From 5806cc24446a2511d92fb9b265da39911280543d Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Daniel=20Kn=C3=BCttel?= Date: Thu, 6 Dec 2018 12:29:59 +0100 Subject: [PATCH] added ex26 --- ex_26.py | 124 +++++++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 124 insertions(+) create mode 100644 ex_26.py diff --git a/ex_26.py b/ex_26.py new file mode 100644 index 0000000..b61121b --- /dev/null +++ b/ex_26.py @@ -0,0 +1,124 @@ +import re +import sqlite3 +import cherrypy +import uuid +import smtplib + +def isinsecurepassword(password): + if(len(password) < 8): + return True + if(len(set(password)) < 4): + return True + return False + + +def simplehash(password): + """ + XXX: ONLY FOR DEMO PURPOSES! + """ + result = 0xff + for i in password: + result ^= ord(i) + return result + + +class InputValidationServer(object): + def __init__(self, db): + self._db_name = db + self._rzid_pattern = re.compile("[a-z]{3}[0-9]{5}") + self._email_password = "foobar" + self._email_user = "dummy@daknuett.eu" + + @cherrypy.expose + def index(self): + return ''' + + + Input Validation Form + + +
+

+ password: +

+

+ email: +

+

+ RZ Kennung: +

+ +
+ ''' + + + @cherrypy.expose + def submit(self, password, email, rzid, submit): + + if(not self._rzid_pattern.match(rzid)): + return '''Error

Error: invalid RZ Kennung.

''' + + confirmation_id = str(uuid.uuid4()) + + db = sqlite3.connect(self._db_name) + cursor = db.cursor() + cursor.execute("SELECT COUNT(rzid) FROM users WHERE rzid=?", (rzid,)) + if(cursor.fetchone()[0]): + db.close() + return '''Error

Error: RZ Kennung in use.

''' + + cursor.execute("INSERT INTO users(rzid, email, password, confirmation_id) VALUES(?, ?, ?, ?)", + (rzid, email, simplehash(password), confirmation_id)) + + db.commit() + + + smtp = smtplib.SMTP("daknuett.eu", 587) + smtp.ehlo() + smtp.starttls() + smtp.login(self._email_user, self._email_password) + + smtp.sendmail(self._email_user, [email], + '\r\n'.join(['To: %s' % email + , 'From: %s' % self._email_user + , 'Subject: %s' % "confirm your email address" + , "\n\r", "http://localhost:8080/confirm?confirmation_id={}".format(confirmation_id)])) + smtp.close() + + db.close() + + if(isinsecurepassword(password)): + return '''OK

Check your mailbox for the confirmation email

+

Also your password is pretty unsecure

''' + return '''OK

Check your mailbox for the confirmation email

''' + + @cherrypy.expose + def confirm(self, confirmation_id): + db = sqlite3.connect(self._db_name) + cursor = db.cursor() + cursor.execute("SELECT rzid FROM users WHERE confirmation_id=?", (confirmation_id,)) + + try: + rzid = cursor.fetchone()[0] + except: + return '''Error

Error: unknown confirmation ID

''' + + cursor.execute("UPDATE users SET confirmation_id='' WHERE rzid=?", (rzid,)) + return '''OK

Your account is activated.

''' + +with open("example.db", "w"): + pass +db = sqlite3.connect("example.db") +db.cursor().execute("CREATE TABLE users(rzid TEXT, email TEXT, password INT, confirmation_id TEXT)") +db.commit() +db.close() + +app = InputValidationServer("example.db") +cherrypy.quickstart(app) + + + + + +