def transfer(request, name):
if not if_login(request, name):
return redirect(reverse('signin'))
user = get_user(name)
account = get_account(name)
card = user.card
image = get_account(name).avatar
if request.method == "POST":
amount = request.POST.get("amount")
passwd = request.POST.get("passwd")
b_phone = request.POST.get("b_phone")
phone = request.POST.get("phone")
salt = request.session[name]['salt']
signature = request.POST.get("signature")
ciphers = [amount, passwd, b_phone, phone]
plaintext = rsa_decrypt(ciphers)
success = ""
try:
beneficiary = Account.objects.get(user=plaintext[2])
except:
return JsonResponse({"message": "no such user"})
if verify_sign(ciphers, signature, name):
if md5(user.pay_passwd + salt) == plaintext[1]:
money = float(plaintext[0])
if money < 0:
return JsonResponse({"message": "wrong amount"})
if account.balance < money:
return JsonResponse(
{"message": "Insufficient account balance"})
if not creat_bill(name,
get_userby_phone(beneficiary.user).card,
money, "transfer"):
return JsonResponse({"message": "create bill wrong"})
account.balance -= money
account.cost += money
account.save()
beneficiary.balance += money
beneficiary.save()
logger.info(
'user:%s operation:%s amount:%s $ to beneficiary:%s' %
(name, 'transfer', str(money), beneficiary.name))
message = "You have already transfer " + plaintext[
0] + " yuan, Coming back to the homepage"
success = True
else:
message = "wrong password"
else:
message = "Signature verification failed"
return JsonResponse({"message": message, "success": success})
return render(request, "usersModule/Transfer.html", {
"name": name,
"card": card,
"image": image
})
def withdraw(request, name):
if not if_login(request, name):
return redirect(reverse('signin'))
user = get_user(name)
account = get_account(name)
card = user.card
image = account.avatar
if request.method == "POST":
amount = request.POST.get("amount")
passwd = request.POST.get("passwd")
signature = request.POST.get("signature")
salt = request.session[name]['salt']
plaintext = rsa_decrypt([amount, passwd])
success = ""
money = float(plaintext[0])
if money < 0:
return JsonResponse({"message": "wrong amount"})
if verify_sign([amount, passwd], signature, name):
if md5(user.pay_passwd + salt) == plaintext[1]:
if account.balance < money:
message = " Insufficient account balance"
return JsonResponse({"message": message})
if not creat_bill(name, "", money, "withdraw"):
return JsonResponse({"message": "create bill wrong"})
account.balance -= money
account.cost += money
account.save()
logger.info('user:%s operation:%s amount:%s $' %
(name, 'withdraw', str(money)))
message = "You have already withdraw " + plaintext[
0] + " yuan, Coming back to the homepage"
success = True
else:
message = "wrong password"
else:
message = "Signature verification failed"
return JsonResponse({"message": message, "success": success})
return render(request, "usersModule/Withdraw.html", {
"name": name,
"card": card,
"image": image
})
def pay_transfer(request, pay_id):
if request.method != "POST":
return HttpResponse("method should be POST")
success = False
info_dict = get_paybill(pay_id)
aes_key = base64.b64decode(info_dict.key.encode())
user_cert = json.loads(request.POST.get('cert'))
hash_oi = request.POST.get('hashOI')
sign = request.POST.get('sign')
[hash_oi, sign] = aes_decrypt([hash_oi, sign], aes_key)
hash_pi = info_dict.hash_pi
if not part_and_verify(user_cert):
message = "cert verify failed"
elif not verify_sign([hash_pi, hash_oi], sign, user_cert['DN']):
message = "signature verify failed"
else:
amount = info_dict.amount
card = info_dict.card
beneficiary = get_account_by_card(card)
money = float(amount)
user_name = info_dict.payer_name
user = get_user(user_name)
account = get_account(user_name)
if account.balance < money:
message = "Insufficient account balance"
elif not creat_bill(user.name, card, money, "transfer"):
message = "create bill wrong"
else:
if not creat_bill(user.name, card, money, "transfer"):
return JsonResponse({"message": "create bill wrong"})
account.balance -= money
account.cost += money
account.save()
beneficiary.balance += money
beneficiary.save()
message = "You have already pay " + amount + " yuan"
success = True
return HttpResponse("success" if success else message)
def recharge(request, name):
if not if_login(request, name):
return redirect(reverse('signin'))
user = get_user(name)
account = get_account(name)
card = user.card
image = account.avatar
if request.method == "POST":
amount = request.POST.get("amount")
passwd = request.POST.get("passwd")
signature = request.POST.get("signature")
salt = request.session[name]['salt']
plaintext = rsa_decrypt([amount, passwd])
success = ""
money = float(plaintext[0])
if money < 0:
return JsonResponse({"message": "wrong amount"})
if verify_sign([amount, passwd], signature, name):
if md5(user.pay_passwd + salt) == plaintext[1]:
if not creat_bill(name, "", money, "recharge"):
return JsonResponse({"message": "create bill wrong"})
account.balance += money
account.save()
logger.info('user: '******' operation: ' +
'recharge amount: ' + str(money) + '$')
message = "Your account has been recharged " + plaintext[
0] + " yuan, Coming back to the homepage"
success = True
else:
message = "wrong password"
else:
message = "Signature verification failed"
return JsonResponse({"message": message, "success": success})
return render(request, "usersModule/Recharge.html", {
"name": name,
"card": card,
"image": image
})
def deal(request):
if request.method == "POST":
if request.POST.get("pay_request") != "true":
amount_c = request.POST.get("amount")
card_c = request.POST.get("card")
cert = request.POST.get("certificate")
sign = request.POST.get("signature")
aes_key = request.POST.get("aes_key")
deal_identify = request.POST.get("deal_identify")
aes = rsa_decrypt([aes_key])
[amount, card] = aes_decrypt([amount_c, card_c], aes)
if not part_and_verify(cert) or not verify_sign(
[amount_c, card_c], sign, Config.Plat_name):
return HttpResponse("Verification Failed")
pay_id = random.randint(Config.min_payId, Config.max_payId)
PayBill.objects.create(amount=amount,
card=card,
key=base64.b64encode(aes).decode(),
deal_identify=deal_identify,
pay_id=pay_id)
return JsonResponse({"pay_id": str(pay_id)})
return HttpResponse('NULL')