From c51340fa6ed60b44b49c5147e5d926344fd91de8 Mon Sep 17 00:00:00 2001 From: Bernhard Stampfer Date: Thu, 18 Feb 2016 17:28:22 +0100 Subject: [PATCH] - added password salt/hash with python-bcrypt (install it!), updated database --- app/database.py | 2 +- app/gui.py | 4 +--- app/plot.py | 42 ++++++++++++++++++++++++++++++++---------- app/views.py | 28 +++++++++++++++++++--------- test/database.db | Bin 53248 -> 57344 bytes 5 files changed, 53 insertions(+), 23 deletions(-) diff --git a/app/database.py b/app/database.py index 32c6155..50c5ec1 100644 --- a/app/database.py +++ b/app/database.py @@ -100,7 +100,7 @@ def add_user(u): def update_user(u): #query_db("UPDATE users SET (NAME, LONGNAME, EMAIL, RFID_ID, ISBLACK, ISBARON, ISSHOWN) VALUES (?, ?, ?, ?, ?, ?, ?) WHERE ID=?", (u.name, u.longname, u.email, u.rfid_id, u.isblack, u.isbaron, u.isshown, u.id)) - query_db("UPDATE users SET NAME=?, LONGNAME=?, EMAIL=?, RFID_ID=?, ISBLACK=?, ISBARON=?, ISSHOWN=? WHERE ID=?", (u.name, u.longname, u.email, u.rfid_id, u.isblack, u.isbaron, u.isshown, u.id)) + query_db("UPDATE users SET NAME=?, PASSWORD=?, LONGNAME=?, EMAIL=?, RFID_ID=?, ISBLACK=?, ISBARON=?, ISSHOWN=? WHERE ID=?", (u.name, u.password, u.longname, u.email, u.rfid_id, u.isblack, u.isbaron, u.isshown, u.id)) get_db().commit() diff --git a/app/gui.py b/app/gui.py index 177f4e1..e45cc79 100644 --- a/app/gui.py +++ b/app/gui.py @@ -59,9 +59,7 @@ class MainWindow(wx.Frame): with app.app_context(): for i in range(0, int(self.panelUser.GetAmount())): add_consume(self.user.name, get_product_by_name(drink).id) - plot_total(self.user) - plot_total() - plot_list(4) + plot_all_thread(self.user) self.switchPanels() def switchPanels(self): diff --git a/app/plot.py b/app/plot.py index 204e88d..01cb242 100644 --- a/app/plot.py +++ b/app/plot.py @@ -3,9 +3,24 @@ from matplotlib.dates import WeekdayLocator, DayLocator, HourLocator, DateFormat import numpy as np from user import User from database import * +import thread as th + +def plot_all_thread(user = None): + #if user != None: + # th.start_new_thread(plot_all, (user,)) + #else: + # th.start_new_thread(plot_all, ()) +#def plot_all(user = None): +# + if user != None: + plot_total(user) + plot_total() + plot_list(4) + print 'plot_all' def plot_total(user = None): + print 'plot_total' today = datetime.date.today() delta = datetime.timedelta(days=1) begin = datetime.date.today() - datetime.timedelta(weeks=2) @@ -97,20 +112,27 @@ def plot_list(duration): for consumption in consumed: allconsumptions[consumption.prodnr-1][consumption.consumer-1] += 1 - #print 'debug ------------------' - #print consumptions - #print '------------------------' + #cumulate consumptions for cumulative bar graph + i = 0 + for consumptions in allconsumptions: + if i > 0: + j = 0 + for consumption in consumptions: + allconsumptions[i][j] += allconsumptions[i-1][j] + j += 1 + i += 1 plt.xkcd() fig, ax = plt.subplots() - colors = ['red','green','blue'] + colors = ['blue', 'green', 'red', 'yellow', 'orange' , 'black'] - i=0 - for consumptions in allconsumptions: - ax.barh(np.arange(len(consumptions)), consumptions, label=get_product_by_id(i+1).name, align='center', height=(0.5), color=colors[i]) - i+=1 + #plot reversed to print longest bar lowest + i = len(allconsumptions) + for consumptions in reversed(allconsumptions): + ax.barh(np.arange(len(consumptions)), consumptions, label=get_product_by_id(i).name, align='center', height=(0.5), color=colors[i-1]) + i -= 1 names = list() @@ -126,7 +148,7 @@ def plot_list(duration): ax.yaxis.set_ticks_position('none') ax.xaxis.set_ticks_position('none') - plt.subplots_adjust(left=0.2) + plt.subplots_adjust(left=0.15) #plt.tick_params(which='minor', length=4) #plt.tick_params(which='major', length=5) @@ -144,4 +166,4 @@ def plot_list(duration): plt.savefig('app/static/bierliste.png', dpi=100) #800x600 fig.set_size_inches(15, 10) - plt.savefig('app/static/bierliste_small.png', dpi=72) + plt.savefig('app/static/bierliste_small.png', dpi=72) \ No newline at end of file diff --git a/app/views.py b/app/views.py index f0fe22f..4383da2 100644 --- a/app/views.py +++ b/app/views.py @@ -6,7 +6,7 @@ from plot import * from user import User from product import Product from consumption import Consumption - +import bcrypt @app.route('/static/') @@ -41,7 +41,9 @@ def login(): if u is None: error = 'User does not exist!' return render_template('login.html', error=error, user=get_user_by_name(session.get('name'))) - if u.password != request.form['password']: + #if u.password != request.form['password']: + # bcrypt.checkpy(plaintxt, hash) + if not bcrypt.checkpw(request.form['password'], u.password): error = 'Wrong password!' return render_template('login.html', error=error, user=get_user_by_name(session.get('name'))) @@ -76,10 +78,11 @@ def manage_users_add(): error = "Username not unique!" if request.form['password1'] == request.form['password2']: - u.password = request.form['password1'] + #u.password = request.form['password1'] + u.password = bcrypt.hashpw(request.form['password1'], bcrypt.gensalt()) else: - error="Passwords do not match!" - u.longname=request.form['longname'] + error = "Passwords do not match!" + u.longname = request.form['longname'] u.email = request.form['email'] u.rfid_id = request.form['rfid_id'] @@ -211,9 +214,7 @@ def consume(): username = session.get('name') add_consume(username, prod.id) message = "Du hast gerade ein %s konsumiert." % prod.name - plot_total(get_user_by_name(session.get('name'))) - plot_total() - plot_list(4) + plot_all_thread(get_user_by_name(session.get('name'))) return render_template('consume.html', products=products, message=message, user=get_user_by_name(session.get('name'))) @app.route('/personal') @@ -224,5 +225,14 @@ def personal(): @app.route('/billing') @requires_baron def billing(): - return render_template('billing.html', user=get_user_by_name(session.get('name'))) + +#migrate the db to hashed passwords +#@app.route('/hashdb') +#@requires_baron +#def hashdb(): +# users = get_users() +# for user in users: +# user.password = bcrypt.hashpw(user.password, bcrypt.gensalt()) +# update_user(user) +# return render_template('index.html', users=users, user=get_user_by_name(session.get('name'))) diff --git a/test/database.db b/test/database.db index 70394e20bc2df3ee3e472c4c39504001d4652165..f1b97b2aacdeac5a5122eb728318407e5da1592a 100644 GIT binary patch delta 4819 zcmaKwTa4q@dB-JjW_LETyPnstbrAw`Luc7zq&d^wMV@VTfMyyey)~*iN zEXFm{lBMI_4%+Ev7O1XLm{84*MP)$@;6=8QLHc>jQ*InT)_3-OH=gX?2|YaBeQym^ znuV@YlNoFxpmEW(rB0c1^wOe&rrYXCZ6p~vMo3I+Lov-OW*tjmSxm9@-h=iC++S;t z;BLQXATuhm`W@}=`wpM%J~~=PL{o>Ov3@!g1LB;SmxYqU+7Y@8c3kGLf@3xHMJiKo zVpVwLbi{0Yk_c-$CmS5TNS~x@y6Sy+{V3bKa2n^^NB05M?2ok8dimpQx5*2<39Ecb z8sM01gH9zCR=giw4`!{4r^ttomhl+tqcOTh z7985FG&nm^BfG?e(aTaYTXn)!ODS|kUE@!Z9b+aI(PA+!N<&>~wd5k@ed+qcthKj= z#Ma2NVO4E;6h_EVxLRs7vPgX@I6}D-2{V~d$23a~M~;hmWlnQOnI}dw!^Ax4`oq6? zVF&p6OFnS@hhOvmU4RXI54sP%0sL%btxH?e;p^#ouqm>PcET@))Bx>s3!^o6bVVd{ z`BH+@GDeT0e2F0~N0e2#-77PN85(!A zexwaIlcp4&U^)k96vbfS1W%?arqzur-rp>dm$#7A8ae8;vWZ!~!}BSWg>y(4E)y+% zQ0_C9!8ll9P)izQv!7MsMQa=@3at~8EqK!<^2!#HUL!T5e6Qkt&Xfu#n7V|C%HLH^y2co4HE_L9}XT$_QAgI&Xe8HD^Jq^Su@i`zB-UQ zh}uoVh?tW*8F(0X3S-tV$~`!V6C}xt&X^bzvos59X+B~TlK0j@2$=TzMc?~A-~0Ze z|J?u+_%3u8SoYe^FD3ih_H3K1>kXM)JHW7IS30BIfKi zCiNDxUQH{PnR%=ZdyRvTWMAKAZqhC`iFbyvDOGQWTZCbyh?0?BI09QM(H*57wlFT0 zthGyh9v3DG!6Tt|2QiB*FEiVWP{y6(Q2ec3Zl{arxN5nh*4; zRcsEz^jwu6(?P`yv~w&bDO!zE-N`v3qrhKGh%~jqdmZNdx+?Z1ec)e)d=2k z7AD`ShU@TT*5Ici8L6iyl!q;ux3-y^^g_iRBdhkpbP_2}7u9U64@+=?(}xj5?oS%w zlj(4PXp%@;83CncHlxkw-hbT!%-h?{O@6_q?Fd>vn-SW=tWqaiMx#ONN`FFV3)yLp zhcqdpYN~7f2%x-U;vA3jN^j&i9~uzSq5rzr26X|G)l!_W#`fSN^Z~+y1ow z*#DgGx4ysk{jKk-zCZQ7{w5oI9CU*he3$%}@Er_6sbd5?M(GDA86}x0P6pjOA0;AK z(0ySg?w%b<&`~^c=-$5I^8+mO`zk^my0_NqbdHp=o)?HTzRF2+{@mR@4m3VIvFqkXWl;g z)q8&V3aIby`LaIf1L$4oThJGw29$(81?>d>HSmkTUkBa@v;ye>9JuEHcmJ>a-}nEe zf9kLKKkI+shkXCyd&l>6-xv&j`V(>)@0;+QE6f9w0#iguD&*2jpRM7p@YRKiYJOua?tmKvRMKZcfxIb8l`_GO9sfvNXh1^G;`m@z3fR$lU z0+{`iYg26vAV9o;n~%;{@d$8T(0%#bxo|p)5J5L|zDP!QQ6%KPyIq2~hs z7WjGKE%3SZBmjlnn3rR29c)gUh(u8|2 z6NPHB-0IgQPR|nPSZL8mf7}-4az0hGr2%gdd3s!=y2H8m?IrWYZRVzcn@N#DKDQW5 zEfW^&kx|>kq==+NI5u6*%*`1IH)7(9BkWv3&E@kM-R4qh&%C)TYY&!&SQfPYccHuf zBJ{@E5HD>{wlPFWYay6S&Uu5!<%~2LaY;&oi3lbTL`iE>bF?;|jSFdWoEp%{aBS4- zR^wjgd9Z;8+ssWBX0#&+s$um+V-e$fO3IiEc~e?Y)yWVC|DFh^re(DjPHB^&R8dvE*}x`JtffpQIyUV_<{7S*pin_9cghw< zMP^M~RXlVV==8w2VzVqR^nnLS0X*{CreOm1jhEkWY39 zL13MBKkfbJa-9#inVV`c-I~vO9M&@um?g1sM6+3Vp{ENdSqN8^X1Y?Y^O4brSSV?H zQYm$tqrRE;zPx0Hwwap*OLXO?Hl7RUs96y;rx4EK>8w*eF)@nkAsNCEa!Mu5tDMnJ Q=FQsFK~;M0{rWKUe?zp+EdT%j delta 1195 zcmZA1&ui0Q7zgn8N4mDL`;oS3ZBuQt7|X`0Z5M4Fh}}UC6L;Fcqume`#QNg@{hV=bBZ(jO+9=f)R*Iwau%`*!C zur^Yc;Oy3o*EoQ1pDX|`{)PKHy41lN>za3HoGf{iZJ#9hrqFL%V6_8*>!jc%+Bq8W zz|#tt2Y3%Z!WXfEzMwa#j%JVqJMaZuf>WRmc0miwZ#+B|DJU|Csm6rv^ZA>$)6C`Q zy`760k;0fjSw`Kcp<1Idh^l(}->wTx?nHIf8gWaJ$)5<3VYd{RJf#wF%Xua#D#zS% zj>(p)U$tbnSX36sC$;F<4ff3{(X}(>X7)jLa9Mu$u4(qZ&tY42d7+_@yI|^)22zvm&*;OY1h~x&x58i zDajzD#0(l}-L9=V?a81Pzl>#|tJ4#v&+lJZtyS#W(*4FQwrNYrs3km;Rv55EzL3&dx F;9q$hE6e}@