#!/usr/bin/env python import sys import MySQLdb import cgi import re import smtplib # specify the filename of the template file scripturl="http://eressea.upb.de/~enno/cgi-bin/info.py" TemplateFile = "vinyambar.html" DefaultTitle = "Vinyambar Datenbank" dbname = "vinyambar" From = "accounts@vinyambar.de" smtpserver = 'localhost' # define a new function called Display # it takes one parameter - a string to Display def Display(Content, Title=DefaultTitle): TemplateHandle = open(TemplateFile, "r") # open in read only mode # read the entire file as a string TemplateInput = TemplateHandle.read() TemplateHandle.close() # close the file for key in Form.keys(): Content=Content+"
"+str(key)+"="+str(Form[key]) # this defines an exception string in case our # template file is messed up BadTemplateException = "There was a problem with the HTML template." SubResult = re.subn("", Title, TemplateInput) SubResult = re.subn("", Content, SubResult[0]) if SubResult[1] == 0: raise BadTemplateException print "Content-Type: text/html\n\n" print SubResult[0] def ShowInfo(custid, Password): db = MySQLdb.connect(db=dbname) cursor = db.cursor() cursor.execute("select max(date), max(id) from transactions") lastdate, id = cursor.fetchone() query=("select info, firstname, lastname, email, address, city, country, phone, sum(t.balance), status "+ "from users u, transactions t "+ "where u.id=t.user and u.id="+str(custid)+" and u.password='"+Password+"' "+ "GROUP BY u.id") #print query results = cursor.execute(query); if results > 0: output = "

Letzte Aktualisierung: "+str(lastdate)[0:10]+"

\n" while results>0: results = results - 1 row = cursor.fetchone() line = "" line = line + "\n" line = line + "\n" line = line + "\n" line = line + "\n" line = line + "\n" line = line + "\n" line = line + "\n" line = line + "\n" output = output + line; output=output+"

Vorname
Nachname
EMail Adresse
Adresse
Wohnort
Telefon
Kontostand	"+str(row[8])+" EUR
Status	"+row[9]+"

" query = ("select games.name, races.name, s.status, s.faction "+ "from races, games, subscriptions s "+ "where s.race=races.race and s.game=games.id "+ "and s.user="+str(custid)+" "); results = cursor.execute(query); output=output+"

Anmeldungen

\n" output=output+"\n" while results>0: results = results - 1 row = cursor.fetchone() line = "" line = line + '\n' line = line + '\n' line = line + '\n' line = line + '\n' line = line + '\n' line = line + '\n' output=output+line output=output+"

Spiel	Rasse	Status	Partei	An-/Abmelden
'+row[0]+'	'+row[1]+'	'+row[2]+'	'+row[3]+'	' if row[2]=='ACTIVE': line = line + '' if row[2]=='CANCELLED': line = line + '' line = line + '

" query="select date, balance, text from transactions, descriptions where descriptions.handle=transactions.description and user="+str(custid)+" ORDER BY date" results = cursor.execute(query); output=output+"

Transaktionen

\n" output=output+"\n" while results>0: results = results - 1 row = cursor.fetchone() line = "" line = line + "\n" line = line + "\n" line = line + "\n" line = line + "\n" output=output+line output=output+"

Datum	Betrag	Verwendung
"+str(row[0])[0:10]+"	"+str(row[1])+" EUR	"+row[2]+"

" output=output+'

' output=output+'' output=output+'' output=output+"

" else: output = "Die Kundennummer oder das angegebene Passwort sind nicht korrekt." db.close() Display(output, "Kundendaten #"+str(custid)) def Save(custid, Password): validkeys=['email','address','lastname','firstname','city','password','phone'] values='id='+str(custid) for key in Form.keys(): if key in validkeys: values=values+", "+key+"='"+Form[key].value+"'" db = MySQLdb.connect(db=dbname) cursor=db.cursor() cursor.execute('UPDATE users SET '+values+' where id='+str(custid)) nfactions = cursor.execute("select g.name, s.id, faction from games g, subscriptions s where s.status='ACTIVE' and s.user="+str(custid) + " and s.game=g.id") while nfactions > 0: game, sid, faction = cursor.fetchone() if Form.has_key("cancel_"+faction): update = db.cursor() update.execute("UPDATE subscriptions set status='CANCELLED' where id="+str(sid)) nfactions = nfactions - 1 nfactions = cursor.execute("select g.name, s.id, faction from games g, subscriptions s where s.status='CANCELLED' and s.user="+str(custid) + " and s.game=g.id") while nfactions > 0: game, sid, faction = cursor.fetchone() if Form.has_key("activate_"+faction): update = db.cursor() update.execute("UPDATE subscriptions set status='ACTIVE' where id="+str(sid)) nfactions = nfactions - 1 db.close() ShowInfo(custid, Password) # Display("Noch nicht implementiert", "Daten speichern für Kunde #"+str(custid)) def SendPass(email): try: db = MySQLdb.connect(db=dbname) cursor=db.cursor() # print custid cursor.execute("select id, email, password from users where email='"+email+"'") custid, email, password = cursor.fetchone() Msg="From: "+From+"\nTo: "+email+"\nSubject: Vinambar Passwort\n\n" Msg=Msg+"Deine Kundennummer ist: "+str(int(custid))+"\n" Msg=Msg+"Dein Vinyambar-Passwort lautet: "+password+"\n" Msg=Msg+"\nDiese Mail wurde an Dich versandt, weil Du (oder jemand anders) \n" Msg=Msg+"es im Formular auf http://www.vinyambar.de/accounts.shtml angefordert hat.\n" server=smtplib.SMTP(smtpserver) server.sendmail(From, email, Msg) server.close() db.close() Display('

Das Passwort wurde verschickt

', 'Kundendaten #'+str(custid)) except: Display('

Beim Versenden des Passwortes ist ein Fehler aufgetreten.
Eventuell ist die email-Adresse unbekannt

', 'Kundendaten für '+email) Form = cgi.FieldStorage() if Form.has_key("user"): custid = int(Form["user"].value) else: custid = 0 if Form.has_key("pass"): Password = Form["pass"].value else: Password="" if Form.has_key("sendpass"): if Form.has_key("email"): Email = Form["email"].value else: Email="" SendPass(Email) elif Form.has_key("save"): Save(custid, Password) else: ShowInfo(custid, Password)