introducing protected mode: if active, people will need the server password to register on private servers. fixes #16

pyweb/mumble/forms.py

@@ -45,11 +45,47 @@ class MumbleForm( ModelForm ):
 
 class MumbleUserForm( ModelForm ):
 	"""The user registration form used to register an account."""
+	
+	def clean_name( self ):
+		name = self.cleaned_data['name'];
+		if not self.instance.id and len( self.server.ctl.getRegisteredPlayers( self.server.srvid, name ) ) > 0:
+			raise forms.ValidationError( _( "Another player already registered that name." ) );
+		return name;
+	
+	def clean_password( self ):
+		pw = self.cleaned_data['password'];
+		if not pw:
+			raise forms.ValidationError( _( "Cannot register player without a password!" ) );
+		return pw;
+	
 	class Meta:
 		model   = MumbleUser;
 		fields  = ( 'name', 'password' );
 
 
+class MumbleUserPasswordForm( MumbleUserForm ):
+	"""The user registration form used to register an account on a private server in protected mode."""
+	
+	serverpw = forms.CharField(
+		label=_('Server Password'),
+		help_text=_('This server is private and protected mode is active. Please enter the server password.'),
+		widget=forms.PasswordInput(render_value=False)
+		);
+	
+	def clean_serverpw( self ):
+		# Validate the password
+		serverpw = self.cleaned_data['serverpw'];
+		if self.server.passwd != serverpw:
+			raise forms.ValidationError( _( "The password you entered is incorrect." ) );
+		return serverpw;
+	
+	def clean( self ):
+		# prevent save() from trying to store the password in the Model instance
+		# clean() will be called after clean_serverpw(), so it has already been validated here.
+		if 'serverpw' in self.cleaned_data:
+			del( self.cleaned_data['serverpw'] );
+		return self.cleaned_data;
+
 class MumbleTextureForm( Form ):
 	"""The form used to upload a new image to be set as texture."""
 	texturefile = forms.ImageField();

pyweb/mumble/locale/de/LC_MESSAGES/django.po

@@ -363,3 +363,10 @@ msgstr "Registrierung"
 
 msgid "Administration"
 msgstr "Administration"
+
+msgid "This server is private and protected mode is active. Please enter the server password."
+msgstr "Dieser Server ist privat und der Registrierungsschutz ist aktiv. Bitte gib das Serverpasswort ein."
+
+msgid "The password you entered is incorrect."
+msgstr "Das eingegebene Passwort ist falsch"
+

pyweb/mumble/locale/la/LC_MESSAGES/django.po

@@ -1,4 +1,4 @@
-# German translation file for Mumble-Django.
+# (Iggypay) Latin translation file for Mumble-Django.
 #
 # Copyright (C) 2009, Michael "Svedrin" Ziegler <diese-addy@funzt-halt.net>
 #
@@ -359,3 +359,9 @@ msgstr "Egistrationray"
 
 msgid "Administration"
 msgstr "Inistrationadmay"
+
+msgid "This server is private and protected mode is active. Please enter the server password."
+msgstr "Isthay erversay is ivatepray and otectedpray odemay is iveactay. Easeplay erentay the erversay asswordpay."
+
+msgid "The password you entered is incorrect."
+msgstr "The asswordpay you eredentay is orrectincay."

pyweb/mumble/views.py

@@ -21,6 +21,7 @@ from django.template			import RequestContext
 from django.http			import Http404, HttpResponse, HttpResponseRedirect
 from django.core.urlresolvers		import reverse
 from django.contrib.auth.decorators	import login_required
+from django.conf			import settings
 
 from models				import Mumble, MumbleUser
 from forms				import *
@@ -61,12 +62,11 @@ def show( request, server ):
 	if isAdmin:
 		if request.method == 'POST' and "mode" in request.POST and request.POST['mode'] == 'admin':
 			adminform = MumbleForm( request.POST, instance=srv );
-			# In case we redisplay the page, it was displayed with errors on the admin form, so tell
-			# Ext to show the admin form tab first.
-			displayTab = 1;
 			if adminform.is_valid():
 				adminform.save();
 				return HttpResponseRedirect( '/mumble/%d' % int(server) );
+			else:
+				displayTab = 2;
 		else:
 			adminform = MumbleForm( instance=srv );
 	else:
@@ -76,11 +76,18 @@ def show( request, server ):
 	user = None;
 	
 	if request.user.is_authenticated():
+		# Unregistered users may or may not need a password to register.
+		if settings.PROTECTED_MODE and srv.passwd:
+			unregged_user_form = MumbleUserPasswordForm;
+		else:
+			unregged_user_form = MumbleUserForm;
+		
 		if request.method == 'POST' and 'mode' in request.POST and request.POST['mode'] == 'reg':
 			try:
 				user    = MumbleUser.objects.get( server=srv, owner=request.user );
 			except MumbleUser.DoesNotExist:
-				regform = MumbleUserForm( request.POST );
+				regform = unregged_user_form( request.POST );
+				regform.server = srv;
 				if regform.is_valid():
 					model = regform.save( commit=False );
 					model.isAdmin = False;
@@ -88,16 +95,20 @@ def show( request, server ):
 					model.owner   = request.user;
 					model.save();
 					return HttpResponseRedirect( '/mumble/%d' % int(server) );
+				else:
+					displayTab = 1;
 			else:
 				regform = MumbleUserForm( request.POST, instance=user );
 				if regform.is_valid():
 					regform.save();
 					return HttpResponseRedirect( '/mumble/%d' % int(server) );
+				else:
+					displayTab = 1;
 		else:
 			try:
 				user  = MumbleUser.objects.get( server=srv, owner=request.user );
 			except MumbleUser.DoesNotExist:
-				regform = MumbleUserForm();
+				regform = unregged_user_form();
 			else:
 				regform = MumbleUserForm( instance=user );
 				registered = True;

pyweb/settings.py

@@ -71,6 +71,10 @@ ACCOUNT_ACTIVATION_DAYS = 30
 # Default mumble port. If your server runs under this port, it will not be included in the links in the Channel Viewer.
 MUMBLE_DEFAULT_PORT = 64738
 
+# Protect the registration form for private servers?
+# If set to True, people will need to enter the server password in order to create accounts.
+PROTECTED_MODE = False
+
 # Database settings for Mumble-Django's database. These do NOT need to point to Murmur's database,
 # Mumble-Django should use its own!
 DATABASE_ENGINE = 'sqlite3'