def generate_url(config, obj):
s = os.urandom(4)
- r = RC4(md5.md5("%s %s" % (s, config["urlkey"])).hexdigest())
+ r = RC4(md5.md5("%s %s" % (s, config["urlkey"])).hexdigest(), burn=0)
a = r.crypt(obj["user.password"])
b = md5.md5(md5.md5("%s %s %s %s" % (config["urlsecret"], obj["user.username"], a, s)).hexdigest()).hexdigest()
obj["url"] = "%s?m=%s&h=%s&u=%s&r=%s" % (config["url"], a.encode("hex"), b, obj["user.username"].encode("hex"), s.encode("hex"))
+def generate_activation_url(config, obj):
+ r = os.urandom(16).encode("hex")
+ uid = int(obj["user.id"])
+
+ r2 = RC4(sha256("rc4 %s %s" % (r, config["activationkey"])).hexdigest())
+ a = r2.crypt(obj["user.password"]).encode("hex")
+
+ h = hmac.HMAC(sha256("hmac %s %s" % (r, config["activationkey"])).hexdigest())
+ h.update("%d %s %s" % (uid, obj["user.username"], a))
+ hd = h.hexdigest()
+
+ obj["url"] = "%s?id=%d&h=%s&r=%s&u=%s&p=%s" % (config["activationurl"], uid, hd, r, obj["user.username"].encode("hex"), a)
+
def generate_resetcode(config, obj):
+ if obj["user.lockuntil"] == 0:
+ obj["resetline"] = "LOCK UNTIL NOT SET. STAFF ACCOUNT'S CAN'T USE RESET"
+ obj["lockuntil"] = "never"
+ return
+
if not config.has_key("__codegensecret"):
config["__codegenhmac"] = hmac.HMAC(key=sha256(sha256("%s:codegenerator" % config["q9secret"]).digest()).hexdigest(), digestmod=sha256m)
h.update(sha256("%s:%d" % (obj["user.username"], obj["user.lockuntil"])).hexdigest())
obj["resetcode"] = h.hexdigest()
- print obj
obj["lockuntil"] = time.ctime(obj["user.lockuntil"])
+ obj["resetline"] = "/MSG %(config.bot)s RESET #%(user.username)s %(resetcode)s" % obj
MAILTEMPLATES = {
"mutators": {
1: generate_url,
3: generate_resetcode,
5: generate_resetcode,
+ 6: generate_activation_url,
},
"sendto": {
5: "prevemail",
To get your password please visit:
%(url)s
+Note that this URL will not work forever, you should make a note of your password
+or change it (as on the site).
+
In case you forget your login/password use:
-/msg %(config.bot)s REQUESTPASSWORD %(user.username)s %(user.email)s
+/msg %(config.bot)s REQUESTPASSWORD %(user.email)s
Make sure you've read the %(config.bot)s FAQ at %(config.siteurl)s for a complete
reference on Q's commands and usage.
3: { "subject": "%(config.bot)s password change", "body": """
Your password has recently changed. If this was not requested by you,
please use:
-/MSG %(config.bot)s RESET #%(user.username)s %(resetcode)s
+%(resetline)s
You have until %(lockuntil)s to perform this command.
""", },
Your email address has been changed on %(config.bot)s from %(prevemail)s to %(user.email)s.
If you did not request this please use:
-/MSG %(config.bot)s RESET #%(user.username)s %(resetcode)s
+%(resetline)s
You have until %(lockuntil)s to perform this command.
+""", },
+ 6: { "subject": "Please complete your QuakeNet account registration", "body": """
+Hi %(user.username)s,
+
+You're just one click away from completing your registration for a QuakeNet account!
+
+Just visit the link below to complete the process:
+%(url)s
+
+For reference, your username/password is:
+
+Username: %(user.username)s
+Password: %(user.password)s
+
+After activation you can auth yourself to QuakeNet by typing the following command:
+
+ /AUTH %(user.username)s %(user.password)s
""", },
},
},