#!/usr/bin/env python # TODO: Is there some way to limit this program's access to the database # so that it cannot change any values, but can still publish pubsub # messages? That would make the security analysis of the system as a # whole clearer. import web, redis urls = ( '/([a-f0-9]{64})', 'form', '/submit=([a-f0-9]{64})', 'payment' ) r = redis.Redis() class form(object): def GET(self, what): web.header("Content-type", "text/html") return """

Payment required

Due to certificate authority policy, issuing this certificate requires a payment.

A payment of 17.00 simoleons is due now.

In order to process this payment, please pretend to enter a 16-digit credit-card number below, and then click the Submit Payment button.

Credit Card Type
Credit Card Number
This payment will appear on your credit card statement as TRUSTIFIABLE CERTIFICATE SERVICES. """ % what def hexdigit(s): return s in "0123456789abcdef" class payment(object): def GET(self, session): web.header("Content-type", "text/html") if len(session) != 64 or not all(hexdigit(s) for s in session): return "Attempt to process payment for invalid session." if session not in r or r.hget(self.id, "live") != "True": return "Attempt to process payment for invalid session." if r.hget(session, "state") != "payment": return "Attempt to process payment for session not expecting it." r.publish("payments", session) return "

Thank you!

Processed a payment for session ID %s." % session if __name__ == "__main__": app = web.application(urls, globals()) app.run() # vim: set tabstop=4 shiftwidth=4 expandtab