kitoy/pywallter
1
0
Fork 0
Code Issues Pull Requests Projects Releases 1 Wiki Activity

Compare commits

base: kitoy:4288eca55165b50ba5c97965b95694386e84590d
Branches Tags
kitoy:master
kitoy:0.1
..
compare: kitoy:3e4fe7f8316bc25f2669439704cf05fb43ff057e
Branches Tags
kitoy:master
kitoy:0.1

No commits in common. "4288eca55165b50ba5c97965b95694386e84590d" and "3e4fe7f8316bc25f2669439704cf05fb43ff057e" have entirely different histories.
4288eca551 ... 3e4fe7f831

9 changed files with 563 additions and 548 deletions
Show Stats Expand all files Collapse all files

14
tools/utils.py
View File

@ -1,5 +1,4 @@
from flask import Flask, url_for, session, redirect, request from flask import Flask
from functools import wraps
import sqlite3 import sqlite3
import os import os
import string import string
@ -15,17 +14,6 @@ DATABASE = app.config['DATABASE']
DOSSIER_PERSO = app.config['DOSSIER_APP'] DOSSIER_PERSO = app.config['DOSSIER_APP']
DATABASE = app.config['DATABASE'] DATABASE = app.config['DATABASE']
def login_required(f):
@wraps(f)
def decorated_function(*args, **kwargs):
if 'username' not in session:
return redirect(url_for('loginlogout.login', next=request.url))
return f(*args, **kwargs)
return decorated_function
def append_to_log(log_line, user): def append_to_log(log_line, user):
log_file=os.path.join(DOSSIER_PERSO, user, "log.txt") log_file=os.path.join(DOSSIER_PERSO, user, "log.txt")
logs=open(log_file, "r") logs=open(log_file, "r")

0
views/__init__.py Normal file
View File

182
views/blog.py
View File

@ -7,7 +7,6 @@ import sqlite3
from markdown import markdown from markdown import markdown
from tools.filesutils import getFileSizeKo from tools.filesutils import getFileSizeKo
import string import string
from tools.utils import login_required
blog = Blueprint('blog', __name__, template_folder='templates') blog = Blueprint('blog', __name__, template_folder='templates')
@ -25,108 +24,117 @@ DOSSIER_PUBLIC= app.config['DOSSIER_PUBLIC']+'/'
################################################################################ ################################################################################
@blog.route('/myblog/new-article/', methods=['GET', 'POST']) @blog.route('/myblog/new-article/', methods=['GET', 'POST'])
@login_required
def new_article(): def new_article():
user = '%s'% escape(session['username']) if 'username' in session:
folder_blog = DOSSIER_PERSO + user + "/blog/articles/" user = '%s'% escape(session['username'])
if request.method == 'POST': folder_blog = DOSSIER_PERSO + user + "/blog/articles/"
title = request.form['title'] if request.method == 'POST':
subtitle = request.form['subtitle'] title = request.form['title']
content = request.form['content'] subtitle = request.form['subtitle']
status = request.form['status'] content = request.form['content']
post_date = time.strftime("%d/%m/%Y %H:%M:%S") status = request.form['status']
filename = title.replace(" ", "_") + ".md" post_date = time.strftime("%d/%m/%Y %H:%M:%S")
filename = title.replace(" ", "_") + ".md"
conn = sqlite3.connect(DATABASE) # Connexion à la base de donnée
cursor = conn.cursor() # Création de l'objet "curseur"
cursor.execute("""INSERT INTO Blog_posts(title, subtitle, filename, time, author, status) VALUES(?, ?, ?, ?, ?, ?)""", (title, subtitle, filename, post_date, user, status)) # Insérer des valeurs
conn.commit()
## On génère le fichiers markdown
with open(folder_blog + filename, 'w') as f:
f.write(content)
return redirect(url_for('blog.list_articles_blog'))
else:
return render_template('new_article_blog.html')
else:
return redirect(BASE_URL, code=401)
@blog.route('/myblog/list-articles/', methods=['GET'])
def list_articles_blog():
if 'username' in session:
user = '%s'% escape(session['username'])
conn = sqlite3.connect(DATABASE) # Connexion à la base de donnée conn = sqlite3.connect(DATABASE) # Connexion à la base de donnée
cursor = conn.cursor() # Création de l'objet "curseur" cursor = conn.cursor() # Création de l'objet "curseur"
cursor.execute("""INSERT INTO Blog_posts(title, subtitle, filename, time, author, status) VALUES(?, ?, ?, ?, ?, ?)""", (title, subtitle, filename, post_date, user, status)) # Insérer des valeurs cursor.execute("""SELECT title, subtitle, time, last_updated, status FROM Blog_posts WHERE author=? """, (user,) )
conn.commit() list_posts=cursor.fetchall()
## On génère le fichiers markdown posts=list()
with open(folder_blog + filename, 'w') as f: nb_articles=0
f.write(content) for post in list_posts:
posts.append(dict(title=post[0],
return redirect(url_for('blog.list_articles_blog')) subtitle=post[1],
else: time=post[2],
return render_template('new_article_blog.html') last_updated=post[3],
status=post[4]))
@blog.route('/myblog/list-articles/', methods=['GET']) nb_articles =+ 1
@login_required
def list_articles_blog():
user = '%s'% escape(session['username'])
conn = sqlite3.connect(DATABASE) # Connexion à la base de donnée
cursor = conn.cursor() # Création de l'objet "curseur"
cursor.execute("""SELECT title, subtitle, time, last_updated, status FROM Blog_posts WHERE author=? """, (user,) )
list_posts=cursor.fetchall()
posts=list()
nb_articles=0
for post in list_posts:
posts.append(dict(title=post[0],
subtitle=post[1],
time=post[2],
last_updated=post[3],
status=post[4]))
nb_articles =+ 1
return render_template('list_articles.html', return render_template('list_articles.html',
section="Articles", section="Articles",
list_posts=posts, list_posts=posts,
nb_articles=nb_articles nb_articles=nb_articles
) )
else:
return redirect(BASE_URL, code=401)
@blog.route('/myblog/delete/<title>') @blog.route('/myblog/delete/<title>')
@login_required
def delete(title): def delete(title):
user='%s'% escape(session['username']) if 'username' in session :
folder_blog = DOSSIER_PERSO + user + "/blog/articles/" user='%s'% escape(session['username'])
folder_blog_public = DOSSIER_PUBLIC + user + "/blog/articles/" folder_blog = DOSSIER_PERSO + user + "/blog/articles/"
filename = title.replace(" ", "_") folder_blog_public = DOSSIER_PUBLIC + user + "/blog/articles/"
conn = sqlite3.connect(DATABASE) # Connexion à la base de donnée filename = title.replace(" ", "_")
cursor = conn.cursor() # Création de l'objet "curseur"
cursor.execute("""DELETE FROM Blog_posts WHERE title=? AND author=?""", (title, user))
conn.commit()
conn.close()
os.remove(folder_blog+filename+".md")
os.remove(folder_blog_public+filename+".html")
return redirect(url_for('blog.list_articles_blog'))
@blog.route('/myblog/edit/<title>', methods=['GET', 'POST'])
@login_required
def edit(title):
user='%s'% escape(session['username'])
filename = title.replace(" ", "_") + ".md"
folder_blog = DOSSIER_PERSO + user + "/blog/articles/"
if request.method == 'POST' :
subtitle = request.form['subtitle']
newcontent = request.form['content']
newstatus = request.form['status']
updated = time.strftime("%d/%m/%Y %H:%M:%S")
conn = sqlite3.connect(DATABASE)
cursor = conn.cursor()
cursor.execute("""UPDATE Blog_posts SET subtitle=?, last_updated=?, status=? WHERE title=? AND author=?""", (subtitle, updated, newstatus, title, user))
conn.commit()
conn.close()
with open(folder_blog + filename, 'w') as f:
f.write(newcontent)
return redirect(url_for('blog.list_articles_blog'))
else:
conn = sqlite3.connect(DATABASE) # Connexion à la base de donnée conn = sqlite3.connect(DATABASE) # Connexion à la base de donnée
cursor = conn.cursor() # Création de l'objet "curseur" cursor = conn.cursor() # Création de l'objet "curseur"
cursor.execute("""SELECT title, subtitle, status FROM Blog_posts WHERE title=? AND author=?""", (title, user)) cursor.execute("""DELETE FROM Blog_posts WHERE title=? AND author=?""", (title, user))
oldpost = cursor.fetchone() conn.commit()
conn.close() conn.close()
os.remove(folder_blog+filename+".md")
with open(folder_blog + filename, 'r') as f: os.remove(folder_blog_public+filename+".html")
content = f.read() return redirect(url_for('blog.list_articles_blog'))
else:
return redirect(BASE_URL, code=401) # sinon on redirige vers login
@blog.route('/myblog/edit/<title>', methods=['GET', 'POST'])
def edit(title):
if 'username' in session :
user='%s'% escape(session['username'])
filename = title.replace(" ", "_") + ".md"
folder_blog = DOSSIER_PERSO + user + "/blog/articles/"
if request.method == 'POST' :
subtitle = request.form['subtitle']
newcontent = request.form['content']
newstatus = request.form['status']
updated = time.strftime("%d/%m/%Y %H:%M:%S")
conn = sqlite3.connect(DATABASE)
cursor = conn.cursor()
cursor.execute("""UPDATE Blog_posts SET subtitle=?, last_updated=?, status=? WHERE title=? AND author=?""", (subtitle, updated, newstatus, title, user))
conn.commit()
conn.close()
with open(folder_blog + filename, 'w') as f:
f.write(newcontent)
return redirect(url_for('blog.list_articles_blog'))
else:
conn = sqlite3.connect(DATABASE) # Connexion à la base de donnée
cursor = conn.cursor() # Création de l'objet "curseur"
cursor.execute("""SELECT title, subtitle, status FROM Blog_posts WHERE title=? AND author=?""", (title, user))
oldpost = cursor.fetchone()
conn.close()
with open(folder_blog + filename, 'r') as f:
content = f.read()
return render_template('edit_article.html',
section='Post-it',
oldpost=oldpost,
content=content)
else:
return redirect(BASE_URL, code=401)
return render_template('edit_article.html',
section='Post-it',
oldpost=oldpost,
content=content)
@blog.route('/blog/<username>/', methods=['GET']) @blog.route('/blog/<username>/', methods=['GET'])
def view(username): def view(username):
user = username user = username

267
views/filesupload.py
View File

@ -9,7 +9,6 @@ import sqlite3
import os import os
from shutil import move from shutil import move
from tools.filesutils import getFileSizeMo, getFileSizeKo, check_and_create from tools.filesutils import getFileSizeMo, getFileSizeKo, check_and_create
from tools.utils import login_required
filesupload = Blueprint('filesupload', __name__, template_folder='templates') filesupload = Blueprint('filesupload', __name__, template_folder='templates')
@ -29,154 +28,163 @@ BASE_URL= app.config['BASE_URL']
@filesupload.route( '/filesupload/', methods=['GET', 'POST']) @filesupload.route( '/filesupload/', methods=['GET', 'POST'])
@login_required
def uploadfiles(): def uploadfiles():
user = '%s'% escape(session['username']) if 'username' in session :
if request.method == 'POST' : user = '%s'% escape(session['username'])
if request.method == 'POST' :
if 'fic' not in request.files: files = request.files.getlist('fic')
flash(u'Mauvais format de ficher', 'error') for f in files :
return redirect(request.url) nom = secure_filename(f.filename)
file = request.files['fic'] check_and_create(DOSSIER_PERSO+ user + 'files')
check_and_create(DOSSIER_PERSO+ user + 'images')
# If the user does not select a file, the browser submits an if os.path.isfile(DOSSIER_PERSO + user + '/files/' + nom) or os.path.isfile(DOSSIER_PERSO + user + '/images/' + nom):
# empty file without a filename. flash(u'Un fichier avec le même nom existe déjà, merci de spécifier un autre nom de fichier', 'error')
if file.filename == '': else:
flash(u'Vous avez oubliez de selectionner un fichier', 'error' ) file, ext = os.path.splitext(nom)
return redirect(request.url) if ext in extensionimg :
f.save(DOSSIER_PERSO + user + '/images/' + nom)
files = request.files.getlist('fic') image = DOSSIER_PERSO + user + '/images/' + nom
for f in files : with Image.open(image) as img :
nom = secure_filename(f.filename) img.thumbnail((300,300))
check_and_create(DOSSIER_PERSO+ user + 'files') img.save( DOSSIER_PERSO + user + '/images/thumbnails/' + nom )
check_and_create(DOSSIER_PERSO+ user + 'images') TIME=time.strftime("%A %d %B %Y %H:%M:%S")
if os.path.isfile(DOSSIER_PERSO + user + '/files/' + nom) or os.path.isfile(DOSSIER_PERSO + user + '/images/' + nom): IP=request.environ['REMOTE_ADDR']
flash(u'Un fichier avec le même nom existe déjà, merci de spécifier un autre nom de fichier', 'error') CLIENT_PLATFORM=request.headers.get('User-Agent')
else: log_file=os.path.join(DOSSIER_PERSO, user, "log.txt")
file, ext = os.path.splitext(nom) LOG=open(log_file, "a")
if ext in extensionimg : LOG.write (TIME + ' - ' + IP + ' - ' + user + ' - ' + CLIENT_PLATFORM + '\n' + '---> ' + nom + '\n')
f.save(DOSSIER_PERSO + user + '/images/' + nom) LOG.close()
image = DOSSIER_PERSO + user + '/images/' + nom flash(u'Image envoyée et traitée avec succés', 'succes')
with Image.open(image) as img : else:
img.thumbnail((300,300)) f.save(DOSSIER_PERSO + user + '/files/' + nom)
img.save( DOSSIER_PERSO + user + '/images/thumbnails/' + nom ) TIME=time.strftime("%A %d %B %Y %H:%M:%S")
TIME=time.strftime("%A %d %B %Y %H:%M:%S") IP=request.environ['REMOTE_ADDR']
IP=request.environ['REMOTE_ADDR'] CLIENT_PLATFORM=request.headers.get('User-Agent')
CLIENT_PLATFORM=request.headers.get('User-Agent') LOG=open("log.txt", "a") # Ouvre fichier log.txt
log_file=os.path.join(DOSSIER_PERSO, user, "log.txt") LOG.write (TIME + ' - ' + IP + ' - ' + user + ' - ' + CLIENT_PLATFORM + '\n' + '---> ' + nom + '\n') # Écrit dans log
LOG=open(log_file, "a") LOG.close() # Ferme log.txt
LOG.write (TIME + ' - ' + IP + ' - ' + user + ' - ' + CLIENT_PLATFORM + '\n' + '---> ' + nom + '\n') flash(u'Fichier envoyé avec succés', 'succes')
LOG.close()
flash(u'Image envoyée et traitée avec succés', 'succes')
else:
f.save(DOSSIER_PERSO + user + '/files/' + nom)
TIME=time.strftime("%A %d %B %Y %H:%M:%S")
IP=request.environ['REMOTE_ADDR']
CLIENT_PLATFORM=request.headers.get('User-Agent')
LOG=open("log.txt", "a") # Ouvre fichier log.txt
LOG.write (TIME + ' - ' + IP + ' - ' + user + ' - ' + CLIENT_PLATFORM + '\n' + '---> ' + nom + '\n') # Écrit dans log
LOG.close() # Ferme log.txt
flash(u'Fichier envoyé avec succés', 'succes')
else:
resp = make_response(render_template('up_up.html', section="Upload")) flash(u'Error : Vous avez oublié le fichier !', 'error')
resp.set_cookie('username', session['username']) return redirect(url_for('filesupload.uploadfiles'))
return resp resp = make_response(render_template('up_up.html', section="Upload"))
resp.set_cookie('username', session['username'])
return resp
else :
return redirect(BASE_URL, code=401)
@filesupload.route('/view/') @filesupload.route('/view/')
@login_required
def list(): def list():
if 'username' in session :
user = '%s'% escape(session['username']) user = '%s'% escape(session['username'])
check_and_create(DOSSIER_PUBLIC + user + '/files/')
check_and_create(DOSSIER_PERSO + user + '/files/')
files_public = os.listdir(DOSSIER_PUBLIC + user + '/files/')
files_private = os.listdir(DOSSIER_PERSO + user + '/files/')
listFilesPublic = []
listFilesPrivate = []
nb_pv = 0
size=0
if files_private:
for fich in files_private:
nb_pv += 1
size = getFileSizeMo(DOSSIER_PERSO + user + '/files/' + fich) # size = taille des fichiers
listFilesPrivate.append([nb_pv, fich, size]) # On implémente la listeFichiers avec le num le ficier et sa taille
nb_pu = 0 check_and_create(DOSSIER_PUBLIC + user + '/files/')
if files_public: check_and_create(DOSSIER_PERSO + user + '/files/')
for fich in files_public: files_public = os.listdir(DOSSIER_PUBLIC + user + '/files/')
nb_pu += 1 files_private = os.listdir(DOSSIER_PERSO + user + '/files/')
size = getFileSizeMo(DOSSIER_PUBLIC + user + '/files/' + fich) # size = taille des fichiers listFilesPublic = []
listFilesPublic.append([nb_pu, fich, size]) listFilesPrivate = []
nb_pv = 0
size=0
if files_private:
for fich in files_private:
nb_pv += 1
size = getFileSizeMo(DOSSIER_PERSO + user + '/files/' + fich) # size = taille des fichiers
listFilesPrivate.append([nb_pv, fich, size]) # On implémente la listeFichiers avec le num le ficier et sa taille
return render_template('up_list.html', nb_pu = 0
section="Files", if files_public:
size=size, for fich in files_public:
username=user, nb_pu += 1
nb_pv=nb_pv, size = getFileSizeMo(DOSSIER_PUBLIC + user + '/files/' + fich) # size = taille des fichiers
nb_pu=nb_pu, listFilesPublic.append([nb_pu, fich, size])
listFilesPrivate=listFilesPrivate,
listFilesPublic=listFilesPublic) return render_template('up_list.html',
section="Files",
size=size,
username=user,
nb_pv=nb_pv,
nb_pu=nb_pu,
listFilesPrivate=listFilesPrivate,
listFilesPublic=listFilesPublic)
else :
return redirect(BASE_URL, code=401)
@filesupload.route('/myfiles/<username>/<filename>') @filesupload.route('/myfiles/<username>/<filename>')
@login_required
def myfiles(username, filename): def myfiles(username, filename):
user = '%s' % escape(session['username']) if 'username' in session :
return send_from_directory( user = '%s' % escape(session['username'])
os.path.join(DOSSIER_PERSO, username, 'files'), filename ) return send_from_directory(
os.path.join(DOSSIER_PERSO, username, 'files'), filename )
@filesupload.route('/make_public/<filename>') else :
@login_required return redirect(BASE_URL, code=401)
def move_public(filename):
user = '%s' % escape(session['username']) @filesupload.route('/make_public/<filename>')
check_and_create(DOSSIER_PUBLIC + user + '/files/') def move_public(filename):
check_and_create(DOSSIER_PERSO + user + '/files/') if 'username' in session:
user = '%s' % escape(session['username'])
check_and_create(DOSSIER_PUBLIC + user + '/files/')
check_and_create(DOSSIER_PERSO + user + '/files/')
src = os.path.join(DOSSIER_PERSO, user, 'files', filename)
dst = os.path.join(DOSSIER_PUBLIC, user, 'files/')
move (src, dst)
return redirect(url_for('filesupload.list', _external=True))
else:
return redirect(BASE_URL, code=401)
src = os.path.join(DOSSIER_PERSO, user, 'files', filename)
dst = os.path.join(DOSSIER_PUBLIC, user, 'files/')
move (src, dst)
return redirect(url_for('filesupload.list', _external=True))
@filesupload.route('/make_private/<filename>') @filesupload.route('/make_private/<filename>')
@login_required
def move_private(filename): def move_private(filename):
user = '%s' % escape(session['username']) if 'username' in session:
check_and_create(DOSSIER_PUBLIC + user + '/files/') user = '%s' % escape(session['username'])
check_and_create(DOSSIER_PERSO + user + '/files/') check_and_create(DOSSIER_PUBLIC + user + '/files/')
src = os.path.join(DOSSIER_PUBLIC, user, 'files', filename) check_and_create(DOSSIER_PERSO + user + '/files/')
dst = os.path.join(DOSSIER_PERSO, user, 'files/') src = os.path.join(DOSSIER_PUBLIC, user, 'files', filename)
move (src, dst) dst = os.path.join(DOSSIER_PERSO, user, 'files/')
return redirect(url_for('filesupload.list', _external=True)) move (src, dst)
return redirect(url_for('filesupload.list', _external=True))
else:
return redirect(BASE_URL, code=401)
@filesupload.route('/public/<username>/<filename>')
def publicfiles(username, filename):
return send_from_directory(
os.path.join(DOSSIER_PUBLIC, username, 'files'), filename )
@filesupload.route('/remove_privateFile/<filename>') @filesupload.route('/remove_privateFile/<filename>')
@login_required
def remove_privateFile(filename): def remove_privateFile(filename):
user = '%s' % escape(session['username']) if 'username' in session :
filename = secure_filename(filename) user = '%s' % escape(session['username'])
try: filename = secure_filename(filename)
os.remove(DOSSIER_PERSO + user + '/files/' + filename) # on le supprime try:
except FileNotFoundError: os.remove(DOSSIER_PERSO + user + '/files/' + filename) # on le supprime
flash(u'Fichier {filename} inexistant.'.format(filename=filename), 'error') except FileNotFoundError:
return redirect(url_for('filesupload.list', _external=True)) flash(u'Fichier {filename} inexistant.'.format(filename=filename), 'error')
return redirect(url_for('filesupload.list', _external=True))
else :
return redirect(BASE_URL, code=401)
@filesupload.route('/remove_publicFile/<filename>') @filesupload.route('/remove_publicFile/<filename>')
@login_required
def remove_publicFile(filename): def remove_publicFile(filename):
user = '%s' % escape(session['username']) if 'username' in session :
filename = secure_filename(filename) user = '%s' % escape(session['username'])
try: filename = secure_filename(filename)
os.remove(DOSSIER_PUBLIC + user + '/files/' + filename) # on le supprime try:
except FileNotFoundError: os.remove(DOSSIER_PUBLIC + user + '/files/' + filename) # on le supprime
flash(u'Fichier {filename} inexistant.'.format(filename=filename), 'error') except FileNotFoundError:
return redirect(url_for('filesupload.list', _external=True)) flash(u'Fichier {filename} inexistant.'.format(filename=filename), 'error')
return redirect(url_for('filesupload.list', _external=True))
else :
return redirect(BASE_URL, code=401)
@filesupload.route('/theme.min.css') @filesupload.route('/theme.min.css')
def theme(): def theme():
if 'username' in session: if 'username' in session:
@ -185,8 +193,3 @@ def theme():
return send_file(DOSSIER_PERSO+ user +'/theme.min.css', mimetype='text/css') return send_file(DOSSIER_PERSO+ user +'/theme.min.css', mimetype='text/css')
else: else:
return send_file("static/default.min.css", mimetype='text/css') return send_file("static/default.min.css", mimetype='text/css')
@filesupload.route('/public/<username>/<filename>')
def publicfiles(username, filename):
return send_from_directory(
os.path.join(DOSSIER_PUBLIC, username, 'files'), filename )

84
views/gallery.py
View File

@ -8,7 +8,6 @@ import time
import sqlite3 import sqlite3
import os import os
from tools.filesutils import check_and_create from tools.filesutils import check_and_create
from tools.utils import login_required
mygallery = Blueprint('mygallery', __name__, template_folder='templates') mygallery = Blueprint('mygallery', __name__, template_folder='templates')
@ -26,56 +25,61 @@ DATABASE = app.config['DATABASE']
################################################################################################# #################################################################################################
@mygallery.route( '/gallery/') @mygallery.route( '/gallery/')
@login_required
def gallery(): def gallery():
user ='%s' % escape(session['username']) if 'username' in session :
check_and_create(DOSSIER_PUBLIC + user + '/images/') user ='%s' % escape(session['username'])
check_and_create(DOSSIER_PUBLIC + user + '/images/thumbnails/') check_and_create(DOSSIER_PUBLIC + user + '/images/')
check_and_create(DOSSIER_PERSO + user + '/images/') check_and_create(DOSSIER_PUBLIC + user + '/images/thumbnails/')
check_and_create(DOSSIER_PERSO + user + '/images/thumbnails/') check_and_create(DOSSIER_PERSO + user + '/images/')
THUMBNAILS=DOSSIER_PERSO + user + '/images/thumbnails/' check_and_create(DOSSIER_PERSO + user + '/images/thumbnails/')
fichiers = [fich for fich in os.listdir(THUMBNAILS)] THUMBNAILS=DOSSIER_PERSO + user + '/images/thumbnails/'
return render_template('gallery.html', fichiers = [fich for fich in os.listdir(THUMBNAILS)]
section='Gallery', return render_template('gallery.html',
THUMBNAILS=THUMBNAILS, section='Gallery',
fichiers=fichiers) THUMBNAILS=THUMBNAILS,
fichiers=fichiers)
else :
return redirect(url_for('loginlogout.login'), code=401)
@mygallery.route('/myfiles/images/<filename>') @mygallery.route('/myfiles/images/<filename>')
@login_required
def myimg(filename): def myimg(filename):
UTILISATEUR='%s' % escape(session['username']) if 'username' in session :
return send_from_directory( UTILISATEUR='%s' % escape(session['username'])
os.path.join(DOSSIER_PERSO, UTILISATEUR, 'images'), filename ) return send_from_directory(
os.path.join(DOSSIER_PERSO, UTILISATEUR, 'images'), filename )
else :
return redirect(BASE_URL, code=401)
@mygallery.route('/myfiles/images/thumbnails/<filename>') @mygallery.route('/myfiles/images/thumbnails/<filename>')
@login_required
def mythumbnails(filename): def mythumbnails(filename):
UTILISATEUR='%s' % escape(session['username']) if 'username' in session :
return send_from_directory( UTILISATEUR='%s' % escape(session['username'])
os.path.join(DOSSIER_PERSO, UTILISATEUR, 'images/thumbnails'), filename ) return send_from_directory(
os.path.join(DOSSIER_PERSO, UTILISATEUR, 'images/thumbnails'), filename )
else :
return redirect(BASE_URL, code=401)
@mygallery.route('/remove_privateImage/<filename>') @mygallery.route('/remove_privateImage/<filename>')
@login_required
def remove_privateImage(filename): def remove_privateImage(filename):
user = '%s' % escape(session['username']) if 'username' in session :
filename = secure_filename(filename) user = '%s' % escape(session['username'])
try: filename = secure_filename(filename)
os.remove(DOSSIER_PERSO + user + '/images/thumbnails/' + filename) # on le supprime try:
os.remove(DOSSIER_PERSO + user + '/images/' + filename) # on le supprime os.remove(DOSSIER_PERSO + user + '/images/thumbnails/' + filename) # on le supprime
except FileNotFoundError: os.remove(DOSSIER_PERSO + user + '/images/' + filename) # on le supprime
flash(u'Image {filename} inexistante.'.format(filename=filename), 'error') except FileNotFoundError:
return redirect(url_for('mygallery.gallery')) flash(u'Image {filename} inexistante.'.format(filename=filename), 'error')
return redirect(url_for('mygallery.gallery'))
@mygallery.route('/remove_publicImage/<filename>') @mygallery.route('/remove_publicImage/<filename>')
@login_required
def remove_publicImage(filename): def remove_publicImage(filename):
user = '%s' % escape(session['username']) if 'username' in session :
filename = secure_filename(filename) user = '%s' % escape(session['username'])
try: filename = secure_filename(filename)
os.remove(DOSSIER_PUBLIC + user + '/images/thumbnails/' + filename) # on le supprime try:
os.remove(DOSSIER_PUBLIC + user + '/images/' + filename) # on le supprime os.remove(DOSSIER_PUBLIC + user + '/images/thumbnails/' + filename) # on le supprime
except FileNotFoundError: os.remove(DOSSIER_PUBLIC + user + '/images/' + filename) # on le supprime
flash(u'Image {filename} inexistante.'.format(filename=filename), 'error') except FileNotFoundError:
return redirect(url_for('mygallery.gallery')) flash(u'Image {filename} inexistante.'.format(filename=filename), 'error')
return redirect(url_for('mygallery.gallery'))

146
views/loginlogout.py
View File

@ -6,7 +6,6 @@ from socket import gethostname
from os import remove, system from os import remove, system
from tools.utils import email_disp, valid_token_register, valid_passwd, valid_username, gen_token, totp_is_valid from tools.utils import email_disp, valid_token_register, valid_passwd, valid_username, gen_token, totp_is_valid
from tools.mailer import Mailer from tools.mailer import Mailer
from tools.utils import login_required
app = Flask( 'pywallter' ) app = Flask( 'pywallter' )
app.config.from_pyfile('config.py') app.config.from_pyfile('config.py')
@ -30,34 +29,8 @@ BACKUP_TIME = app.config['BACKUP_TIME']
loginlogout = Blueprint('loginlogout', __name__, template_folder='templates') loginlogout = Blueprint('loginlogout', __name__, template_folder='templates')
@loginlogout.route( '/' )
def index():
conn = sqlite3.connect(DATABASE) # Connexion à la base de donnée
cursor = conn.cursor() # Création de l'objet "curseur"
cursor.execute("""SELECT token passwd FROM users where name=? """, ("pywallter", ))
tmp = cursor.fetchone()
conn.close
if tmp:
token = tmp[0]
else:
token = None
if 'username' in session :
return redirect(url_for('profil.profile'))
else :
if token:
hostname = gethostname()
url_inscription = BASE_URL+'inscription/'+token
return render_template('inscription.html', signin_enable=app.config['SIGNIN_ENABLE'],
token=token, hostname=hostname,
url_inscription=url_inscription,
MAIL_SERVER=MAIL_SERVER)
else:
return redirect(url_for('loginlogout.login', _external=True))
@loginlogout.route( '/login/', methods=['GET','POST'] ) @loginlogout.route( '/login/', methods=['GET','POST'] )
def login(): def login() :
if 'username' in session : if 'username' in session :
resp = redirect(url_for('profil.profile', _external=True)) resp = redirect(url_for('profil.profile', _external=True))
else : else :
@ -90,66 +63,65 @@ def login():
@loginlogout.route( '/logout/' ) @loginlogout.route( '/logout/' )
@login_required
def logout(): def logout():
session.pop('username', None) # Supprimer username de la session s'il s'y trouve session.pop('username', None) # Supprimer username de la session s'il s'y trouve
return redirect(url_for('loginlogout.index')) return redirect(url_for('loginlogout.index'))
@loginlogout.route( '/delete_me/', methods=['GET','POST']) @loginlogout.route( '/delete_me/', methods=['GET','POST'])
@login_required
def delete_account(): def delete_account():
user='%s'% escape(session['username']) if 'username' in session :
resp = render_template('delete_account.html', time_backup=BACKUP_TIME) user='%s'% escape(session['username'])
if request.method == 'POST' : resp = render_template('delete_account.html', time_backup=BACKUP_TIME)
conn = sqlite3.connect(DATABASE) # Connexion à la base de donnée if request.method == 'POST' :
cursor = conn.cursor() # Création de l'objet "curseur" conn = sqlite3.connect(DATABASE) # Connexion à la base de donnée
cursor.execute("""SELECT passwd FROM users WHERE name=?""", (user,)) cursor = conn.cursor() # Création de l'objet "curseur"
passwd = cursor.fetchone()[0].decode() cursor.execute("""SELECT passwd FROM users WHERE name=?""", (user,))
conn.close() passwd = cursor.fetchone()[0].decode()
password = request.form['passwd'] conn.close()
if bcrypt.check_password_hash(passwd, password) is True: password = request.form['passwd']
not_error = True if bcrypt.check_password_hash(passwd, password) is True:
try: not_error = True
cmd = 'rm -r ' + DATAS_USER + '/' + user
if system(cmd) != 0:
raise TypeError("Remove directory error")
except:
not_error = False
flash(u'Erreur lors de la suppression de votre dossier utilisateur.', 'error')
if MAIL_SERVER:
try: try:
cmd = SETUID + ' set_mail_passwd del' + '"'+mail+'"' cmd = 'rm -r ' + DATAS_USER + '/' + user
system(cmd) if system(cmd) != 0:
raise TypeError("Remove directory error")
except: except:
not_error = False not_error = False
flash(u'Erreur lors de la suppression de votre compte Mail.', 'error') flash(u'Erreur lors de la suppression de votre dossier utilisateur.', 'error')
if MAIL_SERVER:
try:
cmd = SETUID + ' set_mail_passwd del' + '"'+mail+'"'
system(cmd)
except:
not_error = False
flash(u'Erreur lors de la suppression de votre compte Mail.', 'error')
if XMPP_SERVER: if XMPP_SERVER:
try: try:
tmp = mail.split('@') tmp = mail.split('@')
cmd = SETUID+ ' prosodyctl deluser ' "'"+tmp[0]+"' " + "'"+tmp[1]+"'" cmd = SETUID+ ' prosodyctl deluser ' "'"+tmp[0]+"' " + "'"+tmp[1]+"'"
system(cmd) system(cmd)
except: except:
not_error = False not_error = False
flash(u'Erreur lors de la suppression de votre compte XMPP.', 'error') flash(u'Erreur lors de la suppression de votre compte XMPP.', 'error')
if not_error: if not_error:
try: try:
conn = sqlite3.connect(DATABASE) conn = sqlite3.connect(DATABASE)
cursor = conn.cursor() cursor = conn.cursor()
cursor.execute("""DELETE FROM users WHERE name=?""", (user,)) cursor.execute("""DELETE FROM users WHERE name=?""", (user,))
conn.commit() conn.commit()
conn.close() conn.close()
except: except:
flash(u'Erreur lors de la suppression de votre compte.', 'error') flash(u'Erreur lors de la suppression de votre compte.', 'error')
else:
flash(u'Désinscription réalisé avec succés, y\'a plus rien !', 'succes')
resp = redirect(url_for('loginlogout.logout'))
else: else:
flash(u'Désinscription réalisé avec succés, y\'a plus rien !', 'succes') flash(u'Mauvais mot de passe', 'error')
resp = redirect(url_for('loginlogout.logout')) return resp
else:
flash(u'Mauvais mot de passe', 'error')
return resp
@loginlogout.route( '/lost_password/', methods=['GET', 'POST']) @loginlogout.route( '/lost_password/', methods=['GET', 'POST'])
@ -188,3 +160,27 @@ def lost_password():
return render_template('lost_password.html') return render_template('lost_password.html')
@loginlogout.route( '/' )
def index():
conn = sqlite3.connect(DATABASE) # Connexion à la base de donnée
cursor = conn.cursor() # Création de l'objet "curseur"
cursor.execute("""SELECT token passwd FROM users where name=? """, ("pywallter", ))
tmp = cursor.fetchone()
conn.close
if tmp:
token = tmp[0]
else:
token = None
if 'username' in session :
return redirect(url_for('profil.profile'))
else :
if token:
hostname = gethostname()
url_inscription = BASE_URL+'inscription/'+token
return render_template('inscription.html', signin_enable=app.config['SIGNIN_ENABLE'],
token=token, hostname=hostname,
url_inscription=url_inscription,
MAIL_SERVER=MAIL_SERVER)
else:
return redirect(url_for('loginlogout.login', _external=True))

17
views/logs.py
View File

@ -1,7 +1,6 @@
from flask import Blueprint, Flask, request, flash, render_template, url_for, session, redirect, abort, make_response, send_file from flask import Blueprint, Flask, request, flash, render_template, url_for, session, redirect, abort, make_response, send_file
import glob, os, sys import glob, os, sys
from markupsafe import escape from markupsafe import escape
from tools.utils import login_required
logs = Blueprint('logs', __name__, template_folder='templates') logs = Blueprint('logs', __name__, template_folder='templates')
@ -20,11 +19,13 @@ DATABASE = app.config['DATABASE']
@logs.route('/logs/') @logs.route('/logs/')
@login_required
def logfile(): def logfile():
UTILISATEUR='%s'% escape(session['username']) if 'username' in session:
log_file=os.path.join(DOSSIER_PERSO, UTILISATEUR, "log.txt") UTILISATEUR='%s'% escape(session['username'])
with open(log_file, 'r') as log: log_file=os.path.join(DOSSIER_PERSO, UTILISATEUR, "log.txt")
logs=log.readlines() with open(log_file, 'r') as log:
log.close() logs=log.readlines()
return render_template('logs.html', section="Logs", logs=logs) log.close()
return render_template('logs.html', section="Logs", logs=logs)
else :
return redirect(url_for('loginlogout.login', _external=True), code=401)

4
views/mymailbox.py
View File

@ -7,7 +7,7 @@ import sqlite3
import os import os
from shutil import copy from shutil import copy
from socket import gethostname from socket import gethostname
from tools.utils import email_disp, append_to_log, gen_token, valid_passwd, login_required from tools.utils import email_disp, append_to_log, gen_token, valid_passwd
@ -35,7 +35,6 @@ BACKUP_TIME = app.config['BACKUP_TIME']
@mymailbox.route('/mymailbox/alias', methods=['GET', 'POST'] ) @mymailbox.route('/mymailbox/alias', methods=['GET', 'POST'] )
@login_required
def myalias(): def myalias():
hostname=gethostname() hostname=gethostname()
UTILISATEUR='%s' % escape(session['username']) UTILISATEUR='%s' % escape(session['username'])
@ -95,7 +94,6 @@ def myalias():
@mymailbox.route('/mymailbox/rmalias/<aliasrm>') @mymailbox.route('/mymailbox/rmalias/<aliasrm>')
@login_required
def remove_alias(aliasrm): def remove_alias(aliasrm):
if MAIL_SERVER: if MAIL_SERVER:
UTILISATEUR='%s' % escape(session['username']) UTILISATEUR='%s' % escape(session['username'])

397
views/profil.py
View File

@ -8,7 +8,7 @@ import os
from shutil import copy from shutil import copy
from socket import gethostname from socket import gethostname
from flask_bcrypt import Bcrypt from flask_bcrypt import Bcrypt
from tools.utils import email_disp, append_to_log, gen_token, valid_passwd, valid_token_register, get_user_by_token, totp_is_valid, login_required from tools.utils import email_disp, append_to_log, gen_token, valid_passwd, valid_token_register, get_user_by_token, totp_is_valid
from pyotp import random_base32 from pyotp import random_base32
import qrcode import qrcode
@ -38,51 +38,54 @@ BACKUP_TIME = app.config['BACKUP_TIME']
@profil.route( '/profil/<user>/<img>', methods=['GET'] ) @profil.route( '/profil/<user>/<img>', methods=['GET'] )
@login_required
def profil_img(user, img) : def profil_img(user, img) :
return send_from_directory( os.path.join(DOSSIER_PERSO, user, 'profile'), img ) if 'username' in session :
return send_from_directory( os.path.join(DOSSIER_PERSO, user, 'profile'), img )
else:
return redirect(BASE_URL, code=401)
@profil.route('/profil/', methods=['GET','POST']) @profil.route('/profil/', methods=['GET','POST'])
@login_required
def profile() : def profile() :
user='%s' % escape(session['username']) if 'username' in session :
conn = sqlite3.connect(DATABASE) # Connexion à la base de donnée user='%s' % escape(session['username'])
cursor = conn.cursor() # Création de l'objet "curseur" conn = sqlite3.connect(DATABASE) # Connexion à la base de donnée
cursor.execute("""SELECT avatar, nom, prenom, age, Mail_rescue FROM users WHERE name=?""", (user,)) cursor = conn.cursor() # Création de l'objet "curseur"
tmp = (cursor.fetchone()) cursor.execute("""SELECT avatar, nom, prenom, age, Mail_rescue FROM users WHERE name=?""", (user,))
profil_user = dict() tmp = (cursor.fetchone())
profil_user['avatar'] = tmp[0] profil_user = dict()
profil_user['nom'] = tmp[1] profil_user['avatar'] = tmp[0]
profil_user['prenom'] = tmp[2] profil_user['nom'] = tmp[1]
profil_user['age'] = tmp[3] profil_user['prenom'] = tmp[2]
profil_user['mail_rescue'] = tmp[4] profil_user['age'] = tmp[3]
conn.close() profil_user['mail_rescue'] = tmp[4]
conn.close()
if request.method == 'POST' : if request.method == 'POST' :
f = request.files['fic'] f = request.files['fic']
if request.form['theme'] != "Default": if request.form['theme'] != "Default":
copy( "static/vendors/picocss/pico.fluid.classless."+request.form['theme']+".min.css", copy( "static/vendors/picocss/pico.fluid.classless."+request.form['theme']+".min.css",
DOSSIER_PERSO+ user +'/theme.min.css' ) DOSSIER_PERSO+ user +'/theme.min.css' )
if request.form['nom']: if request.form['nom']:
profil_user['nom'] = request.form['nom'] profil_user['nom'] = request.form['nom']
if request.form['prenom']: if request.form['prenom']:
profil_user['prenom'] = request.form['prenom'] profil_user['prenom'] = request.form['prenom']
if request.form['age']: if request.form['age']:
profil_user['age'] = request.form['age'] profil_user['age'] = request.form['age']
if '@' in request.form['mail_rescue']: if '@' in request.form['mail_rescue']:
if len(request.form['mail_rescue']) > 4: if len(request.form['mail_rescue']) > 4:
profil_user['mail_rescue'] = request.form['mail_rescue'] profil_user['mail_rescue'] = request.form['mail_rescue']
else: else:
flash(u'Adresse de courriel invalide', 'error') flash(u'Adresse de courriel invalide', 'error')
else: else:
flash(u'Adresse de courriel de secour invalide', 'error') flash(u'Adresse de courriel de secour invalide', 'error')
if f: # On vérifie qu'un fichier a bien été envoyé if f: # On vérifie qu'un fichier a bien été envoyé
nom = secure_filename(f.filename) nom = secure_filename(f.filename)
f.save(DOSSIER_PERSO + user + '/profile/' + nom) f.save(DOSSIER_PERSO + user + '/profile/' + nom)
image = DOSSIER_PERSO + user + '/profile/' + nom image = DOSSIER_PERSO + user + '/profile/' + nom
@ -99,7 +102,7 @@ def profile() :
conn.close() conn.close()
flash(u'Image de profil mise à jour', 'success') flash(u'Image de profil mise à jour', 'success')
else: else:
conn = sqlite3.connect(DATABASE) # Connexion à la base de donnée conn = sqlite3.connect(DATABASE) # Connexion à la base de donnée
cursor = conn.cursor() # Création de l\'objet "curseur" cursor = conn.cursor() # Création de l\'objet "curseur"
cursor.execute("UPDATE users SET nom=?, prenom=?, age=?, mail_rescue=? WHERE name=?", cursor.execute("UPDATE users SET nom=?, prenom=?, age=?, mail_rescue=? WHERE name=?",
@ -111,53 +114,56 @@ def profile() :
return render_template('profil.html', return render_template('profil.html',
section="Profil", section="Profil",
profil=profil_user, profil=profil_user,
username=user) username=user)
else :
return redirect(BASE_URL, code=401)
@profil.route('/profil/homepage', methods=['GET'] ) @profil.route('/profil/homepage', methods=['GET'] )
@login_required
def homepage(): def homepage():
username='%s' % escape(session['username']) if 'username' in session :
username='%s' % escape(session['username'])
return render_template('homepage.html',
section="Profil", return render_template('homepage.html',
username=username) section="Profil",
username=username)
@profil.route('/profil/change-password/', methods=['GET','POST'] ) @profil.route('/profil/change-password/', methods=['GET','POST'] )
@login_required
def change_passwd() : def change_passwd() :
user='%s' % escape(session['username']) if 'username' in session:
conn = sqlite3.connect(DATABASE) # Connexion à la base de donnée user='%s' % escape(session['username'])
cursor = conn.cursor() # Création de l'objet "curseur" conn = sqlite3.connect(DATABASE) # Connexion à la base de donnée
cursor.execute("""SELECT Mail, alias, xmpp, totp FROM users WHERE name=?""", (user,)) cursor = conn.cursor() # Création de l'objet "curseur"
tmp = cursor.fetchone() cursor.execute("""SELECT Mail, alias, xmpp, totp FROM users WHERE name=?""", (user,))
shared_key_validate=True tmp = cursor.fetchone()
account = dict() shared_key_validate=True
account['Mail'] = tmp[0] account = dict()
account['alias'] = tmp[1] account['Mail'] = tmp[0]
account['xmpp'] = tmp[2] account['alias'] = tmp[1]
account['totp'] = tmp[3] account['xmpp'] = tmp[2]
account['totp'] = tmp[3]
if request.method == 'POST' : if request.method == 'POST' :
password = request.form['password'] password = request.form['password']
password_confirm = request.form['passwd_confirm'] password_confirm = request.form['passwd_confirm']
if not(password == "") and password == password_confirm and valid_passwd(password): if not(password == "") and password == password_confirm and valid_passwd(password):
mail_passwd_change = 0 mail_passwd_change = 0
xmpp_passwd_change = 0 xmpp_passwd_change = 0
passwd = request.form['password'] passwd = request.form['password']
if MAIL_SERVER: if MAIL_SERVER:
cmd = SETUID+ ' set_mail_passwd ' + '"'+account['Mail']+'" '+ '"'+passwd+'"' cmd = SETUID+ ' set_mail_passwd ' + '"'+account['Mail']+'" '+ '"'+passwd+'"'
mail_passwd_change = os.system(cmd) mail_passwd_change = os.system(cmd)
if XMPP_SERVER: if XMPP_SERVER:
@ -179,32 +185,34 @@ def change_passwd() :
log=TIME + ' - ' + IP + ' - ' + user + ' - ' + CLIENT_PLATFORM + '\n' + '---> ' + "Changement du mot de passe" + '\n' log=TIME + ' - ' + IP + ' - ' + user + ' - ' + CLIENT_PLATFORM + '\n' + '---> ' + "Changement du mot de passe" + '\n'
append_to_log(log, user) append_to_log(log, user)
flash(u'Votre mot de passe a été changé', 'success') flash(u'Votre mot de passe a été changé', 'success')
else: else:
if not( valid_passwd(password) ): if not( valid_passwd(password) ):
flash(u'Le mot de passe ne peut pas contenir les caractères " et &', 'error') flash(u'Le mot de passe ne peut pas contenir les caractères " et &', 'error')
elif password == "": elif password == "":
flash(u' Vous ne pouvez pas ne pas mettre de mot de passe ou un mot de passe vide', 'error') flash(u' Vous ne pouvez pas ne pas mettre de mot de passe ou un mot de passe vide', 'error')
else: else:
flash(u'Les mot de passes ne sont pas identiques :/ ', 'error') flash(u'Les mot de passes ne sont pas identiques :/ ', 'error')
conn.close() conn.close()
if not(account['totp']): if not(account['totp']):
account['totp'] = random_base32() account['totp'] = random_base32()
img = qrcode.make('otpauth://totp/'+BASE_URL+'?secret='+account['totp']) img = qrcode.make('otpauth://totp/'+BASE_URL+'?secret='+account['totp'])
img.save(DOSSIER_PERSO + user + "/totp.png") img.save(DOSSIER_PERSO + user + "/totp.png")
shared_key_validate = False shared_key_validate = False
return render_template('mypassword.html', return render_template('mypassword.html',
section="Profil", section="Profil",
address=account['Mail'], address=account['Mail'],
alias=account['alias'], alias=account['alias'],
totp_shared_key=account['totp'], totp_shared_key=account['totp'],
shared_key_validate=shared_key_validate, shared_key_validate=shared_key_validate,
username=user, username=user,
base_url=BASE_URL) base_url=BASE_URL)
else :
return redirect(BASE_URL, code=401)
@profil.route('/change-password-lost/<token>', methods=['GET','POST'] ) @profil.route('/change-password-lost/<token>', methods=['GET','POST'] )
def change_passwd_lost(token) : def change_passwd_lost(token) :
@ -284,51 +292,56 @@ def change_passwd_lost(token) :
return redirect(BASE_URL, code=401) return redirect(BASE_URL, code=401)
@profil.route('/set_totp/', methods=['POST']) @profil.route('/set_totp/', methods=['POST'])
@login_required
def set_totp(): def set_totp():
user='%s' % escape(session['username']) if 'username' in session:
conn = sqlite3.connect(DATABASE) # Connexion à la base de donnée user='%s' % escape(session['username'])
cursor = conn.cursor() # Création de l'objet "curseur" conn = sqlite3.connect(DATABASE) # Connexion à la base de donnée
cursor = conn.cursor() # Création de l'objet "curseur"
shared_key = request.form['shared_key'] shared_key = request.form['shared_key']
code_totp = request.form['code_totp'] code_totp = request.form['code_totp']
if totp_is_valid(shared_key, code_totp) and code_totp !="" and shared_key != "": if totp_is_valid(shared_key, code_totp) and code_totp !="" and shared_key != "":
print("shared_key: " +shared_key) print("shared_key: " +shared_key)
cursor.execute("""UPDATE users SET totp=? WHERE name=?""", (shared_key, user,)) cursor.execute("""UPDATE users SET totp=? WHERE name=?""", (shared_key, user,))
conn.commit() conn.commit()
img = qrcode.make('otpauth://totp/'+BASE_URL+'?secret='+shared_key) img = qrcode.make('otpauth://totp/'+BASE_URL+'?secret='+shared_key)
img.save(DOSSIER_PERSO + user + "/totp.png") img.save(DOSSIER_PERSO + user + "/totp.png")
flash(u'Votre mot de passe à usage unique est configuré et actif.', 'success') flash(u'Votre mot de passe à usage unique est configuré et actif.', 'success')
else: else:
flash(u'Le code de validation totp n\'est pas valide.', 'error') flash(u'Le code de validation totp n\'est pas valide.', 'error')
conn.close() conn.close()
return redirect(url_for('profil.change_passwd', _external=True)) return redirect(url_for('profil.change_passwd', _external=True))
else:
return redirect(BASE_URL, code=401)
@profil.route('/del_totp/', methods=['GET']) @profil.route('/del_totp/', methods=['GET'])
@login_required
def del_totp(): def del_totp():
user='%s' % escape(session['username']) if 'username' in session:
conn = sqlite3.connect(DATABASE) # Connexion à la base de donnée user='%s' % escape(session['username'])
cursor = conn.cursor() # Création de l'objet "curseur" conn = sqlite3.connect(DATABASE) # Connexion à la base de donnée
cursor.execute("""UPDATE users SET totp="" WHERE name=?""", (user,)) cursor = conn.cursor() # Création de l'objet "curseur"
conn.commit() cursor.execute("""UPDATE users SET totp="" WHERE name=?""", (user,))
conn.close() conn.commit()
return redirect(url_for('profil.change_passwd', _external=True)) conn.close()
return redirect(url_for('profil.change_passwd', _external=True))
@profil.route('/totp.png', methods=['GET']) @profil.route('/totp.png', methods=['GET'])
@login_required
def totp_qrcode(): def totp_qrcode():
user='%s' % escape(session['username']) if 'username' in session :
return send_file( user='%s' % escape(session['username'])
os.path.join(DOSSIER_PERSO, user, "totp.png"), "totp.png") return send_file(
os.path.join(DOSSIER_PERSO, user, "totp.png"), "totp.png")
else :
return redirect(BASE_URL, code=401)
@profil.route('/deltoken-password-lost/<token>', methods=['GET','POST'] ) @profil.route('/deltoken-password-lost/<token>', methods=['GET','POST'] )
def deltoken_passwd_lost(token) : def deltoken_passwd_lost(token) :
if valid_token_register(token, "Lost password"): if valid_token_register(token, "Lost password"):
user = get_user_by_token(token, "Lost password") user = get_user_by_token(token, "Lost password")
conn = sqlite3.connect(DATABASE) # Connexion à la base de donnée conn = sqlite3.connect(DATABASE) # Connexion à la base de donnée
@ -345,102 +358,106 @@ def deltoken_passwd_lost(token) :
@profil.route('/invitation/', methods=['GET']) @profil.route('/invitation/', methods=['GET'])
@login_required
def invitation(): def invitation():
UTILISATEUR='%s' % escape(session['username']) if 'username' in session:
conn = sqlite3.connect(DATABASE) # Connexion à la base de donnée UTILISATEUR='%s' % escape(session['username'])
cursor = conn.cursor() # Création de l'objet "curseur" conn = sqlite3.connect(DATABASE) # Connexion à la base de donnée
cursor.execute("""SELECT Token, invitations FROM users WHERE name=?""", (UTILISATEUR,)) cursor = conn.cursor() # Création de l'objet "curseur"
tmp = cursor.fetchone() cursor.execute("""SELECT Token, invitations FROM users WHERE name=?""", (UTILISATEUR,))
token = tmp[0] tmp = cursor.fetchone()
if token: token = tmp[0]
url_invitation = BASE_URL + 'inscription/' + token if token:
else: url_invitation = BASE_URL + 'inscription/' + token
url_invitation = "" else:
invitations_count = tmp[1] url_invitation = ""
conn.close() invitations_count = tmp[1]
conn.close()
return render_template('invitation.html', return render_template('invitation.html',
section='Profil', section='Profil',
nb_invitation=invitations_count, nb_invitation=invitations_count,
token=token, token=token,
url_invitation=url_invitation) url_invitation=url_invitation)
else:
return redirect(BASE_URL, code=401)
@profil.route('/gen_token/', methods=['GET']) @profil.route('/gen_token/', methods=['GET'])
@login_required
def generate_token(): def generate_token():
UTILISATEUR='%s' % escape(session['username']) if 'username' in session:
conn = sqlite3.connect(DATABASE) # Connexion à la base de donnée UTILISATEUR='%s' % escape(session['username'])
cursor = conn.cursor() # Création de l'objet "curseur" conn = sqlite3.connect(DATABASE) # Connexion à la base de donnée
token = gen_token("Invitation") cursor = conn.cursor() # Création de l'objet "curseur"
cursor.execute("UPDATE users SET Token=? WHERE name=?", token = gen_token("Invitation")
(token, UTILISATEUR)) cursor.execute("UPDATE users SET Token=? WHERE name=?",
conn.commit() (token, UTILISATEUR))
conn.close() conn.commit()
return redirect(BASE_URL+'invitation/') conn.close()
return redirect(BASE_URL+'invitation/')
else:
return redirect(BASE_URL, code=401)
@profil.route( '/delete_me/', methods=['GET','POST']) @profil.route( '/delete_me/', methods=['GET','POST'])
@login_required
def delete_account(): def delete_account():
UTILISATEUR='%s'% escape(session['username']) if 'username' in session :
resp = render_template('delete_account.html', time_backup=BACKUP_TIME) UTILISATEUR='%s'% escape(session['username'])
if request.method == 'POST' : resp = render_template('delete_account.html', time_backup=BACKUP_TIME)
conn = sqlite3.connect(DATABASE) # Connexion à la base de donnée if request.method == 'POST' :
cursor = conn.cursor() # Création de l'objet "curseur" conn = sqlite3.connect(DATABASE) # Connexion à la base de donnée
cursor.execute("""SELECT passwd FROM users WHERE name=?""", (UTILISATEUR,)) cursor = conn.cursor() # Création de l'objet "curseur"
passwd = cursor.fetchone()[0] cursor.execute("""SELECT passwd FROM users WHERE name=?""", (UTILISATEUR,))
cursor.execute("""SELECT mail FROM users WHERE name=?""", (UTILISATEUR,)) passwd = cursor.fetchone()[0]
mail = cursor.fetchone()[0] cursor.execute("""SELECT mail FROM users WHERE name=?""", (UTILISATEUR,))
conn.close() mail = cursor.fetchone()[0]
password = request.form['passwd'] conn.close()
if bcrypt.check_password_hash(passwd, password) is True: password = request.form['passwd']
not_error = True if bcrypt.check_password_hash(passwd, password) is True:
not_error = True
if MAIL_SERVER: if MAIL_SERVER:
try: try:
cmd = SETUID + ' set_mail_passwd del ' + '"'+mail+'"' cmd = SETUID + ' set_mail_passwd del ' + '"'+mail+'"'
print(cmd) print(cmd)
os.system(cmd) os.system(cmd)
except: except:
not_error = False not_error = False
flash(u'Erreur lors de la suppression de votre compte Mail.', 'error') flash(u'Erreur lors de la suppression de votre compte Mail.', 'error')
if XMPP_SERVER: if XMPP_SERVER:
try: try:
tmp = mail.split('@') tmp = mail.split('@')
cmd = SETUID+ ' prosodyctl deluser ' "'"+tmp[0]+"' " + "'"+tmp[1]+"'" cmd = SETUID+ ' prosodyctl deluser ' "'"+tmp[0]+"' " + "'"+tmp[1]+"'"
os.system(cmd) os.system(cmd)
except: except:
not_error = False not_error = False
flash(u'Erreur lors de la suppression de votre compte XMPP.', 'error') flash(u'Erreur lors de la suppression de votre compte XMPP.', 'error')
if not_error: if not_error:
try: try:
cmd = 'rm -r ' + DATAS_USER + '/' + UTILISATEUR cmd = 'rm -r ' + DATAS_USER + '/' + UTILISATEUR
if os.system(cmd) != 0: if os.system(cmd) != 0:
raise TypeError("Remove directory error") raise TypeError("Remove directory error")
except: except:
flash(u'Erreur lors de la suppression de votre dossier utilisateur.', 'error') flash(u'Erreur lors de la suppression de votre dossier utilisateur.', 'error')
try: try:
conn = sqlite3.connect(DATABASE) conn = sqlite3.connect(DATABASE)
cursor = conn.cursor() cursor = conn.cursor()
cursor.execute("""DELETE FROM users WHERE name=?""", (UTILISATEUR,)) cursor.execute("""DELETE FROM users WHERE name=?""", (UTILISATEUR,))
cursor.execute("""DELETE FROM posts WHERE author=?""", (UTILISATEUR,)) cursor.execute("""DELETE FROM posts WHERE author=?""", (UTILISATEUR,))
conn.commit() conn.commit()
conn.close() conn.close()
except: except:
flash(u'Erreur lors de la suppression de votre compte.', 'error') flash(u'Erreur lors de la suppression de votre compte.', 'error')
else: else:
flash(u'Désinscription réalisé avec succés, y\'a plus rien !', 'succes') flash(u'Désinscription réalisé avec succés, y\'a plus rien !', 'succes')
resp = redirect(url_for('loginlogout.logout')) resp = redirect(url_for('loginlogout.logout'))
else: else:
flash(u'Mauvais mot de passe', 'error') flash(u'Mauvais mot de passe', 'error')
return resp return resp