API tools faq
paste
Advertisement
Guest User

Untitled

a guest
Sep 20th, 2015
251
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
Python 5.87 KB | None | 0 0
raw download clone embed print report
  1. # I apologize to any future developers and anyone else who may have to read this code
  2. # :(
  3.  
  4. import time, struct, random, socket, hashlib, pyotp, hmac
  5.  
  6. def FetchOneAssoc(cursor) :
  7.     data = cursor.fetchone()
  8.     if data == None :
  9.         return None
  10.     desc = cursor.description
  11.  
  12.     res = {}
  13.  
  14.     for (name, value) in zip(desc, data) :
  15.         res[name[0]] = value
  16.  
  17.     return res
  18.  
  19. def check_username(username):
  20.     cursor = mysql.connection.cursor()
  21.     cursor.execute(
  22.         'select * from users where user_name = %s limit 1',
  23.         (username,)
  24.     )
  25.     rv = FetchOneAssoc(cursor)
  26.     #rv = cursor.fetchone()
  27.     return rv
  28.  
  29. def check_user_id(user_id):
  30.     cursor = mysql.connection.cursor()
  31.     cursor.execute("select * from users where user_id=%s limit 1", (user_id,))
  32.     return FetchOneAssoc(cursor)
  33.  
  34. def generate_seed(username, ip_address):
  35.     return int(struct.unpack('I', socket.inet_aton(ip_address))[0]) + struct.unpack('I', username[:4].ljust(4,'0'))[0]
  36.  
  37. def get_totp_key(seed):
  38.     random.seed(seed)
  39.     return pyotp.random_base32(16, random)
  40.  
  41. def register_user(username, password, ip_address):
  42.     password = hashlib.sha256(username+password).hexdigest()
  43.     cursor = mysql.connection.cursor()
  44.     cursor.execute(
  45.         "insert into users (user_name, user_password, user_ip) VALUES (%s, %s, %s)",
  46.         (username, password, ip_address)
  47.     )
  48.     mysql.connection.commit()
  49.  
  50. def auth_user(username, password):
  51.     cursor = mysql.connection.cursor()
  52.     cursor.execute(
  53.         "select * from users where user_name = %s and user_password = %s limit 1",
  54.         (username, hashlib.sha256(username+password).hexdigest())
  55.     )
  56.     rv = cursor.fetchone()
  57.     if not rv:
  58.         return False
  59.  
  60.     return True
  61.  
  62. def make_cookie(secret, username, ip, timestamp=None):
  63.     if not timestamp:
  64.         timestamp = int(time.time())
  65.     base_cookie = '%s_%s' % (username, str(timestamp))
  66.     hmac_builder = hmac.new(secret, digestmod=hashlib.sha1)
  67.     hmac_builder.update(base_cookie)
  68.     return '%s_%s' % (base_cookie, hmac_builder.hexdigest())
  69.  
  70. def validate_cookie(secret, input_cookie):
  71.     parts = input_cookie.split("_")
  72.     if len(parts) != 3:
  73.         return False
  74.  
  75.     input_username = parts[0]
  76.     input_time = parts[1]
  77.     input_hmac = parts[2]
  78.  
  79.     regen_cookie = make_cookie(secret, input_username, '', input_time)
  80.     regen_cookie = regen_cookie.split("_")
  81.     if input_hmac != regen_cookie[2]:
  82.         return False
  83.  
  84.     #print (int(input_time)-int(time.time()))
  85.     if (int(time.time())-int(input_time)) > 1000*3600:
  86.         return False
  87.  
  88.     if not check_username(input_username):
  89.         return False
  90.    
  91.     return True
  92.  
  93. def get_user_from_cookie(request):
  94.     cookie = request.cookies.get("session") or ""
  95.     if not cookie:
  96.         return False
  97.  
  98.     user = cookie.split("_")[0]
  99.     return check_username(user)
  100.  
  101. def update_user_profile(user_id, image_url, profile_text):
  102.     cursor = mysql.connection.cursor()
  103.     cursor.execute(
  104.         "update users set user_image=%s, user_profile=%s where user_id=%s",
  105.         (image_url, profile_text, user_id,)
  106.     )
  107.     mysql.connection.commit()
  108.  
  109. def get_message_by_id(message_id):
  110.     cursor = mysql.connection.cursor()
  111.     cursor.execute(
  112.         "select * from messages where message_id = %s",
  113.         (message_id,)
  114.     )
  115.  
  116.     message = FetchOneAssoc(cursor)
  117.     print "hell", message
  118.     if not message:
  119.         return {}
  120.  
  121.     try:
  122.         message["message_from_username"] = check_user_id(message["message_from"])["user_name"]
  123.         message["message_to_username"] = check_user_id(message["message_to"])["user_name"]
  124.     except:
  125.         message["message_from_username"] = 'nobody'
  126.         message["message_to_username"] = 'nobody'
  127.  
  128.     return message
  129.  
  130. def get_messages_for_user(user_id):
  131.     cursor = mysql.connection.cursor()
  132.     cursor.execute(
  133.         "select * from messages where %s in (message_to, message_from) order by message_id desc limit 25",
  134.         (user_id,)
  135.     )
  136.  
  137.     messages = []
  138.  
  139.     while True:
  140.         message_data = FetchOneAssoc(cursor)
  141.         if not message_data:
  142.             break
  143.  
  144.         try:
  145.             message_data["message_from_username"] = check_user_id(message_data["message_from"])["user_name"]
  146.             message_data["message_to_username"] = check_user_id(message_data["message_to"])["user_name"]
  147.         except:
  148.             message_data["message_from_username"] = 'nobody'
  149.             message_data["message_to_username"] = 'nobody'
  150.  
  151.         messages.append(message_data)
  152.  
  153.     return messages
  154.  
  155. def create_message(message_to, message_from, message_title, message_contents):
  156.     cursor = mysql.connection.cursor()
  157.     cursor.execute(
  158.         "insert into messages (message_to, message_from, message_title, message_contents) values (%s, %s, %s, %s)",
  159.         (message_to, message_from, message_title, message_contents,)
  160.     )
  161.     mysql.connection.commit()
  162.  
  163. def insert_csp_report(report_ip, report_content):
  164.     cursor = mysql.connection.cursor()
  165.     cursor.execute(
  166.         "insert into reports (report_ip, report_content) values (%s, %s)",
  167.         (report_ip, report_content,)
  168.     )
  169.     mysql.connection.commit()
  170.     return cursor.lastrowid
  171.  
  172. def get_csp_report(report_id):
  173.     cursor = mysql.connection.cursor()
  174.     cursor.execute(
  175.         "select * from reports where report_id = %s"%
  176.         (report_id,)
  177.     )
  178.  
  179.     return FetchOneAssoc(cursor)
  180.  
  181. def search(search_string):
  182.     search_string = "%"+search_string+"%"
  183.     cursor = mysql.connection.cursor()
  184.     cursor.execute(
  185.         "select * from users where user_name like %s or user_profile like %s order by user_id asc limit 20",
  186.         (search_string, search_string,)
  187.     )
  188.  
  189.     users = []
  190.     while True:
  191.         user_data = FetchOneAssoc(cursor)
  192.         if not user_data:
  193.             break
  194.  
  195.         users.append(user_data)
  196.  
  197.     return users
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!