fix validations queries and other stuff

author: root <root@dev.spline.de> 2008-12-11 10:40:38 +0100
committer: root <root@dev.spline.de> 2008-12-11 10:40:38 +0100
commit: 153de55dfd076261dcc6637054a67caac12a1dcb (patch)
tree: d816c23374252caa3c15de92eb3c951f987ca443
parent: ded8331b82860fef7284812d3af9d92f823a05a3 (diff)
download: dev-account-153de55dfd076261dcc6637054a67caac12a1dcb.tar.gz
dev-account-153de55dfd076261dcc6637054a67caac12a1dcb.tar.xz
dev-account-153de55dfd076261dcc6637054a67caac12a1dcb.zip
2 files changed, 45 insertions, 23 deletions
diff --git a/TODO b/TODO
index d681c03..f9ab3e9 100644
--- a/TODO
+++ b/TODO
@@ -1,4 +1,3 @@
 * mailing listen
-* upload backup and send links
 * send mail to dev@spline.de on errors
 * bugs, bugs, bugs
diff --git a/index.py b/index.py
index 8d4fe29..781cc43 100644
--- a/index.py
+++ b/index.py
@@ -18,7 +18,7 @@ import trac.config
 
 # import other common stuff
 from random import choice
-import base64, cracklib, sha, string, os
+import base64, cracklib, sha, string, os, re
 
 
 # render mail template and send it using local sendmail binary
@@ -110,7 +110,7 @@ def set_random_password(req, user_id, length):
 	result = req.cursor.fetchone()
 	email = result[0]
 
-	req.cursor.execute("SELECT login FROM user WHERE id = %s AND password NOT NULL", (user_id,))
+	req.cursor.execute("SELECT login FROM user WHERE id = %s AND password IS NOT NULL", (user_id,))
 	result = req.cursor.fetchone()
 
 	if not result:
@@ -170,7 +170,10 @@ def validate_and_register(req, login, email):
 
 	# empty login
 	if login == "":
-		return "please enter a username";
+		return "please enter a username"
+
+	if not re.match("^[a-z._]{3,25}$", login):
+		return "your login is either too long, too short, or contains other characters than [a-z] including . and _"
 
 	# no fu-berlin.de address
 	if not email.endswith('.fu-berlin.de'):
@@ -178,7 +181,7 @@ def validate_and_register(req, login, email):
 
 	# regex checker for valid email
 	if invalid(email):
-		return "please enter a valid email address";
+		return "please enter a valid email address"
 
 	req.cursor.execute("SELECT login FROM user WHERE login = %s", (login, ))
 	if req.cursor.fetchone():
@@ -220,7 +223,7 @@ def activate(req, **formdata):
 	(c, s, cursor) = session_start(req, True)
 
 	# check whether a (correct) hashcode is given in the url
-	if "hash" in formdata:
+	if "hash" in formdata and ('activated' not in s or not s['activated']):
 		cursor.execute("SELECT user_id FROM activation WHERE hash = %s", (formdata['hash'],))
 		result = cursor.fetchone()
 
@@ -235,12 +238,10 @@ def activate(req, **formdata):
 			c['error_msg'] = set_random_password(req, user_id, 8)
 
 			if not c['error_msg']:
+				s['activated'] = True
+				s.save()
 				c['info_msg'] = "your account has been activated. you will receive an email with a temporary password."
 
-	# no hash value given
-	else:
-		redirect(req, "index")
-
 	return render_to_string("index.html", c)
 
 
@@ -249,7 +250,7 @@ def login(req, **formdata):
 
 	if req.method == "POST":
 		pw_hash = generate_sha_base64(formdata['password'])
-		cursor.execute("SELECT * FROM user WHERE login = %s AND password = %s", (formdata['login'], pw_hash))
+		cursor.execute("SELECT * FROM user WHERE login = %s AND password = %s AND activated = 1", (formdata['login'], pw_hash))
 
 		if not cursor.fetchone():
 			c['error_msg'] = "Login failed. Sorry."
@@ -338,10 +339,16 @@ def projects(req, **formdata):
 
 	if "action" in formdata and "proj_name" in formdata:
 		if formdata['action'] == "leave":
-			cursor.execute("delete from member where user_id = (select id from user where login = %s) "
-				+ "and project_id = (select id from project where project_name = %s)", (s['login'], formdata['proj_name']))
-			req.dbc.commit()
-			c['info_msg'] = "you left project " + formdata['proj_name']
+			cursor.execute("select count(*) from member where project_id = (select id from project where project_name = %s)")
+			result = cursor.fetchone()
+			if result[0] == 1:
+				c['error_msg'] = "you cannot leave this project! you're its only member! maybe you want to delete it?"
+			else:
+				cursor.execute("delete from member where user_id = (select id from user where login = %s) "
+					+ "and project_id = (select id from project where project_name = %s)", (s['login'], formdata['proj_name']))
+				req.dbc.commit()
+				generate_users_file(req.cursor)
+				c['info_msg'] = "you left project " + formdata['proj_name']
 
 		elif formdata['action'] == "delete":
 			# check whether the person is member of the project he or she wants to delete
@@ -376,12 +383,23 @@ def new_project(req, **formdata):
 		c['desc'] = formdata['project_desc']
 		c['priv'] = formdata['priv']
 
-		# send message to dev.spline.de
-		sendmail("dev@spline.de", "new_project", c)
+		cursor.execute("SELECT email FROM user WHERE login = %s", (s['login'],))
+		c['email'] = cursor.fetchone()[0]
 
-		# confirm to user
-		c['info_msg'] = "your application has been sent to the dev.spline.de team. you'll receive a message shortly"
-		return render_to_string("index.html", c)
+		cursor.execute("SELECT id FROM project WHERE project_name = %s", (c['name'], ))
+		if cursor.fetchone():
+			c['error_msg'] = "project %s already exists." % c['name']
+		elif len(c['name']) < 3:
+			c['error_msg'] = "project name must be at least 3 chars long"
+		elif len(c['desc']) < 0:
+			c['error_msg'] = "project description may not be empty"
+		else:
+			# send message to dev.spline.de
+			sendmail("dev@spline.de", "new_project", c)
+
+			# confirm to user
+			c['info_msg'] = "your application has been sent to the dev.spline.de team. you'll receive a message shortly"
+			return render_to_string("index.html", c)
 
 	return render_to_string("new_project.html", c)
 
@@ -427,9 +445,14 @@ def members(req, **formdata):
 				c['info_msg'] = "you deleted " + who + " from project " + proj
 
 			elif what == "add":
-				cursor.execute("insert into member (user_id, project_id) values (%s, %s)", (user_id, project_id))
-				req.dbc.commit()
-				c['info_msg'] = "you added " + who + " to project " + proj
+				cursor.execute("select * from member where user_id = %s and project_id = %s", (user_id, project_id));
+				if cursor.fetchone() == None:
+					cursor.execute("insert into member (user_id, project_id) values (%s, %s)", (user_id, project_id))
+					req.dbc.commit()
+					generate_users_file(req.cursor)
+					c['info_msg'] = "you added " + who + " to project " + proj
+				else:
+					c['error_msg'] = who + " is already a member of project " + proj
 
 		else:
 			c['error_msg'] = "invalid user name"
author	root <root@dev.spline.de>	2008-12-11 10:40:38 +0100
committer	root <root@dev.spline.de>	2008-12-11 10:40:38 +0100
commit	153de55dfd076261dcc6637054a67caac12a1dcb (patch)
tree	d816c23374252caa3c15de92eb3c951f987ca443
parent	ded8331b82860fef7284812d3af9d92f823a05a3 (diff)
download	dev-account-153de55dfd076261dcc6637054a67caac12a1dcb.tar.gz dev-account-153de55dfd076261dcc6637054a67caac12a1dcb.tar.xz dev-account-153de55dfd076261dcc6637054a67caac12a1dcb.zip