def first_login(request):
if request.method == 'POST':
user = request.user
if not user.userBaseInfo.is_account_active:
new_password = request.POST.get('newPassword')
confirm_password = request.POST.get('repeatPassword')
email = request.POST.get('email')
if new_password is None or confirm_password is None or new_password != confirm_password:
return JsonResponse({'status': 402, 'msg': u'确认密码与新密码不一致'})
if user.check_password(utils.str2md5(new_password)):
return JsonResponse({'status': 403, 'msg': u'新密码不能于旧密码相同'})
user.set_password(utils.str2md5(new_password))
user.email = email
user.userBaseInfo.is_account_active = True
user.save()
user.userBaseInfo.save()
utils.send_valified_email(user.userBaseInfo)
login(request, user)
return JsonResponse({
'status': 203,
'msg': u'密码修改成功',
'url': '/setting'
})
else:
return redirect('/')
else:
return redirect('/')
def changePassword(request):
if request.method == 'POST':
user = request.user
new_password = request.POST.get('newPassword', '')
if len(new_password) < 8:
return JsonResponse({'status': 402, 'msg': u'密码不能少于8位'})
if user.check_password(utils.str2md5(new_password)):
return JsonResponse({'status': 403, 'msg': u'新密码不能于旧密码相同'})
user.set_password(utils.str2md5(new_password))
user.save()
utils.send_password_modify_email(user.userBaseInfo)
return JsonResponse({
'status': 203,
'msg': u'密码修改成功',
'url': '/setting'
})
def AddUser(self, username, email, password, acc_type):
try:
now = datetime.datetime.now()
end_date = now
if acc_type == 1: end_date = now + datetime.timedelta(days=30)
elif acc_type == 2: end_date = now + datetime.timedelta(days=90)
elif acc_type == 3: end_date = now + datetime.timedelta(days=1095)
else: end_date = now + datetime.timedelta(days=30)
end_timestamp = end_date.replace(tzinfo=timezone.utc).timestamp()
with db.atomic():
user = User.create(
username=username,
password=password,
account_type=acc_type,
unique_id=str2md5(username + email),
hwid="not_set",
email=email,
last_login=now,
sub_end_date=end_date,
sub_end_timestamp=end_timestamp,
register_date=now,
)
print(f"[DB] Registered a new user -> username : {username}")
return user
except Exception as e:
print(f'[DB] Error while registering a new user : {e}')
def login():
username = request.json['username']
password = request.json['password']
pass_hash = str2md5(password)
user = db.GetUser(username, pass_hash)
if not user == None:
user.last_login = datetime.datetime.now()
is_expired = isexpired(user.last_login, user.sub_end_date)
return jsonify(dict(success=True,userdata=dict(username=user.username,email=user.email,account_type = user.account_type, unique_id = user.unique_id, is_expired = is_expired, sub_end_date = user.sub_end_date, sub_end_timestamp = user.sub_end_timestamp, register_date=user.register_date)))
else:
return jsonify(dict(success=False))
def reset_password(request):
if request.method == 'GET':
auth_code = request.GET.get('auth_code')
_username = request.GET.get('username')
if auth_code is not None:
pac = json.loads(utils.Token.confirm_token(auth_code))
try:
if pac['action'] == 'reset-password':
username = pac['username']
user = User.objects.get(username=username)
Config = WebsiteConfig.objects.all()[0]
user.set_password(utils.str2md5(Config.default_password))
user.save()
utils.send_password_modify_email(user.userBaseInfo)
return redirect('/login')
return redirect('/login')
except:
return redirect('/login')
elif _username is not None and request.user.is_superuser:
try:
user = User.objects.get(username=_username)
Config = WebsiteConfig.objects.all()[0]
user.set_password(utils.str2md5(Config.default_password))
user.save()
utils.send_password_modify_email(user.userBaseInfo)
return JsonResponse({'status': 201})
except:
return JsonResponse({'status': 501})
if request.method == 'POST':
username = request.POST.get('username', '')
try:
user = User.objects.get(username=username)
utils.send_password_reset_email(user.userBaseInfo)
except:
pass
return JsonResponse({'status': 201})
def register():
api_key = request.json['api_key']
username = request.json['username']
password = request.json['password']
email = request.json['email']
pass_hash = str2md5(password)
key = db.CheckKey("api_key", api_key)
if key:
user = db.AddUser(username, email, pass_hash, 1)
if not user == None:
return jsonify(dict(success=True,userdata=dict(username=user.username,email=user.email, unique_id = user.unique_id, register_date=user.register_date)))
else:
return jsonify(dict(success=False))
else:
return jsonify(dict(success=False))
def post(self):
phone = self.get_body_argument('username')
password = self.get_body_argument('password')
result = yield self.client.execute(
"select id as user_id, phone, pwd from oa_admin WHERE phone = %s",
(phone))
user_data = [{
"user_id": user_id,
"phone": phone,
"pwd": pwd
} for user_id, phone, pwd in result.fetchall()]
if not user_data:
self.send_error(status_code=404, message='User Not Found!')
if str2md5(password) == user_data[0]['pwd']:
self.set_session('user', phone)
self.set_secure_cookie('user', str(user_data[0]['user_id']))
self.write('success')
else:
self.send_error(status_code=400, message='Wrong Password!')
def check_pwd(self, form_pwd, user_pwd, user_salt):
hash = str2md5("{}-{}".format(form_pwd, user_salt))
if hash == user_pwd:
return True
else:
return False
def hash(self, password, salt):
hashpwd = str2md5(password)
return str2md5("{}-{}".format(hashpwd, salt))