[Tutor] code review request

Will Harris mosinu at gmail.com
Thu Jan 5 02:42:12 CET 2006 

Hoping to get some of you guru types to look over the start of a tool I am
working on in python.

A working version of the script is at
https://mikaru.homeunix.org/py-bin/memberlist.py

<https://mikaru.homeunix.org/python/>The site only allows https because I
got sick of all the hacked windoze boxes trying to execute crap that I
didn't have, so port 80(http) is blocked on my firewall.

This lets you add users, divisions (groups) and put the users in
divisions(groups). and list the users out by group. I haven't figure out yet
how to authenticate the users from the database (postgresql) so any pointers
there would be helpful. When a user is added, the password is encrypted in
the database using postgresql's encrypt() function so that it would be
possible to use another application to access the data. Any pointers or
advise on where improvments could be made would be welcome.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mail.python.org/pipermail/tutor/attachments/20060104/0a250621/attachment.html 
-------------- next part --------------
#!/usr/bin/python

print 'Content-type: text/html\n'

import psycopg
import cgitb
import cgi
import sys
cgitb.enable()

def quote(string):
    if string:
        return string.replace("'", "\\'")
    else:
        return string

form = cgi.FieldStorage()


conn = psycopg.connect('dbname=XXX user=xxx password=xxxxx')
curs = conn.cursor()

div_name = quote(form.getvalue('div_name'))
div_director = quote(form.getvalue('div_director'))
div_email = quote(form.getvalue('div_email'))

if not (div_name and div_director and div_email):
    print 'ALL FIELDS MUST BE COMPLETED'
    sys.exit()

query = """INSERT INTO divisions(div_name, div_director, div_email) VALUES ('%s', '%s', '%s')""" % (div_name, div_director, div_email)

curs.execute(query)
conn.commit()
conn.close()

print """
<html>
  <head>
    <title>Division added</title>
  </head>
  <body>
    <h1>Division created successfully</h1>
    <hr />
    <a href='memberlist.py'>Back to the main page</a>
  </body>
</html>
"""

-------------- next part --------------
#!/usr/bin/python

print 'Content-type: text/html\n'

import psycopg
import cgitb
import cgi
import sys
cgitb.enable()

def quote(string):
    if string:
        return string.replace("'", "\\'")
    else:
        return string

form = cgi.FieldStorage()


conn = psycopg.connect('dbname=xxxx user=xxxxx password=xxxxx')
curs = conn.cursor()

name = quote(form.getvalue('name'))
address = quote(form.getvalue('address'))
email = quote(form.getvalue('email'))
password = quote(form.getvalue('password'))
username = quote(form.getvalue('username'))
div_id = quote(form.getvalue('division'))

if not (name and username and password):
    print 'Please supply name, username, and password'
    sys.exit()

query = """INSERT INTO members(name, address, email, password, username, div_id) VALUES ('%s', '%s', '%s', encrypt('%s', \'f00zball\', \'aes\'), '%s', '%i')""" % (name, address, email, password, username, int(div_id))

curs.execute(query)
conn.commit()
conn.close()

print """
<html>
  <head>
    <title>User added</title>
  </head>
  <body>
    <h1>User created successfully</h1>
    <hr />
    <a href='memberlist.py'>Back to the main page</a>
  </body>
</html>
"""

-------------- next part --------------
#!/usr/bin/python

from mod_python import apache
import cgitb; cgitb.enable()
import psycopg
conn = psycopg.connect('dbname=xxxx user=xxxx password=xxxxx')
curs = conn.cursor()

print 'Content-type: text/html\n'

print """
<html>
  <head>
    <title>Member Management</title>
  </head>
  <body>
    <h1>User List</h1>
    """

curs.execute('SELECT * FROM divisions')
rows = curs.dictfetchall()

toplevel = []
children = {}

for row in rows:
    division = row['div_id']
    print '<p><a href="viewdiv.py?div_id=%(div_id)i">%(div_name)s</a></p>' % row

def format(row):
    print '<p><a href="viewdiv.py?div_id=%(div_id)i">%(div_name)s</a></p>' % row
    try: kids = children[row['div_id']]
    except KeyError: pass
    else:
        print '<blockquote>'
        for kid in kids:
            format(kid)
        print '</blockquote>'

print '<p>'

for row in toplevel:
    format(row)

print """
    </p>
    <hr />
    <p><a href="newuser.py">Create User</a> | <a href="new_div.py">Add Division</A></p>
  </body>
</html>
"""

-------------- next part --------------
#!/usr/bin/python

from mod_python import apache
import cgitb; cgitb.enable()
import psycopg
conn = psycopg.connect('dbname=xxxxx user=xxxx password=xxxxx')
curs = conn.cursor()

print 'Content-type: text/html\n'

print """
<html>
  <head>
    <title>Member Management</title>
  </head>
  <body>
    <h1>User List</h1>
    """

curs.execute('SELECT * FROM members')
rows = curs.dictfetchall()

toplevel = []
children = {}

for row in rows:
    parent_id = row['div_id']
    if parent_id is None:
        toplevel.append(row)
    else:
        children.setdefault(parent_id,[]).append(row)

def format(row):
    print '<p><a href="viewuser.py?mem_id=%(mem_id)i">%(name)s</a></p>' % row
    try: kids = children[row['mem_id']]
    except KeyError: pass
    else:
        print '<blockquote>'
        for kid in kids:
            format(kid)
        print '</blockquote>'

print '<p>'

for row in toplevel:
    format(row)

print """
    </p>
    <hr />
    <p><a href="newuser.py">Create User</a> | <a href="new_div.py">Add Division</A> | <A HREF="div_list.py">List Divisions</A></p>
  </body>
</html>
"""

-------------- next part --------------
#!/usr/bin/python

print 'Content-type: text/html\n'

import cgitb; cgitb.enable()

import psycopg
conn = psycopg.connect('dbname=xxxxxx user=xxxx password=xxxxx')
curs = conn.cursor()

import cgi, sys
form = cgi.FieldStorage()
#name = form.getvalue('name')


print """
<html>
  <head>
    <title>Division</title>
  </head>
  <body>
    <h1>Add Division</h1>
    <form action='add_div.py' method='POST'>
    """

print """
    <b>Division Name:</b><br />
    <input type='text' size='40' name='div_name' />
    <BR><b>Director:</b><br />
    <input type='text' size='40' name='div_director' />
    <BR><b>Division E-Mail List:</b><br />
    <input type='text' size='40' name='div_email' />
    <input type='submit' value='Save'/>
    </form>
    <hr />
    <a href='memberlist.py'>Back to the main page</a>'
  </body>
</html>
"""

-------------- next part --------------
#!/usr/bin/python

print 'Content-type: text/html\n'

import cgitb; cgitb.enable()

import psycopg
conn = psycopg.connect('dbname=xxxxxx user=xxxx password=xxxxx')
curs = conn.cursor()

import cgi, sys
form = cgi.FieldStorage()

curs.execute('SELECT * FROM divisions')
rows = curs.dictfetchall()

print """
<html>
  <head>
    <title>Adduser</title>
  </head>
  <body>
    <h1>Add user</h1>
    <form action='adduser.py' method='POST'>
    """

print """
    <b>Name:</b><br />
    <input type='text' size='40' name='name' />
    <BR><b>Address:</b><br />
    <input type='text' size='40' name='address' />
    <BR><b>E-Mail:</b><br />
    <input type='text' size='40' name='email' />
    <BR><b>Password:</b><br />
    <input type='password' size='40' name='password' />
    <BR><b>Username:</b><br />
    <input type='text' size='40' name='username' />
    <BR><b>Select Division:</b><br />
    <select name="division">
"""
for row in rows:
    division = row['div_id']
    print '<BR><option value="%(div_id)i">%(div_name)s' % row

print """
    </select>
    <BR><BR><input type='submit' value='Save'/>
    </form>
    <hr />
    <a href='memberlist.py'>Back to the main page</a>'
  </body>
</html>
"""
-------------- next part --------------
#!/usr/bin/python

print 'Content-type: text/html\n'

import cgitb; cgitb.enable()

import psycopg
conn = psycopg.connect('dbname=xxxxxx user=xxxx password=xxxxx')
curs = conn.cursor()

import cgi, sys
form = cgi.FieldStorage()
div_id = form.getvalue('div_id')

print """
<html>
  <head>
    <title>User List</title>
  </head>
  <body>
    <h1>Division Members</h1>
    """

try: div_id = int(div_id)
except:
    print 'Invalid user ID'
    sys.exit()

curs.execute('SELECT * FROM members WHERE div_id = %i' % div_id)
rows = curs.dictfetchall()

if not rows:
    print 'Unknown member ID'
    sys.exit()

for row in rows:
    division = row['div_id']
    print '<p><a href="viewuser.py?mem_id=%(mem_id)i">%(name)s</a></p>' % row

print """
    <hr /><a href='memberlist.py'>Back to the Memberlist</a>
    | <a href="edituser.py?reply_to=%(mem_id)s">Edit</a> | <a href="divlist.py">Division List</a>
  </body>
</html>
"""
-------------- next part --------------
#!/usr/bin/python

print 'Content-type: text/html\n'

import cgitb; cgitb.enable()

import psycopg
conn = psycopg.connect('dbname=xxxxxx user=xxxx password=xxxxx')
curs = conn.cursor()

import cgi, sys
form = cgi.FieldStorage()
mem_id = form.getvalue('mem_id')

print """
<html>
  <head>
    <title>User Info</title>
  </head>
  <body>
    <h1>View User</h1>
    """

try: mem_id = int(mem_id)
except:
    print 'Invalid user ID'
    sys.exit()

curs.execute('SELECT * FROM members WHERE mem_id = %i' % mem_id)
rows = curs.dictfetchall()

if not rows:
    print 'Unknown member ID'
    sys.exit()

row = rows[0]
print """
    <p><b>Name:</b> %(name)s<br />
    <p><b>Address: %(address)s<br />
    <b>Email:</b> <A Href="mailto:%(email)s">%(email)s</a><br />
    <b>Username:</b> %(username)s<br />    
    </p>
    <hr />
    <a href='memberlist.py'>Back to the Memberlist</a>
    | <a href="edituser.py?reply_to=%(mem_id)s">Edit</a>
  </body>
</html>
""" % row

More information about the Tutor mailing list