Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- #!/usr/bin/python
- import MySQLdb
- import re, hashlib, os
- re_cookie = re.compile(r'^a:[34]:\{i:0;(?:i:\d{1,6}|s:[1-8]):"(\d{1,8})";i:1;s:(?:0|40):"([a-fA-F0-9]{40})?";i:2;[id]:\d{1,14};(?:i:3;i:\d;)?\}$i')
- re_smf_cookie = re.compile(r'^SMFCookie716=(.+)$')
- db=MySQLdb.connect(host="localhost", user="maxim", passwd="", db="test")
- cur = db.cursor()
- def fetch_user_data(uid):
- cur.execute("select passwd, password_salt, is_activated, member_name from smf_members where id_member=%s", (uid,))
- try:
- return cur.fetchone()
- except:
- return None
- """
- get user id and password hash from cookie
- fetch user from db
- compare cookie password hash against fetched data
- ( this code was stolen from smf/Load.php/loadUserSettings() )
- """
- def check_user(cookie):
- global re_cookie
- m = re_cookie.match(cookie)
- if not m:
- return 0
- cookie_uid, cookie_password = m.group(1,2)
- cookie_uid = int(cookie_uid)
- if cookie_uid==0 or len(cookie_password)!=40:
- return False
- user = fetch_user_data(cookie_uid)
- check = False
- sha = hashlib.sha1()
- sha.update(user[0] + user[1])
- if (sha.hexdigest() == cookie_password) and (user[2]==1 or user[2]==11):
- check = True
- # return username
- return check and user[3]
- def get_smf_cookie():
- global re_smf_cookie
- cookies = os.environ['HTTP_COOKIE'] # ???
- for c in re.split('; ', cookies):
- m = re_smf_cookie.match(c)
- if m:
- return m.group(1)
- return None
- def get_messages():
- cookie = get_smf_cookie()
- if not cookie:
- # not logged in?
- return {}
- username = check_user(cookie)
- if not username:
- # not logged in/unapproved/blocked/etc
- # return some intro page
- return {}
- # user is valid one
- return {'username' username, 'messages': messages} # <-- your messages here. username can be used as a message prompt
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
