#!/usr/bin/python

import cgitb; cgitb.enable()

import sha as sha
import cgi

MAGIC_SEP = '$'
SITE_CODE = 'test-the-password'
NONCE = "abcdefghijklmnopqrstuvwxyz01234556789"

users = {
    # andrew$test$test-the-password
    'andrew': '00ade577aba6b12b9abd9b60e7f84375d2fab906',

    # pw: ipsum
    'lorem':  '598902545ba340de3c7fadf8d44a16e206d8c6c7',

}

def check_nonce(nonce):
    if nonce == NONCE:
        return True
    return False

def verify(nonce, user_pw, user):
    try:
        stored_pw = users[user]
    except LookupError:
        return False
    h = sha.new(nonce + MAGIC_SEP + stored_pw).hexdigest()
    if h == user_pw:
        return True
    return False
    
def main():
    fs = cgi.FieldStorage()

    print "Content-type: text/plain"
    print

    if not fs:
        print "No arguments"
        return

    if fs.getvalue('testpass'):
        print "Plaintext password sent! (%s)" % fs.getvalue('testpass')
        return

    nonce = fs.getvalue('nonce')
    if check_nonce(nonce):
        if verify(nonce, fs.getvalue('pw_encrypted'), fs.getvalue('testuser')):
            print "Congrats!"
            print "Logged in as", fs.getvalue('testuser')
        else:
            print "Invalid user or password"
            #print fs.getvalue('pw_encrypted')
            #print PASSWORD
            if fs.getvalue('testuser') in users:
                print "(password)"
            else:
                print "(user)"
    else:
        print "Invalid Nonce"
        print nonce
        print NONCE

main()