def password_change(self, curr_pass, new_pass, again_pass, ip):
event_type = "PASSWORD_CHANGE"
user_id = session.get("UID")
old_pass = get_users_table(where="ID='" + session.get("UID") + "'",
column="PASSWORD")[0][0]
control = re.compile(
"^(?=.*?\d)(?=.*?[A-Z])(?=.*?[@.*\-_!])(?=.*?[a-z])[A-Za-z\d@.*\-_!]{8,}$"
)
if not bool(control.search(new_pass)):
return response_create(
json.dumps({
"STATUS":
"error",
"ERROR":
"Your password is weak.Your password may only contain special characters (@. * -_!), Upper / lower case, and numbers."
}))
if str(old_pass) == str(calculate_hash(new_pass, method="sha512")):
return response_create(
json.dumps({
"STATUS": "error",
"ERROR": "You have to your change password."
}))
elif str(old_pass) != str(calculate_hash(curr_pass, method="sha512")):
return response_create(
json.dumps({
"STATUS": "error",
"ERROR": "Your old password is incorrect."
}))
elif str(new_pass) != str(again_pass):
return response_create(
json.dumps({
"STATUS": "error",
"ERROR": "Your new passwords not match."
}))
else:
secret = calculate_hash(new_pass, method="sha256")
changer = "UPDATE users SET PASSWORD='******' WHERE UID='{1}'".format(
secret, user_id)
try:
self.write_mysql(changer)
session.clear()
log = "Password changed.User: {0}.".format(" ".join(
get_username(user_id)))
write_log_to_mysql(event_type, ip, "INFO", log,
self.system_username)
return response_create(
json.dumps({
"STATUS": "OK",
"target": "/"
}))
except Exception as e:
self.mysql_rollback()
return response_create(
json.dumps({
"STATUS":
"error",
"ERROR":
"Query could not be completed.Error: {0}".format(e)
}))
def change_user_status(self, args, person, ip):
event_type = "USER_STATUS_CHANGE"
f_name, l_name = get_username(person)
t_name, t_surname = get_username(args["USER_ID"])
if args["USER_STATUS"] == "enable" or args["USER_STATUS"] == "activate":
if get_users_table(where="ID='" + args["USER_ID"] + "' AND STATUS IN ('Disabled', 'Deleted')", count=True) > 0:
self.write_mysql("UPDATE users SET STATUS='Enabled' WHERE ID='{0}'".format(args["USER_ID"]))
elif args["USER_STATUS"] == "disable":
if get_users_table(where="ID='" + args["USER_ID"] + "' AND STATUS='Enabled'", count=True) > 0:
self.write_mysql("UPDATE users SET STATUS='Disabled' WHERE ID='{0}'".format(args["USER_ID"]))
elif args["USER_STATUS"] == "delete":
if get_users_table(where="ID='" + args["USER_ID"] + "' AND STATUS IN ('Enabled', 'Disabled')", count=True) > 0:
self.write_mysql("UPDATE users SET STATUS='Disabled' WHERE ID='{0}'".format(args["USER_ID"]))
log = "User status changed by \"{0} {1}\".Status: {2}, Name: {3}, Surname: {4}.".format(f_name, l_name, args["USER_STATUS"].capitalize(), t_name, t_surname)
write_log_to_mysql(event_type, ip, "INFO", log, self.system_username)
self.mysql_commit()
return response_create(json.dumps({"STATUS": "OK", "MESSAGE": "Status changed."}))
def register(self, args, ip):
event_type = "REGISTER"
if get_users_table(where="IP='" + ip + "'", count=True) > 0:
return response_create(
json.dumps({
"STATUS": "error",
"ERROR": "Your IP address not permitted."
}))
if args["PASSWORD"] != args["RE-PASSWORD"]:
return response_create(
json.dumps({
"STATUS": "error",
"ERROR": "Your passwords does not match."
}))
try:
uid = get_uuid()
self.write_mysql(
"INSERT INTO users(ID,F_NAME,L_NAME,EMAIL,MAJORITY,COUNTRY,PASSWORD,CITY,HOSPITAL,IP) VALUES ('{0}','{1}','{2}','{3}','{4}','{5}','{6}','{7}','{8}','{9}')"
.format(uid, args["FIRSTNAME"], args["LASTNAME"],
args["EMAIL"], args["MAJORITY"], args["COUNTRY"],
calculate_hash(args["PASSWORD"], "sha256"),
args["CITY"], args["HOSPITAL"], ip))
self.write_mysql(
"INSERT INTO user_profile(ID) VALUES ('{0}')".format(uid))
log = "New user created.Name: {0}, Surname: {1}, Majority: {2}, Country: {3}, UserID: {4}.".format(
args["FIRSTNAME"], args["LASTNAME"], args["MAJORITY"],
args["COUNTRY"], uid)
write_log_to_mysql(event_type, ip, "INFO", log,
self.system_username)
self.mysql_commit()
return response_create(json.dumps({"STATUS": "OK", "target": "/"}))
except mdb.IntegrityError:
self.mysql_rollback()
return response_create(
json.dumps({
"STATUS":
"error",
"ERROR":
"Your account already created.If you forget your password, contact us."
}))
except Exception as e:
self.mysql_rollback()
return response_create(
json.dumps({
"STATUS":
"error",
"ERROR":
"Query could not be completed.Error: {0}".format(e)
}))
def sign_in(self, email, password, ip):
event_type = "LOGIN"
password = calculate_hash(password, method="sha256")
session_environ = [
"UID", "FIRSTNAME", "LASTNAME", "EMAIL", "MAJORITY", "COUNTRY",
"STATUS", "ROLE", "CITY", "HOSPITAL", "PROJECT"
]
try:
user_data = get_users_table(
where="EMAIL='" + email + "' AND PASSWORD='******'",
column=
"ID,F_NAME,L_NAME,EMAIL,MAJORITY,COUNTRY,STATUS,ROLE,CITY,HOSPITAL,PROJECT"
)[0]
except IndexError:
user_data = tuple()
if len(user_data) > 0:
if user_data[-5] in ["Pending", "Disabled"]:
return response_create(
json.dumps({
"STATUS":
"error",
"ERROR":
"Your account is disabled.Please contact Middleware Team."
}))
session["logged-in"] = True
for i in range(len(session_environ)):
session[session_environ[i]] = user_data[i]
log = "Successful login. Email: {0}".format(email)
write_log_to_mysql("LOGIN", ip, "INFO", log, self.system_username)
return response_create(
json.dumps({
"STATUS": "OK",
"target": "/main"
}))
log = "Failed login. Email: {0}".format(email)
write_log_to_mysql(event_type, ip, "WARNING", log,
self.system_username)
return response_create(
json.dumps({
"STATUS": "error",
"ERROR": "Incorrect username or password."
}))
def change_user_details(self, args, person, ip):
event_type = "USER_DETAILS_CHANGE"
f_name, l_name = get_username(person)
t_name, t_surname = get_username(args["USER_ID"])
changes = dict()
columns = ("MAJORITY", "COUNTRY", "HOSPITAL", "CITY", "ROLE", "PROJECT")
args["COUNTRY"] = self.get_country_id(args["COUNTRY_NAME"])
args["PROJECT"] = ",".join([self.get_project_name(i) for i in args["PROJECT"]])
update_statement = "UPDATE users SET"
old_data = get_users_table(where="ID='" + args["USER_ID"] + "'", column=",".join(columns))[0]
for i in range(len(columns)):
if args[columns[i]] != old_data[i]:
changes[columns[i]] = (old_data[i], args[columns[i]])
update_statement += " " + columns[i] + "='" + args[columns[i]] + "'"
if len(changes) > 0:
update_statement += " WHERE ID='" + args["USER_ID"] + "'"
self.write_mysql(update_statement)
log = "User details changed by \"{0} {1}\".Name: {2}, Surname: {3}, Changes: {4}.".format(f_name, l_name, t_name, t_surname, changes)
write_log_to_mysql(event_type, ip, "INFO", log, self.system_username)
self.mysql_commit()
return response_create(json.dumps({"STATUS": "OK", "MESSAGE": "Status changed."}))
return response_create(json.dumps({"STATUS": "error", "ERROR": "No changes found."}))
def get_username(uid):
return get_users_table(where="ID='" + uid + "'", column="F_NAME,L_NAME")[0]
def arguman_controller(args, log_patern=False):
mail = re.compile(
"^[a-zA-Z0-9.\-_]+@[a-zA-Z0-9]{,8}\.([a-zA-Z0-9]{,8}\.[a-zA-Z0-9]{,8}|[a-zA-Z0-9]{,8})$"
)
names = re.compile(r"^[a-zA-Z ]{,20}$", re.UNICODE)
identifier = re.compile(r"^[a-zA-Z0-9 \-]{1,50}$", re.UNICODE)
hospital = re.compile(r"^[a-zA-Z ]{,50}$", re.UNICODE)
password = re.compile(
"^(?=.*?\d)(?=.*?[A-Z])(?=.*?[@.*\-_!])(?=.*?[a-z])[A-Za-z\d@.*\-_!]{8,}$"
)
ip = re.compile("^(\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}|[\d.*]{,12})$")
keyword = re.compile("([a-zA-Z0-9.,\-]+)")
date = re.compile("^\d{2}\.\d{2}\.\d{4} \d{2}:\d{2}$")
severity = re.compile("^none|{0}$".format("|".join([
i[0] for i in get_system_logs_table(column="DISTINCT(EVENT_SEVERITY)")
])))
etype = re.compile("^none|{0}$".format("|".join(
[i[0] for i in get_system_logs_table(column="DISTINCT(EVENT_TYPE)")])))
users = re.compile("^none|{0}$".format("|".join(
[i[0] for i in get_system_logs_table(column="DISTINCT(USERNAME)")])))
country_codes = re.compile("^{0}$".format("|".join(
[i[0] for i in get_country_table(column="CODE")])))
country_names = re.compile("^{0}$".format("|".join(
[i[0] for i in get_country_table(column="NAME")])))
user_id = re.compile("^{0}$".format("|".join(
[i[0] for i in get_users_table(column="ID")])))
user_role = re.compile("^{0}$".format("|".join(
[i[0] for i in get_user_roles_table(column="NAME")])))
projects = re.compile("^All|none|{0}$".format("|".join(
[i[0] for i in get_projects_table(column="ID")])))
patern = {
"EMAIL": [mail, "Mail address syntax error."],
"FIRSTNAME": [names, "Firstname syntax error."],
"LASTNAME": [names, "Lastname syntax error."],
"PASSWORD": [password, "Your password is week."],
"RE-PASSWORD": [password, "Your password is week."],
"MAJORITY": [names, "Majority syntax error."],
"COUNTRY": [country_codes, "Invalid country code."],
"CITY": [names, "Invalid city name."],
"HOSPITAL": [hospital, "Invalid hospital name."],
"USER_ID": [user_id, "Invalid user id."],
"PROJECT_ID": [projects, "Invalid project ID."],
"PROJECT": [projects, "Invalid project."],
"PROJECT_IDENTIFIER": [identifier, "Invalid project."],
"USER_STATUS": [
re.compile("(enable|delete|disable|activate)"),
"Invalid user status."
],
"PROJECT_STATUS":
[re.compile("(Active|Passive)"), "Invalid project status."],
"COUNTRY_NAME": [country_names, "Invalid country name."],
"ROLE": [user_role, "Invalid role name."],
"SURVEY_NAME": [names, "Invalid survey name."],
"SURVEY_EXP": [keyword, "Invalid survey explanation."],
"PROJECT_EXP": [keyword, "Invalid project explanation."],
"SURVEY_PIC_FILE": []
}
for_log_patern = {
"ALL_LOG": [re.compile("(True|False)"), "Invalid bool value error."],
"EVENT_IP": [ip, "Invalid ip error."],
"EVENT_KEYWORD": [keyword, "Invalid keyword options error."],
"EVENT_START_DATE": [date, "Invalid date error."],
"EVENT_END_DATE": [date, "Invalid date error."],
"EVENT_TYPE": [etype, "Invalid type error."],
"EVENT_SEVERITY": [severity, "Invalid severity error."],
"EVENT_USERS": [users, "Invalid user error."]
}
try:
if log_patern:
if args["ALL_LOG"] == "True":
return True, 0
for k, v in args.iteritems():
if v != "none":
if isinstance(v, list):
for key in v:
if key != "none":
if not bool(for_log_patern[k][0].search(key)):
return False, json.dumps({
"STATUS":
"error",
"ERROR":
for_log_patern[k][1]
})
elif not bool(for_log_patern[k][0].search(v)):
return False, json.dumps({
"STATUS": "error",
"ERROR": for_log_patern[k][1]
})
else:
for k, v in args.iteritems():
if isinstance(v, list):
for key in v:
if not bool(patern[k][0].search(key)):
return False, json.dumps({
"STATUS": "error",
"ERROR": patern[k][1]
})
elif k not in ["SURVEY_TEXT", "SURVEY_PIC_FILE"]:
if not bool(patern[k][0].search(v)):
return False, json.dumps({
"STATUS": "error",
"ERROR": patern[k][1]
})
return True, 0
except Exception as e:
return False, response_create(
json.dumps({
"STATUS": "error",
"ERROR": "Something went wrong.Exception is : " + str(e)
}))
def is_disabled_account(uid):
if get_users_table(where="ID='" + str(uid) + "' AND STATUS='Disabled'",
count=True) > 0:
return True
return False
def get_all_account():
return get_users_table(where="STATUS!='Pending' ORDER BY STATUS DESC", column="F_NAME,L_NAME,EMAIL,MAJORITY,COUNTRY,CITY,HOSPITAL,ROLE,ID,STATUS,PROJECT")
def get_pending_account_list():
return get_users_table(where="STATUS='Pending'", column="F_NAME,L_NAME,EMAIL,MAJORITY,COUNTRY,CITY,HOSPITAL,ROLE,ID")
def get_pending_account_count():
return get_users_table(where="STATUS='Pending'", count=True)