def init_session(req, form=None):
'''Initiates a session using the cookie session module. If a form is passed in it trys to
log the user in. The function will return a session dictionary and a user dictionary. If
the current session has no user information associated with it the user dictionary will be
empty. Note this function prints the header information, if you need to set custom cookies
then you cannot currently use this function.'''
if form is None: form = dict()
usr_id = verify_login(req, form) #only actually gives you a user_id if you are logging in
if usr_id is not None: #means you are logging in with good credentials
update_last_login_time(req, usr_id) #so update the time
# now invalidate the previous session
logout_session(req)
# make a new one
c, ses_dict = cookie_session.make_new_session(req)
ses_dict['usr_id'] = usr_id
req.server.sessions[ses_dict['session_id']] = ses_dict
else:
# we are not logging in we just need to get the session
# initializes the session returns the session dictionary and the cookie to push to browser
c, ses_dict = cookie_session.init_session(req)
user_id = ses_dict['usr_id'] #if you are logged in gives you the current user_id
user_dict = get_user_byid(req, user_id) #get the user dictionary
return c, ses_dict, user_dict
def verify_login(form, cookie):
'''This function takes a form (ie the return value of cgi.FieldStorage()) or an empty dictionary.
If the dictionary is empty it simply returns None. If there is no user by the name passed in it
returns None. If the passwords do not match it returns None. If the username is valid and the
password validates then it returns the user_id.'''
usr_id = None #set a default value for the user_id
if cookie_session.verify_session(): # check to see if there is a valid session. you cannot
# log in with out one.
if form.has_key('email') and form.has_key('passwd'): # see if the correct form info got
# passed to the server
logger.writeln('about to try and log in')
try:
email = templater.validators.Email(resolve_domain=True,
not_empty=True).to_python(form["email"].value)
except templater.formencode.Invalid, e:
logger.writeln("email did not pass validation: ")
c, ses_dict = cookie_session.init_session(cookie, None)
cookie_session.print_header(c)
templater.print_error("email: "+str(e))
sys.exit()
passwd = form['passwd'].value #get the password
logger.writeln(' email:', email)
valid, user_dict = verify_passwd(email, passwd) #verify the password and get the
#user_dict as well
logger.writeln(' valid:', valid)
if valid:
usr_id = user_dict['usr_id'] #if it is valid grab the user_id from the user_dict
else:
logger.writeln("Password or email not correct")
c, ses_dict = cookie_session.init_session(cookie, None)
cookie_session.print_header(c)
templater.print_error("Password or email not correct")
sys.exit(0)
elif form.has_key('email') or form.has_key('passwd'):
logger.writeln("All of the fields were not filled out.")
c, ses_dict = cookie_session.init_session(cookie, None)
cookie_session.print_header(c)
templater.print_error("All fields must be filled out.")
sys.exit(0)
def logout_session():
cookie = Cookie.SimpleCookie()
cookieHdr = os.environ.get("HTTP_COOKIE", "") #get the cookie from the enviroment
cookie.load(cookieHdr) #load it into a Cookie class
c, ses_dict = cookie_session.init_session(cookie) # initializes the session returns the session
# dictionary and the cookie to push to browser
logger.writeln('logging out -> usr_id:', ses_dict['usr_id'], ' session_id:', ses_dict['session_id'])
con = db.connections.get_con()
cur = db.DictCursor(con)
cur.callproc('logout_session', (ses_dict['session_id'],ses_dict['usr_id']))
cur.close()
db.connections.release_con(con)
def init_user_session(form={}):
'''Initiates a session using the cookie session module. If a form is passed in it trys to
log the user in. The function will return a session dictionary and a user dictionary. If
the current session has no user information associated with it the user dictionary will be
empty. Note this function prints the header information, if you need to set custom cookies
then you cannot currently use this function.'''
cookie = Cookie.SimpleCookie()
cookieHdr = os.environ.get("HTTP_COOKIE", "") #get the cookie from the enviroment
cookie.load(cookieHdr) #load it into a Cookie class
user_id = verify_login(form, cookie) #only actually gives you a user_id if you are logging in
c, ses_dict = cookie_session.init_session(cookie, user_id) #initializes the session returns the session dictionary and the cookie to push to browser
logger.writeln('ses_dict: ', ses_dict)
cookie_session.print_header(c) #print the header
if user_id == ses_dict['usr_id']: #means you are logging in with good credentials
logger.writeln('logging in')
update_last_login_time(user_id) #so update the time
user_id = ses_dict['usr_id'] #if you are logged in gives you the current user_id
logger.writeln('user_id: ', user_id)
user_dict = get_user_byid(user_id) #get the user dictionary
logger.writeln('user_dict: ', user_dict)
return ses_dict, user_dict
def logout_session(req):
c, ses_dict = cookie_session.init_session(req)
session_id = ses_dict['session_id']
if session_id in req.server.sessions:
del req.server.sessions[session_id]
