Hi friands,
I am newbie in python web, I currently use this system in html-php for my
user registration.
html
<form id="validatos" name="validatos" action="protection.php"
method="post">
<div><div class="item">
<label>User <span id="user"></span></label>
<input type="text" name="name" value="" id="wser" class="">
<br></div><div class="item">
<label>Password </label> <span
id="result"> </span>
<input type="password" name="passwort" class="pase">
<br></div>
<label>Dominio</label><br>
<select type="text" name="dom" id="doma" class="">
<option value="1">mydomain.com</option>
<option value="2">other.mx</option>
<option value="3">othermore.es</option>
</select> <br><br>
<input type="submit" value="Iniciar"><br>
</div>
</form>
php
<?php
// Una funcion para evitar ataques de inyeccion sql
function antiyec($data) {
$data = trim($data);
$data = stripslashes($data);
$data = htmlspecialchars($data);
return $data;
}
function limpiaCadena($cadena) {
return (ereg_replace('[^ a-z0-9_-]', '', $cadena));
}
function proPass($pis) {
return (ereg_replace('[^ a-zA-Z0-9_-~!()_+=[]{}<>.\\\/?:@#$%^&*]/is]',
'', $pis));
}
function Numbers($input) {
$input = preg_replace("/[^1-3]/","", $input);
if($input == '') $input = 0;
return $input;
}
//si esta usando ssl
if($_SERVER['HTTPS'] == 'on')
{
//comprobamos que venga de index
if($_SERVER['HTTP_REFERER'] == 'https://mydomain.com/index.html')
{
//comprobamos que sea el metodo post
if ($_SERVER["REQUEST_METHOD"] == "POST") {
// Primero comprobamos que ningún campo esté vacío y que todos los campos
existan.
if(
isset($_POST['name']) && !empty($_POST['name']) &&
isset($_POST['password']) && !empty($_POST['password'])&&
isset($_POST['dom']) && !empty($_POST['dom']) ) {
//Luego limpiamos todas las variables para evitar inyecciones sql
$user = antiyec(limpiaCadena($_POST['name']));
$passwort = antiyec(proPass($_POST['password']));
$dor = antiyec(Numbers($_POST['dor']));
//Voy confirmar dominio
$dom = array(
1 => 'resistemail.com',
2 => 'darkmail.mx',
3 => 'd-e.es'
);
$domain = $dom[$dor];
//Voy a generar el maildir de convinaciones
$maildir = $domain.'/'.$user.'/';
$login = $user.'@'.$domain;
// Si entramos es que todo se ha realizado correctamente
$url = 'http://internal-ip:8000/';
$data = array('usuario' => $user, 'dominio' => $domain, 'pase' =>
$passwort);
// use key 'http' even if you send the request to https://...
$options = array(
'http' => array(
'header' => "Content-type: application/x-www-form-urlencoded\r\n",
'method' => 'POST',
'content' => http_build_query($data),
),
);
$context = stream_context_create($options);
print(file_get_contents($url, false, $context));
//var_dump($result);
echo "<h2>Its ok</h2>";
} else {
echo 'Empty field!';
}
//cerramos metodo post
} else {
echo 'exit';
}
} else {
echo 'Exit exit';
}
} else {
echo '<p>Use HTTPS CAcert.org in your browser.</p>';
}
?>
Currently python does the dirty work by BaseHTTPServer
#!/usr/bin/env python2.7
import BaseHTTPServer
import urlparse
import os
HOST_NAME = ''
PORT_NUMBER=8000
postVars = ''
class MyHandler(BaseHTTPServer.BaseHTTPRequestHandler):
def do_GET(s):
print("Just received a GET request")
s.send_response(200)
s.send_header("Content-type", "text/html")
s.end_headers()
s.wfile.write('Hello world')
return
def do_POST(s):
global postVars
s.send_response(200)
s.send_header("Content-type", "text/html")
s.end_headers()
varLen = int(s.headers['Content-Length'])
postVars = s.rfile.read(varLen)
#print postVars
server_class = BaseHTTPServer.HTTPServer
httpd = server_class((HOST_NAME, PORT_NUMBER), MyHandler)
while True:
try:
httpd.handle_request()
except KeyboardInterrupt:
pass
#print postVars
qs = dict( (k, v if len(v)>1 else v[0] )
for k, v in urlparse.parse_qs(postVars).iteritems() )
pase = qs['pase']
dominio = qs['dominio']
usuario = qs['usuario']
email = usuario + "@" + dominio
print email
if email in open('/etc/mail/vrecipients').read():
print "Usuario ya existe!!"
else:
os.system("/etc/mail/createuser.sh %s %s %s" %
(pase,usuario,dominio))
So I would like, skip the part of php.
Collect directly with python POST variables,
sanitize, and work with variables.
Someone can go telling me where to start.
--
You received this message because you are subscribed to the Google Groups
"web.py" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To post to this group, send email to [email protected].
Visit this group at http://groups.google.com/group/webpy.
For more options, visit https://groups.google.com/d/optout.
