def reg():
if request.method == "POST":
if RegisteredUser.query.filter(
RegisteredUser.email == request.form["email"]).first() != None:
flash("Error: that email is already registered.", "danger")
return redirect('/')
reguuid = uuid.uuid1()
mail = """From: [email protected]\r\nTo: %s\r\nSubject: CSH 5K Email Confirmation\r\n\r\nWelcome to the CSH 5K for charity: water!
To confirm your email address, please click here: http://5k.csh.rit.edu/verify?key=%s&user=%s""" % (
request.form["email"], reguuid, urllib.quote(
request.form["email"]))
try:
server = smtplib.SMTP("mail.csh.rit.edu")
server.sendmail("*****@*****.**", [request.form["email"]], mail)
server.quit()
except:
flash(
"An error occurred sending you an email. Please try again or contact [email protected].",
"danger")
return redirect('/')
newuser = RegisteredUser(email=request.form["email"],
date=datetime.datetime.now(),
reg_uuid=str(reguuid))
db_session.add(newuser)
db_session.commit()
flash("Successfully registered. Please check your email.", "success")
return redirect('/')
def create_user(oauth_token):
udata = ghobject.get('user', params={'access_token': oauth_token})
user = User.query.filter(User.username == udata['login']).first()
if user is None:
user = User(email=udata.get('email',None), username=udata['login'],
github_access_token=None)
db_session.add(user)
db_session.commit()
return user
def demote(uid):
if "username" not in session or "admin" not in session or not session["admin"]:
return redirect('/')
u = User.query.filter(User.uid == uid).first()
if u is None:
flash("No such user.", "danger")
return redirect('/admin/users/')
u.admin = False
db_session.commit()
flash("Demoted user.", "success")
return redirect('/admin/users/')
def delalias(aid):
if "username" not in session:
return redirect("/")
tdalias = Alias.query.filter(Alias.aid == aid).first()
if tdalias.uid != session["user_id"]:
flash("You don't own that alias!", "danger")
return redirect('/account/alias/')
db_session.delete(tdalias)
db_session.commit()
flash("Your alias was deleted.", "success")
return redirect("/account/alias/")
def pay_with_cash(actuser, name, phone, racetype, price):
actuser.name = name
actuser.phone = ''.join(c for c in phone if c.isdigit())
actuser.racetype = racetype
actuser.paid = 0
try:
db_session.commit()
except:
return Response('Sorry, we encountered an error. Please contact [email protected] or try again later.', 500)
return Response('Registered, but not paid (cash chosen)', 200)
def add_phone():
if "username" not in session:
return redirect("/")
phone = fix_phone(request.form["phone"])
code = str(random.randint(0, 1000000)).zfill(6)
project.utils.twilioutil.send_text(phone, "Your queri confirmation code is %s" % code)
phon = Phone(session["user_id"], phone, code)
db_session.add(phon)
db_session.commit()
flash("Check your phone for a confirmation code.", "success")
return redirect("/account/phones/")
def delete_phone(pid):
if "username" not in session:
return redirect("/")
phon = Phone.query.filter(Phone.pid == pid).first()
if phon.uid != session["user_id"]:
flash("Haha, no", "danger")
return redirect("/")
else:
db_session.delete(phon)
db_session.commit()
flash("Phone deleted.", "success")
return redirect("/account/phones/")
def superadmin_create():
if request.method == "POST":
if Admin.query.filter(Admin.username == request.form["username"]).first() != None:
flash("User already exists.", "danger")
return redirect('/admin/superadmin/')
nadmin = Admin(uname=request.form["username"],
pwhash=hashlib.sha256(request.form["password"]).hexdigest(),
superadmin=("superadmin" in request.form))
db_session.add(nadmin)
db_session.commit()
flash("User successfully created.", "success")
return redirect('/admin/superadmin/')
return redirect('/admin/superadmin/')
def confirm_phone():
if "username" not in session:
return redirect("/")
phone = fix_phone(request.form["phone"])
code = request.form["code"]
phon = Phone.query.filter(Phone.phone_number == phone and Phone.confirmation == code).first()
if phon is None:
flash("No phone found.", "danger")
return redirect("/account/phones/")
phon.is_confirmed = True
db_session.commit()
flash("Phone <!-- illuminati --> confirmed.", "success")
return redirect("/account/phones/")
def pay_with_cash(actuser, name, phone, racetype, price):
actuser.name = name
actuser.phone = ''.join(c for c in phone if c.isdigit())
actuser.racetype = racetype
actuser.paid = 0
try:
db_session.commit()
except:
return Response(
'Sorry, we encountered an error. Please contact [email protected] or try again later.',
500)
return Response('Registered, but not paid (cash chosen)', 200)
def verify():
if not request.args or not "key" in request.args or not "user" in request.args:
return redirect('/')
actuser = RegisteredUser.query.filter(RegisteredUser.email == request.args["user"]).first()
if not actuser:
return redirect('/')
if actuser.paid >= 1000:
flash("You have already paid.", "success")
return redirect('/')
if actuser.reg_uuid == request.args["key"]:
actuser.emailverified = True
db_session.commit()
return redirect('/billing/%d/' % actuser.id)
return render_template("verify.html", uid=actuser.id)
def verify():
if not request.args or not "key" in request.args or not "user" in request.args:
return redirect('/')
actuser = RegisteredUser.query.filter(
RegisteredUser.email == request.args["user"]).first()
if not actuser:
return redirect('/')
if actuser.paid >= 1000:
flash("You have already paid.", "success")
return redirect('/')
if actuser.reg_uuid == request.args["key"]:
actuser.emailverified = True
db_session.commit()
return redirect('/billing/%d/' % actuser.id)
return render_template("verify.html", uid=actuser.id)
def superadmin_create():
if request.method == "POST":
if Admin.query.filter(
Admin.username == request.form["username"]).first() != None:
flash("User already exists.", "danger")
return redirect('/admin/superadmin/')
nadmin = Admin(uname=request.form["username"],
pwhash=hashlib.sha256(
request.form["password"]).hexdigest(),
superadmin=("superadmin" in request.form))
db_session.add(nadmin)
db_session.commit()
flash("User successfully created.", "success")
return redirect('/admin/superadmin/')
return redirect('/admin/superadmin/')
def verifyemail():
if not request.args or not "key" in request.args or not "user" in request.args:
return redirect('/')
actuser = User.query.filter(User.username == request.args["user"]).first()
if not actuser:
return redirect('/')
if actuser.enabled:
flash("Account already enabled.", "warning")
return redirect('/')
if actuser.reg_uuid == request.args["key"]:
actuser.enabled = True
db_session.commit()
flash("Account successfully activated. You're ready to log in!", "success")
return redirect("/login/")
return redirect('/')
def get_user_priv(user_name, repo_name):
if 'username' not in session:
return 'JHON_DOE'
priv = db_session.query(UserPrivilege).join(User).join(Project).filter(Project.name == repo_name, User.username == user_name).first()
if priv is None:
req_string = 'repos/%s/%s/contributors' % (user_name, repo_name)
contributors = project.utils.ghobject.get(req_string)
contributor_unames = [i['login'] for i in contributors]
project_id = db_session.query(Project).join(User).filter(User.username == user_name).filter(Project.name == repo_name).first().id
user_id = db_session.query(User).filter(User.username == session['username']).first().id
if session['username'] in contributor_unames:
priv = UserPrivilege(project_id, user_id,'CONTRIBUTER')
else:
priv = UserPrivilege(project_id, user_id,'JHON_DOE')
db_session.add(priv)
db_session.commit()
return priv.level
def addalias():
if "username" not in session:
return redirect("/")
if request.method == "POST":
if not "from" in request.form or not "to" in request.form:
return redirect("/account/alias/")
if len(request.form["from"]) > 64 or len(request.form["to"]) > 64:
flash("Alias field too long - max length is 64 characters.", "danger")
return redirect("/account/alias/")
if Alias.query.filter((Alias._from == request.form["from"]) & (Alias.uid == session["user_id"])).first() != None:
flash("Alias 'from' field already used.", "danger")
return redirect("/account/alias/")
nalias = Alias(uid=session["user_id"], _from=request.form["from"], to=request.form["to"])
db_session.add(nalias)
db_session.commit()
flash("Your alias was added.", "success")
return redirect("/account/alias/")
def registerrunner():
if request.method == "POST":
if not ("name" in request.form and "email" in request.form and "paid" in request.form and "rtype" in request.form):
flash("Please fill out all the fields.", "danger")
return render_template("admin_register.html")
if RegisteredUser.query.filter(RegisteredUser.email == request.form["email"]).first() != None:
flash("Runner already registered.", "warning")
return render_template("admin_register.html")
nrunner = RegisteredUser(date = datetime.datetime.now(),
name=request.form["name"], email=request.form["email"],
phone=''.join(c for c in request.form["phone"] if c.isdigit()),
paid=100*int(request.form["paid"]), verified = True,
rtype =request.form["rtype"])
db_session.add(nrunner)
db_session.commit()
flash("User successfully created.")
return render_template("admin_register.html")
def pay_with_stripe(actuser, name, phone, racetype, price, stripe_token):
stripe.api_key = os.getenv("STRIPE_API_KEY", "sk_test_key")
actuser.name = name
actuser.phone = ''.join(c for c in phone if c.isdigit())
actuser.racetype = racetype
metadata = {
"uid": actuser.id,
"name": actuser.name,
"phone": actuser.phone,
"racetype": actuser.racetype,
}
try:
charge = stripe.Charge.create(
amount=price,
currency="usd",
card=stripe_token,
description="Registration fee for CSH Costume 5K",
receipt_email=actuser.email,
metadata=metadata)
except stripe.CardError as e:
return Response(e.message + " Please try again.", 400)
except (stripe.InvalidRequestError, stripe.AuthenticationError,
stripe.APIConnectionError, stripe.StripeError) as e:
return Response(
"Sorry, an error ocurred. Your card was not charged. Please try again in a bit or contact [email protected].",
500)
if charge.paid:
actuser.paid = charge.amount
try:
db_session.commit()
except:
return Response(
'Paid, but encountered an error. Please contact [email protected].',
500)
return Response('Registered and paid', 200)
else:
return Response('Payment failed', 400)
def process_register():
if request.method == "POST":
if request.form["email"] != request.form["email-confirm"]:
flash("Error: your emails didn't match.", "danger")
elif request.form["password"] != request.form["password-confirm"]:
flash("Error: your passwords didn't match.", "danger")
else:
if User.query.filter(User.username == request.form["username"]).first() != None:
flash("Error: that username is already taken.", "danger")
elif User.query.filter(User.email == request.form["email"]).first() != None:
flash("Error: that email is already in use.", "danger")
else:
for ch in request.form["username"]:
if ch not in 'abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ1234567890-_':
flash("Error: usernames may only use A-Z, a-z, 0-9, _, and -.", "danger")
return redirect("/login/")
reguuid = uuid.uuid1()
regmail = sendgrid.Mail()
regmail.add_to(request.form["email"])
regmail.set_subject("queri.me registration confirmation")
regmail.set_from('*****@*****.**')
regmail.set_text("""Welcome to queri.me!
In order to complete your registration and activate your account, please click
this link to verify your email address: http://queri.me/verifyemail?user=%s&key=%s
-- the queri.me team
""" % (request.form["username"], reguuid))
try:
sgclient.send(regmail)
except:
flash("An error occurred sending your confirmation email. Please try again.", "danger")
return render_template("login.html")
newuser = User(username=request.form["username"], email=request.form["email"],
pwhash=hashlib.sha256(request.form["password"]).hexdigest(),
reg_uuid=str(reguuid), enabled=False)
db_session.add(newuser)
db_session.commit()
flash("Account successfully created. Please check your email for activation instructions.", "success")
return redirect('/')
return render_template("login.html")
def registerrunner():
if request.method == "POST":
if not ("name" in request.form and "email" in request.form
and "paid" in request.form and "rtype" in request.form):
flash("Please fill out all the fields.", "danger")
return render_template("admin_register.html")
if RegisteredUser.query.filter(
RegisteredUser.email == request.form["email"]).first() != None:
flash("Runner already registered.", "warning")
return render_template("admin_register.html")
nrunner = RegisteredUser(date=datetime.datetime.now(),
name=request.form["name"],
email=request.form["email"],
phone=''.join(c for c in request.form["phone"]
if c.isdigit()),
paid=100 * int(request.form["paid"]),
verified=True,
rtype=request.form["rtype"])
db_session.add(nrunner)
db_session.commit()
flash("User successfully created.")
return render_template("admin_register.html")
def pay_with_stripe(actuser, name, phone, racetype, price, stripe_token):
stripe.api_key = os.getenv("STRIPE_API_KEY","sk_test_key")
actuser.name = name
actuser.phone = ''.join(c for c in phone if c.isdigit())
actuser.racetype = racetype
metadata = {
"uid": actuser.id,
"name": actuser.name,
"phone": actuser.phone,
"racetype": actuser.racetype,
}
try:
charge = stripe.Charge.create(
amount=price,
currency="usd",
card=stripe_token,
description="Registration fee for CSH Costume 5K",
receipt_email=actuser.email,
metadata=metadata
)
except stripe.CardError as e:
return Response(e.message + " Please try again.", 400)
except (stripe.InvalidRequestError, stripe.AuthenticationError, stripe.APIConnectionError, stripe.StripeError) as e:
return Response("Sorry, an error ocurred. Your card was not charged. Please try again in a bit or contact [email protected].", 500)
if charge.paid:
actuser.paid = charge.amount
try:
db_session.commit()
except:
return Response('Paid, but encountered an error. Please contact [email protected].', 500)
return Response('Registered and paid', 200)
else:
return Response('Payment failed', 400)
def reg():
if request.method == "POST":
if RegisteredUser.query.filter(RegisteredUser.email ==
request.form["email"]).first() != None:
flash("Error: that email is already registered.", "danger")
return redirect('/')
reguuid = uuid.uuid1()
mail = """From: [email protected]\r\nTo: %s\r\nSubject: CSH 5K Email Confirmation\r\n\r\nWelcome to the CSH 5K for charity: water!
To confirm your email address, please click here: http://5k.csh.rit.edu/verify?key=%s&user=%s""" % (request.form["email"], reguuid, urllib.quote(request.form["email"]))
try:
server = smtplib.SMTP("mail.csh.rit.edu")
server.sendmail("*****@*****.**", [request.form["email"]], mail)
server.quit()
except:
flash("An error occurred sending you an email. Please try again or contact [email protected].", "danger")
return redirect('/')
newuser = RegisteredUser(email=request.form["email"],
date=datetime.datetime.now(), reg_uuid = str(reguuid))
db_session.add(newuser)
db_session.commit()
flash("Successfully registered. Please check your email.", "success")
return redirect('/')
def handler(event_id, solve_status):
event = Event.query.get(event_id)
if solve_status in (0, 1, 2, 3):
event.solved = solve_status
db_session.commit()
return redirect(url_for("index", event_id=event_id))
