A working version of the script is at
https://mikaru.homeunix.org/py-bin/memberlist.py
The site only allows https because I got sick of all the hacked windoze boxes trying to execute crap that I didn't have, so port 80(http) is blocked on my firewall.
This lets you add users, divisions (groups) and put the users in divisions(groups). and list the users out by group. I haven't figure out yet how to authenticate the users from the database (postgresql) so any pointers there would be helpful. When a user is added, the password is encrypted in the database using postgresql's encrypt() function so that it would be possible to use another application to access the data. Any pointers or advise on where improvments could be made would be welcome.
#!/usr/bin/python print 'Content-type: text/html\n'
import psycopg
import cgitb
import cgi
import sys
cgitb.enable()
def quote(string):
if string:
return string.replace("'", "\\'")
else:
return string
form = cgi.FieldStorage()
conn = psycopg.connect('dbname=XXX user=xxx password=xxxxx')
curs = conn.cursor()
div_name = quote(form.getvalue('div_name'))
div_director = quote(form.getvalue('div_director'))
div_email = quote(form.getvalue('div_email'))
if not (div_name and div_director and div_email):
print 'ALL FIELDS MUST BE COMPLETED'
sys.exit()
query = """INSERT INTO divisions(div_name, div_director, div_email) VALUES
('%s', '%s', '%s')""" % (div_name, div_director, div_email)
curs.execute(query)
conn.commit()
conn.close()
print """
<html>
<head>
<title>Division added</title>
</head>
<body>
<h1>Division created successfully</h1>
<hr />
<a href='memberlist.py'>Back to the main page</a>
</body>
</html>
"""
#!/usr/bin/python
print 'Content-type: text/html\n'
import psycopg
import cgitb
import cgi
import sys
cgitb.enable()
def quote(string):
if string:
return string.replace("'", "\\'")
else:
return string
form = cgi.FieldStorage()
conn = psycopg.connect('dbname=xxxx user=xxxxx password=xxxxx')
curs = conn.cursor()
name = quote(form.getvalue('name'))
address = quote(form.getvalue('address'))
email = quote(form.getvalue('email'))
password = quote(form.getvalue('password'))
username = quote(form.getvalue('username'))
div_id = quote(form.getvalue('division'))
if not (name and username and password):
print 'Please supply name, username, and password'
sys.exit()
query = """INSERT INTO members(name, address, email, password, username,
div_id) VALUES ('%s', '%s', '%s', encrypt('%s', \'f00zball\', \'aes\'), '%s',
'%i')""" % (name, address, email, password, username, int(div_id))
curs.execute(query)
conn.commit()
conn.close()
print """
<html>
<head>
<title>User added</title>
</head>
<body>
<h1>User created successfully</h1>
<hr />
<a href='memberlist.py'>Back to the main page</a>
</body>
</html>
"""
#!/usr/bin/python
from mod_python import apache
import cgitb; cgitb.enable()
import psycopg
conn = psycopg.connect('dbname=xxxx user=xxxx password=xxxxx')
curs = conn.cursor()
print 'Content-type: text/html\n'
print """
<html>
<head>
<title>Member Management</title>
</head>
<body>
<h1>User List</h1>
"""
curs.execute('SELECT * FROM divisions')
rows = curs.dictfetchall()
toplevel = []
children = {}
for row in rows:
division = row['div_id']
print '<p><a href="viewdiv.py?div_id=%(div_id)i">%(div_name)s</a></p>' % row
def format(row):
print '<p><a href="viewdiv.py?div_id=%(div_id)i">%(div_name)s</a></p>' % row
try: kids = children[row['div_id']]
except KeyError: pass
else:
print '<blockquote>'
for kid in kids:
format(kid)
print '</blockquote>'
print '<p>'
for row in toplevel:
format(row)
print """
</p>
<hr />
<p><a href="newuser.py">Create User</a> | <a href="new_div.py">Add
Division</A></p>
</body>
</html>
"""
#!/usr/bin/python
from mod_python import apache
import cgitb; cgitb.enable()
import psycopg
conn = psycopg.connect('dbname=xxxxx user=xxxx password=xxxxx')
curs = conn.cursor()
print 'Content-type: text/html\n'
print """
<html>
<head>
<title>Member Management</title>
</head>
<body>
<h1>User List</h1>
"""
curs.execute('SELECT * FROM members')
rows = curs.dictfetchall()
toplevel = []
children = {}
for row in rows:
parent_id = row['div_id']
if parent_id is None:
toplevel.append(row)
else:
children.setdefault(parent_id,[]).append(row)
def format(row):
print '<p><a href="viewuser.py?mem_id=%(mem_id)i">%(name)s</a></p>' % row
try: kids = children[row['mem_id']]
except KeyError: pass
else:
print '<blockquote>'
for kid in kids:
format(kid)
print '</blockquote>'
print '<p>'
for row in toplevel:
format(row)
print """
</p>
<hr />
<p><a href="newuser.py">Create User</a> | <a href="new_div.py">Add
Division</A> | <A HREF="div_list.py">List Divisions</A></p>
</body>
</html>
"""
#!/usr/bin/python
print 'Content-type: text/html\n'
import cgitb; cgitb.enable()
import psycopg
conn = psycopg.connect('dbname=xxxxxx user=xxxx password=xxxxx')
curs = conn.cursor()
import cgi, sys
form = cgi.FieldStorage()
#name = form.getvalue('name')
print """
<html>
<head>
<title>Division</title>
</head>
<body>
<h1>Add Division</h1>
<form action='add_div.py' method='POST'>
"""
print """
<b>Division Name:</b><br />
<input type='text' size='40' name='div_name' />
<BR><b>Director:</b><br />
<input type='text' size='40' name='div_director' />
<BR><b>Division E-Mail List:</b><br />
<input type='text' size='40' name='div_email' />
<input type='submit' value='Save'/>
</form>
<hr />
<a href='memberlist.py'>Back to the main page</a>'
</body>
</html>
"""
#!/usr/bin/python
print 'Content-type: text/html\n'
import cgitb; cgitb.enable()
import psycopg
conn = psycopg.connect('dbname=xxxxxx user=xxxx password=xxxxx')
curs = conn.cursor()
import cgi, sys
form = cgi.FieldStorage()
curs.execute('SELECT * FROM divisions')
rows = curs.dictfetchall()
print """
<html>
<head>
<title>Adduser</title>
</head>
<body>
<h1>Add user</h1>
<form action='adduser.py' method='POST'>
"""
print """
<b>Name:</b><br />
<input type='text' size='40' name='name' />
<BR><b>Address:</b><br />
<input type='text' size='40' name='address' />
<BR><b>E-Mail:</b><br />
<input type='text' size='40' name='email' />
<BR><b>Password:</b><br />
<input type='password' size='40' name='password' />
<BR><b>Username:</b><br />
<input type='text' size='40' name='username' />
<BR><b>Select Division:</b><br />
<select name="division">
"""
for row in rows:
division = row['div_id']
print '<BR><option value="%(div_id)i">%(div_name)s' % row
print """
</select>
<BR><BR><input type='submit' value='Save'/>
</form>
<hr />
<a href='memberlist.py'>Back to the main page</a>'
</body>
</html>
"""
#!/usr/bin/python
print 'Content-type: text/html\n'
import cgitb; cgitb.enable()
import psycopg
conn = psycopg.connect('dbname=xxxxxx user=xxxx password=xxxxx')
curs = conn.cursor()
import cgi, sys
form = cgi.FieldStorage()
div_id = form.getvalue('div_id')
print """
<html>
<head>
<title>User List</title>
</head>
<body>
<h1>Division Members</h1>
"""
try: div_id = int(div_id)
except:
print 'Invalid user ID'
sys.exit()
curs.execute('SELECT * FROM members WHERE div_id = %i' % div_id)
rows = curs.dictfetchall()
if not rows:
print 'Unknown member ID'
sys.exit()
for row in rows:
division = row['div_id']
print '<p><a href="viewuser.py?mem_id=%(mem_id)i">%(name)s</a></p>' % row
print """
<hr /><a href='memberlist.py'>Back to the Memberlist</a>
| <a href="edituser.py?reply_to=%(mem_id)s">Edit</a> | <a
href="divlist.py">Division List</a>
</body>
</html>
"""
#!/usr/bin/python
print 'Content-type: text/html\n'
import cgitb; cgitb.enable()
import psycopg
conn = psycopg.connect('dbname=xxxxxx user=xxxx password=xxxxx')
curs = conn.cursor()
import cgi, sys
form = cgi.FieldStorage()
mem_id = form.getvalue('mem_id')
print """
<html>
<head>
<title>User Info</title>
</head>
<body>
<h1>View User</h1>
"""
try: mem_id = int(mem_id)
except:
print 'Invalid user ID'
sys.exit()
curs.execute('SELECT * FROM members WHERE mem_id = %i' % mem_id)
rows = curs.dictfetchall()
if not rows:
print 'Unknown member ID'
sys.exit()
row = rows[0]
print """
<p><b>Name:</b> %(name)s<br />
<p><b>Address: %(address)s<br />
<b>Email:</b> <A Href="mailto:%(email)s">%(email)s</a><br />
<b>Username:</b> %(username)s<br />
</p>
<hr />
<a href='memberlist.py'>Back to the Memberlist</a>
| <a href="edituser.py?reply_to=%(mem_id)s">Edit</a>
</body>
</html>
""" % row
_______________________________________________ Tutor maillist - Tutor@python.org http://mail.python.org/mailman/listinfo/tutor
