Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- from twisted.web.server import Site
- from twisted.web.resource import Resource
- from twisted.internet import ssl, reactor
- from twisted.python.modules import getModule
- import urllib.parse
- import cgi
- import json
- import os
- import hashlib
- import coserver
- import base64
- import smtplib
- gmail = smtplib.SMTP('smtp.gmail.com',587)
- gmail.starttls()
- email_logged_in = False
- epassw = ''
- euname = ''
- hidden_uname = 'wq3CoMKdwr_Cs8KfwrHCnsK6wrbDi8KywqrCvMOKd8K6wqLClsKtwrh7wpXCpsOF'
- hidden_passw = 'bMKywrLDgsOCwpvCg1lqcA=='
- messagelist = []
- messagecount = 0
- userdata = {}
- userkeys = {}
- funkey = 'chess'
- admin_salt = 'JJ3HSYW21BX1TX3UX7L1ATC4RC7T1PAA0A94UFHBVRLO4UJCSTKVPV450BK775TZ2DRZ2NFB37KBQR97NQ4T9K5F6DP1RMPHM3E7HTBSSPI24XABIH45BE982P1DW2JTAQGX9ADZODV986XFK6EP6QR4ZD7KJYK6IC7YU54GFCICAGJSFGWLSI9XZD40DUYF43GQ74LJ'
- realpass = '72957ef9715534b6c02866d589dd10bb44eb54eaf3b46f2583b450e1fb46f850edebe4f39d12b2ee83a5d338af359793f521973ac1e52c891e631157bcc73ac9'
- port = 80#int(os.environ.get('PORT', 17995))
- class FormPage(Resource):
- isLeaf = True
- def render_GET(self, request):
- global messagecount
- global messagelist
- global userdata
- out = {'success':False}
- if messagecount % 150 == 0:
- messagelist = []
- print(request.uri)
- data = (request.uri).decode('ascii')
- data = data[1:]
- data = to_dict(data)
- request.setHeader('Content-Type', 'text/plain; charset=UTF-8')
- valid = False
- if 'adminaccess' in data:
- vlr = adminhandle(data)
- out.update({'ADMIN':vlr[0]})
- if vlr[1]:
- out.update({'CMDRES':vlr[1]})
- if 'request' in data:
- out.update(handlereq(data))
- return json.dumps(out).encode('UTF-8')
- ## def render_POST(self, request):
- ## x = request.content.read()
- ## print(x)
- ## return x
- def to_dict(st):
- st = st.strip('/?')
- if not st:
- return {}
- st = urllib.parse.parse_qsl(st)
- return dict(st)
- def adminhandle(di):
- rawupass = (admin_salt+di['adminaccess']).encode('ascii')
- hashupass = hashlib.sha512(rawupass).hexdigest()
- result = [False,'']
- if hashupass == realpass:
- #access granted!
- result[0] = True
- if 'command' in di:
- if di['command'] == 'listdir':
- result[1] = os.listdir(os.getcwd())
- if di['command'] == 'getcwd':
- result[1] = os.getcwd()
- if di['command'] == 'changepass':
- if 'newpass' in di:
- global funkey
- funkey = di['newpass']
- result[1] = di['newpass']
- if di['command'] == 'changemasterpass':
- if 'newmasterpass' in di:
- global realpass
- realpass = hashlib.sha512((admin_salt+di['newmasterpass']).encode('ascii')).hexdigest()
- result[1] = di['newmasterpass']
- if di['command'] == 'tci':
- result[1] = coserver.test('TMSG.')
- if di['command'] == 'decodecred':
- if 'decodekey' in di:
- global epassw
- global euname
- epassw = coserver.decode(di['decodekey'],hidden_passw)
- euname = coserver.decode(di['decodekey'],hidden_uname)
- result[1] = [euname,epassw]
- if di['command'] == 'eauth':
- global email_logged_in
- global epassw
- global euname
- global gmail
- if (not email_logged_in) and (epassw):
- #login.
- gmail.login(euname,epassw)
- gmail.sendmail(euname,euname,'ACTIVATED')
- email_logged_in = True
- return result
- def handlereq(di):
- global userdata
- global messagelist
- global messagecount
- global userkeys
- req_type = di['request']
- userkey = di.get('userkey')
- username = userkeys.get(userkey)
- print(userkey,username)
- if username:#username is valid
- print('Is uname')
- if req_type == 'msg':
- if di.get('message'):
- messagecount += 1
- messagelist.append(username+': '+di.get('message'))
- return {'success':True}
- elif req_type == 'getmsg':
- return {'success':True,'messages':messagelist}
- elif not username:
- print('Not uname')
- if req_type == 'register':
- print('Register')
- t_uname = di.get('username')
- t_passw = di.get('password')
- if t_uname and t_passw:
- salt = coserver.getsalt(20)
- print(t_uname,t_passw,salt)
- t_passw = hashlib.sha256((salt+t_passw).encode('ascii')).hexdigest()
- if t_uname in userdata:
- return {'success':False}
- if not t_uname in userdata:
- t_akey = coserver.getsalt(40)
- userkeys.update({t_akey:t_uname})
- userdata.update({t_uname:[salt,t_passw]})
- t_uname = ''
- t_passw = ''
- to_delete = ''
- for akey in userkeys:
- if userkeys[akey] == t_uname:
- to_delete = akey
- if to_delete:
- del userkeys[to_delete]
- return {'success':True,'authkey':t_akey}
- elif req_type == 'login':
- t_uname = di.get('username')
- t_passw = di.get('password')
- if t_uname and t_passw:
- if not userdata.get(t_uname):
- return {'success':False}
- if hashlib.sha256((userdata[t_uname][0]+t_passw).encode('ascii')).hexdigest() == userdata[t_uname][1]:
- t_akey = coserver.getsalt(40)
- to_delete = ''
- for akey in userkeys:
- if userkeys[akey] == t_uname:
- to_delete = akey
- if to_delete:
- del userkeys[to_delete]
- userkeys.update({t_akey:t_uname})
- return {'success':True,'authkey':t_akey}
- return {}
- return {}
- #certData = getModule(__name__).filePath.sibling('server.pem').getContent()
- #certificate = ssl.PrivateCertificate.loadPEM(certData)
- factory = Site(FormPage())
- reactor.listenTCP(port, factory)
- #reactor.listenSSL(443, factory, certificate.options())
- reactor.run()
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
