commit 5687e671f2f63f5dbbb768bff0e02b4e23274f7d
parent 259ad4426b5d29cc97b7c58a8640a0301b81eea3
Author: rbckman <rob@tarina.org>
Date: Mon, 26 Oct 2020 20:45:14 +0200
tog bort hemligt.py, skuffa byyssare å superadmin ti databasen
Diffstat:
4 files changed, 40 insertions(+), 21 deletions(-)
diff --git a/README b/README
@@ -10,11 +10,13 @@ sqlite3 version 3.27.2 rekommenderas. Finns i senaste debian stable.
2. cd bygdis.fi
3. sudo ./install.sh
4. skriv "localhost" i webläsaren
+5. logga in me byyns användarnamn å lösen, fråga nån som vejt i byyn om du int kommer ihåg
+6. nästa användare du registrerar blir superadmin
ifall det inte fungerar kolla error.log i bygdis.fi mappen.
TODO
-- ta bort hemligt.py och fixa admin till databasen istället
-- 3 olika admin levels i databasen
+- ta bort hemligt.py och fixa admin till databasen istället FIXAT
+- 3 olika admin levels i databasen FIXAT
- admin sida var man kan ta bort spam och kicka users, tom banna users.
diff --git a/db/makedb.sh b/db/makedb.sh
@@ -1,4 +1,5 @@
#!/bin/sh
+PASS='$2b$12$Ixo8B3rdViorfnh8cpVRDeiHweOD4uCJ2ztByr6OY5hk0nCNVvhjW'
sqlite3 bygdis.db <<EOF
CREATE TABLE kalender (id integer primary key, datumtid datetime, veckodag text, event text, admin TEXT);
CREATE TABLE posts (id integer PRIMARY KEY, datumtid datetime, post text NOT NULL, likes integer);
@@ -10,4 +11,5 @@ CREATE TABLE likes (id integer PRIMARY KEY, user TEXT, bild TEXT, datum TIMESTAM
CREATE TABLE hates (id integer PRIMARY KEY, user TEXT, bild TEXT, datum TIMESTAMP);
CREATE TABLE bildadmin (id INT AUTO_INCREMENT, name TEXT, displayname TEXT, password TEXT, mail TEXT, subscribe TEXT, adminlevel INT);
CREATE TABLE stopresetpass (id integer PRIMARY KEY, mail TEXT, tid INT);
+INSERT INTO bildadmin VALUES(NULL, "byyssare", "byyssare", "$PASS", "byyssare@bygdis.fi", "aldrig", 2);
EOF
diff --git a/public_html/html/register.html b/public_html/html/register.html
@@ -1,9 +1,12 @@
-$def with (loginform, formfail)
+$def with (loginform, formfail, totusers)
<div id="container">
<div id="default">
<br>
- <h2>Registreer te mesama!</h2>
- <p>Tu måst registreer te för att kun sät opp bilder å anat plåtär. men ja ha ju registreer mej ridan <a href="/login">logg in tå</a></p>
+ $if totusers > 1:
+ <h2>Registreer te mesama!</h2>
+ <p>Tu måst registreer te för att kun sät opp bilder å anat plåtär. men ja ha ju registreer mej ridan <a href="/login">logg in tå</a></p>
+ $else:
+ <h2>Registrera superadmin</h2>
<div id="addevent">
<form method="POST">
$:loginform.render()
diff --git a/server.py b/server.py
@@ -109,7 +109,14 @@ def adduser(name, password, mail):
password = password.encode("utf-8")
salt = bcrypt.gensalt()
password_hashed = bcrypt.hashpw(password, salt)
- db.insert('bildadmin', name=name, displayname=name, password=password_hashed, mail=mail, subscribe='aldrig')
+ #check user db, if empty create admin
+ users = db.query("SELECT COUNT(*) AS users FROM bildadmin")[0]
+ tot = int(users.users)
+ print('users alltsomallt: ' + str(tot))
+ if tot > 1:
+ db.insert('bildadmin', name=name, displayname=name, password=password_hashed, mail=mail, subscribe='aldrig', adminlevel=3)
+ else:
+ db.insert('bildadmin', name=name, displayname=name, password=password_hashed, mail=mail, subscribe='aldrig', adminlevel=5)
print("new user added")
return
@@ -117,6 +124,15 @@ def bildhistoriker():
bildhistoriker = db.query("SELECT name, displayname, mail, password FROM bildadmin")
return bildhistoriker
+def adminlevel(user):
+ level = db.query("SELECT adminlevel FROM bildadmin WHERE name='"+user+"';")[0]
+ #1 session logout, web.py bug
+ #2 rights to see pics and comment
+ #3 rights to upoload
+ #5 superadmin
+ session.login = int(level.adminlevel)
+ return
+
def getdisplayname(user):
displayname = db.query("SELECT displayname FROM bildadmin WHERE name='"+user+"';")[0]
return displayname.displayname
@@ -326,12 +342,13 @@ class login():
bildadmins = bildhistoriker()
for p in bildadmins:
if p.name.lower() == i.user.lower() or p.mail.lower() == i.user.lower():
- if bcrypt.checkpw(i.password.encode('utf-8'), p.password):
- if i.user.lower() == 'byyssare':
- session.login = 2
- else:
- session.login = 3
- session.user = p.name.lower()
+ try:
+ encodepass = p.password.encode("utf-8")
+ except:
+ encodepass = p.password
+ if bcrypt.checkpw(i.password.encode('utf-8'), encodepass):
+ session.user = p.name
+ adminlevel(p.name)
print('BACKURL: '+session.backurl)
if session.backurl != '':
backurl = session.backurl
@@ -339,14 +356,6 @@ class login():
raise web.seeother(backurl)
else:
raise web.seeother('/bilder')
- if (i.user.lower(),i.password) in allowed:
- session.login = 5
- session.user = i.user.lower()
- raise web.seeother('/admin')
- elif (i.user.lower(),i.password) == historikaccess:
- session.login = 2
- session.user = i.user.lower()
- raise web.seeother('/bilder')
else:
return web.seeother('/login?error=fejl')
@@ -432,9 +441,12 @@ class register():
formfail = 'he va no för uuslit lösenord, minst 5 bokstäver'
except:
pass
+ #check user db, if empty create admin
+ users = db.query("SELECT COUNT(*) AS users FROM bildadmin")[0]
+ totusers = int(users.users)
registerform.fill(user=urllib.parse.unquote_plus(n), mail=urllib.parse.unquote_plus(m))
if session.login > 1:
- return render.register(registerform, formfail)
+ return render.register(registerform, formfail, totusers)
else:
raise web.seeother('/')
def POST(self):
