def del_attach_file(request): usr_id_gy = request.session.get('usr_id_gy', '') or testid if usr_id_gy == 0: s = """ { "errcode": -1, "errmsg": "无权访问,请先关注" } """ return HttpResponseJsonCORS(s) fname = request.GET.get('fname', '') sql = "SELECT fname,YEAR(ctime),MONTH(ctime) FROM file_pic_gy WHERE fname='%s' and cid = %s" % ( fname, usr_id_gy) lT, iN = db.select(sql) if iN > 0: L = list(lT[0]) ext = L[0].split('.')[-1] year = L[1] month = L[2] path = os.path.join(upload_path, '%s/%s' % (year, month)) if fname != '': path = os.path.join(path, fname) try: os.remove(path) except: pass sql = "delete from file_pic_gy WHERE fname='%s' and cid=%s" % (fname, usr_id) db.executesql(sql) s = """ { "error": false } """ return HttpResponseJsonCORS(s)
def saveSelectedOptions(field_type, options_type, usr_id, sel_value): type = int(options_type) iN = 0 if type == 21: L, iN = get_proj_info_selected(sel_value) elif type == 23: #供应商 L, iN = get_sup_info_selected(sel_value) #elif type==24: #人员 # L,iN = get_addr_book_selected(sel_value) elif type == 26: L, iN = get_mat_info_selected(sel_value) if iN > 0: sql = "select id from user_options where usr_id=%s and option_type=%s and option_id=%s" % ( usr_id, options_type, sel_value) lT, iN1 = db.select(sql) if iN1 > 0: sql = "update user_options set ctime=now(), hits = hits +1 where id=%s" % ( lT[0][0]) else: sql = """insert into `user_options` (`usr_id`,`option_type`,`option_id`,`option_value`,`option_level`,`option_parent_id`,`option_tips`,`ctime`,`hits`) values (%s,%s,'%s','%s','%s','%s','%s',now(),1) """ % (usr_id, options_type, L[0][0], L[0][1], L[0][2], L[0][3], L[0][4]) print ToGBK(sql) db.executesql(sql) return
def del_attach_file(request): fname = request.GET.get('fname', '') sql = "SELECT fname,YEAR(ctime),MONTH(ctime) FROM file_pic WHERE fname='%s'" % fname lT, iN = db.select(sql) if iN > 0: L = list(lT[0]) ext = L[0].split('.')[-1] year = L[1] month = L[2] path = os.path.join(upload_path, '%s/%s' % (year, month)) if fname != '': path1 = os.path.join(path, fname) try: os.remove(path1) except: pass path1 = os.path.join(path, "small_%s" % fname) try: os.remove(path1) except: pass sql = "delete from file_pic WHERE fname='%s'" % fname db.executesql(sql) s = """ { "error": false } """ return HttpResponseJsonCORS(request, s)
def modify_pwd(request): import base64, time import random random_no = '%s' % (random.randint(0, 999999)) #print request.POST login_id = request.POST.get('login_id', '') oldPwd = request.POST.get('oldPwd', '') newPwd = request.POST.get('newPwd', '') if login_id == '': errCode = 1 msg = u'用户名不存在' s = """ { "errcode": %s, "errmsg": "%s", "login_id": "%s", } """ % (errCode, msg, login_id) response = HttpResponseCORS(request, s) return response login_id = login_id.replace("'", "") if oldPwd != '': oldPwd = oldPwd.lower() s1 = '' sql = """SELECT U.usr_id,U.usr_name,ifnull(U.dept_id,0),ifnull(D.cname,''),IFNULL(U.pic,''),U.password FROM users U LEFT JOIN dept D ON U.dept_id=D.id WHERE U.login_id='%s' AND U.status=1 """ % (login_id) lT, iN = db.select(sql) if iN > 0: usr_id = lT[0][0] pwd1 = lT[0][5] m1 = md5.new() m1.update(lT[0][5]) pwd = m1.hexdigest() if oldPwd != pwd: errCode = 2 msg = u'密码错误' else: sql = "update users set password = '******' where usr_id =%s" % ( newPwd, usr_id) db.executesql(sql) errCode = 0 msg = u'修改成功' else: errCode = 1 msg = u'用户名不存在' s = """ { "errcode": %s, "errmsg": "%s", "login_id": "%s", } """ % (errCode, msg, login_id) return HttpResponseCORS(request, s)
def setRecentlyProj(request): #ret,errmsg,d_value = mValidateUser(request,"view",104) #if ret!=0: # return HttpResponseCORS(request,errmsg) usr_id = 2 #d_value[0] proj_id = request.POST.get('proj_id', '') if (usr_id == 0 or proj_id == ''): s = """ { "errcode": -1, "errmsg": "参数错误" } """ return HttpResponseJsonCORS(request, s) sql = """select id,gc_no,cname from out_proj where id=%s """ % (proj_id) rows, iN = db.select(sql) proj_name = '(%s)%s' % (rows[0][1], rows[0][2]) sql = "select id from user_options where usr_id=%s and option_type=21 and option_id=%s" % ( usr_id, proj_id) rows, iN = db.select(sql) if iN > 0: sql = "update user_options set option_value='%s',option_tips='%s',ctime=now(),hits=hits+1 where id=%s" % ( proj_name, proj_name, rows[0][0]) else: sql = """insert into user_options (usr_id,option_type,option_id,option_value,option_tips,ctime,hits) values (%s,21,%s,'%s','%s',now(),1)""" % (usr_id, proj_id, proj_name, proj_name) #print sql db.executesql(sql) s = """ { "errcode": 0, "errmsg": "保存成功" } """ return HttpResponseJsonCORS(request, s)
def attach_save(request): #print request.POST today = datetime.date.today() year = today.year month = today.month if request.method == "POST": # 请求方法为POST时,进行处理 pk = request.POST.get('pk', '') random_no = request.POST.get('random_no', '') usr_id_gy = request.session.get('usr_id_gy', '') or testid # file_type = request.POST.get('file_type', '') if usr_id_gy == 0: s = """ { "errcode": -1, "errmsg": "无权访问,请先关注" } """ return HttpResponseJsonCORS(s) myFile = request.FILES.get("file", None) # 获取上传的文件,如果没有文件,则默认为None if not myFile: s = """ { "error": true } """ return HttpResponseJsonCORS(s) title = myFile.name f_ext = title.split('.')[-1] fname = "gy_%s_%s_%s.%s" % (usr_id_gy, time.time(), random.randint(0, 99), f_ext) make_sub_path(upload_path) path = os.path.join(upload_path, str(year)) make_sub_path(path) #检查目录是否存在,如果不存在,生成目录 make_sub_path path = os.path.join(path, str(month)) make_sub_path(path) #检查目录是否存在,如果不存在,生成目录 make_sub_path destination = open(os.path.join(path, fname), 'wb+') # 打开特定的文件进行二进制的写操作 for chunk in myFile.chunks(): # 分块写入文件 destination.write(chunk) destination.close() import imghdr imgType = imghdr.what(os.path.join(path, fname)) if imgType in [ 'rgb', 'gif', 'pbm', 'pgm', 'ppm', 'tiff', 'rast', 'xbm', 'jpeg', 'bmp', 'png' ]: is_pic = 1 else: is_pic = 0 if pk == '': pk = 'NULL' sql = """insert into file_pic_gy (title,fname,file_size,is_pic,random_no,cid,ctime,file_type) values('%s','%s',%s,%s,'%s',%s,now(),'tstj'); """ % (title, fname, myFile.size, is_pic, random_no, usr_id_gy) #print sql db.executesql(sql) if is_pic == 1: img = Image.open(os.path.join(path, fname)) x, y = img.size if x > 80: x1 = 80 y1 = 80 * y / x else: x1 = x y1 = y img = img.resize((x1, y1), Image.ANTIALIAS) path = os.path.join(path, 'thumbnail') make_sub_path(path) #检查目录是否存在,如果不存在,生成目录 make_sub_path img.save(os.path.join(path, fname)) pic_url = os.path.join(front_url, str(year), str(month), 'thumbnail', fname) else: pic_url = "" url = os.path.join(front_url, str(year), str(month), fname) s = """{"files":[{ "error":false, "size":%s, "name":"%s", "thumbnail_url":"%s", "url":"%s/fileUpload_gy/file_down?fname=%s", "delete_url":"%s/fileUpload_gy/del_attach_file?fname=%s" }]} """ % (myFile.size, myFile.name, pic_url, data_url, fname, data_url, fname) return HttpResponseJsonCORS(s) s = """ { "error": true } """ return HttpResponseJsonCORS(s)
def getFormData1518(pk, field_id, menu_id, usr_id, request): mode = request.GET.get('mode', 'view') sql = """SELECT mfc.col_name ,mfc.label ,ft.name,mfc.requireds,mfc.size,mfc.readonlys,IFNULL(mfc.default_value,'') ,mfc.hides ,IFNULL(mfc.max_length,'') ,mfc.hint ,'' ,'' ,'' ,btn_type ,btn_color ,url ,IFNULL(field_col_name,'') ,mfc.field_type ,mfc.default_type ,mfc.field_options_type ,IFNULL(mfc.field_options_txt,'') ,IFNULL(mfc.field_options_default,'') ,IFNULL(mfc.linkfield1,'') ,IFNULL(mfc.linkfield2,'') ,mfc.url_target ,ifnull(mfc.change_cols,'') ,ifnull(mfc.para_cols,'') ,mfc.id FROM menu_form_cols mfc LEFT join field_type ft on mfc.field_type = ft.id where mfc.id = '1519'""" sql += """ order by mfc.sort """ #print sql names = 'cid label field_type required size readonly value hide max_length hint field_options table_col table_data btn_type btn_color url'.split( ) rows1, iN1 = db.select(sql) L1 = [] for i in range(0, iN1): e = list(rows1[i]) table_name = request.POST.get('table_name', '') col_name = request.POST.get('col_name', '') field_type = request.POST.get('field_type', '') id = request.POST.get('id', '') menu_id = request.POST.get('menu_id', '') field_options_type = request.POST.get('field_options_type', '') new_field = request.POST.get('new_field[]', '') new_field = handleMutilValue(new_field, 1) field_col_name = request.POST.get('field_col_name', '') #field_type = request.POST.get('field_type','') sql = """select t.table_ab from menu_list_tables t where t.menu_id =%s and t.`table_name` = '%s'""" % ( menu_id, table_name) rows, iN = db.select(sql) if iN == 0: table_ab = '' col = col_name else: table_ab = rows[0][0] col = '%s.%s' % (table_ab, col_name) if str(new_field) == '1': field_col_name = col_name if field_type in ['17', '22', '24']: e[6] = '' elif str(field_type) in ['3', '5', '6', '18', '26', '32']: type = int(field_options_type) if type == 1: pass elif type == 2: pass elif type == 3: pass elif type == 4: pass elif type == 5: pass elif type == 6: pass elif type == 7: pass elif type == 10: pass elif type == 8: pass elif type == 9: pass elif type == 11: pass elif type == 12: pass elif type == 13: pass elif type == 14: pass elif type == 15: pass elif type == 16: pass elif type == 17: pass elif type == 18: pass elif type == 19: pass elif type == 20: pass elif type == 21: tn = 'out_proj' tb = 'OP' tid = 'id' e[6] = "concat('(',ifnull(OP.gc_no,''),')',ifnull(OP.cname,''))" elif type == 22: tn = 'contract_sg_file' tb = 'SG' tid = 'id' e[6] = "ifnull(SG.code,'')" elif type == 23: tn = 'suppliers' tb = 'su' tid = 'id' e[6] = "ifnull(su.cname,'')" sql = "select id,page_name,ifnull(where_sql,'') from menu_list_pages where menu_id=%s" % ( menu_id) rows1, iN1 = db.select(sql) for e1 in rows1: sql = "select id from menu_list_tables where page_id = %s and table_name='%s'" % ( e1[0], tn) #print sql rows2, iN2 = db.select(sql) if iN2 == 0: sql = """insert into menu_list_tables (menu_id,page_id,join_type,table_name,table_ab,index_name,link_table,link_ab,link_index,sort) values (%s,%s,'LEFT JOIN','%s','%s','%s','%s','%s','%s',%s) """ % (menu_id, e1[0], tn, tb, tid, table_name, table_ab, field_col_name, 99) db.executesql(sql) sql = "select join_type,table_name,table_ab,index_name,link_ab,link_index,ifnull(table_sql,'') from menu_list_tables where page_id = %s order by sort" % ( e1[0]) #print sql rows, iN = db.select(sql) table_sql = encode_table_sql(rows) table_sql = '%s %s' % (table_sql, e1[2]) sql = """update menu_list_pages set table_sql="%s" where id=%s """ % (table_sql, e1[0]) #print sql db.executesql(sql) else: e[6] = col L1.append(e) data = [dict(zip(names, d)) for d in L1] #print data formData = json.dumps(data, ensure_ascii=False) return formData
def login_wx_func(request): import base64, time import random random_no = '%s' % (random.randint(0, 999999)) usr_id, usr_name, dept_id, dept_name = '', '', '', '' source = 'wx' if request.META.has_key('HTTP_X_FORWARDED_FOR'): ip = request.META['HTTP_X_FORWARDED_FOR'] else: ip = request.META['REMOTE_ADDR'] code = request.GET.get('code', '') login_id = getLoginID(code) if login_id == '': errCode = 1 msg = u'用户名不存在' s = """ { "errcode": %s, "errmsg": "%s", "login_id": "%s", } """ % (errCode, msg, login_id) return s login_id = login_id.replace("'", "") s1 = '' sql = """SELECT U.usr_id,U.usr_name,U.dept_id,D.cname,IFNULL(U.pic,''),U.password,U.login_id FROM users U LEFT JOIN dept D ON U.dept_id=D.id WHERE ifnull(U.wxqy_id,U.login_id)='%s' AND U.status=1 """ % (login_id) lT, iN = db.select(sql) if iN > 0: usr_id = lT[0][0] login_id = lT[0][6] #求得用户的权限 dActiveUser[usr_id] = {} dActiveUser[usr_id]['roles'] = {} #用户角色 dActiveUser[usr_id]['access_dept_data'] = [ ] #访问部门内所有人员数据的权限,格式:['部门ID1','部门ID2',...] dActiveUser[usr_id]['access_person_data'] = [ ] #访问人员数据的权限,格式:['人员ID1','人员ID2',...] dActiveUser[usr_id]['login_time'] = time.time() #登入时间 dActiveUser[usr_id]['usr_name'] = lT[0][1] #用户名 dActiveUser[usr_id]['login_id'] = login_id dActiveUser[usr_id]['usr_dept'] = lT[0][2], lT[0][3] #用户部门 dActiveUser[usr_id]['pic'] = lT[0][4] #用户角色/访问部门内所有人员数据的权限 sql = """SELECT WUR.role_id,WR.role_name,WR.sort,WR.dept_id FROM usr_role WUR LEFT JOIN roles WR ON WUR.role_id=WR.role_id WHERE WUR.usr_id=%s """ % usr_id lT1, iN1 = db.select(sql) if iN1 > 0: for e in lT1: #用户角色 dActiveUser[usr_id]['roles'][e[0]] = e[1:] request.session['usr_id'] = usr_id request.session['usr_name'] = dActiveUser[usr_id]['usr_name'] request.session['dept_id'] = lT[0][2] request.session['dept_name'] = lT[0][3] request.session['dActiveUser'] = dActiveUser d_value = ['', '', '', '', ''] d_value[0] = usr_id d_value[1] = dActiveUser[usr_id]['usr_name'] d_value[2] = lT[0][2] d_value[3] = lT[0][3] d_value[4] = 0 g_data.set_value(d_value) errCode = 0 msg = 'OK' pic = lT[0][4] if pic == '': pic_url = "%s/user_pic/default.jpg" % fs_url else: pic_url = "%s/user_pic/small_" % fs_url + pic sTimeStamp = str(time.time()) wxcpt = WXBizMsgCrypt('szoworld', m_aesKey) ret, token = wxcpt.EncryptMsg(login_id, random_no, sTimeStamp) if usr_id in [1, 2]: sql = """SELECT distinct WMF.menu,WMF.menu_id,WMF.menu_name, WMF.sort,WMF.parent_id,WMF.status,WMF.url,WMF.icon FROM menu_func WMF Left JOIN menu_func WMF1 on WMF.parent_id = WMF1.menu_id WHERE WMF.status=1 and WMF.menu_id>0 and WMF1.status=1 ORDER BY WMF.parent_id,WMF.menu,WMF.sort,WMF.menu_id """ else: sql = """SELECT distinct WMF.menu,WMF.menu_id,WMF.menu_name, WMF.sort,WMF.parent_id,WMF.status,WMF.url,WMF.icon FROM usr_role WUR JOIN (role_menu WRM JOIN menu_func WMF ON WRM.menu_id=WMF.menu_id) ON WUR.role_id=WRM.role_id WHERE WUR.usr_id='%s' AND WMF.status=1 and WMF.menu_id>0 and WRM.can_view=1 ORDER BY WMF.parent_id,WMF.menu,WMF.sort,WMF.menu_id """ % usr_id #print sql rows, iN = db.select(sql) L1 = [2] L2 = [] #L = formatData(rows,L1,L2) names = 'level menu_id menu_name sort parent_id status url icon'.split( ) data = [dict(zip(names, d)) for d in rows] s3 = json.dumps(data, ensure_ascii=False) s1 = """"userid":%s, "username":"******", "dept_id":%s, "dept_name":"%s", "pic_url":"%s", "AccessToken":"%s", "menu_data":%s,""" % (lT[0][0], (lT[0][1]), lT[0][2], (lT[0][3]), pic_url, token, s3) sql = """insert into users_login (usr_id,source,token,login_ip,login_time,refresh_time,expire_time) values (%s,'%s','%s','%s',now(),now(),%s) """ % (lT[0][0], source, token, ip, int(TIME_OUT) * 60) #print ToGBK(sql) db.executesql(sql) else: errCode = 1 msg = u'用户名不存在' s = """ { "errcode": %s, "errmsg": "%s", "login_id": "%s", %s } """ % (errCode, msg, login_id, s1) #print ToGBK(s) response = HttpResponseCORS(request, s) return response
def index_wx_func(request): import base64, time import random random_no = '%s' % (random.randint(0, 999999)) source = 'wx' if request.META.has_key('HTTP_X_FORWARDED_FOR'): ip = request.META['HTTP_X_FORWARDED_FOR'] else: ip = request.META['REMOTE_ADDR'] print ip code = request.GET.get('code', '') func = request.GET.get('func', '') if func == '': func = request.GET.get('state', '') func = func.lower() if func in ['gwlist', 'gw_view', 'gw_audit', 'gw_sign']: agentname = '公文审批' elif func in [ 'info_send', 'info_list', 'info_upd', 'info_detail', 'info_audit' ]: agentname = '信息交换' elif func in ['myloglist', 'otherloglist', 'writelog', 'logdetail']: agentname = '工作日志' elif func in ['fa_code']: agentname = '固定资产管理' else: agentname = '通讯录' print func error_url = '%s/wx/mui/error.html' % front_url if func == 'FA_Code': FAcode = request.GET.get('facode', '') url = '%s/wx/mui/fixedAssetsInfo.html?code=%s' % (front_url, FAcode) return HttpResponseRedirect(url) url = '' if func == 'gwlist': type = request.GET.get('type', '') if str(type) in ['1', '2', '3']: url = '%s/wx/mui/examine.html?func=%s&type=%s' % (front_url, func, type) else: url = '%s/wx/mui/myExamine.html?func=%s&type=%s' % (front_url, func, type) elif func == 'gw_view': menu_id = request.GET.get('menu_id', '') pk = request.GET.get('pk', '') url = '%s/wx/examineDetail.html?menu_id=%s&pk=%s&mode=view&infotype=msg' % ( front_url, menu_id, pk) elif func == 'gw_audit': menu_id = request.GET.get('menu_id', '') pk = request.GET.get('pk', '') url = '%s/wx/examineDetail.html?menu_id=%s&pk=%s&mode=audit&infotype=msg' % ( front_url, menu_id, pk) elif func == 'gw_sign': menu_id = request.GET.get('menu_id', '') pk = request.GET.get('pk', '') url = '%s/wx/examineDetail.html?menu_id=%s&pk=%s&mode=sign&infotype=msg' % ( front_url, menu_id, pk) elif func == 'info_send': url = '%s/wx/mui/infoExchange_index.html?id=2' % (front_url) elif func == 'info_list': id = request.GET.get('id', '') type = request.GET.get('type', '') url = '%s/wx/mui/infoExchange_index.html?id=%s&type=%s' % (front_url, id, type) elif func == 'info_audit': pk = request.GET.get('pk', '') must_reply = request.GET.get('must_reply', '') url = '%s/wx/mui/infoExamine.html?seq=%s&must_reply=%s&infotype=msg' % ( front_url, pk, must_reply) elif func == 'info_detail': pk = request.GET.get('pk', '') must_reply = request.GET.get('must_reply', '') url = '%s/wx/mui/infoDetail.html?seq=%s&must_reply=%s&index=0&infotype=msg' % ( front_url, pk, must_reply) elif func == 'info_upd': pk = request.GET.get('pk', '') url = '%s/wx/mui/changeInfo.html?seq=%s&infotype=msg' % (front_url, pk) elif func == 'fa_code': FAcode = request.GET.get('facode', '') url = '%s/wx/mui/fixedAssetsInfo.html?code=%s' % (front_url, FAcode) elif func == 'myloglist': url = '%s/wx/mui/myLogList.html?source=%s' % (front_url, source) elif func == 'otherloglist': url = '%s/wx/mui/otherLogList.html?source=%s' % (front_url, source) elif func == 'writelog': url = '%s/wx/mui/writeLog.html?source=%s' % (front_url, source) elif func == 'logdetail': id = request.GET.get('id', '') url = '%s/wx/mui/logDetail.html?id=%s' % (front_url, id) else: return HttpResponseRedirect(error_url) if request.session.has_key('login_data_wx'): d = request.session.get('login_data_wx', '') #userid = request.COOKIES.get('usr_wx_id','') userid = d[0] print "userid=%s" % (userid) sql = """select token,id from users_login where source='%s' and usr_id ='%s' and time_to_sec(now()) - time_to_sec(refresh_time) < expire_time order by refresh_time desc limit 1 """ % (source, userid) print sql lT, iN = db.select(sql) if iN > 0: token = lT[0][0] id = lT[0][1] sql = "update users_login set refresh_time=now() where id=%s" % ( id) db.executesql(sql) url += "&AccessToken=%s" % token print url dt = datetime.datetime.now() + datetime.timedelta(hours=2) response = HttpResponseRedirect(url) response.set_cookie("usr_wx_id", userid, expires=dt) #sql = "select usr_id,usr_name,dept_id,login_id,d.cname from users u left join dept d on d.id=u.dept_id where usr_id='%s' and status=1"%userid #lT,iN = db.select(sql) #if iN>0: # value=[userid,lT[0][1],lT[0][2],lT[0][4],lT[0][3]] # print value # request.session['login_data_wx'] = value return response if code != '': ddata = getuserinfo(code, agentname) try: print ddata uName = ddata['UserId'] DeviceId = ddata['DeviceId'] except Exception, e: uName = '' DeviceId = '' return HttpResponseRedirect(error_url) sql = "select usr_id,usr_name,dept_id,login_id,d.cname from users u left join dept d on d.id=u.dept_id where ifnull(wxqy_id,login_id)='%s' and status=1" % uName print sql lT, iN = db.select(sql) if iN > 0: userid = lT[0][0] usr_name = lT[0][1] dept_id = lT[0][2] dept_name = lT[0][4] login_id = lT[0][3] sTimeStamp = str(time.time()) wxcpt = WXBizMsgCrypt('szoworld', m_aesKey) ret, token = wxcpt.EncryptMsg(login_id, random_no, sTimeStamp) sql = """insert into users_login (usr_id,source,token,login_ip,login_time,refresh_time,expire_time) values (%s,'%s','%s','%s',now(),now(),%s) """ % (userid, source, token, ip, int(TIME_OUT) * 60) print ToGBK(sql) db.executesql(sql) token = urllib.quote(token) url += "&AccessToken=%s" % token dt = datetime.datetime.now() + datetime.timedelta(hours=2) response = HttpResponseRedirect(url) response.set_cookie("usr_wx_id", userid, expires=dt) value = [userid, usr_name, dept_id, dept_name, login_id] print value request.session['login_data_wx'] = value return response else: return HttpResponseRedirect(error_url)
def attach_save(request): #print request.POST today = datetime.date.today() year = today.year month = today.month if request.method == "POST": # 请求方法为POST时,进行处理 menu_id = request.POST.get('menu_id', 0) pk = request.POST.get('pk', '') source = request.POST.get('option', '') if source == '': source = 0 random_no = request.POST.get('random_no', '') ret, errmsg, d_value = mValidateUser(request, "view", menu_id) if ret != 0: s = """ { "error": true } """ return HttpResponseJsonCORS(request, s) usr_id = d_value[0] usr_name = d_value[1] myFile = request.FILES.get("files[]", None) # 获取上传的文件,如果没有文件,则默认为None if not myFile: s = """ { "error": true } """ return HttpResponseJsonCORS(request, s) title = myFile.name f_ext = title.split('.')[-1] fname = "%s_%s_%s.%s" % (usr_id, time.time(), random.randint( 0, 99), f_ext) small_name = "small_%s" % (fname) if f_ext.upper() in ['GIF', 'JPG', 'JPEG', 'PNG', 'BMP']: is_pic = 1 else: is_pic = 0 if pk == '': pk = 'NULL' sql = """insert into file_pic (menu_id,gw_id,title,fname,file_size,is_pic,random_no,cid,cusrname,ctime,source) values(%s,%s,'%s','%s',%s,%s,'%s',%s,'%s',now(),%s); """ % (menu_id, pk, title, fname, myFile.size, is_pic, random_no, usr_id, usr_name, source) #print sql db.executesql(sql) sql = "select last_insert_id();" rows, iN = db.select(sql) file_id = rows[0][0] make_sub_path(upload_path) path = os.path.join(upload_path, str(year)) make_sub_path(path) #检查目录是否存在,如果不存在,生成目录 make_sub_path path = os.path.join(path, str(month)) make_sub_path(path) #检查目录是否存在,如果不存在,生成目录 make_sub_path destination = open(os.path.join(path, fname), 'wb+') # 打开特定的文件进行二进制的写操作 for chunk in myFile.chunks(): # 分块写入文件 destination.write(chunk) destination.close() import imghdr imgType = imghdr.what(os.path.join(path, fname)) if imgType in [ 'rgb', 'gif', 'pbm', 'pgm', 'ppm', 'tiff', 'rast', 'xbm', 'jpeg', 'bmp', 'png' ]: is_pic = 1 else: is_pic = 0 sql = 'update file_pic set is_pic=%s where id=%s' % (is_pic, file_id) db.executesql(sql) if is_pic == 1: img = Image.open(os.path.join(path, fname)) x, y = img.size x1 = 80 y1 = 80 * y / x try: img = img.resize((x1, y1), Image.ANTIALIAS) img.save(os.path.join(path, small_name)) pic_url = os.path.join(front_url, 'attach', str(year), str(month), small_name) except: pic_url = "" else: pic_url = "" url = os.path.join(front_url, 'attach', str(year), str(month), fname) s = """{"files":[{ "error":false, "file_id":%s, "size":%s, "name":"%s", "thumbnail_url":"%s", "url":"%s", "delete_url":"%s/del_file/?fname=%s" }]} """ % (file_id, myFile.size, myFile.name, pic_url, url, data_url, fname) return HttpResponseJsonCORS(request, s) s = """ { "error": true } """ return HttpResponseJsonCORS(request, s)
def login_wx_func(request): import base64, time import random random_no = '%s' % (random.randint(0, 999999)) usr_id, usr_name, dept_id, dept_name = '', '', '', '' source = 'wx' if request.META.has_key('HTTP_X_FORWARDED_FOR'): ip = request.META['HTTP_X_FORWARDED_FOR'] else: ip = request.META['REMOTE_ADDR'] code = request.GET.get('code', '') union_id = '' if code != '': conn = httplib.HTTPSConnection('api.weixin.qq.com') sToken = read_access_token_common('access_token_web') if sToken == '': url = "/cgi-bin/token?grant_type=client_credential&appid=%s&secret=%s" % ( AppId_web, AppSecret_web) conn.request('GET', '%s' % url) res = conn.getresponse() body = res.read() ddata = json.loads(body) sToken = ddata['access_token'] conn.close() write_access_token_common(body, 'access_token_web') url = "/sns/oauth2/access_token?appid=%s&secret=%s&code=%s&grant_type=authorization_code" % ( AppId_web, AppSecret_web, code) conn.request('GET', '%s' % url) res = conn.getresponse() body = res.read() print body ddata = json.loads(body) access_token = ddata['access_token'] openid = ddata['openid'] union_id = ddata.get('unionid', '') if union_id == '': errCode = 1 msg = u'用户未注册供应商服务平台' s = """ { "errcode": %s, "errmsg": "%s", } """ % (errCode, msg) response = HttpResponseCORS(request, s) return response s1 = '' if union_id == 'or0EJv-sW7K_rmSakUfKH1ONE5hg': union_id = 'or0EJvw-Y-E7k7zPTdR6vX0OdRlI' sql = """SELECT U.usr_id,U.usr_name,ifnull(ab.sup_id,0),ifnull(su.cname,''),IFNULL(U.headimgurl,'') FROM users_gy U LEFT JOIN addr_book ab on ab.id = U.addr_id LEFT JOIN suppliers su on su.id = ab.sup_id WHERE U.unionid='%s' AND U.status=1 """ % (union_id) print sql lT, iN = db.select(sql) if iN > 0: usr_id = lT[0][0] request.session['usr_id'] = usr_id request.session['usr_name'] = lT[0][1] request.session['sup_id'] = lT[0][2] request.session['sup_name'] = lT[0][3] d_value = ['', '', '', '', ''] d_value[0] = usr_id d_value[1] = lT[0][1] d_value[2] = lT[0][2] d_value[3] = lT[0][3] d_value[4] = 0 g_data.set_value(d_value) errCode = 0 msg = 'OK' pic = lT[0][4] sTimeStamp = str(time.time()) wxcpt = WXBizMsgCrypt('szoworld_gy', m_aesKey) ret, token = wxcpt.EncryptMsg(str(usr_id), random_no, sTimeStamp) sql = """SELECT distinct WMF.menu,WMF.menu_id,WMF.menu_name, WMF.sort,WMF.parent_id,WMF.status-1,WMF.url,WMF.icon FROM menu_func WMF Left JOIN menu_func WMF1 on WMF.parent_id = WMF1.menu_id WHERE WMF.status=2 and WMF.menu_id>0 and WMF1.status=2 ORDER BY WMF.parent_id,WMF.menu,WMF.sort,WMF.menu_id """ #print sql rows, iN = db.select(sql) L1 = [2] L2 = [] #L = formatData(rows,L1,L2) names = 'level menu_id menu_name sort parent_id status url icon'.split( ) data = [dict(zip(names, d)) for d in rows] s3 = json.dumps(data, ensure_ascii=False) s1 = """"userid":%s, "username":"******", "sup_id":%s, "sup_name":"%s", "pic_url":"%s", "AccessToken":"%s", "menu_data":%s""" % (lT[0][0], (lT[0][1]), lT[0][2], (lT[0][3]), pic, token, s3) sql = """insert into users_login_gy (usr_id,source,token,login_ip,login_time,refresh_time,expire_time) values (%s,'%s','%s','%s',now(),now(),%s) """ % (lT[0][0], source, token, ip, int(TIME_OUT) * 60) #print ToGBK(sql) db.executesql(sql) else: errCode = 1 msg = u'用户未注册供应商服务平台' s = """ { "errcode": %s, "errmsg": "%s", %s } """ % (errCode, msg, s1) #print ToGBK(s) response = HttpResponseCORS(request, s) return response
def attach_save_qy(request): #print request.POST today = datetime.date.today() year = today.year month = today.month if request.method == "POST": # 请求方法为POST时,进行处理 pk = request.POST.get('pk', '') random_no = request.POST.get('random_no', '') usr_id_qy = request.session.get('usr_id_qy', '') or testid file_type = '' btntype = request.POST.get('btnType', '') or 'NULL' # print request.POST if str(btntype) == '0': file_type = 'jb' if str(btntype) == '-1': file_type = 'sbld' if str(btntype) == '1': file_type = 'tjsl' if str(btntype) == '2': file_type = 'jgsb' if str(btntype) == '3': file_type = 'jgqr' if str(btntype) == '4': file_type = 'jsz' if usr_id_qy == 0: s = """ { "errcode": -1, "errmsg": "无权访问,请先关注" } """ return HttpResponseJsonCORS(s) myFile = request.FILES.get("file", None) # 获取上传的文件,如果没有文件,则默认为None # print myFile if not myFile: s = """ { "error": true } """ return HttpResponseJsonCORS(s) title = myFile.name f_ext = title.split('.')[-1] fname = "qy_%s_%s_%s.%s" % (usr_id_qy, time.time(), random.randint(0, 99), f_ext) if f_ext.upper() in ['GIF', 'JPG', 'PNG', 'BMP']: is_pic = 1 else: is_pic = 0 if pk == '': pk = 'NULL' sql = """insert into file_pic_lw (m_id,title,fname,file_size,is_pic,random_no,cid,ctime,file_type,file_type_id) values(%s,'%s','%s',%s,%s,'%s',%s,now(),'%s',%s); """ % (pk, title, fname, myFile.size, is_pic, random_no, usr_id_qy, file_type, btntype) # print sql db.executesql(sql) make_sub_path(upload_path) path = os.path.join(upload_path, str(year)) make_sub_path(path) #检查目录是否存在,如果不存在,生成目录 make_sub_path path = os.path.join(path, str(month)) make_sub_path(path) #检查目录是否存在,如果不存在,生成目录 make_sub_path destination = open(os.path.join(path, fname), 'wb+') # 打开特定的文件进行二进制的写操作 for chunk in myFile.chunks(): # 分块写入文件 destination.write(chunk) destination.close() # if is_pic == 1: pic_url = "%s/get_file/?fname=%s"%(data_url,fname) # else: pic_url="" # s = """{"files":[{ # "error":false, # "size":%s, # "fname":"%s" # }]} # """%(myFile.size,fname) if is_pic == 1: pic_url = "%s/fileUpload/file_down?fname=%s" % (data_url, fname) else: pic_url = "" s = """{"files":[{ "error":false, "size":%s, "name":"%s", "thumbnail_url":"%s", "url":"%s/fileUpload/file_down?fname=%s", "delete_url":"%s/fileUpload/del_attach_file?fname=%s" }]} """ % (myFile.size, myFile.name, pic_url, data_url, fname, data_url, fname) return HttpResponseJsonCORS(s) s = """ { "error": true } """ return HttpResponseJsonCORS(s)
def login_func(request): import base64 , time import random random_no='%s'%(random.randint(0,999999)) print(request.POST) usr_id,usr_name,dept_id,dept_name='','','','' login_id = request.POST.get('login_id','') or request.GET.get('login_id','') password = request.POST.get('password','') or request.GET.get('password','') source = request.POST.get('source','web') lang_id = request.POST.get('lang_id') or request.GET.get('lang_id','') if lang_id=='':lang_id=1 else:lang_id = int(lang_id) if request.META.has_key('HTTP_X_FORWARDED_FOR'): ip = request.META['HTTP_X_FORWARDED_FOR'] else: ip = request.META['REMOTE_ADDR'] response = login_test(request) if response: return response errCode, msg = -1, '该账户已失效!' # ----# # if login_id=='': # errCode = 1 # msg = u'用户名不存在' # s = """ # { # "errcode": %s, # "errmsg": "%s", # "login_id": "%s", # } # """ %(errCode,msg,login_id) # response = HttpResponseCORS(request,s) # return response # login_id=login_id.replace("'","") # if password!='': # password=password.lower() # ---# s1 ='' sql="""SELECT U.usr_id,U.usr_name,ifnull(U.dept_id,0),ifnull(D.cname,''),IFNULL(U.pic,''),U.password FROM users U LEFT JOIN dept D ON U.dept_id=D.id WHERE U.login_id='%s' AND U.status=1 """ % (login_id) lT,iN = db.select(sql) if iN>0: # pwd1 = lT[0][5] # m1 = md5.new() # m1.update(lT[0][5]) # pwd = m1.hexdigest() # print(password,pwd,'###') # if password != pwd: # errCode = 2 # msg = u'密码错误' # else: # if m_prjname == 'kjerp': # ret = ProcessPassword(pwd1) # else: # ret = True # if ret == False: # errCode = 3 # msg = u'密码过于简单,请修改密码后重新登陆' # s = """ # { # "errcode": %s, # "errmsg": "%s", # "login_id": "%s", # } # """ %(errCode,msg,login_id) # response = HttpResponseCORS(request,s) # return response usr_id=lT[0][0] #求得用户的权限 dActiveUser[usr_id]={} dActiveUser[usr_id]['roles']={} #用户角色 dActiveUser[usr_id]['access_dept_data']=[] #访问部门内所有人员数据的权限,格式:['部门ID1','部门ID2',...] dActiveUser[usr_id]['access_person_data']=[] #访问人员数据的权限,格式:['人员ID1','人员ID2',...] dActiveUser[usr_id]['login_time']=time.time() #登入时间 dActiveUser[usr_id]['usr_name']=lT[0][1] #用户名 dActiveUser[usr_id]['login_id']=login_id dActiveUser[usr_id]['usr_dept']=lT[0][2],lT[0][3] #用户部门 dActiveUser[usr_id]['pic']=lT[0][4] #用户角色/访问部门内所有人员数据的权限 sql="""SELECT WUR.role_id,WR.role_name,WR.sort,WR.dept_id FROM usr_role WUR LEFT JOIN roles WR ON WUR.role_id=WR.role_id WHERE WUR.usr_id=%s """ % usr_id print(sql) lT1,iN1 = db.select(sql) if iN1>0: for e in lT1: #用户角色 dActiveUser[usr_id]['roles'][e[0]]=e[1:] request.session['usr_id'] = usr_id request.session['usr_name'] = dActiveUser[usr_id]['usr_name'] request.session['dept_id'] = lT[0][2] request.session['dept_name'] = lT[0][3] request.session['dActiveUser'] = dActiveUser d_value = ['','','','',''] d_value[0] = usr_id d_value[1] = dActiveUser[usr_id]['usr_name'] d_value[2] = lT[0][2] d_value[3] = lT[0][3] d_value[4] = 0 g_data.set_value(d_value) errCode = 0 msg = 'OK' pic = lT[0][4] if pic=='': pic_url = "%s/user_pic/default.jpg"%fs_url else: pic_url = "%s/user_pic/small_"%fs_url+pic sTimeStamp = str(time.time()) wxcpt=WXBizMsgCrypt('szoworld',m_aesKey) ret,token = wxcpt.EncryptMsg(login_id,random_no,sTimeStamp) if m_muti_lang==1 and lang_id>1: if usr_id in [1,2]: sql="""SELECT distinct WMF.menu,WMF.menu_id,case l.`name` when '' then WMF.menu_name else l.`name` end, WMF.sort,WMF.parent_id,WMF.status,WMF.url,WMF.icon FROM menu_func WMF Left JOIN menu_func WMF1 on WMF.parent_id = WMF1.menu_id left join muti_lang_menu l on l.menu_id = WMF.menu_id and l.lang_id = %s WHERE WMF.status=1 and WMF.menu_id>0 and WMF1.status=1 ORDER BY WMF.parent_id,WMF.menu,WMF.sort,WMF.menu_id """%(lang_id) else: sql="""SELECT distinct WMF.menu,WMF.menu_id,case l.`name` when '' then WMF.menu_name else l.`name` end, WMF.sort,WMF.parent_id,WMF.status,WMF.url,WMF.icon FROM usr_role WUR JOIN (role_menu WRM JOIN menu_func WMF ON WRM.menu_id=WMF.menu_id) ON WUR.role_id=WRM.role_id left join muti_lang_menu l on l.menu_id = WMF.menu_id and l.lang_id = %s WHERE WUR.usr_id='%s' AND WMF.status=1 and WMF.menu_id>0 and WRM.can_view=1 ORDER BY WMF.parent_id,WMF.menu,WMF.sort,WMF.menu_id """%(lang_id,usr_id) else: if usr_id in [1,2]: sql="""SELECT distinct WMF.menu,WMF.menu_id,WMF.menu_name, WMF.sort,WMF.parent_id,WMF.status,WMF.url,WMF.icon FROM menu_func WMF Left JOIN menu_func WMF1 on WMF.parent_id = WMF1.menu_id WHERE WMF.status=1 and WMF.menu_id>0 and WMF1.status=1 ORDER BY WMF.parent_id,WMF.menu,WMF.sort,WMF.menu_id """ else: sql="""SELECT distinct WMF.menu,WMF.menu_id,WMF.menu_name, WMF.sort,WMF.parent_id,WMF.status,WMF.url,WMF.icon FROM usr_role WUR JOIN (role_menu WRM JOIN menu_func WMF ON WRM.menu_id=WMF.menu_id) ON WUR.role_id=WRM.role_id WHERE WUR.usr_id='%s' AND WMF.status=1 and WMF.menu_id>0 and WRM.can_view=1 ORDER BY WMF.parent_id,WMF.menu,WMF.sort,WMF.menu_id """%usr_id #print sql # ---# print(sql) rows,iN = db.select(sql) L1=[2] L2=[] #L = formatData(rows,L1,L2) names = 'level menu_id menu_name sort parent_id status url icon'.split() data = [dict(zip(names, d)) for d in rows] s3 = json.dumps(data,ensure_ascii=False) s1 = """"userid":%s, "username":"******", "dept_id":%s, "dept_name":"%s", "pic_url":"%s", "AccessToken":"%s", "menu_data":%s,"""%(lT[0][0],(lT[0][1]),lT[0][2],(lT[0][3]),pic_url,token,s3) sql = """insert into users_login (usr_id,source,token,login_ip,login_time,refresh_time,expire_time) values (%s,'%s','%s','%s',now(),now(),%s) """%(lT[0][0],source,token,ip,int(TIME_OUT)*60) #print ToGBK(sql) db.executesql(sql) # --# # else: # errCode = 1 # msg = u'用户名不存在' # print('##:',s1) s = """ { "errcode": %s, "errmsg": "%s", "login_id": "%s", %s } """ %(errCode,msg,login_id,s1) #print ToGBK(s) response = HttpResponseCORS(request,s) return response
def forgetpwd(request,Opname): errCode = 0 s = """ """ msg = '' tel = '' if request.META.has_key('HTTP_X_FORWARDED_FOR'): login_ip = request.META['HTTP_X_FORWARDED_FOR'] else: login_ip = request.META['REMOTE_ADDR'] name = request.POST.get('usrname','') or request.GET.get('usrname','') login_id = request.POST.get('login_id','') or request.GET.get('login_id','') mobil = request.POST.get('mobil','') or request.GET.get('mobil','') mobil_valid = request.POST.get('mobil_valid','') or request.GET.get('mobil_valid','') # 发送短信 if Opname in ['getmobilvalid']: tel='%s'%(random.randint(0,999999)) res = test_getValid(mobil,tel) if res['Code'].lower() in ['ok']: # 删除相应的数据存在验证码在临时表中 _sql = "delete from `temp_sheet` where temp_id='%s' and temp_ip='%s'"%(login_id,login_ip) db.executesql(_sql) DB_Op('temp_sheet',['temp_id','temp_ip','valid_code'],\ ["'%s'"%login_id,"'%s'"%login_ip,"'%s'"%(tel)],'insert') errCode = 0 msg = 'sucess' else: errCode = -1 msg = '验证码发送失败' s +="""{ "errcode":%s, "errmsg": "%s", "tel": "%s", } """%(errCode,msg,mobil) return HttpResponseCORS(request,s) # if Opname in ['fillcount']: # s +="""{ # "errcode":"%s", # "errmsg": "%s", # "tel": "%s",} # """%(errCode,msg,tel) # return HttpResponseCORS(request,s) if Opname in ['checkVerify']: # 获取验证码 sql = " select valid_code from `temp_sheet` where temp_id='%s' "%(login_id) rows,iN = db.select(sql) if iN: # 验证码正确 if str(rows[0][-1]) == str(mobil_valid): errCode = 0 msg = 'sucess' _sql = "delete from `temp_sheet` where temp_id='%s' and temp_ip='%s'"%(login_id,login_ip) db.executesql(_sql) else: errCode = -1 msg = '验证码错误' else: errCode = -1 msg = '该手机未收到验证码!' # 验证码正确 s +="""{ "errcode":'%s', "errmsg": "%s", "valid": "%s",} """%(errCode,msg,mobil_valid) return HttpResponseCORS(request,s)
def login_test(request): currentTime = datetime.datetime.now() # 当前时间 errCode = -1 msg, s='', '' # 返回的基础信息 error_count = 0 login_id = request.POST.get('login_id','') or request.GET.get('login_id','') password = request.POST.get('password','') or request.GET.get('password','') valid_code = request.POST.get('valid','') or request.GET.get('valid','') print('VALID`VALID`:',valid_code) image_code, valid_code_real = '','' # 图片数据 验证码 -1 or '' # print(valid_code_real) if request.META.has_key('HTTP_X_FORWARDED_FOR'): login_ip = request.META['HTTP_X_FORWARDED_FOR'] else: login_ip = request.META['REMOTE_ADDR'] # 获取验证码 _sql = """ select valid_code from `temp_sheet` where temp_id='%s' and temp_ip='%s' """%(login_id,login_ip) rows,iN = db.select(_sql) if iN: valid_code_real = rows[0][-1] # 验证码 print('valid:',valid_code_real) # login_id = 'abc' sql = """ select password,usr_name from `users` where login_id='%s' """%(login_id) rows,iN= db.select(sql) if iN: real_pwd = [_[0] for _ in rows][0] else: real_pwd = '' print(sql) if not iN: errCode = -1 msg = u'用户名不存在!' s = """ { "errcode": %s, "errmsg": "%s", "login_id": "%s", } """ %(errCode,msg,login_id) response = HttpResponseCORS(request,s) return response else: usr_name = rows[0][1] # 密码正确 记录登录信息到相应表 # m1 = md5.new() # m1.update(real_pwd.lower()) # pwd_l = m1.hexdigest() # pwd_h = md5.new(real_pwd.upper()).hexdigest() pwd_real = md5.new(real_pwd).hexdigest() print('#-#valid:',valid_code_real,valid_code) if (password==real_pwd or password in [pwd_real]) and any([valid_code_real in ['','-1'],valid_code_real.lower() == valid_code.lower()]): # 检验是否过期 if is_valid(login_id)>=90: errCode = -2 # 用户过期 msg = u'用户已过期!' s =""" { "errcode":%s, "errmsg:":"%s", "login_id":"%s", "usr_name":"%s", } """%(errCode,msg,login_id,usr_name) return HttpResponseCORS(request,s) if is_lock(login_id)>=60: errCode = -3 # 用户锁定 msg = u'用户已锁定!' s =""" { "errcode":%s, "errmsg:":'%s', "login_id":"%s", "usr_name":"%s", } """%(errCode,msg,login_id,usr_name) return HttpResponseCORS(request,s) # else: # pass # 更新登录时间 # DB_Op('usr_info',['login_time'],['']) # print('match:',bool(re.compile('[a-z0-9A-Z]{8,16}').match(password))) if len(password)<8 or not bool(re.compile(r'^(?:(?=.*[A-Z])(?=.*[a-z])(?=.*[0-9])).*$').match(password)): errCode = 4 # 弱密码 msg = u'密码不符合要求请修改密码!' _sql = """ select login_id from `login_record` where login_id='%s' """%(login_id) print(_sql) print db.executesql(_sql) # 记录登录信息 if not db.executesql(_sql): DB_Op('login_record',['login_id','login_ip','login_time'],\ ["'%s'"%login_id,"'%s'"%login_ip,"'%s'"%(currentTime)],'insert') s =""" { "errcode":%s, "errmsg:":'%s', "login_id":"%s", "usr_name":"%s", } """%(errCode,msg,login_id,usr_name) return HttpResponseCORS(request,s) errCode = 0 msg = u'操作正确' _sql = """ select login_id from `login_record` where login_id='%s' """%(login_id) print db.executesql(_sql) # 记录登录信息 if not db.executesql(_sql): DB_Op('login_record',['login_id','login_ip','login_time'],\ ["'%s'"%login_id,"'%s'"%login_ip,"'%s'"%(currentTime)],'insert') else: DB_Op('login_record',['login_ip','login_time'],\ ["'%s'"%login_ip,"'%s'"%(currentTime)]," where login_id='%s'"%(login_id)) # 删除临时表中的记录 _sql = "delete from `temp_sheet` where temp_id='%s' and temp_ip='%s'"%(login_id,login_ip) db.executesql(_sql) return None # 密码错误记录到临时表 else: _sql = """ select temp_id,temp_ip,login_num from `temp_sheet` where temp_id='%s' and temp_ip='%s' """%(login_id,login_ip) rows,iN = db.select(_sql) s +='' # 不存在记录 插入数据 if not iN: DB_Op('temp_sheet',['temp_id','temp_ip','login_num','valid_code'],\ ["'%s'"%login_id,"'%s'"%login_ip,1,"''"],'insert') error_count = 1 else: # 更新数据 if int(rows[0][2])>=2: image_code, valid_code_real = generate_valid() DB_Op('temp_sheet',['login_num','valid_code'],\ [int(rows[0][2])+1,"'%s'"%valid_code_real],"where temp_id='%s'"%(login_id)) error_count =int(rows[0][2])+1 errCode = -1 msg = u'账户或密码错误!' print(password,real_pwd,password == real_pwd) if password == real_pwd: msg = u'验证码错误!' s = """ { "errcode": %s, "errmsg": "%s", "login_id": "%s", "image_code":"%s", "error_count":%s, "usr_name":"%s", } """ %(errCode,msg,login_id,image_code,error_count,usr_name) response = HttpResponseCORS(request,s) return response
def login_func(request): import base64, time import random random_no = '%s' % (random.randint(0, 999999)) source = request.POST.get('source', 'web') if request.META.has_key('HTTP_X_FORWARDED_FOR'): ip = request.META['HTTP_X_FORWARDED_FOR'] else: ip = request.META['REMOTE_ADDR'] union_id = 'or0EJv-sW7K_rmSakUfKH1ONE5hg' if union_id == '': errCode = 1 msg = u'用户未注册供应商服务平台' s = """ { "errcode": %s, "errmsg": "%s", } """ % (errCode, msg) response = HttpResponseCORS(request, s) return response s1 = '' sql = """SELECT U.usr_id,U.usr_name,ifnull(ab.sup_id,0),ifnull(su.cname,''),IFNULL(U.headimgurl,'') FROM users_gy U LEFT JOIN addr_book ab on ab.id = U.addr_id LEFT JOIN suppliers su on su.id = ab.sup_id WHERE U.unionid='%s' AND U.status=1 """ % (union_id) lT, iN = db.select(sql) if iN > 0: usr_id = lT[0][0] request.session['usr_id'] = usr_id request.session['usr_name'] = lT[0][1] request.session['sup_id'] = lT[0][2] request.session['sup_name'] = lT[0][3] d_value = ['', '', '', '', ''] d_value[0] = usr_id d_value[1] = lT[0][1] d_value[2] = lT[0][2] d_value[3] = lT[0][3] d_value[4] = 0 g_data.set_value(d_value) errCode = 0 msg = 'OK' pic = lT[0][4] sTimeStamp = str(time.time()) wxcpt = WXBizMsgCrypt('szoworld_gy', m_aesKey) ret, token = wxcpt.EncryptMsg(str(usr_id), random_no, sTimeStamp) sql = """SELECT distinct WMF.menu,WMF.menu_id,WMF.menu_name, WMF.sort,WMF.parent_id,WMF.status-1,WMF.url,WMF.icon FROM menu_func WMF Left JOIN menu_func WMF1 on WMF.parent_id = WMF1.menu_id WHERE WMF.status=2 and WMF.menu_id>0 and WMF1.status=2 ORDER BY WMF.parent_id,WMF.menu,WMF.sort,WMF.menu_id """ #print sql rows, iN = db.select(sql) L1 = [2] L2 = [] #L = formatData(rows,L1,L2) names = 'level menu_id menu_name sort parent_id status url icon'.split( ) data = [dict(zip(names, d)) for d in rows] s3 = json.dumps(data, ensure_ascii=False) s1 = """"userid":%s, "username":"******", "sup_id":%s, "sup_name":"%s", "pic_url":"%s", "AccessToken":"%s", "menu_data":%s""" % (lT[0][0], (lT[0][1]), lT[0][2], (lT[0][3]), pic, token, s3) sql = """insert into users_login_gy (usr_id,source,token,login_ip,login_time,refresh_time,expire_time) values (%s,'%s','%s','%s',now(),now(),%s) """ % (lT[0][0], source, token, ip, int(TIME_OUT) * 60) #print ToGBK(sql) db.executesql(sql) else: errCode = 1 msg = u'用户不存在' s = """ { "errcode": %s, "errmsg": "%s", %s } """ % (errCode, msg, s1) #print ToGBK(s) response = HttpResponseCORS(request, s) return response