../www/get_script_html_files/strip/register.py
1 #!/usr/bin/python2
2
3 #######################################
4 #
5 # This script creates new user account
6 #
7 # Version: 1.12
8 #
9 #######################################
10
11 #import all functions from lib.py
12
13 from lib import *
14
15 #get dictionary of values from web form
16
17 form = cgi.FieldStorage()
18
19 try:
20 zip_code = form['zip_code'].value #get value of variable from web form
21 except:
22 zip_code = '' #if value is not supplied by web form, assign '' (nothing)
23
24
25 try:
26 first_name = form['first_name'].value
27 except:
28 first_name = ''
29
30
31 try:
32 last_name = form['last_name'].value
33 except:
34 last_name = ''
35
36
37 try:
38 email = form['email'].value
39 except:
40 email = ''
41
42
43 try:
44 password1 = form['password1'].value
45 except:
46 password1 = ''
47
48
49 try:
50 password2 = form['password2'].value
51 except:
52 password2 = ''
53
54
55
56 #We need variable 'page' to tell the script which function to run
57 #page = 0 when we first come to ./register.py and see prompt to enter ZIP code
58 #page = 1 when we submit form with ZIP code
59 #page = 2 when we submit form with First name and other fields
60
61
62 try:
63 page = int(form['page'].value)
64 except:
65 page = 0
66
67
68
69 ############Function to check ZIP code
70 #Valid ZIP code has 5 numeric characters, e.g. 94118
71 #ASCII codes for 0-9 are 48-57
72
73
74 def check_zip_code(zip_code):
75
76 #return 1 if no value is provided
77
78 if len(zip_code) == 0:
79
80 return 1
81
82 #return 1 if any of characters is outside the range
83
84 for item in zip_code:
85
86 if ord(item) not in range(48,58):
87
88 return 1
89
90 #return 1 if there are less or more characters
91
92 #### BUG #1
93 #### Expected: != 5 (not equal 5)
94 #### Actual: < 5 (less than 5)
95
96 if len(zip_code) < 5:
97
98 return 1
99
100 return 0
101
102
103 ############Function to check first name or last name
104 #We can accept only alpha characters as valid input
105 #ASCII codes for a-z are 97-122
106
107 def check_name(name):
108
109 #return 1 (error) if no value is provided
110
111 if len(name) == 0:
112
113 return 1
114
115 #set name to lowercase
116
117 name=name.lower()
118
119 #return 1 if invalid character is detected
120
121 for item in name:
122
123 if ord(item) in range(97,123): #check for a-z
124
125 pass
126
127 elif ord(item) in range(65,91): #check for A-Z
128
129 pass
130
131 elif ord(item) == 32: #check for space
132
133 pass
134
135 else:
136
137 return 1
138
139
140 return 0
141
142
143 ############Function to check email
144 #see conditions inside the function
145
146 def check_email(email):
147
148 #### BUG #2
149 #### Expected: check for correct formatting of email
150 #### Actual: no such check
151
152 #### BUG #3
153 #### Expected: check for invalid chars, e.g. ','
154 #### Actual: no such check
155
156 #return 1 (error) if no value is provided
157
158 if len(email) == 0:
159
160 return 1
161
162 #return 1 if '@' is not here or if there are more than 1 @ character
163
164 if email.count('@') != 1:
165
166 return 1
167
168 #return 1 if there is no period character (.)
169 if email.count('.') == 0:
170
171 return 1
172
173
174 #check if DB has account with that email
175
176 sql = "select count(*) from users where email = '%s'" % email
177 result = select_one(sql)[0]
178
179 if int(result) > 0:
180
181 return 1
182
183 return 0
184
185
186 ############Check if password is provided
187 #password length is at least 4 chars
188
189 def check_password(password):
190
191 #return 1 (error) if length is less than 4 characters
192
193 if len(password) < 4:
194
195 return 1
196
197 return 0
198
199
200 ############Function to generate html of page with ZIP code.
201
202 def get_first_page(zip_code):
203
204 table="""
205
206 <table align='center'>
207
208 <form action='./register.py'>
209
210 <input type='hidden' name='page' value='1'>
211
212 <tr>
213 <td colspan = 2><br></td>
214 </tr>
215
216 <tr><td>
217
218 <table width=300 class='yellow_bg'>
219
220 <tr>
221 <td> </td>
222 </tr>
223
224 <tr>
225 <td><p>ZIP code* </td><td><input type='text' name='zip_code' value = '%s'></td>
226 </tr>
227
228 <tr>
229 <td></td><td><input type='submit' value='Continue'></td>
230 </tr>
231
232 <tr>
233 <td colspan = 2><span class='required_text'>*required</span></td>
234 </tr>
235
236 <tr>
237 <td> </td>
238 </tr>
239
240 </table>
241
242 </td></tr>
243
244 <tr>
245 <td colspan = 2><br></td>
246 </tr>
247
248 </form>
249
250 </table>
251
252 """ % zip_code
253
254 return table
255
256 #Function to generate html of page with First name, Last name and other fields.
257
258 def get_second_page(first_name,last_name,email,zip_code):
259
260 table="""
261
262 <table width='300' align='center'>
263
264 <form action='./register.py'>
265
266 <input type='hidden' name='page' value='2'>
267 <input type='hidden' name='zip_code' value='%s'>
268
269
270 <tr>
271 <td colspan = 2><br></td>
272 </tr>
273
274
275 <tr><td>
276
277 <table width=300 class='yellow_bg'>
278
279 <tr>
280 <td><p>First Name* </td><td><input type='text' name='first_name' value='%s'></td>
281 </tr>
282
283 <tr>
284 <td><p>Last Name </td><td><input type='text' name='last_name' value='%s'></td>
285 </tr>
286
287 <tr>
288 <td><p>Email* </td><td><input type='text' name='email' value='%s'></td>
289 </tr>""" % (zip_code,first_name,last_name,email)
290
291 #### BUG #4
292 #### Expected: type 'password' must be used for password text fields
293 #### Actual: type 'text'
294
295 table = table + """
296 <tr>
297 <td><p>Password* </td><td><input type='text' name='password1'></td>
298 </tr>"""
299
300 table = table + """
301 <tr>
302 <td><p>Confirm Password* </td><td><input type='password' name='password2'></td>
303 </tr>
304
305 <tr>
306 <td></td><td><input type='submit' value='Register'></td>
307 </tr>
308
309 <tr>
310 <td colspan = 2><span class='required_text'>*required</span></td>
311 </tr>
312
313 <tr>
314 <td> </td>
315 </tr>
316
317 </table>
318
319 </td></tr>
320
321 <tr>
322 <td colspan = 2><br></td>
323 </tr>
324
325 </form>
326
327 </table>
328
329 """
330
331 return table
332
333
334 #Function to generate html of confirmation page
335
336 def get_confirmation_page(email):
337
338 table="""
339
340 <table width='300' align='center'>
341
342 <tr>
343 <td><br></td>
344 </tr>
345
346 <tr>
347 <td><p>Click <a href='./main.py'>here</a> to return to homepage and login</td>
348 </tr>
349
350 <tr>
351 <td><p> </td>
352 <tr>
353 <td>NOTE TO TESTER: for security purposes your data was changed. Here is your login info:
354
355 <table border=1>
356 <tr><td>Email</td><td><b>%s</b></td></tr>
357 <tr><td>Password</td><td>1111</td></tr>
358 </table>
359
360 </td>
361 </tr>
362
363 <tr>
364 <td >This user account will be deleted from DB at 00 minutes next hour. For example, if now it's 14:12, it'll be deleted at 15:00</td>
365
366 </tr>
367
368 <tr>
369 <td><br></td>
370 </tr>
371
372 </table>
373
374 """ % (email)
375
376 return table
377
378 #function to create new account in DB
379
380 def create_account(first_name,last_name,email,zip_code):
381
382 #to keep it simple, we'll use the same address over and over again
383
384 street = "12 Share Lane"
385 city = "San Francisco"
386 state = "CA"
387 country = "USA"
388
389 #change first name, last name and email to dynamically generated values
390
391 main_list = change_info() #this function is black box to testers
392 first_name = main_list[0]
393 last_name=main_list[1]
394 email=main_list[2]
395
396 #create and execute SQL statement
397
398 sql = "insert into users (first_name,last_name,email,zip_code,password,street,city,state,country,time_created)\
399 values ('%s','%s','%s','%s','1111','%s','%s','%s','%s',NOW())" % (first_name,last_name,email,zip_code,street,city,state,country)
400
401 update(sql)
402
403 return email
404
405 #execute code below if this script is run as standalone script
406 #don't execute code below if we import functions from this script
407
408 if __name__ == "__main__":
409
410 #if user just came to first page
411
412 if page == 0:
413
414 body_html = get_first_page(zip_code)
415
416 message = ''
417
418 #after user submitted zip code
419
420 elif page == 1:
421
422 #if ZIP code passes check, we go to the next page
423
424 if check_zip_code(zip_code) == 0:
425
426 body_html = get_second_page(first_name,last_name,email,zip_code)
427
428 message = ''
429
430 #else, display error message
431
432 else:
433
434 body_html = get_first_page(zip_code)
435
436 message = 'Oops, error on page. ZIP code should have 5 digits'
437
438 #after user submitted First Name and other fields
439
440 elif page == 2:
441 #### BUG #5
442 #### Expected: check if password1 == password2
443 #### Actual: no such check
444
445 #if all fields have valid data
446
447 if check_name(first_name) == 0 and \
448 check_name(first_name) == 0 and \
449 check_email(email) == 0 and \
450 check_password(password1) == 0 and\
451 check_password(password2) == 0:
452
453 email = create_account(first_name,last_name,email,zip_code)
454
455 body_html = get_confirmation_page(email)
456
457 message = 'Account is created!'
458
459 #if something is wrong
460
461 else:
462
463 body_html = get_second_page(first_name,last_name,email,zip_code)
464
465 #### BUG #6
466 #### Expected: error message should also state that one of possibilities for error might be the fact
467 #### that two values for password are not equal.
468 #### Actual: no such statement
469 #### Note:
470 #### This bug has the same root cause as BUG #5: programmer forgot to check if password1 equals to password2
471 #### The problem is that even if programmer will fix BUG #5 he or she won't necesseraly fix BUG #6
472
473 message = 'Oops, error on page. Some of your fields have invalid data or email was previously used'
474
475 #generate and print html
476
477 print 'Content-Type: text/html\n\n'
478
479 caption = 'Sign Up'
480
481 html=get_html(1,body_html,caption,message)
482
483 print html
484
485