def userAdmin(request, userId2):
WEB_FILES, LIVE_SITE, totalNumberOfGames, sendBackUrl, startOffset, \
user, userId, message, topHits, topRated = initialVars(request)
#log(request, 'USERADMINPAGE', 'just landed', sendBackUrl)
# need to convert to strings otherwise methods are unhappy.
# (should look into why this is.... TODO)
userId = str(userId)
userId2 = str(userId2)
# set sendBackUrl to their userPage if they logout
sendBackUrl = "/user/" + userId
# This will see if the user who's page is queried exists.
try:
userAdmin = User.objects.get(id__exact=userId)
except ObjectDoesNotExist:
request.session['message'] = "Something is amiss with your session.\
Please log in again!"
return HttpResponseRedirect('/')
if user == None:
request.session['message'] = "Something is amiss with your session.\
Please log in again."
return HttpResponseRedirect('/')
elif user != userAdmin:
request.session['message'] = "You aren't allowed on that page!"
return HttpResponseRedirect('/')
elif int(userId) != int(userId2):
# just another paranoid check
request.session['message'] = "You aren't allowed on that page!"
return HttpResponseRedirect('/')
if request.method == 'GET':
# forms to change password and description
try:
userDescription = UserProfile.objects.get(user=user)
except ObjectDoesNotExist:
userDescription = None
passwordForm = ChangePassword(initial={'username': user.username})
descriptionForm = UserDescription(initial={
'userId': userId,
'description': userDescription
})
elif request.method == 'POST':
whichform = request.POST.get('descriptionName', '')
if whichform:
# Form is description form
descriptionForm = UserDescription(request.POST)
if descriptionForm.is_valid():
userFromProfile = descriptionForm.cleaned_data['userId']
description = descriptionForm.cleaned_data['description']
try:
userDescription = UserProfile.objects.get(user=user)
except ObjectDoesNotExist:
userDescription = None
if userDescription == None:
userDescription = UserProfile(user=user,
description=description)
else:
userDescription.description = description
userDescription.save()
#log(request, 'USERADMINPAGE', 'modified description', sendBackUrl)
message = "The description has been changed. Perhaps to something\
more meaningful. Perhaps to less. Tough to say."
else:
# need to reload to User Admin Page with all variables
message = "Dude, something went wrong. Why you trying to hack our\
system?"
#log(request, 'USERADMINPAGEERROR', 'failed to modify description', sendBackUrl)
# passwordForm = ChangePassword(initial={'username': user.username})
# return render_to_response('useradmin.html' , locals())
passwordForm = ChangePassword(initial={'username': user.username})
return render_to_response('useradmin.html', locals())
else:
# Password form is submitted, POST
# First reinitialize the description form.
try:
userDescription = UserProfile.objects.get(user=user)
except ObjectDoesNotExist:
userDescription = None
descriptionForm = UserDescription(initial={
'userId': userId,
'description': userDescription
})
passwordForm = ChangePassword(request.POST)
if passwordForm.is_valid():
username = passwordForm.cleaned_data['username']
passwordOld = passwordForm.cleaned_data['passwordOld']
passwordNew1 = passwordForm.cleaned_data['passwordNew1']
passwordNew2 = passwordForm.cleaned_data['passwordNew2']
else:
# need to reload to User Admin Page with all variables
#log(request, 'USERADMINPAGEERROR', 'Password Form not valid', sendBackUrl)
return render_to_response('useradmin.html', locals())
if passwordNew1 != passwordNew2:
#log(request, 'USERADMINPAGEERROR', 'Passwords do not match', sendBackUrl)
message = "Passwords do not match!"
return render_to_response('useradmin.html', locals())
try:
#Check username from hidden field against user.username from session
if user.username != username:
message = "User Names don't match. Something Funny's going on."
return render_to_response('useradmin.html', locals())
# get user again based upon username just to be sure.
u = User.objects.get(username__exact=username)
if u:
verifyOldPassword = u.check_password(passwordOld)
if verifyOldPassword:
u.set_password(passwordNew1)
u.save()
#log(request, 'USERADMINPAGE', 'Successfully Changed passwords', sendBackUrl)
else:
message = "Old Password did not match!"
#log(request, 'USERADMINPAGEERROR', 'Old Password did not match', sendBackUrl)
return render_to_response('useradmin.html', locals())
request.session[
'message'] = "Password has been changed. Now go do something productive!"
return HttpResponseRedirect("/useradmin/" + userId)
#return render_to_response('useradmin.html' , locals())
else: # No user id?! Just return the user to the home page.
return HttpResponseRedirect('/')
except:
# TODO log that there was an invalid POST
#log(request, 'USERADMINPAGEERROR', 'invalid form POST', sendBackUrl)
return HttpResponseRedirect('/')
return render_to_response('useradmin.html', locals())
def userAdmin(request, userId2):
WEB_FILES, LIVE_SITE, totalNumberOfGames, sendBackUrl, startOffset, \
user, userId, message, topHits, topRated = initialVars(request)
#log(request, 'USERADMINPAGE', 'just landed', sendBackUrl)
# need to convert to strings otherwise methods are unhappy.
# (should look into why this is.... TODO)
userId = str(userId)
userId2 = str(userId2)
# set sendBackUrl to their userPage if they logout
sendBackUrl = "/user/" + userId
# This will see if the user who's page is queried exists.
try:
userAdmin = User.objects.get(id__exact=userId)
except ObjectDoesNotExist:
request.session['message'] = "Something is amiss with your session.\
Please log in again!"
return HttpResponseRedirect('/')
if user == None:
request.session['message'] = "Something is amiss with your session.\
Please log in again."
return HttpResponseRedirect('/')
elif user != userAdmin:
request.session['message'] = "You aren't allowed on that page!"
return HttpResponseRedirect('/')
elif int(userId) != int(userId2):
# just another paranoid check
request.session['message'] = "You aren't allowed on that page!"
return HttpResponseRedirect('/')
if request.method == 'GET':
# forms to change password and description
try:
userDescription = UserProfile.objects.get(user=user)
except ObjectDoesNotExist:
userDescription = None
passwordForm = ChangePassword(initial={'username': user.username})
descriptionForm = UserDescription(initial={
'userId': userId,
'description': userDescription
})
elif request.method == 'POST':
whichform = request.POST.get('descriptionName', '')
if whichform:
# Form is description form
descriptionForm = UserDescription(request.POST)
if descriptionForm.is_valid():
userFromProfile = descriptionForm.cleaned_data['userId']
description = descriptionForm.cleaned_data['description']
try:
userDescription = UserProfile.objects.get(user=user)
except ObjectDoesNotExist:
userDescription = None
if userDescription == None:
userDescription = UserProfile(user=user, description=description)
else:
userDescription.description = description
userDescription.save()
#log(request, 'USERADMINPAGE', 'modified description', sendBackUrl)
message = "The description has been changed. Perhaps to something\
more meaningful. Perhaps to less. Tough to say."
else:
# need to reload to User Admin Page with all variables
message = "Dude, something went wrong. Why you trying to hack our\
system?"
#log(request, 'USERADMINPAGEERROR', 'failed to modify description', sendBackUrl)
# passwordForm = ChangePassword(initial={'username': user.username})
# return render_to_response('useradmin.html' , locals())
passwordForm = ChangePassword(initial={'username': user.username})
return render_to_response('useradmin.html' , locals())
else:
# Password form is submitted, POST
# First reinitialize the description form.
try:
userDescription = UserProfile.objects.get(user=user)
except ObjectDoesNotExist:
userDescription = None
descriptionForm = UserDescription(initial={
'userId': userId,
'description': userDescription
})
passwordForm = ChangePassword(request.POST)
if passwordForm.is_valid():
username = passwordForm.cleaned_data['username']
passwordOld = passwordForm.cleaned_data['passwordOld']
passwordNew1 = passwordForm.cleaned_data['passwordNew1']
passwordNew2 = passwordForm.cleaned_data['passwordNew2']
else:
# need to reload to User Admin Page with all variables
#log(request, 'USERADMINPAGEERROR', 'Password Form not valid', sendBackUrl)
return render_to_response('useradmin.html' , locals())
if passwordNew1 != passwordNew2:
#log(request, 'USERADMINPAGEERROR', 'Passwords do not match', sendBackUrl)
message = "Passwords do not match!"
return render_to_response('useradmin.html' , locals())
try:
#Check username from hidden field against user.username from session
if user.username != username:
message = "User Names don't match. Something Funny's going on."
return render_to_response('useradmin.html' , locals())
# get user again based upon username just to be sure.
u = User.objects.get(username__exact=username)
if u:
verifyOldPassword = u.check_password(passwordOld)
if verifyOldPassword:
u.set_password(passwordNew1)
u.save()
#log(request, 'USERADMINPAGE', 'Successfully Changed passwords', sendBackUrl)
else:
message = "Old Password did not match!"
#log(request, 'USERADMINPAGEERROR', 'Old Password did not match', sendBackUrl)
return render_to_response('useradmin.html' , locals())
request.session['message'] = "Password has been changed. Now go do something productive!"
return HttpResponseRedirect("/useradmin/" + userId)
#return render_to_response('useradmin.html' , locals())
else: # No user id?! Just return the user to the home page.
return HttpResponseRedirect('/')
except:
# TODO log that there was an invalid POST
#log(request, 'USERADMINPAGEERROR', 'invalid form POST', sendBackUrl)
return HttpResponseRedirect('/')
return render_to_response('useradmin.html', locals())
def register(request):
WEB_FILES, LIVE_SITE, totalNumberOfGames, sendBackUrl, startOffset, \
user, userId, message, topHits, topRated = initialVars(request)
#Need this in the event that they don't process the form and nav to login
sendBackUrl = '/'
if request.method == 'GET':
# Form has no data yet.
request.session['sendBackUrl'] = request.GET.get('sendBack', '/')
captchaImageURL, captchaHash = makeCaptchaImage(
request.META['REMOTE_ADDR'])
form = RegisterUser(initial={'captchaHash': captchaHash})
return render_to_response('register.html', locals())
elif request.method == 'POST':
# Form has data.
form = RegisterUser(request.POST)
if form.is_valid():
name = form.cleaned_data['name']
password1 = form.cleaned_data['password1']
password2 = form.cleaned_data['password2']
captchaHash = form.cleaned_data['captchaHash']
captchaEntry = form.cleaned_data['captchaEntry']
captchaEntry = captchaEntry.lower()
description = form.cleaned_data['description']
if password1 != password2:
captchaImageURL, captchaHash = makeCaptchaImage(
request.META['REMOTE_ADDR'])
form = RegisterUser(initial={
'captchaHash': captchaHash,
'name': name
})
error = 'Passwords do not match. Please re-enter.'
#log(request, 'REGISTERUSERERROR', name, "Password don\'t match")
return render_to_response('register.html', locals())
SALT = flashburrito.settings.SECRET_KEY[:20]
hashEntry = sha.new(SALT + captchaEntry).hexdigest()
if captchaHash == hashEntry:
# User entered valid Captcha code
User.objects.create_user(name, '', password1)
user = authenticate(username=name, password=password1)
if description != "":
userProfile = UserProfile(user=user,
description=description)
userProfile.save()
#log(request, 'REGISTERUSER', name, 'Valid Registration')
login(request, user)
else:
# User entered invalid Captcha code
captchaImageURL, captchaHash = makeCaptchaImage(
request.META['REMOTE_ADDR'])
form = RegisterUser(initial={
'captchaHash': captchaHash,
'name': name
})
error = 'Invalid Captcha Code. Please Enter again.'
#log(request, 'REGISTERUSERERROR', name, "Invalid Captcha Code")
return render_to_response('register.html', locals())
else:
# Form is not valid
captchaImageURL, captchaHash = makeCaptchaImage(
request.META['REMOTE_ADDR'])
#TODO should parse through form and log exact error
#log(request, 'REGISTERUSERERROR', "Bad Form", "Other: Form is Not Valid")
return render_to_response('register.html', locals())
sendBackUrl = request.session.get('sendBackUrl', '/')
request.session['sendBackUrl'] = None
return HttpResponseRedirect(sendBackUrl)
def register(request):
WEB_FILES, LIVE_SITE, totalNumberOfGames, sendBackUrl, startOffset, \
user, userId, message, topHits, topRated = initialVars(request)
#Need this in the event that they don't process the form and nav to login
sendBackUrl = '/'
if request.method == 'GET':
# Form has no data yet.
request.session['sendBackUrl'] = request.GET.get('sendBack', '/')
captchaImageURL, captchaHash = makeCaptchaImage(
request.META['REMOTE_ADDR']
)
form = RegisterUser(initial={'captchaHash': captchaHash})
return render_to_response('register.html', locals())
elif request.method == 'POST':
# Form has data.
form = RegisterUser(request.POST)
if form.is_valid():
name = form.cleaned_data['name']
password1 = form.cleaned_data['password1']
password2 = form.cleaned_data['password2']
captchaHash = form.cleaned_data['captchaHash']
captchaEntry = form.cleaned_data['captchaEntry']
captchaEntry = captchaEntry.lower()
description = form.cleaned_data['description']
if password1 != password2:
captchaImageURL, captchaHash = makeCaptchaImage(
request.META['REMOTE_ADDR']
)
form = RegisterUser(initial={'captchaHash': captchaHash,
'name': name})
error = 'Passwords do not match. Please re-enter.'
#log(request, 'REGISTERUSERERROR', name, "Password don\'t match")
return render_to_response('register.html', locals())
SALT = flashburrito.settings.SECRET_KEY[:20]
hashEntry = sha.new(SALT+captchaEntry).hexdigest()
if captchaHash == hashEntry:
# User entered valid Captcha code
User.objects.create_user(name, '', password1)
user = authenticate(username=name, password=password1)
if description != "":
userProfile = UserProfile(
user=user,
description=description
)
userProfile.save()
#log(request, 'REGISTERUSER', name, 'Valid Registration')
login(request, user)
else:
# User entered invalid Captcha code
captchaImageURL, captchaHash = makeCaptchaImage(
request.META['REMOTE_ADDR']
)
form = RegisterUser(initial={'captchaHash': captchaHash,
'name': name})
error = 'Invalid Captcha Code. Please Enter again.'
#log(request, 'REGISTERUSERERROR', name, "Invalid Captcha Code")
return render_to_response('register.html', locals())
else:
# Form is not valid
captchaImageURL, captchaHash = makeCaptchaImage(
request.META['REMOTE_ADDR']
)
#TODO should parse through form and log exact error
#log(request, 'REGISTERUSERERROR', "Bad Form", "Other: Form is Not Valid")
return render_to_response('register.html', locals())
sendBackUrl = request.session.get('sendBackUrl', '/')
request.session['sendBackUrl'] = None
return HttpResponseRedirect(sendBackUrl)
