def confirm(theform, userdir, thisscript):
"""Confirm a login.
Either from an invite or from a user who has registered."""
from dataenc import pass_dec, pass_enc
from login import encodestring
fail = False
try:
theval, daynumber, timestamp = pass_dec(theform['id'].value)
except:
# FIXME: bare except....
newloginfail()
tempstore = ConfigObj(userdir + 'temp.ini')
if not tempstore.has_key(theval):
newloginfail()
uservals = tempstore[theval]
del tempstore[theval]
username = uservals['username']
if username in tempstore['pending']:
tempstore['pending'].remove(username)
tempstore.write()
#
newconfig = ConfigObj(userdir + 'default.ini')
newpath = userdir + username + '.ini'
if os.path.isfile(newpath):
newloginfail()
newconfig.filename = newpath
# FIXME: should this be '' ?
action = None
for entry in uservals:
if entry == 'action':
action = uservals[entry]
elif entry == 'password':
password = uservals[entry]
newconfig[entry] = pass_enc(password, timestamp=True, daynumber=True)
else:
newconfig[entry] = uservals[entry]
newconfig.write()
#
# next we need to create the cookie header to return it
from Cookie import SimpleCookie
thecookie = SimpleCookie()
thecookie['userid'] = encodestring(newconfig['username'], password)
config = ConfigObj(userdir + 'config.ini')
maxage = newconfig['max-age']
cookiepath = config['cookiepath']
if maxage and int(maxage): # possible cause of error here if the maxage value in a users file isn't an integer !!
thecookie['userid']['max-age'] = int(maxage)
if cookiepath:
thecookie['userid']['path'] = cookiepath
if config['adminmail']:
msg = 'A new user has created a login - "%s".\n\n' % thisscript
for entry in newconfig:
if entry != 'password':
msg += entry + ' : ' + newconfig[entry] + '\n'
# FIXME: should be mailme
sendmailme(config['adminmail'], msg, config['email_subject'],
config['adminmail'], html=False)
return action, newconfig, thecookie.output()
def doeditaccount(theform, userconfig, userdir, thisscript, action, newcookie):
"""Process the results from edit account form submissions."""
from dataenc import pass_enc, pass_dec
loginaction = theform['login'].value
if not loginaction == 'doeditaccountnojs': # only type of newlogin supported so far
sys.exit()
allentries = theform.keys()
vallist = allentries + [
entry for entry in edacckeys if entry not in allentries
]
formdict = getform(vallist, theform, nolist=True)
#
oldpass = formdict['pass0']
storedpass = pass_dec(userconfig['password'])[0]
pass1 = formdict['pass1']
pass2 = formdict['pass2']
#
email = validateemail(formdict)
oldemail = userconfig['email']
if not email:
msg = 'The email address you supplied appears to be invalid.'
display_edit(formdict, userdir, thisscript, msg, action, newcookie,
userconfig)
if email != oldemail and (not oldpass or oldpass != storedpass):
msg = 'You must correctly enter your password to change your email address.'
display_edit(formdict, userdir, thisscript, msg, action, newcookie,
userconfig)
userconfig['email'] = email
if not formdict['realname']:
msg = 'You need to enter a name for us to use.'
display_edit(formdict, userdir, thisscript, msg, action, newcookie,
userconfig)
userconfig['realname'] = formdict['realname']
if pass1 or pass2:
if pass1 != pass2:
msg = "The two passwords don't match."
display_edit(formdict, userdir, thisscript, msg, action, newcookie,
userconfig)
if len(pass1) < 5:
msg = "The password must be longer than 5 characters."
display_edit(formdict, userdir, thisscript, msg, action, newcookie,
userconfig)
if not oldpass or oldpass != storedpass:
msg = 'You must correctly enter your current password to change it.'
display_edit(formdict, userdir, thisscript, msg, action, newcookie,
userconfig)
userconfig['password'] = pass_enc(pass1,
daynumber=True,
timestamp=True)
newcookie = makecookie(userconfig, pass1,
ConfigObj(userdir + 'config.ini')['cookiepath'])
for entry in formdict:
if entry not in edacckeys:
userconfig[entry] = formdict[entry]
userconfig.write()
return action, userconfig, newcookie # XXXXX display values changed page
def createuser(userdir, realname, username, email, password, adminlev):
"""Create a new user."""
from time import time
from dataenc import pass_enc
from configobj import ConfigObj
user = ConfigObj(userdir+'default.ini')
user.filename = userdir + username + '.ini' # XXXX this does no checkign htat the name is valid and doesn't already exist !!
user['username'] = username
user['realname'] = realname
user['email'] = email
user['admin'] = adminlev
user['password'] = pass_enc(password, timestamp=True, daynumber=True)
user['created'] = str(time())
user.write()
def doeditaccount(theform, userconfig, userdir, thisscript, action, newcookie):
"""Process the results from edit account form submissions."""
from dataenc import pass_enc, pass_dec
loginaction = theform['login'].value
if not loginaction == 'doeditaccountnojs': # only type of newlogin supported so far
sys.exit()
allentries = theform.keys()
vallist = allentries + [entry for entry in edacckeys if entry not in allentries]
formdict = getform(vallist, theform, nolist=True)
#
oldpass = formdict['pass0']
storedpass = pass_dec(userconfig['password'])[0]
pass1 = formdict['pass1']
pass2 = formdict['pass2']
#
email = validateemail(formdict)
oldemail = userconfig['email']
if not email:
msg = 'The email address you supplied appears to be invalid.'
display_edit(formdict, userdir, thisscript, msg, action, newcookie, userconfig)
if email != oldemail and (not oldpass or oldpass != storedpass):
msg = 'You must correctly enter your password to change your email address.'
display_edit(formdict, userdir, thisscript, msg, action, newcookie, userconfig)
userconfig['email'] = email
if not formdict['realname']:
msg = 'You need to enter a name for us to use.'
display_edit(formdict, userdir, thisscript, msg, action, newcookie, userconfig)
userconfig['realname'] = formdict['realname']
if pass1 or pass2:
if pass1 != pass2:
msg = "The two passwords don't match."
display_edit(formdict, userdir, thisscript, msg, action, newcookie, userconfig)
if len(pass1) < 5:
msg = "The password must be longer than 5 characters."
display_edit(formdict, userdir, thisscript, msg, action, newcookie, userconfig)
if not oldpass or oldpass != storedpass:
msg = 'You must correctly enter your current password to change it.'
display_edit(formdict, userdir, thisscript, msg, action, newcookie, userconfig)
userconfig['password'] = pass_enc(pass1, daynumber=True, timestamp=True)
newcookie = makecookie(userconfig, pass1, ConfigObj(userdir+'config.ini')['cookiepath'])
for entry in formdict:
if entry not in edacckeys:
userconfig[entry] = formdict[entry]
userconfig.write()
return action, userconfig, newcookie # XXXXX display values changed page
def savedetails(userdir, formdict, action=None):
"""
Given the form from a validated new login, it saves the details to the
temporary store.
It also cleans up any out of date ones that haven't been used.
"""
from dateutils import returndate, daycount
from dataenc import pass_enc
#
tempstore = ConfigObj(userdir + 'temp.ini')
if action:
formdict['action'] = action
year, month, day = returndate()
today = daycount(year, month, day)
#
for section in tempstore:
if section[4:].isdigit():
if int(section[4:]) > today + 30:
name = tempstore[section]['username']
tempstore['pending'].remove(name)
del tempstore[section]
#
ran = randomstring(4)
while tempstore.has_key(ran+str(today)):
ran = randomstring(4)
key = ran+str(today)
tempstore[key] = {}
store = tempstore[key]
for entry in formdict:
if entry == 'pass1' or entry == 'pass2':
store['password'] = formdict[entry]
elif entry == 'login':
pass
else:
store[entry] = formdict[entry]
if not tempstore.has_key('pending'):
tempstore['pending'] = []
tempstore['pending'].append(formdict['username'])
tempstore.write()
return pass_enc(key, timestamp=True, daynumber=True)
def savedetails(userdir, formdict, action=None):
"""
Given the form from a validated new login, it saves the details to the
temporary store.
It also cleans up any out of date ones that haven't been used.
"""
from dateutils import returndate, daycount
from dataenc import pass_enc
#
tempstore = ConfigObj(userdir + 'temp.ini')
if action:
formdict['action'] = action
year, month, day = returndate()
today = daycount(year, month, day)
#
for section in tempstore:
if section[4:].isdigit():
if int(section[4:]) > today + 30:
name = tempstore[section]['username']
tempstore['pending'].remove(name)
del tempstore[section]
#
ran = randomstring(4)
while tempstore.has_key(ran + str(today)):
ran = randomstring(4)
key = ran + str(today)
tempstore[key] = {}
store = tempstore[key]
for entry in formdict:
if entry == 'pass1' or entry == 'pass2':
store['password'] = formdict[entry]
elif entry == 'login':
pass
else:
store[entry] = formdict[entry]
if not tempstore.has_key('pending'):
tempstore['pending'] = []
tempstore['pending'].append(formdict['username'])
tempstore.write()
return pass_enc(key, timestamp=True, daynumber=True)
def encodestring(username, password):
"""Given a username and password return a new encoded string for use by decodecookie."""
ranstring = randomstring(10)
thishash = hashlib.sha1(password + ranstring).hexdigest()
return pass_enc('||'.join([username, thishash, ranstring]), daynumber=True, timestamp=True)
def doedituser(theform, userdir, thisscript, userconfig, action, newcookie):
"""Receives form submissions from the 'edit user' page."""
# parameters to get :
# username, realname, email, adminlev, pass1, pass2
username = theform.getfirst('username') # the user we are editing
loginname = theform.getfirst('loginname') # the new user name (won't usually change I guess)
realname = theform.getfirst('realname')
email = theform.getfirst('email')
adminlev = theform.getfirst('adminlev')
pass1 = theform.getfirst('pass1')
pass2 = theform.getfirst('pass2')
maxage = theform.getfirst('maxage')
editable = theform.getfirst('editable')
maxadminlev = min(int(userconfig['admin']), MAXADMINLEV)
# check all the account values
# this could be turned into a generic 'account checker' function if we wanted.
email = validemail(email)
if not email:
edituser(theform, userdir, thisscript, userconfig, action, newcookie, 'The Email Address Appears to Be Invalid.')
if not loginname:
edituser(theform, userdir, thisscript, userconfig, action, newcookie, 'You Must Supply a Login Name.')
for char in loginname.lower():
if not char in validchars:
edituser(theform, userdir, thisscript, userconfig, action, newcookie, 'Login Name Contains Invalid Characters')
if not realname:
edituser(theform, userdir, thisscript, userconfig, action, newcookie, 'You Must Supply a Real Name')
if (pass1 or pass2) and not (pass1 and pass2):
edituser(theform, userdir, thisscript, userconfig, action, newcookie, 'To Change the Password - Enter it Twice')
if pass1 != pass2:
edituser(theform, userdir, thisscript, userconfig, action, newcookie, 'The Two Passwords Are Different')
if pass1 and len(pass1) < 5:
edituser(theform, userdir, thisscript, userconfig, action, newcookie, 'Password Must Be at Least Five Characters')
if not adminlev.isdigit():
edituser(theform, userdir, thisscript, userconfig, action, newcookie, 'The Admin Level Must Be a Number')
if int(adminlev) > maxadminlev:
edituser(theform, userdir, thisscript, userconfig, action, newcookie, 'Admin Level is Higher than the Max (%s).' % maxadminlev)
if not maxage.isdigit():
edituser(theform, userdir, thisscript, userconfig, action, newcookie, 'Cookie "max-age" Must Be a Number')
if int(maxage) and int(maxage) < MINMAXAGE:
edituser(theform, userdir, thisscript, userconfig, action, newcookie, 'Cookie "max-age" Must Be Greater Than %s' % MINMAXAGE)
if editable:
editable = 'Yes'
else:
editable = 'No'
# let's just check if the username has changed
thisuser = ConfigObj(userdir+username+'.ini')
if loginname != username:
pendinglist = ConfigObj(userdir + 'temp.ini').get('pending', [])
if os.path.isfile(userdir+loginname+'.ini') or loginname in pendinglist or loginname.lower() in RESERVEDNAMES:
edituser(theform, userdir, thisscript, userconfig, action, newcookie, 'Login Name Chosen Already Exists')
thisuser.filename = userdir+loginname+'.ini' # change to new name
os.remove(userdir+username+'.ini') # free up the old name
if pass1:
from dataenc import pass_enc
thisuser['password'] = pass_enc(pass1, daynumber=True, timestamp=True)
#
thisuser['realname'] = realname
thisuser['email'] = email
thisuser['admin'] = adminlev
thisuser['max-age'] = maxage
thisuser['editable'] = editable
thisuser.write()
# edituser(theform, userdir, thisscript, userconfig, action, newcookie, '')
edituser(theform, userdir, thisscript, userconfig, action, newcookie, 'Changes Made Successfully', True)
def confirm(theform, userdir, thisscript):
"""Confirm a login.
Either from an invite or from a user who has registered."""
from dataenc import pass_dec, pass_enc
from login import encodestring
fail = False
try:
theval, daynumber, timestamp = pass_dec(theform['id'].value)
except:
# FIXME: bare except....
newloginfail()
tempstore = ConfigObj(userdir + 'temp.ini')
if not tempstore.has_key(theval):
newloginfail()
uservals = tempstore[theval]
del tempstore[theval]
username = uservals['username']
if username in tempstore['pending']:
tempstore['pending'].remove(username)
tempstore.write()
#
newconfig = ConfigObj(userdir + 'default.ini')
newpath = userdir + username + '.ini'
if os.path.isfile(newpath):
newloginfail()
newconfig.filename = newpath
# FIXME: should this be '' ?
action = None
for entry in uservals:
if entry == 'action':
action = uservals[entry]
elif entry == 'password':
password = uservals[entry]
newconfig[entry] = pass_enc(password,
timestamp=True,
daynumber=True)
else:
newconfig[entry] = uservals[entry]
newconfig.write()
#
# next we need to create the cookie header to return it
from Cookie import SimpleCookie
thecookie = SimpleCookie()
thecookie['userid'] = encodestring(newconfig['username'], password)
config = ConfigObj(userdir + 'config.ini')
maxage = newconfig['max-age']
cookiepath = config['cookiepath']
if maxage and int(
maxage
): # possible cause of error here if the maxage value in a users file isn't an integer !!
thecookie['userid']['max-age'] = int(maxage)
if cookiepath:
thecookie['userid']['path'] = cookiepath
if config['adminmail']:
msg = 'A new user has created a login - "%s".\n\n' % thisscript
for entry in newconfig:
if entry != 'password':
msg += entry + ' : ' + newconfig[entry] + '\n'
# FIXME: should be mailme
sendmailme(config['adminmail'],
msg,
config['email_subject'],
config['adminmail'],
html=False)
return action, newconfig, thecookie.output()
def doedituser(theform, userdir, thisscript, userconfig, action, newcookie):
"""Receives form submissions from the 'edit user' page."""
# parameters to get :
# username, realname, email, adminlev, pass1, pass2
username = theform.getfirst('username') # the user we are editing
loginname = theform.getfirst('loginname') # the new user name (won't usually change I guess)
realname = theform.getfirst('realname')
email = theform.getfirst('email')
adminlev = theform.getfirst('adminlev')
pass1 = theform.getfirst('pass1')
pass2 = theform.getfirst('pass2')
maxage = theform.getfirst('maxage')
editable = theform.getfirst('editable')
maxadminlev = min(int(userconfig['admin']), MAXADMINLEV)
# check all the account values
# this could be turned into a generic 'account checker' function if we wanted.
email = validemail(email)
if not email:
edituser(theform, userdir, thisscript, userconfig, action, newcookie, 'The Email Address Appears to Be Invalid.')
if not loginname:
edituser(theform, userdir, thisscript, userconfig, action, newcookie, 'You Must Supply a Login Name.')
for char in loginname.lower():
if not char in validchars:
edituser(theform, userdir, thisscript, userconfig, action, newcookie, 'Login Name Contains Invalid Characters')
if not realname:
edituser(theform, userdir, thisscript, userconfig, action, newcookie, 'You Must Supply a Real Name')
if (pass1 or pass2) and not (pass1 and pass2):
edituser(theform, userdir, thisscript, userconfig, action, newcookie, 'To Change the Password - Enter it Twice')
if pass1 != pass2:
edituser(theform, userdir, thisscript, userconfig, action, newcookie, 'The Two Passwords Are Different')
if pass1 and len(pass1) < 5:
edituser(theform, userdir, thisscript, userconfig, action, newcookie, 'Password Must Be at Least Five Characters')
if not adminlev.isdigit():
edituser(theform, userdir, thisscript, userconfig, action, newcookie, 'The Admin Level Must Be a Number')
if int(adminlev) > maxadminlev:
edituser(theform, userdir, thisscript, userconfig, action, newcookie, 'Admin Level is Higher than the Max (%s).' % maxadminlev)
if not maxage.isdigit():
edituser(theform, userdir, thisscript, userconfig, action, newcookie, 'Cookie "max-age" Must Be a Number')
if int(maxage) and int(maxage) < MINMAXAGE:
edituser(theform, userdir, thisscript, userconfig, action, newcookie, 'Cookie "max-age" Must Be Greater Than %s' % MINMAXAGE)
if editable:
editable = 'Yes'
else:
editable = 'No'
# let's just check if the username has changed
thisuser = ConfigObj(userdir+username+'.ini')
if loginname != username:
pendinglist = ConfigObj(userdir + 'temp.ini').get('pending', [])
if os.path.isfile(userdir+loginname+'.ini') or loginname in pendinglist or loginname.lower() in RESERVEDNAMES:
edituser(theform, userdir, thisscript, userconfig, action, newcookie, 'Login Name Chosen Already Exists')
thisuser.filename = userdir+loginname+'.ini' # change to new name
os.remove(userdir+username+'.ini') # free up the old name
if pass1:
from dataenc import pass_enc
thisuser['password'] = pass_enc(pass1, daynumber=True, timestamp=True)
#
thisuser['realname'] = realname
thisuser['email'] = email
thisuser['admin'] = adminlev
thisuser['max-age'] = maxage
thisuser['editable'] = editable
thisuser.write()
# edituser(theform, userdir, thisscript, userconfig, action, newcookie, '')
edituser(theform, userdir, thisscript, userconfig, action, newcookie, 'Changes Made Successfully', True)
def encodestring(username, password):
"""Given a username and password return a new encoded string for use by decodecookie."""
ranstring = randomstring(10)
thishash = hashlib.sha1(password + ranstring).hexdigest()
return pass_enc("||".join([username, thishash, ranstring]), daynumber=True, timestamp=True)