ncauth_user.py 2.15 KB
import sqlite3
import hashlib
import tornado.template
import os.path
from ncauth.ncauth_base import ncauth_base
class ncauth_user(ncauth_base):

    def get(self):
        self.render('login.html')
#            self.write('<html><body><form action="/login" method="post"  id="login_form">'
#                       'Name: <input type="text" name="name" id="username"  value="">'
#                       'PW: <input class="text-input" id="password" name="password" tabindex="2" type="password" value="">'
#                       '<input id="signin-btn" class="btn btn-blue" type="submit" value="Sign in">'
#                       '</form></body></html>')

    def post(self):
        self.set_secure_cookie("user", self.get_argument("name"),expires_days=1,secure=True)
#        self.set_secure_cookie("expires_days", "1")
        pw=self.get_argument("password")
        username=self.get_argument("name")
        salt='xy4$rt'
        #hashlib.sha512(pw.encode('utf-8') + salt.encode('utf-8')).hexdigest()
        if hashlib.md5(pw.encode('utf-8')).hexdigest()    ==  self.getuserpw(username):
            self.set_secure_cookie("user", self.get_argument("name"),expires_days=1,secure=True)
            self.set_secure_cookie("incorrect", "0",expires_days=1,secure=True)
           
#            self.write("Jo")
            self.redirect("/")
        else:
#            self.write("Hello, world"+self.get_argument("name")+' '+self.get_argument("password")+ ' /// '+hashlib.md5(pw.encode('utf-8')).hexdigest() +' vs. '+self.getuserpw(username))
            self.set_secure_cookie("incorrect", "1",expires_days=1,secure=True)
            self.redirect("/login")


    def getuserpw(self,username):
      
        dbpath =os.path.dirname(__file__)+ "/srvcnf.sqlite3"
        self.write(dbpath)
 #       password=self.get_argument("password")
        self.write(" - ")
        self.db=sqlite3.connect(dbpath)
        self.dbcursor=self.db.cursor()
        sql = 'Select password from srvusers where username = "'+username+'"'
#        password=''
        for row in self.dbcursor.execute(sql):
            password= row[0]   #String.valueOf(c.getInt(c.getColumnIndex("password")));
        return password