diff --git a/scripts/cgi-bin/eressea-confirm.py b/scripts/cgi-bin/eressea-confirm.py index 1fd80a123..240188b20 100755 --- a/scripts/cgi-bin/eressea-confirm.py +++ b/scripts/cgi-bin/eressea-confirm.py @@ -1,5 +1,8 @@ #!/usr/bin/env python +# If (password, custid) exist in the database, and the user is in state +# 'WAITING', he will be changed to 'CONFIRMED'. + import sys import MySQLdb import cgi @@ -64,7 +67,7 @@ if (password==None) or (custid==None): else: db=MySQLdb.connect(db=dbname) cursor=db.cursor() - exist=cursor.execute("select id from users where id="+custid+" and password='"+password+"'") + exist=cursor.execute("select id from users where id="+custid+" and status='WAITING' and password='"+password+"'") if exist==0: Display('
Kundennummer oder Schlüssel falsch. Bitte beachte, dass Du beim Schlüssel auf Groß- und Kleinschreibung achten mußt.')
else:
diff --git a/scripts/cgi-bin/eressea-register.py b/scripts/cgi-bin/eressea-register.py
index 47c926154..5ead87626 100755
--- a/scripts/cgi-bin/eressea-register.py
+++ b/scripts/cgi-bin/eressea-register.py
@@ -52,8 +52,8 @@ def Send(email, custid, firstname, password, position):
SubResult = re.subn(" Du stehst bereits auf der Warteliste')
+ exist=cursor.execute("select id from users where email='"+email+"' and (status='WAITING' or status='CONFIRMED')")
+ if exist:
+ text={"de":"Du stehst bereits auf der Warteliste","en":"You are already on the waiting list"}
+ Display(' '+text[locale])
else:
+ bans=cursor.execute('select regex, reason from bannedemails')
+ while bans:
+ bans=bans-1
+ regexp, reason = cursor.fetchone()
+ if (re.match(regexp, email, re.IGNORECASE))!=None:
+ Display('Deine Email-Adresse ist für Eressea nicht zugelassen. '+reason)
+ sys.exit(0)
+
password=genpasswd()
fields = "firstname, lastname, locale, email, address, city, status, password"
values = "'"+firstname+"', '"+lastname+"', '"+locale+"', '"+email+"', '"+address+"', '"+city+"', 'WAITING', '"+password+"'"
@@ -138,11 +147,14 @@ else:
cursor.execute("insert into users ("+fields+") VALUES ("+values+")")
cursor.execute("SELECT LAST_INSERT_ID() from dual")
custid=cursor.fetchone()[0]
+ ip=None
if os.environ.has_key('REMOTE_ADDR'):
ip=os.environ['REMOTE_ADDR']
+ if ip!=None:
cursor.execute("REPLACE userips (ip, user) VALUES ('"+ip+"', "+str(int(custid))+")")
cursor.execute("insert into subscriptions (user, race, game, status) VALUES ("+str(int(custid))+", '"+race+"', 0, 'PENDING')")
cursor.execute("select count(*) from users where status='WAITING' or status='CONFIRMED'")
Send(email, custid, firstname, password, cursor.fetchone()[0])
- Display(" Deine Anmeldung wurde bearbeitet. Eine EMail mit Hinweisen ist unterwegs zu Dir.")
+ text={"de":"Deine Anmeldung wurde bearbeitet. Eine EMail mit Hinweisen ist unterwegs zu Dir", "en":"Your application was processed. An email containing further instructions is being sent to you"}
+ Display(" "+text[locale]+".")
db.close()
diff --git a/scripts/cgi-bin/standin.py b/scripts/cgi-bin/standin.py
index 9cd048a10..980193753 100755
--- a/scripts/cgi-bin/standin.py
+++ b/scripts/cgi-bin/standin.py
@@ -62,7 +62,11 @@ def ShowPage():
output=output+''
output=output+' Aus technischen Gründen wird diese Seite erst am Dienstag abend wieder benutzbar sein.'
+
output=output+''
Display(output)
return
'
+ output=output+'Kundennummer: Passwort: '
- output=output+' '
+# output=output+''
+ output=output+''
+ output=output+'