SHARE
TWEET

Untitled

a guest Sep 20th, 2015 29 Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. # I apologize to any future developers and anyone else who may have to read this code
  2. # :(
  3.  
  4. import time, struct, random, socket, hashlib, pyotp, hmac
  5.  
  6. def FetchOneAssoc(cursor) :
  7.     data = cursor.fetchone()
  8.     if data == None :
  9.         return None
  10.     desc = cursor.description
  11.  
  12.     res = {}
  13.  
  14.     for (name, value) in zip(desc, data) :
  15.         res[name[0]] = value
  16.  
  17.     return res
  18.  
  19. def check_username(username):
  20.     cursor = mysql.connection.cursor()
  21.     cursor.execute(
  22.         'select * from users where user_name = %s limit 1',
  23.         (username,)
  24.     )
  25.     rv = FetchOneAssoc(cursor)
  26.     #rv = cursor.fetchone()
  27.     return rv
  28.  
  29. def check_user_id(user_id):
  30.     cursor = mysql.connection.cursor()
  31.     cursor.execute("select * from users where user_id=%s limit 1", (user_id,))
  32.     return FetchOneAssoc(cursor)
  33.  
  34. def generate_seed(username, ip_address):
  35.     return int(struct.unpack('I', socket.inet_aton(ip_address))[0]) + struct.unpack('I', username[:4].ljust(4,'0'))[0]
  36.  
  37. def get_totp_key(seed):
  38.     random.seed(seed)
  39.     return pyotp.random_base32(16, random)
  40.  
  41. def register_user(username, password, ip_address):
  42.     password = hashlib.sha256(username+password).hexdigest()
  43.     cursor = mysql.connection.cursor()
  44.     cursor.execute(
  45.         "insert into users (user_name, user_password, user_ip) VALUES (%s, %s, %s)",
  46.         (username, password, ip_address)
  47.     )
  48.     mysql.connection.commit()
  49.  
  50. def auth_user(username, password):
  51.     cursor = mysql.connection.cursor()
  52.     cursor.execute(
  53.         "select * from users where user_name = %s and user_password = %s limit 1",
  54.         (username, hashlib.sha256(username+password).hexdigest())
  55.     )
  56.     rv = cursor.fetchone()
  57.     if not rv:
  58.         return False
  59.  
  60.     return True
  61.  
  62. def make_cookie(secret, username, ip, timestamp=None):
  63.     if not timestamp:
  64.         timestamp = int(time.time())
  65.     base_cookie = '%s_%s' % (username, str(timestamp))
  66.     hmac_builder = hmac.new(secret, digestmod=hashlib.sha1)
  67.     hmac_builder.update(base_cookie)
  68.     return '%s_%s' % (base_cookie, hmac_builder.hexdigest())
  69.  
  70. def validate_cookie(secret, input_cookie):
  71.     parts = input_cookie.split("_")
  72.     if len(parts) != 3:
  73.         return False
  74.  
  75.     input_username = parts[0]
  76.     input_time = parts[1]
  77.     input_hmac = parts[2]
  78.  
  79.     regen_cookie = make_cookie(secret, input_username, '', input_time)
  80.     regen_cookie = regen_cookie.split("_")
  81.     if input_hmac != regen_cookie[2]:
  82.         return False
  83.  
  84.     #print (int(input_time)-int(time.time()))
  85.     if (int(time.time())-int(input_time)) > 1000*3600:
  86.         return False
  87.  
  88.     if not check_username(input_username):
  89.         return False
  90.    
  91.     return True
  92.  
  93. def get_user_from_cookie(request):
  94.     cookie = request.cookies.get("session") or ""
  95.     if not cookie:
  96.         return False
  97.  
  98.     user = cookie.split("_")[0]
  99.     return check_username(user)
  100.  
  101. def update_user_profile(user_id, image_url, profile_text):
  102.     cursor = mysql.connection.cursor()
  103.     cursor.execute(
  104.         "update users set user_image=%s, user_profile=%s where user_id=%s",
  105.         (image_url, profile_text, user_id,)
  106.     )
  107.     mysql.connection.commit()
  108.  
  109. def get_message_by_id(message_id):
  110.     cursor = mysql.connection.cursor()
  111.     cursor.execute(
  112.         "select * from messages where message_id = %s",
  113.         (message_id,)
  114.     )
  115.  
  116.     message = FetchOneAssoc(cursor)
  117.     print "hell", message
  118.     if not message:
  119.         return {}
  120.  
  121.     try:
  122.         message["message_from_username"] = check_user_id(message["message_from"])["user_name"]
  123.         message["message_to_username"] = check_user_id(message["message_to"])["user_name"]
  124.     except:
  125.         message["message_from_username"] = 'nobody'
  126.         message["message_to_username"] = 'nobody'
  127.  
  128.     return message
  129.  
  130. def get_messages_for_user(user_id):
  131.     cursor = mysql.connection.cursor()
  132.     cursor.execute(
  133.         "select * from messages where %s in (message_to, message_from) order by message_id desc limit 25",
  134.         (user_id,)
  135.     )
  136.  
  137.     messages = []
  138.  
  139.     while True:
  140.         message_data = FetchOneAssoc(cursor)
  141.         if not message_data:
  142.             break
  143.  
  144.         try:
  145.             message_data["message_from_username"] = check_user_id(message_data["message_from"])["user_name"]
  146.             message_data["message_to_username"] = check_user_id(message_data["message_to"])["user_name"]
  147.         except:
  148.             message_data["message_from_username"] = 'nobody'
  149.             message_data["message_to_username"] = 'nobody'
  150.  
  151.         messages.append(message_data)
  152.  
  153.     return messages
  154.  
  155. def create_message(message_to, message_from, message_title, message_contents):
  156.     cursor = mysql.connection.cursor()
  157.     cursor.execute(
  158.         "insert into messages (message_to, message_from, message_title, message_contents) values (%s, %s, %s, %s)",
  159.         (message_to, message_from, message_title, message_contents,)
  160.     )
  161.     mysql.connection.commit()
  162.  
  163. def insert_csp_report(report_ip, report_content):
  164.     cursor = mysql.connection.cursor()
  165.     cursor.execute(
  166.         "insert into reports (report_ip, report_content) values (%s, %s)",
  167.         (report_ip, report_content,)
  168.     )
  169.     mysql.connection.commit()
  170.     return cursor.lastrowid
  171.  
  172. def get_csp_report(report_id):
  173.     cursor = mysql.connection.cursor()
  174.     cursor.execute(
  175.         "select * from reports where report_id = %s"%
  176.         (report_id,)
  177.     )
  178.  
  179.     return FetchOneAssoc(cursor)
  180.  
  181. def search(search_string):
  182.     search_string = "%"+search_string+"%"
  183.     cursor = mysql.connection.cursor()
  184.     cursor.execute(
  185.         "select * from users where user_name like %s or user_profile like %s order by user_id asc limit 20",
  186.         (search_string, search_string,)
  187.     )
  188.  
  189.     users = []
  190.     while True:
  191.         user_data = FetchOneAssoc(cursor)
  192.         if not user_data:
  193.             break
  194.  
  195.         users.append(user_data)
  196.  
  197.     return users
RAW Paste Data
Top