kitoy/pywallter
1
0
Fork 0
Code Issues Pull Requests Projects Releases 1 Wiki Activity

Add lost password recovery

Browse Source
This commit is contained in:
kitoy
2025-05-12 16:37:30 +02:00
parent c91fdad70b
commit 15c0f4fd79
38 changed files with 1299 additions and 397 deletions
Download Patch File Download Diff File Expand all files Collapse all files

215
views/blog.py
View File

@@ -1,140 +1,177 @@
# -*- coding: utf-8 -*-
from flask import Blueprint, render_template, session, redirect, url_for, request, flash, abort, Flask
import time
from markupsafe import escape
import sqlite3
from markdown import markdown
postit = Blueprint('post-it', __name__, template_folder='templates')
from tools.filesutils import getFileSizeKo
import string
blog = Blueprint('blog', __name__, template_folder='templates')
app = Flask( 'pywallter' )
app.config.from_pyfile('config.py')
#### Variables ####################################################################################
DOSSIER_PERSO= app.config['DOSSIER_APP']
########################### Variables Globales #################################
extensionimg = app.config['EXT_IMG']
DATABASE = app.config['DATABASE']
BASE_URL = app.config['BASE_URL']
##################################################################################################
DOSSIER_PERSO= app.config['DOSSIER_APP']+'/'
DOSSIER_PUBLIC= app.config['DOSSIER_PUBLIC']+'/'
################################################################################
@postit.route('/post-it/', methods=['GET', 'POST'])
def racine_blog():
@blog.route('/myblog/new-article/', methods=['GET', 'POST'])
def new_article():
if 'username' in session:
UTILISATEUR='%s'% escape(session['username'])
user = '%s'% escape(session['username'])
folder_blog = DOSSIER_PERSO + user + "/blog/articles/"
if request.method == 'POST':
title= request.form['title']
title = request.form['title']
subtitle = request.form['subtitle']
content = request.form['content']
#category = request.form['category']
status = request.form['status']
post_date = time.strftime("%A %d %B %Y %H:%M:%S")
conn = sqlite3.connect(DATABASE) # Connexion la base de donne
cursor = conn.cursor() # Création de l'objet "curseur"
cursor.execute("""INSERT INTO posts(title, content, time, author, status) VALUES(?, ?, ?, ?, ?)""", (title, content, post_date, UTILISATEUR, status)) # Insérer des valeurs
conn.commit()
cursor.execute("""SELECT avatar FROM users WHERE name=? """, (UTILISATEUR,))
user_info = cursor.fetchone()
cursor.execute("""SELECT title, content, time, author, status FROM posts where author=?""" , (UTILISATEUR,))
list_posts = cursor.fetchall()
conn.close()
posts=list()
id=0
for post in list_posts:
posts.append(dict(title=post[0], id_postit=id ,content=markdown(post[1]), time=post[2], author=post[3],status=post[4], avatar=user_info[0]))
id=id+1
return render_template('blog.html', posts=posts)
else:
post_date = time.strftime("%d/%m/%Y %H:%M:%S")
filename = title.replace(" ", "_") + ".md"
conn = sqlite3.connect(DATABASE) # Connexion à la base de donnée
cursor = conn.cursor() # Création de l'objet "curseur"
cursor.execute("""SELECT avatar FROM users WHERE name=?""", (UTILISATEUR,))
user_info = cursor.fetchone()
cursor.execute("""SELECT title, content, time, author, status FROM posts WHERE author=?""" , (UTILISATEUR,))
list_posts = cursor.fetchall()
conn.close()
posts=list()
id=0
for post in list_posts:
posts.append(dict(title=post[0], id_postit=id, content=markdown(post[1]), time=post[2], author=post[3],status=post[4], avatar=user_info[0]))
id=id+1
return render_template('blog.html', section='Post-it', posts=posts)
cursor.execute("""INSERT INTO Blog_posts(title, subtitle, filename, time, author, status) VALUES(?, ?, ?, ?, ?, ?)""", (title, subtitle, filename, post_date, user, status)) # Insérer des valeurs
conn.commit()
## On génère le fichiers markdown
with open(folder_blog + filename, 'w') as f:
f.write(content)
return redirect(url_for('blog.list_articles_blog'))
else:
return render_template('new_article_blog.html')
else:
return redirect(BASE_URL, code=401)
@blog.route('/myblog/list-articles/', methods=['GET'])
def list_articles_blog():
if 'username' in session:
user = '%s'% escape(session['username'])
conn = sqlite3.connect(DATABASE) # Connexion à la base de donnée
cursor = conn.cursor() # Création de l'objet "curseur"
cursor.execute("""SELECT title, subtitle, time, last_updated, status FROM Blog_posts WHERE author=? """, (user,) )
list_posts=cursor.fetchall()
posts=list()
nb_articles=0
for post in list_posts:
posts.append(dict(title=post[0],
subtitle=post[1],
time=post[2],
last_updated=post[3],
status=post[4]))
nb_articles =+ 1
return render_template('list_articles.html',
section="Articles",
list_posts=posts,
nb_articles=nb_articles
)
else:
return redirect(BASE_URL, code=401)
@postit.route('/delete/<title>/<time>')
def delete(title, time):
@blog.route('/myblog/delete/<title>')
def delete(title):
if 'username' in session :
user='%s'% escape(session['username'])
folder_blog = DOSSIER_PERSO + user + "/blog/articles/"
folder_blog_public = DOSSIER_PUBLIC + user + "/blog/articles/"
filename = title.replace(" ", "_")
conn = sqlite3.connect(DATABASE) # Connexion à la base de donnée
cursor = conn.cursor() # Création de l'objet "curseur"
cursor.execute("""DELETE FROM posts WHERE title=? AND time=?""", (title, time))
cursor.execute("""DELETE FROM Blog_posts WHERE title=? AND author=?""", (title, user))
conn.commit()
conn.close()
return redirect(url_for('post-it.racine_blog'))
os.remove(folder_blog+filename+".md")
os.remove(folder_blog_public+filename+".html")
return redirect(url_for('blog.list_articles_blog'))
else:
return redirect(BASE_URL, code=401) # sinon on redirige vers login
@postit.route('/edit/<title>/<time>', methods=['GET', 'POST'])
def edit(title, time):
@blog.route('/myblog/edit/<title>', methods=['GET', 'POST'])
def edit(title):
if 'username' in session :
user='%s'% escape(session['username'])
filename = title.replace(" ", "_") + ".md"
folder_blog = DOSSIER_PERSO + user + "/blog/articles/"
if request.method == 'POST' :
newtitle = request.form['title']
subtitle = request.form['subtitle']
newcontent = request.form['content']
newstatus = request.form['status']
updated = time.strftime("%d/%m/%Y %H:%M:%S")
conn = sqlite3.connect(DATABASE)
cursor = conn.cursor()
cursor.execute("""UPDATE posts SET title=?, content=?, status=? WHERE title=? AND time=?""",
(newtitle, newcontent, newstatus, title, time))
cursor.execute("""UPDATE Blog_posts SET subtitle=?, last_updated=?, status=? WHERE title=? AND author=?""", (subtitle, updated, newstatus, title, user))
conn.commit()
conn.close()
return redirect(url_for('post-it.racine_blog'))
with open(folder_blog + filename, 'w') as f:
f.write(newcontent)
return redirect(url_for('blog.list_articles_blog'))
else:
conn = sqlite3.connect(DATABASE) # Connexion à la base de donnée
cursor = conn.cursor() # Création de l'objet "curseur"
cursor.execute("""SELECT title, content, status FROM posts WHERE title=? AND time =?""", (title, time))
cursor.execute("""SELECT title, subtitle, status FROM Blog_posts WHERE title=? AND author=?""", (title, user))
oldpost = cursor.fetchone()
conn.close()
return render_template('postedit.html',
section='Post-it',
oldpost=oldpost)
else:
return redirect(BASE_URL, code=401)
@postit.route('/postit/board', methods=['GET'])
def viewsheet():
if 'username' in session:
conn = sqlite3.connect(DATABASE) # Connexion à la base de donnée
cursor = conn.cursor() # Création de l'objet "curseur"
cursor.execute("""SELECT title, content, time, author, status FROM posts WHERE status='public' """)
list_posts=cursor.fetchall()
posts=list()
id=0
for post in list_posts:
author = post[3]
cursor.execute("""SELECT avatar FROM users WHERE name=?""", (author,))
tmp = cursor.fetchone()
if tmp != None :
author_avatar = tmp[0]
else:
author_avatar = tmp
posts.append(dict(title=post[0], id_postit=id, content=markdown(post[1]), time=post[2], author=post[3],status=post[4], avatar=author_avatar))
id=id+1
conn.close()
return render_template('board.html', section='Post-it', posts=posts)
with open(folder_blog + filename, 'r') as f:
content = f.read()
return render_template('edit_article.html',
section='Post-it',
oldpost=oldpost,
content=content)
else:
return redirect(BASE_URL, code=401)
@blog.route('/blog/<username>/', methods=['GET'])
def view(username):
user = username
conn = sqlite3.connect(DATABASE) # Connexion à la base de donnée
cursor = conn.cursor() # Création de l'objet "curseur"
cursor.execute("""SELECT title, subtitle, time, author FROM Blog_posts WHERE status='public' AND author=? """, (user,) )
list_posts=cursor.fetchall()
posts=list()
id=0
conn.close()
print (list_posts)
if list_posts != None:
for post in list_posts:
posts.append(dict(title=post[0], subtitle=post[1], time=post[2], author=post[3]))
else:
return redirect(BASE_URL, code=404)
return render_template('index_blog.html', section='Blog', posts=posts, user=user)
@blog.route('/blog/<username>/<title>', methods=['GET'])
def viewArticle(username, title):
folder_blog = DOSSIER_PERSO + username + "/blog/articles/"
filename = title.replace(" ", "_") + ".md"
user = username
conn = sqlite3.connect(DATABASE) # Connexion à la base de donnée
cursor = conn.cursor() # Création de l'objet "curseur"
cursor.execute("""SELECT title, subtitle, time, author FROM Blog_posts WHERE author=? AND title=? """, (user, title) )
post = cursor.fetchone()
conn.close()
if post != None:
post_info = (dict(title=post[0], subtitle=post[1], time=post[2], author=post[3]))
with open(folder_blog + filename, 'r') as f:
content_md = f.read()
content = markdown(content_md)
return render_template('blog.html', post_info=post_info, content=content)
else:
flash(u"Cet article n'existe pas", 'error');

235
views/filesupload.py
View File

@@ -7,7 +7,8 @@ from PIL import Image
import time
import sqlite3
import os
from shutil import move
from tools.filesutils import getFileSizeMo
filesupload = Blueprint('filesupload', __name__, template_folder='templates')
@@ -17,69 +18,54 @@ app.config.from_pyfile('config.py')
#### Variables ####################################################################################
DOSSIER_PERSO= app.config['DOSSIER_APP']
DOSSIER_PERSO= app.config['DOSSIER_APP']+'/'
DOSSIER_PUBLIC= app.config['DOSSIER_PUBLIC']+'/'
extensionimg = app.config['EXT_IMG']
DATABASE = app.config['DATABASE']
BASE_URL= app.config['BASE_URL']
##################################################################################################
@filesupload.route( '/filesupload/', methods=['GET', 'POST'])
def uploadfiles():
if 'username' in session :
UTILISATEUR='%s'% escape(session['username'])
user = '%s'% escape(session['username'])
if request.method == 'POST' :
files = request.files.getlist('fic')
for f in files :
if f: # On vérifie qu'un fichier a bien été envoyé
nom = secure_filename(f.filename)
if os.path.isfile(DOSSIER_PERSO + UTILISATEUR + '/files/' + nom):
flash(u'Fichier déjà existant, merci de spécifier un autre nom de fichier', 'error')
else:
if os.path.isfile(DOSSIER_PERSO + UTILISATEUR + '/images/' + nom):
flash(u'Image déjà existante, merci de spécifier un autre nom de fichier', 'error')
else:
file, ext = os.path.splitext(nom)
if ext in extensionimg :
f.save(DOSSIER_PERSO + UTILISATEUR + '/images/' + nom)
image=DOSSIER_PERSO + UTILISATEUR + '/images/' + nom
with Image.open(image) as img :
img.thumbnail((300,300))
img.save( DOSSIER_PERSO + UTILISATEUR + '/images/thumbnails/' + nom )
if os.path.isfile(DOSSIER_PERSO + UTILISATEUR + '/images/' + nom) :
if os.path.isfile(DOSSIER_PERSO + UTILISATEUR + '/images/thumbnails/' + nom):
TIME=time.strftime("%A %d %B %Y %H:%M:%S")
IP=request.environ['REMOTE_ADDR']
CLIENT_PLATFORM=request.headers.get('User-Agent')
log_file=os.path.join(DOSSIER_PERSO, UTILISATEUR, "log.txt")
LOG=open(log_file, "a")
LOG.write (TIME + ' - ' + IP + ' - ' + UTILISATEUR + ' - ' + CLIENT_PLATFORM + '\n' + '---> ' + nom + '\n')
LOG.close()
flash(u'Image envoyée et traitée avec succés', 'succes')
else:
flash(u'Échec lors du traitement de l\'image', 'error')
return redirect(url_for('filesupload.uploadfiles'))
else:
flash(u'Éches lors de l\'envoi de l\'image', 'error')
return redirect(url_for('filesupload.uploadfiles'))
else:
f.save(DOSSIER_PERSO + UTILISATEUR + '/files/' + nom)
if os.path.isfile(DOSSIER_PERSO + UTILISATEUR + '/files/' + nom) :
TIME=time.strftime("%A %d %B %Y %H:%M:%S")
IP=request.environ['REMOTE_ADDR']
CLIENT_PLATFORM=request.headers.get('User-Agent')
LOG=open("log.txt", "a") # Ouvre fichier log.txt
LOG.write (TIME + ' - ' + IP + ' - ' + UTILISATEUR + ' - ' + CLIENT_PLATFORM + '\n' + '---> ' + nom + '\n') # Écrit dans log
LOG.close() # Ferme log.txt
flash(u'Fichier envoyé avec succés', 'succes')
#return redirect(url_for('filesupload.upload'))
else:
return redirect(url_for('filesupload.uploadfiles'))
else:
flash(u'Error : Vous avez oublié le fichier !', 'error')
return redirect(url_for('filesupload.uploadfiles'))
nom = secure_filename(f.filename)
if os.path.isfile(DOSSIER_PERSO + user + '/files/' + nom) or os.path.isfile(DOSSIER_PERSO + user + '/images/' + nom):
flash(u'Un fichier avec le même nom existe déjà, merci de spécifier un autre nom de fichier', 'error')
else:
file, ext = os.path.splitext(nom)
if ext in extensionimg :
f.save(DOSSIER_PERSO + user + '/images/' + nom)
image = DOSSIER_PERSO + user + '/images/' + nom
with Image.open(image) as img :
img.thumbnail((300,300))
img.save( DOSSIER_PERSO + user + '/images/thumbnails/' + nom )
TIME=time.strftime("%A %d %B %Y %H:%M:%S")
IP=request.environ['REMOTE_ADDR']
CLIENT_PLATFORM=request.headers.get('User-Agent')
log_file=os.path.join(DOSSIER_PERSO, user, "log.txt")
LOG=open(log_file, "a")
LOG.write (TIME + ' - ' + IP + ' - ' + user + ' - ' + CLIENT_PLATFORM + '\n' + '---> ' + nom + '\n')
LOG.close()
flash(u'Image envoyée et traitée avec succés', 'succes')
else:
f.save(DOSSIER_PERSO + user + '/files/' + nom)
TIME=time.strftime("%A %d %B %Y %H:%M:%S")
IP=request.environ['REMOTE_ADDR']
CLIENT_PLATFORM=request.headers.get('User-Agent')
LOG=open("log.txt", "a") # Ouvre fichier log.txt
LOG.write (TIME + ' - ' + IP + ' - ' + user + ' - ' + CLIENT_PLATFORM + '\n' + '---> ' + nom + '\n') # Écrit dans log
LOG.close() # Ferme log.txt
flash(u'Fichier envoyé avec succés', 'succes')
else:
flash(u'Error : Vous avez oublié le fichier !', 'error')
return redirect(url_for('filesupload.uploadfiles'))
resp = make_response(render_template('up_up.html', section="Upload"))
resp.set_cookie('username', session['username'])
return resp
@@ -90,51 +76,122 @@ def uploadfiles():
@filesupload.route('/view/')
def list():
if 'username' in session :
UTILISATEUR='%s'% escape(session['username'])
i = 0
fichiers = os.listdir(DOSSIER_PERSO + UTILISATEUR + '/files/')
listeFichiers = []
if fichiers:
for fich in fichiers:
i += 1
size = os.path.getsize(DOSSIER_PERSO + UTILISATEUR + '/files/' + fich) # size = taille des fichiers
listeFichiers.append([i, fich, size]) # On implémente la listeFichiers avec le num le ficier et sa taille
return render_template('up_list.html',
section="Files",
size=size,
i=i,
listeFichiers=listeFichiers)
else :
flash(u'Aucun fichier uploadé ! Redirection vers Upload', 'error')
return redirect(url_for('filesupload.uploadfiles'))
user = '%s'% escape(session['username'])
files_public = os.listdir(DOSSIER_PUBLIC + user + '/files')
files_private = os.listdir(DOSSIER_PERSO + user + '/files/')
listFilesPublic = []
listFilesPrivate = []
nb_pv = 0
if files_private:
for fich in files_private:
nb_pv += 1
size = getFileSizeMo(DOSSIER_PERSO + user + '/files/' + fich) # size = taille des fichiers
listFilesPrivate.append([nb_pv, fich, size]) # On implémente la listeFichiers avec le num le ficier et sa taille
nb_pu = 0
if files_public:
for fich in files_public:
nb_pu += 1
size = getFileSizeMo(DOSSIER_PUBLIC + user + '/files/' + fich) # size = taille des fichiers
listFilesPublic.append([nb_pu, fich, size])
return render_template('up_list.html',
section="Files",
size=size,
username=user,
nb_pv=nb_pv,
nb_pu=nb_pu,
listFilesPrivate=listFilesPrivate,
listFilesPublic=listFilesPublic)
else :
return redirect(BASE_URL, code=401)
@filesupload.route('/myfiles/<filename>')
def myfiles(filename):
@filesupload.route('/myfiles/<username>/<filename>')
def myfiles(username, filename):
if 'username' in session :
UTILISATEUR='%s' % escape(session['username'])
user = '%s' % escape(session['username'])
return send_from_directory(
os.path.join(DOSSIER_PERSO, UTILISATEUR, 'files'), filename )
os.path.join(DOSSIER_PERSO, username, 'files'), filename )
else :
return redirect(BASE_URL, code=401)
@filesupload.route('/remove/<nom>')
def remove(nom):
if 'username' in session :
UTILISATEUR='%s' % escape(session['username'])
nom = secure_filename(nom)
if os.path.isfile(DOSSIER_PERSO + UTILISATEUR + '/files/' + nom): # si le fichier existe
os.remove(DOSSIER_PERSO + UTILISATEUR + '/files/' + nom) # on le supprime
return redirect(url_for('filesupload.list', _external=True))
else:
if os.path.isfile(DOSSIER_PERSO + UTILISATEUR + '/images/thumbnails/' + nom): # si le fichier existe
os.remove(DOSSIER_PERSO + UTILISATEUR + '/images/thumbnails/' + nom) # on le supprime
os.remove(DOSSIER_PERSO + UTILISATEUR + '/images/' + nom) # on le supprime
return redirect(url_for('gallery'))
else:
flash(u'Fichier {nom} inexistant.'.format(nom=nom), 'error')
return redirect(url_for('filesupload.list', _external=True)) # sinon on redirige vers la liste, avec un message d'erreur
@filesupload.route('/make_public/<filename>')
def move_public(filename):
if 'username' in session:
user = '%s' % escape(session['username'])
src = os.path.join(DOSSIER_PERSO, user, 'files', filename)
dst = os.path.join(DOSSIER_PUBLIC, user, 'files/')
move (src, dst)
return redirect(url_for('filesupload.list', _external=True))
else:
return redirect(BASE_URL, code=401)
@filesupload.route('/make_private/<filename>')
def move_private(filename):
if 'username' in session:
user = '%s' % escape(session['username'])
src = os.path.join(DOSSIER_PUBLIC, user, 'files', filename)
dst = os.path.join(DOSSIER_PERSO, user, 'files/')
move (src, dst)
return redirect(url_for('filesupload.list', _external=True))
else:
return redirect(BASE_URL, code=401)
@filesupload.route('/public/<username>/<filename>')
def publicfiles(username, filename):
return send_from_directory(
os.path.join(DOSSIER_PUBLIC, username, 'files'), filename )
@filesupload.route('/remove_privateFile/<filename>')
def remove_privateFile(filename):
if 'username' in session :
user = '%s' % escape(session['username'])
filename = secure_filename(filename)
try:
os.remove(DOSSIER_PERSO + user + '/files/' + filename) # on le supprime
except FileNotFoundError:
flash(u'Fichier {filename} inexistant.'.format(filename=filename), 'error')
return redirect(url_for('filesupload.list', _external=True))
else :
return redirect(BASE_URL, code=401)
@filesupload.route('/remove_privateImage/<filename>')
def remove_privateImage(filename):
if 'username' in session :
user = '%s' % escape(session['username'])
filename = secure_filename(filename)
try:
os.remove(DOSSIER_PERSO + user + '/images/thumbnails/' + filename) # on le supprime
os.remove(DOSSIER_PERSO + user + '/images/' + filename) # on le supprime
except FileNotFoundError:
flash(u'Image {filename} inexistante.'.format(filename=filename), 'error')
return redirect(url_for('gallery'))
@filesupload.route('/remove_publicFile/<filename>')
def remove_publicFile(filename):
if 'username' in session :
user = '%s' % escape(session['username'])
filename = secure_filename(filename)
try:
os.remove(DOSSIER_PUBLIC + user + '/files/' + filename) # on le supprime
except FileNotFoundError:
flash(u'Fichier {filename} inexistant.'.format(filename=filename), 'error')
return redirect(url_for('filesupload.list', _external=True))
else :
return redirect(BASE_URL, code=401)
@filesupload.route('/remove_publicImage/<filename>')
def remove_publicImage(filename):
if 'username' in session :
user = '%s' % escape(session['username'])
filename = secure_filename(filename)
try:
os.remove(DOSSIER_PUBLIC + user + '/images/thumbnails/' + filename) # on le supprime
os.remove(DOSSIER_PUBLIC + user + '/images/' + filename) # on le supprime
except FileNotFoundError:
flash(u'Image {filename} inexistante.'.format(filename=filename), 'error')
return redirect(url_for('gallery'))

69
views/loginlogout.py
View File

@@ -4,6 +4,8 @@ from markupsafe import escape
from flask_bcrypt import Bcrypt
from socket import gethostname
from os import remove, system
from tools.utils import email_disp, valid_token_register, valid_passwd, valid_username, gen_token
from tools.mailer import Mailer
app = Flask( 'pywallter' )
app.config.from_pyfile('config.py')
@@ -35,19 +37,25 @@ def login() :
else :
resp = redirect(url_for('loginlogout.login', _external=True))
if request.method == 'POST' :
user = request.form['user']
password = request.form['passwd']
conn = sqlite3.connect(DATABASE) # Connexion à la base de donnée
cursor = conn.cursor() # Création de l'objet "curseur"
cursor.execute("""SELECT name, passwd FROM users""")
users = cursor.fetchall()
cursor.execute("""SELECT name, passwd FROM users WHERE name=?""", (user,))
user_exist = cursor.fetchone()
conn.close()
password = request.form['passwd']
for user in users:
passwd = str(user[1] )
if user[0] == request.form['user'] and bcrypt.check_password_hash(user[1], password) is True:
if user_exist:
user = user_exist[0]
passwd_bcrypt = user_exist[1].decode()
if user == request.form['user'] and bcrypt.check_password_hash(passwd_bcrypt, password) is True:
session['username'] = request.form['user']
resp = redirect(url_for('profil.profile', _external=True))
else:
flash(u'Mauvais nom d\'utilisateur ou mot de passe', 'error')
flash(u'Mauvais mot de passe', 'error')
else:
flash(u"L'utilisateur n'existe pas", 'error')
else:
resp = render_template('accueil.html', signin_enable=app.config['SIGNIN_ENABLE'])
return resp
@@ -58,22 +66,23 @@ def logout():
session.pop('username', None) # Supprimer username de la session s'il s'y trouve
return redirect(url_for('loginlogout.index'))
@loginlogout.route( '/delete_me/', methods=['GET','POST'])
def delete_account():
if 'username' in session :
UTILISATEUR='%s'% escape(session['username'])
user='%s'% escape(session['username'])
resp = render_template('delete_account.html', time_backup=BACKUP_TIME)
if request.method == 'POST' :
conn = sqlite3.connect(DATABASE) # Connexion à la base de donnée
cursor = conn.cursor() # Création de l'objet "curseur"
cursor.execute("""SELECT passwd FROM users WHERE name=?""", (UTILISATEUR,))
passwd = cursor.fetchone()[0]
cursor.execute("""SELECT passwd FROM users WHERE name=?""", (user,))
passwd = cursor.fetchone()[0].decode()
conn.close()
password = request.form['passwd']
if bcrypt.check_password_hash(passwd, password) is True:
not_error = True
try:
cmd = 'rm -r ' + DATAS_USER + '/' + UTILISATEUR
cmd = 'rm -r ' + DATAS_USER + '/' + user
if system(cmd) != 0:
raise TypeError("Remove directory error")
except:
@@ -101,7 +110,7 @@ def delete_account():
try:
conn = sqlite3.connect(DATABASE)
cursor = conn.cursor()
cursor.execute("""DELETE FROM users WHERE name=?""", (UTILISATEUR,))
cursor.execute("""DELETE FROM users WHERE name=?""", (user,))
conn.commit()
conn.close()
except:
@@ -114,6 +123,42 @@ def delete_account():
return resp
@loginlogout.route( '/lost_password/', methods=['GET', 'POST'])
def lost_password():
if request.method == 'POST' :
user = request.form['user']
conn = sqlite3.connect(DATABASE) # Connexion à la base de donnée
cursor = conn.cursor() # Création de l'objet "curseur"
cursor.execute("""SELECT name, Mail_rescue FROM users WHERE name=?""", (user,))
find_user = cursor.fetchone()
if find_user:
token = gen_token("Lost password")
cursor.execute("UPDATE users SET Lost_password_token=? WHERE name=?",
(token, user))
conn.commit()
mail_lost_password=Mailer()
message = """
"Vous avez fait une demande pour changer votre mot de passe, cliquez sur le liens en
dessous pour changer votre mot de passe :
"""+ BASE_URL + url_for('profil.change_passwd_lost', token=token) + """
Si ce n'est pas vous qui avez fait cette demande vous pouvez détruire le lien de changement
de mot de passe en cliquant sur le lien en dessous \n
"""+ BASE_URL + url_for('profil.deltoken_passwd_lost', token=token) + """
Au plaisir de vous revoir sur pywallter """
if find_user[1]:
flash(u"Un lien pour changer votre mot de passe a été envoyer à votre adresse email de secour ", 'succes')
mail_lost_password.send_email(find_user[1], "Récupération de votre mot de passe", message )
else:
flash(u"L'utilisateur "+ user + " n'existe pas.", 'error')
return render_template('lost_password.html')
@loginlogout.route( '/' )
def index():
conn = sqlite3.connect(DATABASE) # Connexion à la base de donnée

110
views/profil.py
View File

@@ -7,7 +7,7 @@ import sqlite3
import os
from socket import gethostname
from flask_bcrypt import Bcrypt
from tools.utils import email_disp, append_to_log, gen_token, valid_passwd
from tools.utils import email_disp, append_to_log, gen_token, valid_passwd, valid_token_register, get_user_by_token
profil = Blueprint('profil', __name__, template_folder='templates')
@@ -49,7 +49,7 @@ def profile() :
UTILISATEUR='%s' % escape(session['username'])
conn = sqlite3.connect(DATABASE) # Connexion à la base de donnée
cursor = conn.cursor() # Création de l'objet "curseur"
cursor.execute("""SELECT avatar, nom, prenom, age, mail_rescue FROM users WHERE name=?""", (UTILISATEUR,))
cursor.execute("""SELECT avatar, nom, prenom, age, Mail_rescue FROM users WHERE name=?""", (UTILISATEUR,))
tmp = (cursor.fetchone())
profil_user = dict()
profil_user['avatar'] = tmp[0]
@@ -133,7 +133,7 @@ def change_passwd() :
if password == password_confirm and valid_passwd(password):
mail_passwd_change = 0
xmmp_passwd_change = 0
xmpp_passwd_change = 0
passwd = request.form['password']
if MAIL_SERVER:
@@ -144,8 +144,8 @@ def change_passwd() :
if XMPP_SERVER:
tmp = mailbox['Mail'].split('@')
cmd = SETUID+ " prosodyctl register '"+tmp[0]+"' " + "'"+tmp[1]+"' " + "'"+passwd+"'"
res = os.system(cmd)
if res != 0:
xmpp_passwd_change = os.system(cmd)
if xmpp_passwd_change != 0:
flash(u'Il y a eu un problème pour le changement du mot de passe du compte XMPP !', 'error')
@@ -177,6 +177,100 @@ def change_passwd() :
return redirect(BASE_URL, code=401)
@profil.route('/change-password-lost/<token>', methods=['GET','POST'] )
def change_passwd_lost(token) :
if valid_token_register(token, "Lost password"):
user = get_user_by_token(token, "Lost password")
conn = sqlite3.connect(DATABASE) # Connexion à la base de donnée
cursor = conn.cursor() # Création de l'objet "curseur"
cursor.execute("""SELECT Mail, alias, xmpp FROM users WHERE name=?""", (user,))
tmp = cursor.fetchone()
mailbox = dict()
mailbox['Mail'] = tmp[0]
mailbox['alias'] = tmp[1]
mailbox['xmpp'] = tmp[2]
if request.method == 'GET' :
return render_template('mailbox.html',
section="Profil",
address=mailbox['Mail'],
username=user)
else:
password = request.form['password']
password_confirm = request.form['passwd_confirm']
if password == password_confirm and valid_passwd(password):
mail_passwd_change = 0
xmpp_passwd_change = 0
if MAIL_SERVER:
cmd = SETUID+ ' set_mail_passwd ' + '"'+mailbox['Mail']+'" '+ '"'+password+'"'
mail_passwd_change = os.system(cmd)
if XMPP_SERVER:
tmp = mailbox['Mail'].split('@')
cmd = SETUID+ " prosodyctl register '"+tmp[0]+"' " + "'"+tmp[1]+"' " + "'"+password+"'"
xmpp_change_passwd = os.system(cmd)
if xmpp_passwd_change != 0:
flash(u'Il y a eu un problème pour le changement du mot de passe du compte XMPP !', 'error')
conn = sqlite3.connect(DATABASE) # Connexion à la base de donnée
cursor = conn.cursor() # Création de l'objet "curseur"
if mail_passwd_change == 0:
passwd_bcrypt = bcrypt.generate_password_hash(password)
cursor.execute("UPDATE users SET passwd=? WHERE name=?",
(passwd_bcrypt, user))
conn.commit()
TIME=time.strftime("%A %d %B %Y %H:%M:%S")
IP=request.environ['REMOTE_ADDR']
CLIENT_PLATFORM=request.headers.get('User-Agent')
log=TIME + ' - ' + IP + ' - ' + user + ' - ' + CLIENT_PLATFORM + '\n' + '---> ' + "Changement du mot de passe" + '\n'
append_to_log(log, user)
flash(u'Votre mot de passe a été changé', 'succes')
cursor.execute("""UPDATE users set Lost_password_token='' where name=?""", (user,))
conn.close()
resp = redirect(url_for('loginlogout.login'))
else:
if not( valid_passwd(password) ):
flash(u'Le mot de passe ne peut pas contenir les caractères " et &', 'error')
else:
flash(u'Les mot de passes ne sont pas identique :/ ', 'error')
resp = render_template('mailbox.html',
section="Profil",
address=mailbox['Mail'],
username=user)
return resp
else:
return redirect(BASE_URL, code=401)
@profil.route('/deltoken-password-lost/<token>', methods=['GET','POST'] )
def deltoken_passwd_lost(token) :
if valid_token_register(token, "Lost password"):
user = get_user_by_token(token, "Lost password")
conn = sqlite3.connect(DATABASE) # Connexion à la base de donnée
cursor = conn.cursor() # Création de l'objet "curseur"
cursor.execute("""UPDATE users set Lost_password_token='' where name=?""", (user,))
conn.commit()
conn.close()
flash(u'Votre jeton pour changer votre mot de passe a été supprimé', 'succes')
else:
flash(u'Votre jeton est invalide', 'succes')
return redirect(url_for('loginlogout.login', _external=True))
@profil.route('/mymailbox/alias', methods=['GET', 'POST'] )
def myalias():
hostname=gethostname()
@@ -271,12 +365,12 @@ def remove_alias(aliasrm):
else:
flash(u'Il y a eu une erreur', 'error')
return redirect(url_for('profil.myalias', _external=True))
else:
return redirect(BASE_URL, code=401)
@profil.route('/invitation/', methods=['GET'])
def invitation():
if 'username' in session:
@@ -307,7 +401,7 @@ def generate_token():
UTILISATEUR='%s' % escape(session['username'])
conn = sqlite3.connect(DATABASE) # Connexion à la base de donnée
cursor = conn.cursor() # Création de l'objet "curseur"
token = gen_token()
token = gen_token("Invitation")
cursor.execute("UPDATE users SET Token=? WHERE name=?",
(token, UTILISATEUR))
conn.commit()