Author: duncan
Date: Sun Dec 31 07:41:23 2006
New Revision: 8877
Added:
branches/rel-1/freevo/src/helpers/passwd.py (contents, props changed)
Modified:
branches/rel-1/freevo/ChangeLog
branches/rel-1/freevo/src/www/web_types.py
Log:
[ 1623854 ] Better security for webserver
Patch from Ryan Roth applied
Modified: branches/rel-1/freevo/ChangeLog
==============================================================================
--- branches/rel-1/freevo/ChangeLog (original)
+++ branches/rel-1/freevo/ChangeLog Sun Dec 31 07:41:23 2006
@@ -47,6 +47,7 @@
* Updated tv mplayer plug-in to pause live tv and change channels without
stopping for dvb (F#1610656)
* Updated video player to allow commands before and after playback (F#1602956)
* Updated weather translations, with spanish weather translations (F#1621819)
+ * Updated webserver login to allow for a encrypted username and password
(F#1623854)
* Removed video plug-in mplayer for unichrome playback (B#1606699)
== Release 1.6.3 (200?-??-??) ==
Added: branches/rel-1/freevo/src/helpers/passwd.py
==============================================================================
--- (empty file)
+++ branches/rel-1/freevo/src/helpers/passwd.py Sun Dec 31 07:41:23 2006
@@ -0,0 +1,38 @@
+# -*- coding: iso-8859-1 -*-
+# -----------------------------------------------------------------------
+# web_types.py - Classes useful for the web interface.
+# -----------------------------------------------------------------------
+# $Id$
+#
+# Notes:
+# Todo:
+#
+# -----------------------------------------------------------------------
+# Freevo - A Home Theater PC framework
+# Copyright (C) 2003 Krister Lagerstrom, et al.
+# Please see the file freevo/Docs/CREDITS for a complete list of authors.
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 2 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful, but
+# WITHOUT ANY WARRANTY; without even the implied warranty of MER-
+# CHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General
+# Public License for more details.
+#
+# You should have received a copy of the GNU General Public License along
+# with this program; if not, write to the Free Software Foundation, Inc.,
+# 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
+#
+# -----------------------------------------------------------------------
+
+import base64
+import md5
+
+username_in = raw_input('Enter username:')
+password_in = raw_input('Enter password:')
+password = md5.new(password_in + username_in)
+username = md5.new(username_in + password_in)
+print("'%s' : '%s'" % (base64.b32encode(username.digest()),
base64.b32encode(password.digest())))
Modified: branches/rel-1/freevo/src/www/web_types.py
==============================================================================
--- branches/rel-1/freevo/src/www/web_types.py (original)
+++ branches/rel-1/freevo/src/www/web_types.py Sun Dec 31 07:41:23 2006
@@ -5,11 +5,11 @@
# $Id$
#
# Notes:
-# Todo:
+# Todo:
#
# -----------------------------------------------------------------------
# Freevo - A Home Theater PC framework
-# Copyright (C) 2003 Krister Lagerstrom, et al.
+# Copyright (C) 2003 Krister Lagerstrom, et al.
# Please see the file freevo/Docs/CREDITS for a complete list of authors.
#
# This program is free software; you can redistribute it and/or modify
@@ -27,11 +27,13 @@
# 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
#
# -----------------------------------------------------------------------
-
+import base64
+import md5
import os, sys, time
import config
+import socket
from twisted.web.woven import page
from twisted.web.resource import Resource
@@ -42,7 +44,7 @@
class FreevoPage(page.Page):
-
+
def __init__(self, model=None, template=None):
print '__init__(self, model=\"%s\", template=\"%s\")' % (model,
template)
@@ -76,14 +78,20 @@
def auth_user(self, username, password):
- print 'auth_user(self, username=\"%s\", password=\"%s\")' % (username,
password)
+ print 'auth_user(self, username=\"%s\", password=\"%s\")' % (username,
'******')
realpass = config.WWW_USERS.get(username)
- if password == realpass:
+ if not realpass:
+ md5user = md5.new(username + password)
+ realpass = config.WWW_USERS.get(base64.b32encode(md5user.digest()))
+ md5pass = md5.new(password + username)
+ password = base64.b32encode(md5pass.digest())
+ if realpass == password:
return TRUE
else:
return FALSE
+
class HTMLResource:
def __init__(self):
@@ -120,7 +128,7 @@
self.res += '<!-- Header Logo and Status Line -->\n'
self.res += '<div id="titlebar"><span class="name">'\
+'<a href="http://freevo.sourceforge.net/";
target="_blank">Freevo</a></span></div>\n'
-
+
items = [(_('Home'),_('Home'),'%sindex.rpy' % str(strprefix)),
(_('TV Guide'),_('View TV Listings'),'%sguide.rpy' %
str(strprefix)),
(_('Scheduled Recordings'),_('View Scheduled
Recordings'),'%srecord.rpy' % str(strprefix)),
@@ -208,19 +216,19 @@
if not form or not key:
return None
- try:
+ try:
val = form[key][0]
- except:
+ except:
val = None
-
+
return val
def printFooter(self):
print 'printFooter(self)'
self.res += '</body>\n</html>\n'
-
-
+
+
def printSearchForm(self):
print 'printSearchForm(self)'
self.res += """
@@ -257,10 +265,10 @@
self.printSearchForm()
self.printLinks()
self.printFooter()
-
+
def printLinks(self, prefix=0):
print 'printLinks(self, prefix=\"%s\")' % (prefix)
- #
+ #
#try:
# if config.ICECAST_WWW_PAGE:
# self.res += '<a href="%siceslistchanger.rpy">Change Icecast
List</a>' % strprefix
@@ -280,7 +288,7 @@
breadcrumb += '/<a
href="library.rpy?media='+media+'&dir='+_url+'">'+Unicode(i)+'</a>'
return breadcrumb
-
+
def printPassword(self, password):
print 'printPassword(self, password=\"%s\")' % (password)
self.res += """<script language="JavaScript"> <!--
@@ -297,7 +305,7 @@
}
//-->
</script>"""
-
+
def printImagePopup(self):
print 'printImagePopup(self)'
self.res += """<script language="JavaScript" type="text/javascript"
style="display:none;">
@@ -307,3 +315,97 @@
}
</script> """
+ def printWebRemote(self):
+ if not (config.ENABLE_NETWORK_REMOTE == 1 and
config.REMOTE_CONTROL_PORT):
+ self.res += "no remote enabled"
+
+ self.res += u"""
+ <style type="text/css" media="screen">
+ table.remote { width: auto; }
+ td.remote { padding: 0px; }
+ button.remote { width: 60px; height: 18px; background: #eee;
font-size: 12px; text-align: center; padding: 0; }
+ button.remote:hover { background: #fed; }
+ </style>
+
+ <script type="text/javascript">
+ <!--
+ // AJAX Functions
+ var xmlHttp = false;
+
+ function getXMLHttpObject () {
+ if (window.XMLHttpRequest) {
+ xmlHttp=new XMLHttpRequest()
+ }
+ else if (window.ActiveXObject) {
+ xmlHttp=new ActiveXObject("Microsoft.XMLHTTP")
+ }
+ return xmlHttp
+ try {
+ xmlHttp = new ActiveXObject("Msxml2.XMLHTTP"); //
Internet Explorer 1st try
+ } catch (e) {
+ try {
+ xmlHttp = new ActiveXObject("Microsoft.XMLHTTP"); //
Internet Explorer 2nd try
+ } catch (e2) {
+ xmlHttp = false;
+ }
+ }
+ if (!xmlHttp && typeof XMLHttpRequest != 'undefined') {
+ xmlHttp = new XMLHttpRequest(); //
Mozilla, Firefox, Opera
+ }
+ }
+
+ function send_code( code ) {
+ if (! xmlHttp)
+ getXMLHttpObject();
+ var url = 'webremote.rpy?code=' + code + '&sid=' +
Math.random();
+ xmlHttp.open('GET', url, true);
+ xmlHttp.send(null);
+ }
+ -->
+ </script>
+ <table border="0" cellspacing="0" cellpadding="0" class="remote">
+
+ <tr><td> </td>
+ <td class="remote"><button class="remote" accesskey="8"
onClick="send_code('UP');">UP</button></td>
+ <td> </td>
+ </tr>
+ <tr><td class="remote"><button class="remote" accesskey="6"
onClick="send_code('LEFT');"><LEFT</button></td>
+ <td class="remote"><button class="remote" accesskey="5"
onClick="send_code('SELECT');">OK</button></td>
+ <td class="remote"><button class="remote" accesskey="4"
onClick="send_code('RIGHT');">RIGHT></button></td>
+ </tr>
+ <tr><td> </td>
+ <td class="remote"><button class="remote" accesskey="2"
onClick="send_code('DOWN');">DOWN</button></td>
+ <td> </td>
+ </tr>
+
+ <tr style="line-height: 8px;"><td colspan="3"> </td></tr>
+
+ <tr><td class="remote"><button class="remote" accesskey="e"
onClick="send_code('EXIT');">BACK</button></td>
+ <td class="remote"><button class="remote" accesskey="d"
onClick="send_code('DISPLAY');">DISPLAY</button></td>
+ <td class="remote"><button class="remote" accesskey="m"
onClick="send_code('MENU');">MENU</button></td>
+ </tr>
+
+ <tr style="line-height: 8px;"><td colspan="3"> </td></tr>
+
+ <tr><td class="remote"><button class="remote" accesskey="p"
onClick="send_code('PLAY');">PLAY</button></td>
+ <td class="remote"><button class="remote" accesskey="s"
onClick="send_code('STOP');">STOP</button></td>
+ <td class="remote"><button class="remote" accesskey="c"
onClick="send_code('REC');" style="color:red">REC</button></td>
+ </tr>
+ <tr><td class="remote"><button class="remote" accesskey="r"
onClick="send_code('REW');"><REW</button></td>
+ <td class="remote"><button class="remote" accesskey="u"
onClick="send_code('PAUSE');">PAUSE</button></td>
+ <td class="remote"><button class="remote" accesskey="f"
onClick="send_code('FFWD');">FFWD></button></td>
+ </tr>
+
+ <tr style="line-height: 8px;"><td colspan="3"> </td></tr>
+
+ <tr><td class="remote"><button class="remote" accesskey="+"
onClick="send_code('VOLP');">VOL+</button></td>
+ <td class="remote"><button class="remote" accesskey="m"
onClick="send_code('MUTE');">MUTE</button></td>
+ <td class="remote"><button class="remote" accesskey="c"
onClick="send_code('CHP');">CH+</button></td>
+ </tr>
+ <tr><td class="remote"><button class="remote" accesskey="-"
onClick="send_code('VOLM');">VOL-</button></td>
+ <td class="remote"> </td>
+ <td class="remote"><button class="remote" accesskey="v"
onClick="send_code('CHM');">CH-</button></td>
+ </tr>
+
+ </table>
+ """
-------------------------------------------------------------------------
Take Surveys. Earn Cash. Influence the Future of IT
Join SourceForge.net's Techsay panel and you'll get the chance to share your
opinions on IT & business topics through brief surveys - and earn cash
http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV
_______________________________________________
Freevo-cvslog mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/freevo-cvslog
