs in list # only pswd comes from page here, rest usually in module formdata = cgi.FieldStorage() mailuser, mailpswd, mailsite = commonhtml.getstandardpopfields(formdata) try: newmails = loadmail.loadmailhdrs(mailsite, mailuser, mailpswd) mailnum = 1 maillist = [] for mail in newmails: # list of hdr text msginfo = [] hdrs = mailtools.MailParser().parseHeaders(mail) # email.Message for key in ("Subject", "From", "Date"): msginfo.append(hdrs.get(key, "?")[:MaxHdr]) msginfo = " | ".join(msginfo) maillist.append( ( msginfo, commonhtml.urlroot + "onViewListLink.py",
полях формы только после того, как пароль будет зашифрован с помощью модуля шифрования, выгружаемого пользователем; # ---------------------------------------------------------------------------- # """ # шаблон страницы pswdhtml = """ <form method="POST" action="%sonViewPswdSubmit.py"> <p> Введите пароль учетной записи пользователя "%s" на сервере POP "%s". </p> <p><input name="pswd" type="password"> <input type="submit" value="Submit"></form></p> <hr><p><i>Примечание, касающееся безопасности</i>: Пароль введенный в поле выше, будет отправлен на сервер через Интернет, но он нигде не отображается, никогда не передается в паре с именем пользователя в незашифрованном виде и нигде не сохраняется: ни на сервере (он только передается последующим страницам в скрытых полях форм), ни на стороне клиента (система не генерирует никаких cookies). Тем не менее, полная безопасность не гарантируется; при работе с PyMailCGI вы можете использовать кнопку "Назад" ("Back") своего браузера в любой момент времени.</p> """ # создание страницы ввода пароля import commonhtml # обычный прием работы с параметрами: user, pswd, site = commonhtml.getstandardpopfields({}) # сначала из модуля commonhtml.pageheader(kind='POP password input') # затем из html|url print(pswdhtml % (commonhtml.urlroot, user, site)) commonhtml.pagefooter()