1 files changed, 72 insertions, 0 deletions

diff --git a/module/database/UserDatabase.py b/module/database/UserDatabase.py
new file mode 100644
index 000000000..a69dfff0e
--- /dev/null
+++ b/module/database/UserDatabase.py
@@ -0,0 +1,72 @@
+# -*- coding: utf-8 -*-
+"""
+    This program is free software; you can redistribute it and/or modify
+    it under the terms of the GNU General Public License as published by
+    the Free Software Foundation; either version 3 of the License,
+    or (at your option) any later version.
+
+    This program is distributed in the hope that it will be useful,
+    but WITHOUT ANY WARRANTY; without even the implied warranty of
+    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
+    See the GNU General Public License for more details.
+
+    You should have received a copy of the GNU General Public License
+    along with this program; if not, see <http://www.gnu.org/licenses/>.
+
+    @author: mkaay
+"""
+
+from DatabaseBackend import DatabaseBackend
+from DatabaseBackend import style
+
+from hashlib import sha1
+import random
+
+class UserMethods():
+    @style.queue
+    def checkAuth(db, user, password):
+        c = db.c
+        c.execute('SELECT name, password, role, permission, template FROM "users" WHERE name=?', (user, ))
+        r = c.fetchone()
+        if not r:
+            return {}
+        
+        salt = r[1][:5]
+        pw = r[1][5:]
+        h = sha1(salt + password)
+        if h.hexdigest() == pw:
+            return {"name": r[0], "role": r[2], "permission": r[3], "template": r[4]}
+        else:
+            return {}
+    
+    @style.queue
+    def addUser(db, user, password):
+        salt = reduce(lambda x, y: x + y, [str(random.randint(0, 9)) for i in range(0, 5)])
+        h = sha1(salt + password)
+        password = salt + h.hexdigest()
+        
+        c = db.c
+        c.execute('SELECT name FROM users WHERE name=?', (user, ))
+        if c.fetchone() is not None:
+            c.execute('UPDATE users SET password=? WHERE name=?', (password, user))
+        else:
+            c.execute('INSERT INTO users (name, password) VALUES (?, ?)', (user, password))
+    
+    @style.queue
+    def listUsers(db):
+        c = db.c
+        c.execute('SELECT name FROM users')
+        users = []
+        for row in c.fetchall():
+            users.append(row[0])
+        return users
+    
+    @style.queue
+    def removeUser(db, user):
+        c = db.c
+        c.execute('SELECT name FROM users WHERE name=?', (user, ))
+        if c.fetchone() is not None:
+            c.execute('DELETE FROM users WHERE name=?', (user, ))
+    
+
+DatabaseBackend.registerSub(UserMethods)