#!/usr/bin/env python
import sys
import MySQLdb
import cgi
import re
import smtplib
# specify the filename of the template file
scripturl="http://eressea.upb.de/~enno/cgi-bin/info.cgi"
TemplateFile = "vinyambar.html"
DefaultTitle = "Vinyambar Datenbank"
dbname = "vinyambar"
From = "accounts@vinyambar.de"
smtpserver = 'localhost'
# define a new function called Display
# it takes one parameter - a string to Display
def Display(Content, Title=DefaultTitle):
TemplateHandle = open(TemplateFile, "r") # open in read only mode
# read the entire file as a string
TemplateInput = TemplateHandle.read()
TemplateHandle.close() # close the file
# for key in Form.keys():
# Content=Content+"
"+str(key)+"="+str(Form[key])
# this defines an exception string in case our
# template file is messed up
BadTemplateException = "There was a problem with the HTML template."
SubResult = re.subn("", Title, TemplateInput)
SubResult = re.subn("", Content, SubResult[0])
if SubResult[1] == 0:
raise BadTemplateException
print "Content-Type: text/html\n\n"
print SubResult[0]
def ShowInfo(custid, Password):
db = MySQLdb.connect(db=dbname)
cursor = db.cursor()
cursor.execute("select max(date), max(id) from transactions")
lastdate, id = cursor.fetchone()
query=("select info, firstname, lastname, email, address, city, country, phone, sum(t.balance), status "+
"from users u, transactions t "+
"where u.id=t.user and u.id="+str(custid)+" and u.password='"+Password+"' "+
"GROUP BY u.id")
#print query
results = cursor.execute(query);
if results > 0:
output = "
Letzte Aktualisierung: "+str(lastdate)[0:10]+"
"
else:
output = "Die Kundennummer oder das angegebene Passwort sind nicht korrekt."
db.close()
Display(output, "Kundendaten #"+str(custid))
def Save(custid, Password):
validkeys=['email','address','lastname','firstname','city','password','phone']
values='id='+str(custid)
for key in Form.keys():
if key in validkeys:
values=values+", "+key+"='"+Form[key].value+"'"
db = MySQLdb.connect(db=dbname)
cursor=db.cursor()
cursor.execute('UPDATE users SET '+values+' where id='+str(custid))
db.close()
ShowInfo(custid, Password)
# Display("Noch nicht implementiert", "Daten speichern für Kunde #"+str(custid))
def SendPass(email):
try:
db = MySQLdb.connect(db=dbname)
cursor=db.cursor()
# print custid
cursor.execute("select id, email, password from users where email='"+email+"'")
custid, email, password = cursor.fetchone()
Msg="From: "+From+"\nTo: "+email+"\nSubject: Vinambar Passwort\n\n"
Msg=Msg+"Deine Kundennummer ist: "+str(int(custid))+"\n"
Msg=Msg+"Dein Vinyambar-Passwort lautet: "+password+"\n"
Msg=Msg+"\nDiese Mail wurde an Dich versandt, weil Du (oder jemand anders) \n"
Msg=Msg+"es im Formular auf http://www.vinyambar.de/accounts.shtml angefordert hat.\n"
server=smtplib.SMTP(smtpserver)
server.sendmail(From, email, Msg)
server.close()
db.close()
Display('Das Passwort wurde verschickt
', 'Kundendaten #'+str(custid))
except:
Display('Beim Versenden des Passwortes ist ein Fehler aufgetreten.
Eventuell ist die email-Adresse unbekannt
', 'Kundendaten für '+email)
Form = cgi.FieldStorage()
if Form.has_key("user"):
custid = int(Form["user"].value)
else:
custid = 0
if Form.has_key("pass"):
Password = Form["pass"].value
else:
Password=""
if Form.has_key("sendpass"):
if Form.has_key("email"):
Email = Form["email"].value
else:
Email=""
SendPass(Email)
elif Form.has_key("save"):
Save(custid, Password)
else:
ShowInfo(custid, Password)