summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rwxr-xr-xfbin.py60
-rw-r--r--templates/__init__.py1
-rw-r--r--templates/base.tmpl2
-rw-r--r--templates/changepass.tmpl16
4 files changed, 77 insertions, 2 deletions
diff --git a/fbin.py b/fbin.py
index 0b8bed4..5aaa6a1 100755
--- a/fbin.py
+++ b/fbin.py
@@ -65,6 +65,17 @@ class Application(object):
return user
+ def save_user_pass(self, user, password):
+ session = db.Session()
+ try:
+ user.password = password
+ session.add(user)
+ session.commit()
+ # Avoid having to fetch user again (used by changepass)
+ session.refresh(user)
+ finally:
+ session.close()
+
def get_file(self, hash):
session = db.Session()
try:
@@ -346,6 +357,52 @@ class Application(object):
('Location', settings.virtual_root)])
return []
+ def changepass(self, environ, start_response, path):
+ c = Cookie.SimpleCookie(environ['HTTP_COOKIE'] if 'HTTP_COOKIE' in environ else None)
+ user = self.validate_cookie(c)
+ form = cgi.FieldStorage(fp = environ['wsgi.input'], environ = environ)
+ if environ['REQUEST_METHOD'] != 'POST' or not 'oldpass' in form or not 'password' in form or not 'password2' in form:
+ start_response('200 OK', [('Content-Type', 'text/html')])
+ return str(templates.changepass(searchList = {
+ 'root': settings.virtual_root,
+ 'user': user,
+ 'error': None,
+ }))
+
+ oldpass = hashlib.sha1(form.getvalue('oldpass')).hexdigest()
+ password = form.getvalue('password')
+ password2 = form.getvalue('password2')
+
+ if oldpass != user.password:
+ start_response('200 OK', [('Content-Type', 'text/html')])
+ return str(templates.changepass(searchList = {
+ 'root': settings.virtual_root,
+ 'user': user,
+ 'error': 'Invalid password.',
+ }))
+
+ if password != password2:
+ start_response('200 OK', [('Content-Type', 'text/html')])
+ return str(templates.changepass(searchList = {
+ 'root': settings.virtual_root,
+ 'user': user,
+ 'error': 'Passwords doesn\'t match.',
+ }))
+
+ password = hashlib.sha1(password).hexdigest()
+ self.save_user_pass(user, password)
+
+ dt = datetime.datetime.utcnow() + datetime.timedelta(days = 30)
+ expires = dt.strftime('%a, %d-%b-%y %H:%M:%S GMT')
+ c['uid']['expires'] = expires
+ c['identifier'] = hashlib.sha1(str(user.id) + password).hexdigest()
+ c['identifier']['expires'] = expires
+ start_response('302 Found', [
+ ('Set-Cookie', c['uid'].OutputString()),
+ ('Set-Cookie', c['identifier'].OutputString()),
+ ('Location', settings.virtual_root)])
+ return []
+
def static(self, environ, start_response, path):
filename = path[1]
if not filename in ('style.css',):
@@ -424,11 +481,12 @@ class Application(object):
t = thumb
o = logout
r = register
+ c = changepass
def __call__(self, environ, start_response):
path = environ['PATH_INFO'].split('/')[1:]
module = path[0] if len(path) else ''
- if len(module) and module in 'fulshmitor':
+ if len(module) and module in 'fulshmitorc':
return getattr(self, module)(environ, start_response, path)
else:
start_response('302 Found', [('Location', settings.virtual_root + 'u')])
diff --git a/templates/__init__.py b/templates/__init__.py
index 3f11c65..5c9f28e 100644
--- a/templates/__init__.py
+++ b/templates/__init__.py
@@ -5,3 +5,4 @@ from login import login
from my import my
from images import images
from register import register
+from changepass import changepass
diff --git a/templates/base.tmpl b/templates/base.tmpl
index 6c1cb4f..d9d9ab1 100644
--- a/templates/base.tmpl
+++ b/templates/base.tmpl
@@ -29,7 +29,7 @@
</div>
<p class="login">#slurp
#if $user
-Logged in as $user.username.#slurp
+Logged in as $user.username. <a href="${root}c">Change password</a>#slurp
#else
Not logged in.#slurp
#end if
diff --git a/templates/changepass.tmpl b/templates/changepass.tmpl
new file mode 100644
index 0000000..4171f36
--- /dev/null
+++ b/templates/changepass.tmpl
@@ -0,0 +1,16 @@
+#def title: changepass
+#def header: changepass
+#extends templates.base
+#def content
+#set error = $error or ''
+ <div class="error">$error</div>
+ <form method="post" action="${root}c">
+ <p>current password</p>
+ <p><input type="password" id="oldpass" name="oldpass" /></p>
+ <p>new password</p>
+ <p><input type="password" id="password" name="password" /></p>
+ <p>repeat new password</p>
+ <p><input type="password" id="password2" name="password2" /></p>
+ <p><input type="submit" value="Login" /></p>
+ </form>
+#end def