41 lines
1.3 KiB
Python
41 lines
1.3 KiB
Python
# server/security.py
|
|
from flask import request, session
|
|
import hashlib
|
|
from db_setup import get_user, increment_login_attempts, reset_login_attempts
|
|
|
|
MAX_ATTEMPTS = 3
|
|
|
|
def validate_user(username, password):
|
|
user_data = get_user(username)
|
|
if not user_data:
|
|
return False, "User does not exist."
|
|
|
|
stored_username, stored_password, login_attempts = user_data
|
|
|
|
if login_attempts >= MAX_ATTEMPTS:
|
|
return False, "Maximum login attempts exceeded. Please contact the administrator."
|
|
|
|
hashed_password = hashlib.sha256(password.encode()).hexdigest()
|
|
|
|
if hashed_password == stored_password:
|
|
reset_login_attempts(username)
|
|
return True, "Login successful."
|
|
else:
|
|
increment_login_attempts(username)
|
|
return False, f"Invalid credentials. {MAX_ATTEMPTS - login_attempts - 1} attempt(s) remaining."
|
|
|
|
def identify_uploader():
|
|
device_info = get_device_info()
|
|
if "iPhone" in device_info['user_agent']:
|
|
return f"Uploaded by iPhone (IP: {device_info['ip']})"
|
|
else:
|
|
return f"Uploaded by {device_info['isa']} {device_info['os']} (IP: {device_info['ip']})"
|
|
|
|
def get_device_info():
|
|
user_agent = request.headers.get('User-Agent', 'Unknown')
|
|
return {
|
|
"ip": request.remote_addr,
|
|
"user_agent": user_agent,
|
|
}
|
|
|