Last active
December 31, 2015 01:39
-
-
Save maxisoft/7915674 to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| import cherrypy | |
| import sqlite3 | |
| import os | |
| import cgi | |
| import uuid | |
| import time | |
| class Token(object): | |
| MAX_TIME = 5 * 60 # 5 minute | |
| def __init__(self, uid=None): | |
| self.uid = uid or uuid.uuid4() | |
| self.createdate = time.time() | |
| def is_valid(self): | |
| return self.createdate > time.time() - Token.MAX_TIME | |
| def __eq__(self, other): | |
| return self.uid == other.uid | |
| class Message(object): | |
| @cherrypy.expose | |
| def add(self, pseudo_dest, message, token, Send): | |
| if not cherrypy.session.get('logged'): | |
| raise cherrypy.HTTPRedirect("../login") | |
| tokens = cherrypy.session.get('tokens') | |
| tokens = filter(lambda token: token.is_valid(), tokens) # filtre pour avoir que les tokens ok | |
| cherrypy.session['tokens'] = tokens | |
| if not any(unicode(tok.uid) == token for tok in tokens): # si aucun token valide | |
| return "Et non pas le bon token :p" | |
| #sinon | |
| cherrypy.session['tokens'] = filter(lambda tok: unicode(tok.uid) == token, tokens) # suppr le token | |
| conn = sqlite3.connect('csrf.db') | |
| try: | |
| c = conn.cursor() | |
| c.execute('INSERT INTO messages VALUES (?, ?, ?)', (cherrypy.session.get('pseudo'), pseudo_dest, message)) | |
| conn.commit() | |
| finally: | |
| conn.close() | |
| return "Msg envoyer. <a href='../secu'>liste msg</a>" | |
| @cherrypy.expose | |
| def index(self): | |
| if not cherrypy.session.get('logged'): | |
| raise cherrypy.HTTPRedirect("../login") | |
| newToken = Token() # cree nouveau token | |
| tokens = cherrypy.session.get('tokens') | |
| tokens.append(newToken) | |
| tokens = filter(lambda token: token.is_valid(), tokens) # filtre pour avoir que les tokens ok | |
| cherrypy.session['tokens'] = tokens | |
| return """<form id="form" name="form" method="post" action="add"> | |
| <p>Destinataire : | |
| <label> | |
| <input type="text" name="pseudo_dest" id="pseudo_dest" /> | |
| </label> | |
| </p> | |
| <p>Message : | |
| <label> | |
| <textarea name="message" rows="8" cols="42">Entrez votre message | |
| </textarea> | |
| </label> | |
| </p> | |
| <p> | |
| <label> | |
| <input type="submit" name="Send" id="Send" value="Send" /> | |
| </label> | |
| </p> | |
| <input type="hidden" name="token" id="token" value="%s"> | |
| </form> | |
| """ % newToken.uid | |
| class Secu(object): | |
| @cherrypy.expose | |
| def index(self): | |
| if not cherrypy.session.get('logged'): | |
| raise cherrypy.HTTPRedirect("../login") | |
| ret = "" | |
| conn = sqlite3.connect('csrf.db') | |
| try: | |
| c = conn.cursor() | |
| c.execute('SELECT * FROM messages WHERE pseudo_dest=?', (cherrypy.session.get('pseudo'))) | |
| escape = lambda s: cgi.escape(s).encode('ascii', 'xmlcharrefreplace') | |
| for row in c.fetchall(): | |
| ret += "source : {} <br/>\n message : {}<br/>\n<br/>\n".format(escape(row[0]), escape(row[2])) | |
| finally: | |
| conn.close() | |
| return ret | |
| class Root(object): | |
| def __init__(self): | |
| self.secu = Secu() # sous object cherrypy | |
| self.msg = Message() | |
| @cherrypy.expose | |
| def index(self): | |
| if not cherrypy.session.get('logged'): | |
| return "messagerie <a href='./login'>login</a>" | |
| return "messagerie <a href='./secu'>liste msg</a> <a href='./msg'>ecrire</a>" | |
| @cherrypy.expose | |
| def logout(self): | |
| cherrypy.session.delete() | |
| raise cherrypy.HTTPRedirect("../") | |
| @cherrypy.expose | |
| def login(self, pseudo=None, password=None, Envoyer=None): | |
| if cherrypy.session.get('logged'): | |
| return "Deja log" | |
| if pseudo and password and Envoyer: | |
| conn = sqlite3.connect('csrf.db') | |
| tmp = None | |
| try: | |
| c = conn.cursor() | |
| c.execute('SELECT userID FROM users WHERE pseudo=? AND password=?', (pseudo, password)) | |
| tmp = c.fetchone() | |
| finally: | |
| conn.close() | |
| if tmp: # => resultat | |
| cherrypy.session['logged'] = True | |
| cherrypy.session['pseudo'] = pseudo | |
| cherrypy.session['tokens'] = list() | |
| raise cherrypy.HTTPRedirect("secu") | |
| # dans tous les autres cas | |
| return """<form id="form" name="form" method="post" action=""> | |
| <p>Pseudo : | |
| <label> | |
| <input type="text" name="pseudo" id="pseudo" /> | |
| </label> | |
| </p> | |
| <p>Password : | |
| <label> | |
| <input type="password" name="password" id="password" /> | |
| </label> | |
| </p> | |
| <p> | |
| <label> | |
| <input type="submit" name="Envoyer" id="Envoyer" value="Envoyer" /> | |
| </label> | |
| </p> | |
| </form>""" | |
| if __name__ == "__main__": | |
| cherrypy.config.update({ | |
| 'server.socket_host': '127.0.0.1', | |
| 'server.socket_port': 8080, | |
| 'environment': 'production', | |
| 'log.error_file': 'site.log', | |
| 'log.screen': True | |
| }) | |
| current_dir = os.path.dirname(os.path.abspath(__file__)) | |
| #session . voir http://docs.cherrypy.org/dev/refman/lib/sessions.html | |
| conf = {'/': {'tools.sessions.on': True, | |
| } | |
| } | |
| cherrypy.quickstart(Root(), config=conf) |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment