#!/usr/bin/python3 #encoding:utf-8 from sitepackage.cgiweb import template, cgi_cover from sitepackage.thissql import sqlw, sqlr from sitepackage.helper import passhash, generate, save_format_json, read_settings, ISO3166_rus import os import datetime import json __config__ = { "weekdays":["mon","tue","wed","thu","fri","sat","sun"], "settings":"settings.json" } def main(geted_simple_cookies, info, parametrs, files): errors, ok = None, False if 'session_id' in geted_simple_cookies: session_id = geted_simple_cookies['session_id'].value if "exit" in parametrs: sqlw("DELETE FROM sessions WHERE session_id=?", [session_id]) sessions_data = sqlr("SELECT login,expires FROM sessions WHERE session_id=?", [session_id]) if len(sessions_data) == 1: login, expires = sessions_data[0] utcnow = datetime.datetime.utcnow() if expires > str(utcnow.timestamp()): role = sqlr("SELECT role FROM users WHERE login=?", [login]) ok = True else: errors = "error1.session expire" else: errors = "error2.session expire" else: errors = "error3.no email or pass" if ok: if "redirect" in parametrs and "action" in parametrs: redirect_to = parametrs["redirect"][0] action = parametrs["action"][0] if (action == "country_enable" and "pay_sys_edit" in role[0][0] and "country_id" in parametrs): settings = read_settings(__config__['settings']) country_id = parametrs["country_id"][0] settings["ISO3166_country_pay_sys_dict"][country_id] = settings["ISO3166_country_pay_sys_dict"]["0"] save_format_json(__config__['settings'], settings) message = "страна %s добавлена в список" % ISO3166_rus[int(country_id)] elif (action == "country_disable" and "pay_sys_edit" in role[0][0] and "country_id" in parametrs): settings = read_settings(__config__['settings']) country_id = parametrs["country_id"][0] settings["ISO3166_country_pay_sys_dict"].pop(country_id) save_format_json(__config__['settings'], settings) message = "страна %s убрана из списка" % ISO3166_rus[int(country_id)] elif (action == "pay_sys_change" and "pay_sys_edit" in role[0][0] and "pay_sys_id" in parametrs and "country_id" in parametrs): settings = read_settings(__config__['settings']) country_id = parametrs["country_id"][0] pay_sys_id = parametrs["pay_sys_id"][0] settings["ISO3166_country_pay_sys_dict"][country_id] = pay_sys_id save_format_json(__config__['settings'], settings) message = "платежная система по умолчанию изменена" elif (action == "add_role" and "admin" in role[0][0] and "role_to_add" in parametrs and "user_to_update" in parametrs): role_to_add = parametrs["role_to_add"][0] user_to_update = parametrs["user_to_update"][0] old_role = sqlr("SELECT role FROM users WHERE login=?", [user_to_update])[0][0] new_role = " ".join(old_role.split(" ")+[role_to_add]) sqlw("UPDATE users SET role=? WHERE login=?", [new_role,user_to_update]) message = "пользователю %s добавлена роль %s" % (user_to_update, role_to_add) elif (action == "del_role" and "admin" in role[0][0] and "role_to_del" in parametrs and "user_to_update" in parametrs): role_to_del = parametrs["role_to_del"][0] user_to_update = parametrs["user_to_update"][0] old_role = sqlr("SELECT role FROM users WHERE login=?", [user_to_update])[0][0] new_role = " ".join([index for index in old_role.split(" ") if index != role_to_del]) sqlw("UPDATE users SET role=? WHERE login=?", [new_role,user_to_update]) message = "у пользователя %s удалена роль %s" % (user_to_update, role_to_del) elif (action == "del_user" and "admin" in role[0][0] and "user_to_del" in parametrs): user_to_del = parametrs["user_to_del"][0] sqlw("DELETE FROM users WHERE login=?", [user_to_del]) message = "пользователь %s удален" % (user_to_del) elif (action == "add_user" and "admin" in role[0][0] and "user_to_add" in parametrs): user_to_add = parametrs["user_to_add"][0] password = generate(16) sqlw("INSERT INTO users VALUES (?,?,?)", [user_to_add, passhash(password, user_to_add), "user"]) message = "пользователь %s создан. пароль %s" % (user_to_add, password) elif (action == "password_generate" and "admin" in role[0][0] and "user_to_update" in parametrs): user_to_update = parametrs["user_to_update"][0] password = generate(16) sqlw("UPDATE users SET password=? WHERE login=?", [passhash(password, user_to_update), user_to_update]) message = "пароль пользователя %s теперь %s" % (user_to_update, password) elif (action == "password_change" and "password1" in parametrs and "password2" in parametrs and "user_to_update" in parametrs): password1 = parametrs["password1"][0] password2 = parametrs["password2"][0] user_to_update = parametrs["user_to_update"][0] if password1 == password2: if len(password1) > 12: if "password" in role[0][0] and user_to_update==login: sqlw("UPDATE users SET password=? WHERE login=?", [passhash(password1, user_to_update), user_to_update]) message = "пароль изменен" elif "admin" in role[0][0]: sqlw("UPDATE users SET password=? WHERE login=?", [passhash(password1, user_to_update), user_to_update]) message = "пароль пользователя %s изменен" % user_to_update else: message = "нет роли для изменения пароля" else: message = "пароль короче 12 символов" else: message = "пароль не совпал с повторением пароля" else: #errors = "error" message = str(parametrs) redirect = redirect_to+"?message="+message page = """""" % redirect else: errors = "error" else: errors = "error" if errors is not None: return {"page":errors} else: return {"page":page} if __name__ == '__main__': import cgitb cgitb.enable(display=1, logdir="log") cgi_cover(main)