From 958bf611f5d9d117f19f824990ec6fd6b537e967 Mon Sep 17 00:00:00 2001 From: RaNaN Date: Thu, 22 Dec 2011 23:45:38 +0100 Subject: accountmanager v2, delete your accounts.conf and re-enter them in pyload, new nice debug functions, try core.shell() and core.breakpoint() --- module/database/UserDatabase.py | 19 +++++++++---------- 1 file changed, 9 insertions(+), 10 deletions(-) (limited to 'module/database/UserDatabase.py') diff --git a/module/database/UserDatabase.py b/module/database/UserDatabase.py index 0c781057d..a5077711d 100644 --- a/module/database/UserDatabase.py +++ b/module/database/UserDatabase.py @@ -19,11 +19,10 @@ from hashlib import sha1 import random -from DatabaseBackend import DatabaseBackend -from DatabaseBackend import style +from DatabaseBackend import DatabaseBackend, queue, async class UserMethods(): - @style.queue + @queue def checkAuth(db, user, password): c = db.c c.execute('SELECT id, name, password, role, permission, template, email FROM "users" WHERE name=?', (user, )) @@ -40,7 +39,7 @@ class UserMethods(): else: return {} - @style.queue + @queue def addUser(db, user, password): salt = reduce(lambda x, y: x + y, [str(random.randint(0, 9)) for i in range(0, 5)]) h = sha1(salt + password) @@ -54,7 +53,7 @@ class UserMethods(): c.execute('INSERT INTO users (name, password) VALUES (?, ?)', (user, password)) - @style.queue + @queue def changePassword(db, user, oldpw, newpw): db.c.execute('SELECT id, name, password FROM users WHERE name=?', (user, )) r = db.c.fetchone() @@ -75,16 +74,16 @@ class UserMethods(): return False - @style.async + @async def setPermission(db, user, perms): db.c.execute("UPDATE users SET permission=? WHERE name=?", (perms, user)) - @style.async + @async def setRole(db, user, role): db.c.execute("UPDATE users SET role=? WHERE name=?", (role, user)) - @style.queue + @queue def listUsers(db): db.c.execute('SELECT name FROM users') users = [] @@ -92,7 +91,7 @@ class UserMethods(): users.append(row[0]) return users - @style.queue + @queue def getAllUserData(db): db.c.execute("SELECT name, permission, role, template, email FROM users") user = {} @@ -101,7 +100,7 @@ class UserMethods(): return user - @style.queue + @queue def removeUser(db, user): db.c.execute('DELETE FROM users WHERE name=?', (user, )) -- cgit v1.2.3 From cb8b049b6c878065aebdd31c37cb67321de835ff Mon Sep 17 00:00:00 2001 From: Wieland Hoffmann Date: Sun, 25 Dec 2011 18:59:19 +0100 Subject: Use rowid in the user database --- module/database/UserDatabase.py | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'module/database/UserDatabase.py') diff --git a/module/database/UserDatabase.py b/module/database/UserDatabase.py index a5077711d..43fd93df3 100644 --- a/module/database/UserDatabase.py +++ b/module/database/UserDatabase.py @@ -25,7 +25,7 @@ class UserMethods(): @queue def checkAuth(db, user, password): c = db.c - c.execute('SELECT id, name, password, role, permission, template, email FROM "users" WHERE name=?', (user, )) + c.execute('SELECT rowid, name, password, role, permission, template, email FROM "users" WHERE name=?', (user, )) r = c.fetchone() if not r: return {} @@ -55,7 +55,7 @@ class UserMethods(): @queue def changePassword(db, user, oldpw, newpw): - db.c.execute('SELECT id, name, password FROM users WHERE name=?', (user, )) + db.c.execute('SELECT rowid, name, password FROM users WHERE name=?', (user, )) r = db.c.fetchone() if not r: return False -- cgit v1.2.3 From 4df2b77fdf42046fe19bd371be7c7255986b5980 Mon Sep 17 00:00:00 2001 From: RaNaN Date: Tue, 6 Mar 2012 13:36:39 +0100 Subject: renamed hooks to addons, new filemanager and database, many new api methods you will loose ALL your LINKS, webinterface will NOT work --- module/database/UserDatabase.py | 56 ++++++++++++++++++++--------------------- 1 file changed, 27 insertions(+), 29 deletions(-) (limited to 'module/database/UserDatabase.py') diff --git a/module/database/UserDatabase.py b/module/database/UserDatabase.py index 43fd93df3..6bfb02bbd 100644 --- a/module/database/UserDatabase.py +++ b/module/database/UserDatabase.py @@ -19,14 +19,13 @@ from hashlib import sha1 import random -from DatabaseBackend import DatabaseBackend, queue, async +from DatabaseBackend import DatabaseMethods, queue, async -class UserMethods(): +class UserMethods(DatabaseMethods): @queue - def checkAuth(db, user, password): - c = db.c - c.execute('SELECT rowid, name, password, role, permission, template, email FROM "users" WHERE name=?', (user, )) - r = c.fetchone() + def checkAuth(self, user, password): + self.c.execute('SELECT rowid, name, password, role, permission, template, email FROM "users" WHERE name=?', (user, )) + r = self.c.fetchone() if not r: return {} @@ -40,23 +39,22 @@ class UserMethods(): return {} @queue - def addUser(db, user, password): + def addUser(self, user, password): salt = reduce(lambda x, y: x + y, [str(random.randint(0, 9)) for i in range(0, 5)]) h = sha1(salt + password) password = salt + h.hexdigest() - c = db.c - c.execute('SELECT name FROM users WHERE name=?', (user, )) - if c.fetchone() is not None: - c.execute('UPDATE users SET password=? WHERE name=?', (password, user)) + self.c.execute('SELECT name FROM users WHERE name=?', (user, )) + if self.c.fetchone() is not None: + self.c.execute('UPDATE users SET password=? WHERE name=?', (password, user)) else: - c.execute('INSERT INTO users (name, password) VALUES (?, ?)', (user, password)) + self.c.execute('INSERT INTO users (name, password) VALUES (?, ?)', (user, password)) @queue - def changePassword(db, user, oldpw, newpw): - db.c.execute('SELECT rowid, name, password FROM users WHERE name=?', (user, )) - r = db.c.fetchone() + def changePassword(self, user, oldpw, newpw): + self.c.execute('SELECT rowid, name, password FROM users WHERE name=?', (user, )) + r = self.c.fetchone() if not r: return False @@ -68,40 +66,40 @@ class UserMethods(): h = sha1(salt + newpw) password = salt + h.hexdigest() - db.c.execute("UPDATE users SET password=? WHERE name=?", (password, user)) + self.c.execute("UPDATE users SET password=? WHERE name=?", (password, user)) return True return False @async - def setPermission(db, user, perms): - db.c.execute("UPDATE users SET permission=? WHERE name=?", (perms, user)) + def setPermission(self, user, perms): + self.c.execute("UPDATE users SET permission=? WHERE name=?", (perms, user)) @async - def setRole(db, user, role): - db.c.execute("UPDATE users SET role=? WHERE name=?", (role, user)) + def setRole(self, user, role): + self.c.execute("UPDATE users SET role=? WHERE name=?", (role, user)) @queue - def listUsers(db): - db.c.execute('SELECT name FROM users') + def listUsers(self): + self.c.execute('SELECT name FROM users') users = [] - for row in db.c: + for row in self.c: users.append(row[0]) return users @queue - def getAllUserData(db): - db.c.execute("SELECT name, permission, role, template, email FROM users") + def getAllUserData(self): + self.c.execute("SELECT name, permission, role, template, email FROM users") user = {} - for r in db.c: + for r in self.c: user[r[0]] = {"permission": r[1], "role": r[2], "template": r[3], "email": r[4]} return user @queue - def removeUser(db, user): - db.c.execute('DELETE FROM users WHERE name=?', (user, )) + def removeUser(self, user): + self.c.execute('DELETE FROM users WHERE name=?', (user, )) -DatabaseBackend.registerSub(UserMethods) +UserMethods.register() -- cgit v1.2.3 From 0d2d6daef850ac6bcc7fafccd230e52d2a862c2c Mon Sep 17 00:00:00 2001 From: RaNaN Date: Sun, 3 Jun 2012 17:45:10 +0200 Subject: updates for database + api --- module/database/UserDatabase.py | 117 ++++++++++++++++++++++------------------ 1 file changed, 66 insertions(+), 51 deletions(-) (limited to 'module/database/UserDatabase.py') diff --git a/module/database/UserDatabase.py b/module/database/UserDatabase.py index 6bfb02bbd..bed4e94a9 100644 --- a/module/database/UserDatabase.py +++ b/module/database/UserDatabase.py @@ -1,42 +1,28 @@ # -*- coding: utf-8 -*- -""" - This program is free software; you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation; either version 3 of the License, - or (at your option) any later version. - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. - See the GNU General Public License for more details. - - You should have received a copy of the GNU General Public License - along with this program; if not, see . - - @author: mkaay -""" +############################################################################### +# Copyright(c) 2008-2012 pyLoad Team +# http://www.pyload.org +# +# This file is part of pyLoad. +# pyLoad is free software: you can redistribute it and/or modify +# it under the terms of the GNU Affero General Public License as +# published by the Free Software Foundation, either version 3 of the +# License, or (at your option) any later version. +# +# Subjected to the terms and conditions in LICENSE +# +# @author: RaNaN +############################################################################### from hashlib import sha1 import random +from module.Api import UserData + from DatabaseBackend import DatabaseMethods, queue, async class UserMethods(DatabaseMethods): - @queue - def checkAuth(self, user, password): - self.c.execute('SELECT rowid, name, password, role, permission, template, email FROM "users" WHERE name=?', (user, )) - r = self.c.fetchone() - if not r: - return {} - - salt = r[2][:5] - pw = r[2][5:] - h = sha1(salt + password) - if h.hexdigest() == pw: - return {"id": r[0], "name": r[1], "role": r[3], - "permission": r[4], "template": r[5], "email": r[6]} - else: - return {} @queue def addUser(self, user, password): @@ -50,8 +36,53 @@ class UserMethods(DatabaseMethods): else: self.c.execute('INSERT INTO users (name, password) VALUES (?, ?)', (user, password)) + @queue + def getUserData(self, name=None, uid=None): + qry = ('SELECT uid, name, email, role, permission, folder, traffic, dllimit, dlquota, ' + 'hddquota, user, template FROM "users" WHERE ') + + if name is not None: + self.c.execute(qry + "name=?", (name,)) + r = self.c.fetchone() + if r: + return UserData(*r) + + elif uid is not None: + self.c.execute(qry + "uid=?", (uid,)) + r = self.c.fetchone() + if r: + return UserData(*r) + + return None @queue + def getAllUserData(self): + self.c.execute('SELECT uid, name, email, role, permission, folder, traffic, dllimit, dlquota, ' + 'hddquota, user, template FROM "users"') + user = {} + for r in self.c: + user[r[0]] = UserData(*r) + + return user + + + @queue + def checkAuth(self, user, password): + self.c.execute('SELECT uid, name, email, role, permission, folder, traffic, dllimit, dlquota, ' + 'hddquota, user, template password FROM "users" WHERE name=?', (user, )) + r = self.c.fetchone() + if not r: + return None + + salt = r[-1][:5] + pw = r[-1][5:] + h = sha1(salt + password) + if h.hexdigest() == pw: + return UserData(*r[:-1]) + else: + return None + + @queue #TODO def changePassword(self, user, oldpw, newpw): self.c.execute('SELECT rowid, name, password FROM users WHERE name=?', (user, )) r = self.c.fetchone() @@ -71,7 +102,6 @@ class UserMethods(DatabaseMethods): return False - @async def setPermission(self, user, perms): self.c.execute("UPDATE users SET permission=? WHERE name=?", (perms, user)) @@ -80,26 +110,11 @@ class UserMethods(DatabaseMethods): def setRole(self, user, role): self.c.execute("UPDATE users SET role=? WHERE name=?", (role, user)) + # TODO update methods - @queue - def listUsers(self): - self.c.execute('SELECT name FROM users') - users = [] - for row in self.c: - users.append(row[0]) - return users - - @queue - def getAllUserData(self): - self.c.execute("SELECT name, permission, role, template, email FROM users") - user = {} - for r in self.c: - user[r[0]] = {"permission": r[1], "role": r[2], "template": r[3], "email": r[4]} - - return user - - @queue - def removeUser(self, user): - self.c.execute('DELETE FROM users WHERE name=?', (user, )) + @async + def removeUser(self, uid=None): + # deletes user and all associated accounts + self.c.execute('DELETE FROM users WHERE user=?', (uid, )) UserMethods.register() -- cgit v1.2.3 From 941e3021000e59020f66419cc2156aee30972121 Mon Sep 17 00:00:00 2001 From: RaNaN Date: Mon, 13 Aug 2012 17:40:10 +0200 Subject: working login --- module/database/UserDatabase.py | 15 ++++++++++----- 1 file changed, 10 insertions(+), 5 deletions(-) (limited to 'module/database/UserDatabase.py') diff --git a/module/database/UserDatabase.py b/module/database/UserDatabase.py index bed4e94a9..0df94e0eb 100644 --- a/module/database/UserDatabase.py +++ b/module/database/UserDatabase.py @@ -16,17 +16,23 @@ ############################################################################### from hashlib import sha1 -import random +from string import letters, digits +from random import choice + +alphnum = letters+digits from module.Api import UserData from DatabaseBackend import DatabaseMethods, queue, async +def random_salt(): + return "".join(choice(alphnum) for x in range(0,5)) + class UserMethods(DatabaseMethods): @queue def addUser(self, user, password): - salt = reduce(lambda x, y: x + y, [str(random.randint(0, 9)) for i in range(0, 5)]) + salt = random_salt() h = sha1(salt + password) password = salt + h.hexdigest() @@ -69,11 +75,10 @@ class UserMethods(DatabaseMethods): @queue def checkAuth(self, user, password): self.c.execute('SELECT uid, name, email, role, permission, folder, traffic, dllimit, dlquota, ' - 'hddquota, user, template password FROM "users" WHERE name=?', (user, )) + 'hddquota, user, template, password FROM "users" WHERE name=?', (user, )) r = self.c.fetchone() if not r: return None - salt = r[-1][:5] pw = r[-1][5:] h = sha1(salt + password) @@ -93,7 +98,7 @@ class UserMethods(DatabaseMethods): pw = r[2][5:] h = sha1(salt + oldpw) if h.hexdigest() == pw: - salt = reduce(lambda x, y: x + y, [str(random.randint(0, 9)) for i in range(0, 5)]) + salt = random_salt() h = sha1(salt + newpw) password = salt + h.hexdigest() -- cgit v1.2.3