1
2 '''
3 # DESCRIPTION:
4 # Entropy Object Oriented Interface
5
6 Copyright (C) 2007-2009 Fabio Erculiani
7
8 This program is free software; you can redistribute it and/or modify
9 it under the terms of the GNU General Public License as published by
10 the Free Software Foundation; either version 2 of the License, or
11 (at your option) any later version.
12
13 This program is distributed in the hope that it will be useful,
14 but WITHOUT ANY WARRANTY; without even the implied warranty of
15 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
16 GNU General Public License for more details.
17
18 You should have received a copy of the GNU General Public License
19 along with this program; if not, write to the Free Software
20 Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
21 '''
22
23 from __future__ import with_statement
24 import os
25 import time
26 import random
27 from entropy.services.skel import Authenticator, RemoteDatabase
28 from entropy.exceptions import *
29 from entropy.const import etpConst
30 from entropy.i18n import _
31
33
34 from entropy import tools as entropyTools
36 Authenticator.__init__(self)
37 RemoteDatabase.__init__(self)
38
39 self.itoa64 = './0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz'
40 self.USER_NORMAL = 0
41 self.USER_INACTIVE = 1
42 self.USER_IGNORE = 2
43 self.USER_FOUNDER = 3
44 self.REGISTERED_USERS_GROUP = 7895
45 self.ADMIN_GROUPS = [7893, 7898]
46 self.MODERATOR_GROUPS = [484]
47 self.DEVELOPER_GROUPS = [7900]
48 self.USERNAME_LENGTH_RANGE = range(3,21)
49 self.PASSWORD_LENGTH_RANGE = range(6,31)
50 self.PRIVMSGS_NO_BOX = -3
51 self.NOTIFY_EMAIL = 0
52 self.FAKE_USERNAME = 'already_authed'
53 self.USER_AGENT = "Entropy/%s (compatible; %s; %s: %s %s %s)" % (
54 etpConst['entropyversion'],
55 "Entropy",
56 "UGC",
57 os.uname()[0],
58 os.uname()[4],
59 os.uname()[2],
60 )
61 self.TABLE_PREFIX = 'phpbb_'
62 self.do_update_session_table = True
63
65 allow_name_chars = self._get_config_value("allow_name_chars")
66 if allow_name_chars == "USERNAME_CHARS_ANY":
67 regex = '.+'
68 elif allow_name_chars == "USERNAME_ALPHA_ONLY":
69 regex = '[A-Za-z0-9]+'
70 elif allow_name_chars == "USERNAME_ALPHA_SPACERS":
71 regex = '[A-Za-z0-9-[\]_+ ]+'
72 elif allow_name_chars == "USERNAME_LETTER_NUM":
73 regex = '[a-zA-Z0-9]+'
74 elif allow_name_chars == "USERNAME_LETTER_NUM_SPACERS":
75 regex = '[-\]_+ [a-zA-Z0-9]+'
76 else:
77 regex = '[\x01-\x7F]+'
78 regex = "^%s$" % (regex,)
79 import re
80 myreg = re.compile(regex)
81 if myreg.match(username):
82 del myreg
83 return True
84 return False
85
87 self.check_connection()
88 self.cursor.execute('SELECT user_id FROM '+self.TABLE_PREFIX+'users WHERE `username_clean` = %s OR LOWER(`username`) = %s', (username_clean,username.lower(),))
89 data = self.cursor.fetchone()
90 if not data: return False
91 if not isinstance(data,dict): return False
92 if not data.has_key('user_id'): return False
93 return True
94
96 self.check_connection()
97 self.cursor.execute('SELECT user_id FROM '+self.TABLE_PREFIX+'users WHERE `user_email` = %s', (email,))
98 data = self.cursor.fetchone()
99 if not data: return False
100 if not isinstance(data,dict): return False
101 if not data.has_key('user_id'): return False
102 return True
103
105 self.check_connection()
106 self.cursor.execute('SELECT disallow_id FROM '+self.TABLE_PREFIX+'disallow WHERE `disallow_username` = %s', (username,))
107 data = self.cursor.fetchone()
108 if not data: return True
109 if not isinstance(data,dict): return True
110 if not data.has_key('disallow_id'): return True
111 return False
112
114
115 try:
116 x = unicode(username.encode('utf-8'),'raw_unicode_escape')
117 del x
118 except (UnicodeDecodeError,UnicodeEncodeError,):
119 return False,'Invalid username'
120 if (""" in username) or ("'" in username) or ('"' in username):
121 return False,'Invalid username'
122
123 try:
124 valid = self.validate_username_regex(username)
125 except:
126 return False,'Username contains bad characters'
127 if not valid:
128 return False,'Invalid username'
129
130 exists = self.does_username_exist(username, username_clean)
131 if exists: return False,'Username already taken'
132
133 allowed = self.is_username_allowed(username)
134 if not allowed: return False,'Username not allowed'
135
136 return True,'All fine'
137
139 import binascii
140 return str(binascii.crc32(email.lower())) + str(len(email))
141
143 self.check_connection()
144 self.cursor.execute('UPDATE '+self.TABLE_PREFIX+'users SET user_type = %s WHERE `user_id` = %s', (self.USER_NORMAL,user_id,))
145 return True, user_id
146
148 import re
149 username_clean = username.lower()
150 username_clean = re.sub(r'(?:[\x00-\x1F\x7F]+|(?:\xC2[\x80-\x9F])+)', '', username_clean)
151 username_clean = re.sub(r' {2,}',' ',username_clean)
152 username_clean = username_clean.strip()
153 return username_clean
154
155 - def register_user(self, username, password, email, activate = False):
156
157 if len(username) not in self.USERNAME_LENGTH_RANGE:
158 return False,'Username not in range'
159 if len(password) not in self.PASSWORD_LENGTH_RANGE:
160 return False,'Password not in range'
161 valid = self.entropyTools.is_valid_email(email)
162 if not valid:
163 return False,'Invalid email'
164
165
166 username_clean = self.generate_username_clean(username)
167
168
169 status, err_msg = self.validate_username_string(username, username_clean)
170 if not status: return False,err_msg
171
172
173 exists = self.does_email_exist(email)
174 if exists: return False,'Email already in use'
175
176
177 user_id = self.__register(username, username_clean, password, email, activate)
178
179 return True, user_id
180
181
182 - def __register(self, username, username_clean, password, email, activate):
183
184 email_hash = self._generate_email_hash(email)
185 password_hash = self._get_password_hash(password.encode('utf-8'))
186 time_now = int(time.time())
187
188 user_type = self.USER_INACTIVE
189 if activate: user_type = self.USER_NORMAL
190
191 registration_data = {
192 'username': username,
193 'username_clean': username_clean,
194 'user_password': password_hash,
195 'user_pass_convert': 0,
196 'user_email': email.lower(),
197 'user_email_hash': email_hash,
198 'group_id': self.REGISTERED_USERS_GROUP,
199 'user_type': user_type,
200 'user_permissions': '',
201 'user_timezone': self._get_config_value('board_timezone'),
202 'user_dateformat': self._get_config_value('default_dateformat'),
203 'user_lang': self._get_config_value('default_lang'),
204 'user_style': self._get_config_value('default_style'),
205 'user_actkey': '',
206 'user_ip': '',
207 'user_regdate': time_now,
208 'user_passchg': time_now,
209 'user_options': 895,
210 'user_inactive_reason': 0,
211 'user_inactive_time': 0,
212 'user_lastmark': time_now,
213 'user_lastvisit': 0,
214 'user_lastpost_time': 0,
215 'user_lastpage': '',
216 'user_posts': 0,
217 'user_dst': self._get_config_value('board_dst'),
218 'user_colour': '',
219 'user_occ': '',
220 'user_interests': '',
221 'user_avatar': '',
222 'user_avatar_type': 0,
223 'user_avatar_width': 0,
224 'user_avatar_height': 0,
225 'user_new_privmsg': 0,
226 'user_unread_privmsg': 0,
227 'user_last_privmsg': 0,
228 'user_message_rules': 0,
229 'user_full_folder': self.PRIVMSGS_NO_BOX,
230 'user_emailtime': 0,
231 'user_notify': 0,
232 'user_notify_pm': 1,
233 'user_notify_type': self.NOTIFY_EMAIL,
234 'user_allow_pm': 1,
235 'user_allow_viewonline': 1,
236 'user_allow_viewemail': 1,
237 'user_allow_massemail': 1,
238 'user_sig': '',
239 'user_sig_bbcode_uid': '',
240 'user_sig_bbcode_bitfield': '',
241 'user_form_salt': self._get_unique_id(),
242 }
243
244 sql = self._generate_sql('insert', self.TABLE_PREFIX+'users', registration_data)
245 self.cursor.execute(sql)
246 user_id = self.cursor.lastrowid
247
248
249 group_data = {
250 'user_id': user_id,
251 'group_id': self.REGISTERED_USERS_GROUP,
252 'user_pending': 0,
253 }
254 sql = self._generate_sql('insert', self.TABLE_PREFIX+'user_group', group_data)
255 self.cursor.execute(sql)
256
257
258 self._set_config_value('newest_user_id',user_id)
259 self._set_config_value('newest_username',username)
260 self._set_config_value('num_users',int(self._get_config_value('num_users'))+1)
261 self.cursor.execute('SELECT group_colour FROM '+self.TABLE_PREFIX+'groups WHERE group_id = %s', (group_data['group_id'],))
262 data = self.cursor.fetchone()
263 gcolor = None
264 if isinstance(data,dict):
265 if data.has_key('group_colour'):
266 gcolor = data['group_colour']
267 if gcolor: self._set_config_value('newest_user_colour',gcolor)
268
269 return user_id
270
271
273 self.check_connection()
274 self.check_login_data()
275
276 if not self.login_data.has_key('username'):
277 raise PermissionDenied('PermissionDenied: %s' % (_('no username specified'),))
278 elif not self.login_data.has_key('password'):
279 raise PermissionDenied('PermissionDenied: %s' % (_('no password specified'),))
280
281 if not self.login_data['password']:
282 raise PermissionDenied('PermissionDenied: %s' % (_('empty password'),))
283 elif not self.login_data['username']:
284 raise PermissionDenied('PermissionDenied: %s' % (_('empty username'),))
285
286 self.cursor.execute('SELECT * FROM '+self.TABLE_PREFIX+'users WHERE username = %s', (self.login_data['username'],))
287 data = self.cursor.fetchone()
288 if not data:
289 raise PermissionDenied('PermissionDenied: %s' % (_('user not found'),))
290
291 if data['user_pass_convert']:
292 raise PermissionDenied('PermissionDenied: %s' % (
293 _('you need to login on the website to update your password format'),
294 )
295 )
296
297 valid = self._phpbb3_check_hash(self.login_data['password'], data['user_password'])
298 if not valid:
299 raise PermissionDenied('PermissionDenied: %s' % (_('wrong password'),))
300
301 user_type = data['user_type']
302 if (user_type == self.USER_INACTIVE) or (user_type == self.USER_IGNORE):
303 raise PermissionDenied('PermissionDenied: %s' % (_('user inactive'),))
304
305 banned = self.is_user_banned(data['user_id'])
306 if banned:
307 raise PermissionDenied('PermissionDenied: %s' % (_('user banned'),))
308
309 self.login_data.update(data)
310 self.logged_in = True
311 return self.logged_in
312
317
324
332
334 self.check_connection()
335 self.check_login_data()
336 self.check_logged_in()
337
338 self.cursor.execute('SELECT user_birthday FROM '+self.TABLE_PREFIX+'users WHERE user_id = %s', (self.login_data['user_id'],))
339 bday = self.cursor.fetchone()
340 if not bday:
341 return None
342 elif not bday.has_key('user_birthday'):
343 return None
344 return bday['user_birthday']
345
347 self.check_connection()
348 self.check_login_data()
349 self.check_logged_in()
350
351 self.cursor.execute('SELECT username_clean FROM '+self.TABLE_PREFIX+'users WHERE user_id = %s', (self.login_data['user_id'],))
352 data = self.cursor.fetchone()
353 if not data:
354 return ''
355 elif not data.has_key('username_clean'):
356 return ''
357 return data['username_clean']
358
371
373 self.check_connection()
374 self.check_login_data()
375 self.check_logged_in()
376
377 self.cursor.execute('SELECT user_type FROM '+self.TABLE_PREFIX+'users WHERE user_id = %s', (self.login_data['user_id'],))
378 data = self.cursor.fetchone()
379 if data:
380 if data['user_type'] == self.USER_FOUNDER:
381 return True
382
383
384 groups = self.get_user_groups()
385 for group in groups:
386 if group in self.ADMIN_GROUPS:
387 return True
388
389 return False
390
403
405 self.check_connection()
406 self.check_login_data()
407 self.check_logged_in()
408
409 if self.is_moderator():
410 return False
411 elif self.is_administrator():
412 return False
413 elif self.is_developer():
414 return False
415
416 self.cursor.execute('SELECT user_type,user_id FROM '+self.TABLE_PREFIX+'users WHERE user_id = %s', (self.login_data['user_id'],))
417 data = self.cursor.fetchone()
418 if not data:
419 return False
420 if self.is_user_banned(data['user_id']):
421 return False
422 elif data['user_type'] in [self.USER_NORMAL]:
423 return True
424
425 return False
426
427
429 self.check_connection()
430 self.cursor.execute('SELECT ban_userid FROM '+self.TABLE_PREFIX+'banlist WHERE ban_userid = %s', (user,))
431 data = self.cursor.fetchone()
432 if data:
433 return True
434 return False
435
437 self.check_connection()
438 self.check_login_data()
439 self.check_logged_in()
440 groups = self.get_user_groups()
441 if isinstance(group,int):
442 if group in groups:
443 return True
444 elif isinstance(group,basestring):
445 self.cursor.execute('SELECT group_id FROM '+self.TABLE_PREFIX+'groups WHERE group_name = %s', (group,))
446 data = self.cursor.fetchone()
447 if not data:
448 return False
449 elif data['group_id'] in groups:
450 return True
451
452 return False
453
455 self.check_connection()
456 self.check_login_data()
457 self.check_logged_in()
458
459 self.cursor.execute('SELECT '+self.TABLE_PREFIX+'user_group.group_id,'+self.TABLE_PREFIX+'groups.group_name FROM '+self.TABLE_PREFIX+'user_group,'+self.TABLE_PREFIX+'users,'+self.TABLE_PREFIX+'groups WHERE '+self.TABLE_PREFIX+'users.user_id = %s and '+self.TABLE_PREFIX+'users.user_id = '+self.TABLE_PREFIX+'user_group.user_id and '+self.TABLE_PREFIX+'user_group.group_id = '+self.TABLE_PREFIX+'groups.group_id', (self.login_data['user_id'],))
460 data = self.cursor.fetchall()
461 mydata = {}
462 for mydict in data:
463 mydata[mydict['group_id']] = mydict['group_name']
464
465 return mydata
466
468 self.check_connection()
469 self.check_login_data()
470 self.check_logged_in()
471
472 self.cursor.execute('SELECT group_id FROM '+self.TABLE_PREFIX+'users WHERE user_id = %s', (self.login_data['user_id'],))
473 data = self.cursor.fetchone()
474 if data:
475 if data.has_key('group_id'):
476 return data['group_id']
477
478 return -1
479
485
492
494 self.check_connection()
495 self.check_login_data()
496 self.check_logged_in()
497
498 email_hash = self._generate_email_hash(email)
499 mydata = {
500 'user_email_hash': email_hash,
501 'user_email': email.lower(),
502 }
503
504 try:
505 sql = self._generate_sql("update",self.TABLE_PREFIX+'users', mydata, 'user_id = %s' % (self.login_data['user_id'],))
506 self.cursor.execute(sql)
507 return True
508 except Exception:
509 return False
510
512 self.check_connection()
513 self.check_login_data()
514 self.check_logged_in()
515
516 mydata = {
517 'user_password': password_hash,
518 }
519
520 try:
521 sql = self._generate_sql("update",self.TABLE_PREFIX+'users', mydata, 'user_id = %s' % (self.login_data['user_id'],))
522 self.cursor.execute(sql)
523 return True
524 except Exception:
525 return False
526
528 self.check_connection()
529 self.check_login_data()
530 self.check_logged_in()
531 self.cursor.execute('SELECT user_email FROM '+self.TABLE_PREFIX+'users WHERE user_id = %s', (self.login_data['user_id'],))
532 data = self.cursor.fetchone()
533 if not data:
534 return ''
535 elif not data.has_key('user_email'):
536 return ''
537 return data['user_email']
538
540 self.check_connection()
541 self.check_login_data()
542 self.check_logged_in()
543
544
545 valid_params = [
546 "user_icq","user_yim","user_msnm",
547 "user_jabber","user_website","user_from",
548 "user_interests","user_occ","user_birthday",
549 "user_sig"
550 ]
551
552 my_params = {}
553 for param in valid_params:
554 d = profile_data.get(param)
555 if d == None: continue
556 my_params[param] = d
557
558 if not my_params:
559 return False,'no parameters'
560
561
562
563 b_day = my_params.get('user_birthday')
564 if isinstance(b_day,basestring):
565 import re
566 myre = re.compile("(0[1-9]|[12][0-9]|3[01])[-](0[1-9]|1[012])[-](19|20)\d\d")
567 if not myre.match(b_day):
568 del my_params['user_birthday']
569
570 try:
571 sql = self._generate_sql("update",self.TABLE_PREFIX+'users', my_params, 'user_id = %s' % (self.login_data['user_id'],))
572 self.cursor.execute(sql)
573 return True, None
574 except Exception, e:
575 return False, unicode(e)
576
577
579 self.cursor.execute('UPDATE '+self.TABLE_PREFIX+'config SET config_value = %s WHERE config_name = %s',(data,config_name,))
580
582 self.check_connection()
583 self.cursor.execute('SELECT config_value FROM '+self.TABLE_PREFIX+'config WHERE config_name = %s',(config_name,))
584 myconfig = self.cursor.fetchone()
585 if isinstance(myconfig,dict):
586 if myconfig.has_key('config_value'):
587 return myconfig['config_value']
588 return None
589
591 self.check_connection()
592 time_now = int(time.time())
593 autologin = self._get_config_value("allow_autologin")
594 self.cursor.execute('SELECT user_allow_viewonline FROM '+self.TABLE_PREFIX+'users WHERE user_id = %s', (user_id,))
595 myuserprefs = self.cursor.fetchone()
596 session_admin = 0
597 session_data = {
598 'session_id': None,
599 'session_user_id': user_id,
600 'session_last_visit': time_now,
601 'session_start': time_now,
602 'session_time': time_now,
603 'session_ip': ip_address,
604 'session_browser': self.USER_AGENT,
605 'session_forwarded_for': '',
606 'session_page': 'index.php',
607 'session_viewonline': myuserprefs['user_allow_viewonline'],
608 'session_autologin': autologin,
609 'session_admin': session_admin,
610 'session_forum_id': 0,
611 }
612 import hashlib
613 m = hashlib.md5()
614 m.update(str(user_id)+str(time_now)+str(self.USER_AGENT)+str(ip_address)+str(autologin)+str(myuserprefs['user_allow_viewonline']))
615 session_data['session_id'] = m.hexdigest()
616
617 self.cursor.execute('SELECT * FROM '+self.TABLE_PREFIX+'sessions WHERE session_user_id = %s', (user_id,))
618 mydata = self.cursor.fetchone()
619 do_update = False
620 if mydata:
621 do_update = True
622
623 session_data['session_id'] = mydata['session_id']
624 session_data['session_viewonline'] = mydata['session_viewonline']
625 session_data['session_autologin'] = mydata['session_autologin']
626 session_data['session_forwarded_for'] = mydata['session_forwarded_for']
627 session_data['session_forum_id'] = mydata['session_forum_id']
628 session_data['session_page'] = mydata['session_page']
629 session_data['session_browser'] = mydata['session_browser']
630 session_data['session_admin'] = mydata['session_admin']
631
632 if do_update:
633 where = "session_id = '%s'" % (session_data['session_id'],)
634 del session_data['session_id']
635 sql = self._generate_sql('update', self.TABLE_PREFIX+'sessions', session_data, where)
636 else:
637 sql = self._generate_sql('insert', self.TABLE_PREFIX+'sessions', session_data)
638 if sql:
639 self.cursor.execute(sql)
640 self.dbconn.commit()
641
642
644 self.check_connection()
645 self.cursor.execute('SELECT ban_ip FROM '+self.TABLE_PREFIX+'banlist WHERE ban_ip = %s', (ip,))
646 data = self.cursor.fetchone()
647 if data:
648 return True
649 return False
650
652 import hashlib
653 m = hashlib.md5()
654 rnd = str(abs(hash(os.urandom(1))))
655 m.update(rnd)
656 x = m.hexdigest()[:-16]
657 del m
658 return x
659
661 myrand = 0
662 low_n = 100000
663 high_n = 999999
664 while (myrand < low_n) or (myrand > high_n):
665 try:
666 myrand = hash(os.urandom(1))%high_n
667 except NotImplementedError:
668 random.seed()
669 myrand = random.randint(low_n,high_n)
670 return myrand
671
673
674
675 myrandom = str(self._get_random_number())
676
677 myhash = self._hash_crypt_private(password, self._hash_gensalt_private(myrandom))
678
679 if len(myhash) == 34:
680 return myhash
681
682 import hashlib
683 m = hashlib.md5()
684 m.update(myhash)
685 return m.hexdigest()
686
687
689
690 if (iteration_count_log2 < 4) or (iteration_count_log2 > 31):
691 iteration_count_log2 = 8
692
693 myoutput = '$H$'
694 myoutput += self.itoa64[min(iteration_count_log2 + 5,30)]
695 myoutput += self._hash_encode64(myinput, 6)
696
697 return myoutput
698
700
701 myoutput = '*'
702
703 if setting[:3] != '$H$':
704 return myoutput
705
706 count_log2 = self.itoa64.find(setting[3])
707 if count_log2 == -1: count_log2 = 0
708
709 if (count_log2 < 7) or (count_log2 > 30):
710 return myoutput
711
712 count = 1 << count_log2
713 salt = setting[4:12]
714
715 if len(salt) != 8:
716 return myoutput
717
718 import hashlib
719 m = hashlib.md5()
720 m.update(salt+password)
721 myhash = m.digest()
722 while count:
723 m = hashlib.md5()
724 m.update(myhash+password)
725 myhash = m.digest()
726 count -= 1
727
728 myoutput = setting[:12]
729 myoutput += self._hash_encode64(myhash, 16)
730
731 return myoutput
732
734
735 output = ''
736 i = 0
737 while i < count:
738
739 value = ord(myinput[i])
740 i += 1
741 output += self.itoa64[value & 0x3f]
742 if i < count:
743 value |= ord(myinput[i]) << 8
744
745 output += self.itoa64[(value >> 6) & 0x3f]
746
747 if i >= count:
748 break
749 i += 1
750
751 if i < count:
752 value |= ord(myinput[i]) << 16
753
754 output += self.itoa64[(value >> 12) & 0x3f]
755
756 if (i >= count):
757 break
758 i += 1
759
760 output += self.itoa64[(value >> 18) & 0x3f]
761
762 return output
763
765
766 if len(myhash) == 34:
767 return self._hash_crypt_private(password, myhash) == myhash
768
769 import hashlib
770 m = hashlib.md5()
771 m.update(password)
772 rhash = m.hexdigest()
773 return rhash == myhash
774