def loginphrase2username_password(request): """convert login phrase to username/password pair""" phrase = request.POST.get("loginphrase","") username = get_username_from_loginphrase(phrase) password = get_password_from_loginphrase(phrase) clone = request.POST.copy() clone["username"] = username clone["password"] = password return clone
def delete_confirm(request): """ confirm a delete request """ if not valid_token(request): return token_splash_page(request) if request.POST.has_key('yes'): login_phrase = request.POST.get("password","") password = get_password_from_loginphrase(login_phrase) if request.user.check_password(password): template_path = 'registration/delete_confirm.html' template_vars = {} template_vars['title'] = _('Profile Deleted') user = request.user auth_logout(request) user.prj_delete() return render_to_response(template_path, template_vars, context_instance=RequestContext(request)) else: return delete(request, password_error=_("Wrong password.")) else: return redirect('/')
def new_login(request): """ Careful - this function does not use django's login/logout functions intelligently. Bugs are likely to arise from here. """ if not valid_token(request): return token_splash_page(request) if match(settings.ID_REGEX, request.user.username): # the user already has the new passphrase. Don't let him change it. return HttpResponseRedirect(reverse('user.views.profileForwarding')) template_path = 'registration/new_login.html' template_vars = {} template_vars['title'] = _('IMPORTANT') # Restore the user's session. If he tries to visit any other page, # he will remain logged out. if "savedSession" in request.session: for key, value in request.session["savedSession"].items(): request.session[key] = value if SESSION_KEY in request.session: request.user = User.objects.get(id=request.session[SESSION_KEY]) del request.session["savedSession"] user = request.user # Don't let people visit this page without logging in. # Copied from django.contrib.auth.decorators.user_passes_test if not user.is_authenticated(): login_url = None path = request.build_absolute_uri() # If the login url is the same scheme and net location then just # use the path as the "next" url. login_scheme, login_netloc = urlparse.urlparse(login_url or settings.LOGIN_URL)[:2] current_scheme, current_netloc = urlparse.urlparse(path)[:2] if ((not login_scheme or login_scheme == current_scheme) and (not login_netloc or login_netloc == current_netloc)): path = request.get_full_path() return redirect_to_login(path, login_url, REDIRECT_FIELD_NAME) user_profile = user.get_profile() if request.method == "POST": loginphrase_entered = request.POST.get("loginphrase","").upper() loginphrase = request.session.get("temploginphrase","") if loginphrase_entered == loginphrase: # The user received the passphrase and has hopefully written it # down. Because now we are changing his credentials. user.username = user_profile.id password = get_password_from_loginphrase(loginphrase) encrypt_unencrypted_profile(user_profile, password) user.email = user_profile.get_anonymous_email() user.set_password(password) user.save() populate_session(request, password) return HttpResponseRedirect( reverse('user.views.profileForwarding') ) loginphrase = user_profile.generateNewLoginPhrase() template_vars['loginphrase'] = loginphrase request.session['temploginphrase'] = loginphrase # Delete the user's session: Stop the user from going to his profile pages # before he has entered the passphrase. saved_session = {} for key, value in request.session._session.items(): saved_session[key] = value auth_logout(request) request.session["savedSession"] = saved_session template_vars['savedSession'] = saved_session return render_to_response(template_path, template_vars, context_instance=RequestContext(request))
def edit(request, clicked): """edit profile""" if not valid_token(request): return token_splash_page(request) template_vars = {} if request.method == "POST": loginphrase = request.POST.get("password","") password = get_password_from_loginphrase(loginphrase) if request.user.check_password(password): if edit_captcha_ok(request): validation_errors = contactinfo_errors(request) or \ aboutme_errors(request) or \ location_errors(request) or \ language_errors(request) or \ email_errors(request) or None if validation_errors: validation_errors = ([contactinfo_errors(request)] + \ [aboutme_errors(request)] + \ [location_errors(request)] + \ [language_errors(request)] + \ [email_errors(request)]) for val_error in validation_errors: if val_error is not None: template_vars[val_error[-1]] = val_error[2] else: save_edited_info(request) # Get the newly encrypted data into the session again populate_session(request, password) return HttpResponseRedirect( reverse('user.views.profile_forwarding') ) else: template_vars["captchaerror"] = True template_vars["captcha"] = CaptchaTestForm(request.POST) else: template_vars["passworderror"] = __("Wrong passphrase.") else: if edit_needs_captcha(request): template_vars["captcha"] = CaptchaTestForm() template_vars['contact_info'] = request.POST.get("contact_info", False) template_vars['about_me'] = request.POST.get("about_me", False) template_vars['email'] = request.POST.get("email", False) template_vars['user'] = request.user profile_ = request.user.get_profile() restore_profile_from_session(request, profile_) template_vars['profile'] = profile_ for num, lang in enumerate(profile_.get_langs_spoken()): template_vars['lang_'+str(num)] = \ request.POST.get("lang_" + str(num), lang) template_vars['use_maps_single'] = True template_vars['cityDict'] = { 'latitude' : request.POST.get("latitude", profile_.latitude), 'longitude' : request.POST.get("longitude", profile_.longitude), } template_vars["clicked"] = clicked template_vars['title'] = __('Edit the information about you') template_path = "user/edit_profile.html" return render_to_response(template_path, template_vars, context_instance=RequestContext(request))
def new_user(request, should_validate): """new user""" template_vars = {} email = request.POST.get('email',"") allow_email = request.POST.get('allow_email', False) # This test will only work for users that registered in the pre-encrypted # time and have not logged in yet. The other users will have their emails # encrypted and we can not test anymore if their email is registered or not. if is_inactive_user(email): if should_validate: failed_field, _, message = \ validate_registration(request) if failed_field: template_vars['error_message'] = \ __('There was an error with field: ') \ + failed_field + ' -- ' + message template_path = 'registration/register.html' set_register_vars(request, template_vars) return (template_path, template_vars, None) # VALIDATION PASSED # at this point we know we are going to register a user, unless the # passphrase miraculously is the same as the one given to somebody # else. uid = generate_unused_dbkey() username = uid template_path = 'registration/register_submit.html' loginphrase = request.session.get("loginphrase","") password = get_password_from_loginphrase (loginphrase) if not password: raise Http404 # Do not let people have the same passphrase! try: User.objects.get(password = password_hash(password)) # If we get to here, the password already exists. # Abort the registration. raise Http404 except ObjectDoesNotExist: pass overwrite_inactive_user = False # True In case the email was registered before, but not activated. try: test_user = User.objects.get(email=email) if not test_user.is_active: # The email has been registered before, but has not been # activated - thus it can be registered again. overwrite_inactive_user = True raise ObjectDoesNotExist except ObjectDoesNotExist: if overwrite_inactive_user: user = User.objects.get(email=email) old_profile = user.get_profile() old_profile.delete() user.delete() # note that the token used to register that email cannot # be used again. user = User.objects.create_user(username, uid+"@fo.wl", password) user.is_active = True user.save() # Need to translate the id to an integer due to django restrictions. # For example A A 1234 -> 65 65 1234 id_int = integer_id(uid) # Now let's get our hands dirty with some direct SQL querying... cursor = connection.cursor() cursor.execute( "UPDATE auth_user SET id = %(id)s WHERE username = "******"'%(username)s'" % { "id":id_int, "username":username } ) # Removing the timestamps.. cursor.execute( "UPDATE auth_user SET last_login = '******' WHERE username = "******"'%(username)s'" % { "username":username } ) cursor.execute( "UPDATE auth_user SET date_joined = '" \ + settings.MISC_LAST_LOGIN + "' WHERE username = "******"'%(username)s'" % { "username":username }) # Data modifying operation - commit required transaction.commit_unless_managed() # Reload the user object user = User.objects.get(username=username) # Now make sure that if the profile creation fails, we don't have # dead users in our database. try->except try: lang_0 = request.POST['lang_0'] lang_1 = request.POST['lang_1'] lang_2 = request.POST['lang_2'] lang_3 = request.POST['lang_3'] lang_4 = request.POST['lang_4'] lang_5 = request.POST['lang_5'] languages = [lang_0, lang_1, lang_2, lang_3, lang_4, lang_5] longitude = as_float(request.POST['longitude']) latitude = as_float(request.POST['latitude']) fudged_latitude, fudged_longitude = \ randomize_location(latitude, longitude) about_me = request.POST['about_me'].strip() contact_info = request.POST['contact_info'].strip() display_language = get_language() user_profile = Profile() user_profile.init( user, email, fudged_longitude, fudged_latitude, languages, about_me, contact_info, display_language, allow_email, passphrase=password) template_vars['user'] = user template_vars['profile'] = user_profile template_vars['title'] = __('Thanks for joining') template_vars['useremail'] = email template_vars['forceLoginLink'] = True template_vars['domain'] = settings.DOMAIN # no reason to return Profile actually, it's never used. return (template_path, template_vars, user_profile) except Exception: user = User.objects.get(username=username) user.delete() raise else: # do not tell user that the email is already registered template_path = 'registration/register_submit.html' template_vars['title'] = __('Thanks for joining') template_vars['useremail'] = email template_vars['forceLoginLink'] = True template_vars['domain'] = settings.DOMAIN return (template_path, template_vars, None)