Changeset 332

Timestamp:

06/15/09 20:28:07 (3 years ago)

Author:

ocjhb

Message:

added password, but disable - password should not be required for receiving coins

Files:

• trunk/sandbox/jhb/webwallet/cgi/wallet.cgi (modified) (6 diffs)

trunk/sandbox/jhb/webwallet/cgi/wallet.cgi

@@ -2 +2 @@
 
 libdir = '/home/joerg/opencoin'
-datadir = '/home/joerg/opencoin/webwallet'
+datadir = '/home/joerg/opencoin/webwallet/data'
 
 ##################################
@@ -14 +14 @@
 from oc2 import wallet, transports
 
-
+#for key,value in os.environ.items():
+#    print '%s: %s<br>\n' % (key,value)
+#print str(username)    
 
 class CGIWallet:
@@ -33 +35 @@
         print "\r"
         if self.mimetype == 'text/html':
-            print '<html><body><small>%s</small>' % (baseserver+baseurl)
+            print '<html><body>'
+            #print '<small><a href="%s?action=logout">Logout</a></small>' % (baseurl)
             print '<br/>\n'.join(self.output)
             print '</body></html>'
@@ -47 +50 @@
     def dispatchRequest(self):
         self.env = os.environ
-        self.form = cgi.FieldStorage(keep_blank_values=1)
         self.action = action = self.form.getfirst('action','')
         self.method = method = self.env['REQUEST_METHOD'].lower()
@@ -55 +57 @@
                            redeem = self.redeemCoins,
                            delcurrency = self.delCurrency,
-                           spend = self.spendCoins)
+                           spend = self.spendCoins,
+                           login = self.displayMain)
 
         getmapping = dict(addcurrency = self.displayAddCurrency,
@@ -276 +279 @@
         self.out(answer.toString(True))
 
+form = cgi.FieldStorage(keep_blank_values=1)
+
 baseserver = "http://%s:%s" % (os.environ['SERVER_NAME'],os.environ['SERVER_PORT'])
-baseurl = os.environ['SCRIPT_NAME']
-
+username = os.environ.get('PATH_INFO','')
+baseurl = os.environ['SCRIPT_NAME']+username
+
+def die(string):
+    print 'Content-type:text/plain\r\n'
+    print string
+    sys.exit(0)
+
+if  username == '/' or not username:
+    die('username required, no direct access allowed. Try %s%s/YOURNAME' % (baseserver,baseurl))
+username = username[1:]    
+if username.startswith('.') or '/' in username:
+    die('hacking in, ey')
+
+if 0:
+    password = None
+
+    if form.has_key('password'):    
+        password = form.getfirst('password')
+        print "Set-Cookie:%s=%s" % (username,password)
+    elif form.getfirst('action','') == 'logout':
+        print "Set-Cookie:%s=%s" % (username,'')
+    elif os.environ.has_key('HTTP_COOKIE'):
+        for cookie in [c.strip() for c in os.environ['HTTP_COOKIE'].split(';')]:
+            if not cookie:
+                continue
+            (key, value ) = cookie.split('=');
+            if key == username:
+                password = value
+
+
+    filepath = datadir+'/%s.bin' % username
+    storage = oc2storage.CryptedStorage()
+    storage.setPassword(password)
+    storage.setFilename(filepath)
+    message = ''
+    if password and not os.path.exists(filepath):
+        storage.save()
+    elif form.getfirst('action','') not in ['logout','']:
+        try:
+            storage.restore()
+            storage.save()
+        except:   
+            print "Set-Cookie:%s=%s" % (username,'')
+            password = None
+            message = 'Wrong password<br>'
+
+    if not password:
+        print """Content-type:text/html
+
+        <html><body>
+        <form action='%s' method='post'>
+        %s
+        Enter your password: <input type='password' name='password'> <input type='submit'>
+        <input type='hidden' name='action' value='login' />
+        </form>
+        </body></html>
+        """ % (baseurl,message)
+        sys.exit(0)
+filepath = datadir+'/%s.bin' % username
 storage = oc2storage.Storage()
-storage.setFilename(datadir+'/wallet.bin')
+storage.setFilename(filepath)
 storage.restore()
 w = CGIWallet(storage)
+w.form = form
 w.dispatchRequest()
 w.printout()
+
+
+
+#for key,value in os.environ.items():
+#    print '%s: %s<br>\n' % (key,value)
+#print str(username)