Entropy/phpBB3AuthInterface:
- implement user registration against phpbb3 git-svn-id: http://svn.sabayonlinux.org/projects/entropy/trunk@2544 cd1c1023-2f26-0410-ae45-c471fc1f0318
This commit is contained in:
+200
-7
@@ -696,7 +696,7 @@ class EquoInterface(TextInterface):
|
||||
if not self.noclientdb:
|
||||
try:
|
||||
conn.validateDatabase()
|
||||
except exceptionTools.SystemDatabaseError, e:
|
||||
except exceptionTools.SystemDatabaseError:
|
||||
try: conn.closeDB()
|
||||
except: pass
|
||||
conn = load_db_from_ram()
|
||||
@@ -14835,7 +14835,10 @@ class SocketHostInterface:
|
||||
self.sessions[rng]['developer'] = False
|
||||
self.sessions[rng]['compression'] = None
|
||||
self.sessions[rng]['stream_mode'] = False
|
||||
self.sessions[rng]['stream_path'] = self.entropyTools.getRandomTempFile()
|
||||
try:
|
||||
self.sessions[rng]['stream_path'] = self.entropyTools.getRandomTempFile()
|
||||
except (IOError,OSError,):
|
||||
self.sessions[rng]['stream_path'] = ''
|
||||
self.sessions[rng]['t'] = time.time()
|
||||
self.sessions[rng]['ip_address'] = ip_address
|
||||
return rng
|
||||
@@ -18540,6 +18543,8 @@ class DistributionUGCCommands(SocketCommandsSkel):
|
||||
return False
|
||||
elif not session_data.has_key('stream_path'):
|
||||
return False
|
||||
elif not session_data['stream_path']:
|
||||
return False
|
||||
mypath = session_data['stream_path']
|
||||
if not (os.path.isfile(mypath) and os.access(mypath,os.R_OK)):
|
||||
return False
|
||||
@@ -19138,11 +19143,14 @@ class phpBB3AuthInterface(DistributionAuthInterface,RemoteDbSkelInterface):
|
||||
self.USER_INACTIVE = 1
|
||||
self.USER_IGNORE = 2
|
||||
self.USER_FOUNDER = 3
|
||||
self.REGISTERED_USERS_GROUP = 7895
|
||||
self.ADMIN_GROUPS = [7893, 7898]
|
||||
self.MODERATOR_GROUPS = [484]
|
||||
self.DEVELOPER_GROUPS = [7900]
|
||||
self.USERNAME_LENGTH_RANGE = range(3,21)
|
||||
self.PASSWORD_LENGTH_RANGE = range(6,31)
|
||||
self.PRIVMSGS_NO_BOX = -3
|
||||
self.NOTIFY_EMAIL = 0
|
||||
self.FAKE_USERNAME = 'already_authed'
|
||||
self.USER_AGENT = "Entropy/%s (compatible; %s; %s: %s %s %s)" % (
|
||||
etpConst['entropyversion'],
|
||||
@@ -19154,6 +19162,180 @@ class phpBB3AuthInterface(DistributionAuthInterface,RemoteDbSkelInterface):
|
||||
)
|
||||
self.TABLE_PREFIX = 'phpbb_'
|
||||
|
||||
def validate_username_regex(self, username):
|
||||
allow_name_chars = self._get_config_value("allow_name_chars")
|
||||
if allow_name_chars == "USERNAME_CHARS_ANY":
|
||||
regex = '.+'
|
||||
elif allow_name_chars == "USERNAME_ALPHA_ONLY":
|
||||
regex = '[A-Za-z0-9]+'
|
||||
elif allow_name_chars == "USERNAME_ALPHA_SPACERS":
|
||||
regex = '[A-Za-z0-9-[\]_+ ]+'
|
||||
elif allow_name_chars == "USERNAME_LETTER_NUM":
|
||||
regex = '[a-zA-Z0-9]+'
|
||||
elif allow_name_chars == "USERNAME_LETTER_NUM_SPACERS":
|
||||
regex = '[-\]_+ [a-zA-Z0-9]+'
|
||||
else: # USERNAME_ASCII
|
||||
regex = '[\x01-\x7F]+'
|
||||
regex = "#^%s$#u" % (regex,)
|
||||
import re
|
||||
myreg = re.compile(regex)
|
||||
if myreg.match(username):
|
||||
del myreg
|
||||
return True
|
||||
return False
|
||||
|
||||
def does_username_exist(self, username):
|
||||
self.check_connection()
|
||||
self.cursor.execute('SELECT user_id FROM '+self.TABLE_PREFIX+'users WHERE `username` = %s OR `username_clean` = %s', (username,username,))
|
||||
data = self.cursor.fetchone()
|
||||
if not (data and isinstance(data,dict)): return False
|
||||
if not data.has_key('user_id'): return False
|
||||
return True
|
||||
|
||||
def is_username_allowed(self, username):
|
||||
self.check_connection()
|
||||
self.cursor.execute('SELECT disallow_id FROM '+self.TABLE_PREFIX+'disallow WHERE `disallow_username` = %s', (username,))
|
||||
data = self.cursor.fetchone()
|
||||
if not (data and isinstance(data,dict)): return True
|
||||
if not data.has_key('disallow_id'): return True
|
||||
return False
|
||||
|
||||
def validate_username_string(self, username):
|
||||
|
||||
try:
|
||||
username = unicode(username,'raw_unicode_escape')
|
||||
except (UnicodeDecodeError,UnicodeEncodeError,):
|
||||
return False,'Invalid username'
|
||||
if (""" in username) or ("'" in username) or ('"' in username):
|
||||
return False,'Invalid username'
|
||||
|
||||
try:
|
||||
valid = self.validate_username_regex(username)
|
||||
except:
|
||||
return False,'Username contains bad characters'
|
||||
if not valid:
|
||||
return False,'Invalid username'
|
||||
|
||||
exists = self.does_username_exist(username)
|
||||
if exists: return False,'Username already taken'
|
||||
|
||||
allowed = self.is_username_allowed(username)
|
||||
if not allowed: return False,'Username not allowed'
|
||||
|
||||
return True,'All fine'
|
||||
|
||||
def _generate_email_hash(self, email):
|
||||
import binascii
|
||||
return str(binascii.crc32(email.lower())) + str(len(email))
|
||||
|
||||
def register_user(self, username, password, email):
|
||||
|
||||
if len(username) not in self.USERNAME_LENGTH_RANGE:
|
||||
return False,'username not in range'
|
||||
if len(password) not in self.PASSWORD_LENGTH_RANGE:
|
||||
return False,'password not in range'
|
||||
valid = self.entropyTools.is_valid_email(email)
|
||||
if not valid:
|
||||
return False,'invalid email'
|
||||
|
||||
# check username validity
|
||||
status, err_msg = self.validate_username_string(username)
|
||||
if not status: return False,err_msg
|
||||
|
||||
# now cross fingers
|
||||
user_id = self.__register(username, password, email)
|
||||
|
||||
return True,user_id
|
||||
|
||||
|
||||
def __register(self, username, password, email):
|
||||
|
||||
email_hash = self._generate_email_hash(email)
|
||||
password_hash = self._get_password_hash(password)
|
||||
time_now = int(time.time())
|
||||
|
||||
registration_data = {
|
||||
'user_id': None,
|
||||
'username': username,
|
||||
'username_clean': username,
|
||||
'user_password': password_hash,
|
||||
'user_pass_convert': 0,
|
||||
'user_email': email.lower(),
|
||||
'user_email_hash': email_hash,
|
||||
'group_id': self.REGISTERED_USERS_GROUP,
|
||||
'user_type': self.USER_INACTIVE,
|
||||
'user_permissions': '',
|
||||
'user_timezone': self._get_config_value('board_timezone'),
|
||||
'user_dateformat': self._get_config_value('default_dateformat'),
|
||||
'user_lang': self._get_config_value('default_lang'),
|
||||
'user_style': self._get_config_value('default_style'),
|
||||
'user_actkey': '',
|
||||
'user_ip': '',
|
||||
'user_regdate': time_now,
|
||||
'user_passchg': time_now,
|
||||
'user_options': 895, # ? don't ask me
|
||||
'user_inactive_reason': 0,
|
||||
'user_inactive_time': 0,
|
||||
'user_lastmark': time_now,
|
||||
'user_lastvisit': 0,
|
||||
'user_lastpost_time': 0,
|
||||
'user_lastpage': '',
|
||||
'user_posts': 0,
|
||||
'user_dst': self._get_config_value('board_dst'),
|
||||
'user_colour': '',
|
||||
'user_occ': '',
|
||||
'user_interests': '',
|
||||
'user_avatar': '',
|
||||
'user_avatar_type': 0,
|
||||
'user_avatar_width': 0,
|
||||
'user_avatar_height': 0,
|
||||
'user_new_privmsg': 0,
|
||||
'user_unread_privmsg': 0,
|
||||
'user_last_privmsg': 0,
|
||||
'user_message_rules': 0,
|
||||
'user_full_folder': self.PRIVMSGS_NO_BOX,
|
||||
'user_emailtime': 0,
|
||||
'user_notify': 0,
|
||||
'user_notify_pm': 1,
|
||||
'user_notify_type': self.NOTIFY_EMAIL,
|
||||
'user_allow_pm': 1,
|
||||
'user_allow_viewonline': 1,
|
||||
'user_allow_viewemail': 1,
|
||||
'user_allow_massemail': 1,
|
||||
'user_sig': '',
|
||||
'user_sig_bbcode_uid': '',
|
||||
'user_sig_bbcode_bitfield': '',
|
||||
'user_form_salt': self._get_unique_id(),
|
||||
}
|
||||
|
||||
sql = self._generate_sql('insert', self.TABLE_PREFIX+'users', registration_data)
|
||||
self.cursor.execute(sql)
|
||||
user_id = self.cursor.lastrowid
|
||||
|
||||
# now insert into the default group
|
||||
group_data = {
|
||||
'user_id': user_id,
|
||||
'group_id': self.REGISTERED_USERS_GROUP,
|
||||
'user_pending': 0,
|
||||
}
|
||||
sql = self._generate_sql('insert', self.TABLE_PREFIX+'user_group', group_data)
|
||||
self.cursor.execute(sql)
|
||||
|
||||
# set some misc config shit
|
||||
self._set_config_value('newest_user_id',user_id)
|
||||
self._set_config_value('newest_username',username)
|
||||
self._set_config_value('num_users',self._get_config_value('num_users')+1)
|
||||
self.cursor.execute('SELECT group_colour FROM '+self.TABLE_PREFIX+'groups WHERE group_id = %s', (group_data['group_id'],))
|
||||
data = self.cursor.fetchone()
|
||||
gcolor = None
|
||||
if isinstance(data,dict):
|
||||
if data.has_key('group_colour'):
|
||||
gcolor = data['group_colour']
|
||||
if gcolor: self._set_config_value('newest_user_colour',gcolor)
|
||||
|
||||
return user_id
|
||||
|
||||
|
||||
def login(self):
|
||||
self.check_connection()
|
||||
self.check_login_data()
|
||||
@@ -19361,11 +19543,22 @@ class phpBB3AuthInterface(DistributionAuthInterface,RemoteDbSkelInterface):
|
||||
self.cursor.execute('SELECT user_permissions FROM '+self.TABLE_PREFIX+'users WHERE user_id = %s', (self.login_data['user_id'],))
|
||||
return self.cursor.fetchone()
|
||||
|
||||
def _update_session_table(self, user_id, ip_address):
|
||||
def _set_config_value(self, config_name, data):
|
||||
self.cursor.execute('UPDATE '+self.TABLE_PREFIX+'config SET config_value = %s WHERE config_name = %s',(data,config_name,))
|
||||
|
||||
time_now = int(time.time())
|
||||
self.cursor.execute('SELECT config_value AS autologin FROM '+self.TABLE_PREFIX+'config WHERE config_name = "allow_autologin"')
|
||||
def _get_config_value(self, config_name):
|
||||
self.check_connection()
|
||||
self.cursor.execute('SELECT config_value FROM '+self.TABLE_PREFIX+'config WHERE config_name = %s',(config_name,))
|
||||
myconfig = self.cursor.fetchone()
|
||||
if isinstance(myconfig,dict):
|
||||
if myconfig.has_key('config_value'):
|
||||
return myconfig['config_value']
|
||||
return None
|
||||
|
||||
def _update_session_table(self, user_id, ip_address):
|
||||
self.check_connection()
|
||||
time_now = int(time.time())
|
||||
autologin = self._get_config_value("allow_autologin")
|
||||
self.cursor.execute('SELECT user_allow_viewonline FROM '+self.TABLE_PREFIX+'users WHERE user_id = %s', (user_id,))
|
||||
myuserprefs = self.cursor.fetchone()
|
||||
session_admin = 0
|
||||
@@ -19380,13 +19573,13 @@ class phpBB3AuthInterface(DistributionAuthInterface,RemoteDbSkelInterface):
|
||||
'session_forwarded_for': '',
|
||||
'session_page': 'index.php',
|
||||
'session_viewonline': myuserprefs['user_allow_viewonline'],
|
||||
'session_autologin': myconfig['autologin'],
|
||||
'session_autologin': autologin,
|
||||
'session_admin': session_admin,
|
||||
'session_forum_id': 0,
|
||||
}
|
||||
import md5
|
||||
m = md5.new()
|
||||
m.update(str(user_id)+str(time_now)+str(self.USER_AGENT)+str(ip_address)+str(myconfig['autologin'])+str(myuserprefs['user_allow_viewonline']))
|
||||
m.update(str(user_id)+str(time_now)+str(self.USER_AGENT)+str(ip_address)+str(autologin)+str(myuserprefs['user_allow_viewonline']))
|
||||
session_data['session_id'] = m.hexdigest()
|
||||
|
||||
self.cursor.execute('SELECT * FROM '+self.TABLE_PREFIX+'sessions WHERE session_user_id = %s', (user_id,))
|
||||
|
||||
Reference in New Issue
Block a user