def _set_login_session(self, userInfo):
try:
session['login'] = True
session['username'] = userInfo['username']
session['uid'] = userInfo['id']
public.WriteLog('TYPE_LOGIN', 'LOGIN_SUCCESS',
(userInfo['username'], public.GetClientIp()))
self.limit_address('-')
cache.delete('panelNum')
cache.delete('dologin')
sess_input_path = 'data/session_last.pl'
public.writeFile(sess_input_path, str(int(time.time())))
self.set_request_token()
self.login_token()
return public.returnJson(True, 'LOGIN_SUCCESS'), json_header
except Exception as ex:
stringEx = str(ex)
if stringEx.find('unsupported') != -1 or stringEx.find('-1') != -1:
os.system("rm -f /tmp/sess_*")
os.system("rm -f /www/wwwlogs/*log")
public.ServiceReload()
return public.returnJson(False, 'USER_INODE_ERR'), json_header
public.WriteLog('TYPE_LOGIN', 'LOGIN_ERR_PASS',
('****', '******', public.GetClientIp()))
num = self.limit_address('+')
return public.returnJson(False, 'LOGIN_USER_ERR',
(str(num), )), json_header
def request_temp(self, get):
try:
if not hasattr(get, 'tmp_token'):
return public.getMsg('INIT_ARGS_ERR')
if len(get.tmp_token) != 48: return public.getMsg('INIT_ARGS_ERR')
if not re.match(r"^\w+$", get.tmp_token):
return public.getMsg('INIT_ARGS_ERR')
skey = public.GetClientIp() + '_temp_login'
if not public.get_error_num(skey, 10):
return public.getMsg('AUTH_FAILED')
s_time = int(time.time())
data = public.M('temp_login').where(
'state=? and expire>?',
(0, s_time)).field('id,token,salt,expire').find()
if not data:
public.set_error_num(skey)
return public.getMsg('VERIFICATION_FAILED')
if not isinstance(data, dict):
public.set_error_num(skey)
return public.getMsg('VERIFICATION_FAILED')
r_token = public.md5(get.tmp_token + data['salt'])
if r_token != data['token']:
public.set_error_num(skey)
return public.getMsg('VERIFICATION_FAILED')
public.set_error_num(skey, True)
userInfo = public.M('users').where(
"id=?", (1, )).field('id,username').find()
session['login'] = True
session['username'] = public.getMsg('TEMPORARY_ID', (data['id'], ))
session['tmp_login'] = True
session['tmp_login_id'] = str(data['id'])
session['tmp_login_expire'] = time.time() + 3600
session['uid'] = data['id']
sess_path = 'data/session'
if not os.path.exists(sess_path):
os.makedirs(sess_path, 384)
public.writeFile(sess_path + '/' + str(data['id']), '')
login_addr = public.GetClientIp() + ":" + str(
request.environ.get('REMOTE_PORT'))
public.WriteLog('TYPE_LOGIN', 'LOGIN_SUCCESS',
(userInfo['username'], login_addr))
public.M('temp_login').where('id=?', (data['id'], )).update({
"login_time":
s_time,
'state':
1,
'login_addr':
login_addr
})
self.limit_address('-')
cache.delete('panelNum')
cache.delete('dologin')
sess_input_path = 'data/session_last.pl'
public.writeFile(sess_input_path, str(int(time.time())))
self.set_request_token()
self.login_token()
self.set_cdn_host(get)
return redirect('/')
except:
return public.getMsg('LOGIN_FAIL')
def set_login(self, get):
session_id = public.get_session_id()
if cache.get(session_id) == 'True':
return self.check_app_login(get)
if os.path.exists(self.app_path + "login.pl"):
data = public.readFile(self.app_path + 'login.pl')
public.ExecShell('rm ' + self.app_path + "login.pl")
secret_key, init_time = data.split(':')
if time.time() - float(init_time) < 60 and get[
'secret_key'] == secret_key:
sql = db.Sql()
userInfo = sql.table('users').where(
"id=?", (1, )).field('id,username,password').find()
session['login'] = True
session['username'] = userInfo['username']
cache.delete('panelNum')
cache.delete('dologin')
public.WriteLog(
'TYPE_LOGIN', 'LOGIN_SUCCESS',
('WeChat scan code login', public.GetClientIp() + ":" +
str(request.environ.get('REMOTE_PORT'))))
login_type = 'data/app_login.pl'
self.set_request_token()
import config
config.config().reload_session()
public.writeFile(login_type, 'True')
return public.returnMsg(True, 'login successful')
return public.returnMsg(False, 'Login failed')
def request_tmp(self,get):
try:
if not hasattr(get,'tmp_token'): return public.returnJson(False,'INIT_ARGS_ERR'),json_header
save_path = '/www/server/panel/config/api.json'
data = json.loads(public.ReadFile(save_path))
if not 'tmp_token' in data or not 'tmp_time' in data: return public.returnJson(False,'VERIFICATION_FAILED'),json_header
if (time.time() - data['tmp_time']) > 120: return public.returnJson(False,'EXPIRED_TOKEN'),json_header
if get.tmp_token != data['tmp_token']: return public.returnJson(False,'INIT_TOKEN_ERR'),json_header
userInfo = public.M('users').where("id=?",(1,)).field('id,username').find()
session['login'] = True
session['username'] = userInfo['username']
session['tmp_login'] = True
public.WriteLog('TYPE_LOGIN','LOGIN_SUCCESS',(userInfo['username'],public.GetClientIp()))
self.limit_address('-')
cache.delete('panelNum')
cache.delete('dologin')
sess_input_path = 'data/session_last.pl'
public.writeFile(sess_input_path,str(int(time.time())))
del(data['tmp_token'])
del(data['tmp_time'])
public.writeFile(save_path,json.dumps(data))
self.set_request_token()
self.login_token()
self.set_cdn_host(get)
return redirect('/')
except:
return public.returnJson(False,'Login failed,' + public.get_error_info()),json_header
def limit_address(self, type):
import time
clientIp = public.GetClientIp()
numKey = 'limitIpNum_' + clientIp
limit = 6
outTime = 600
try:
#初始化
num1 = cache.get(numKey)
if not num1:
cache.set(numKey, 1, outTime)
num1 = 1
#计数
if type == '+':
cache.inc(numKey, 1)
self.error_num()
session['code'] = True
return limit - (num1 + 1)
#清空
if type == '-':
cache.delete(numKey)
session['code'] = False
return 1
return limit - num1
except:
return limit
def request_tmp(self,get):
try:
if not hasattr(get,'tmp_token'): return public.returnJson(False,'错误的参数!'),json_header
if len(get.tmp_token) != 64: return public.returnJson(False,'错误的参数!'),json_header
if not re.match(r"^\w+$",get.tmp_token):return public.returnJson(False,'错误的参数!'),json_header
save_path = '/www/server/panel/config/api.json'
data = json.loads(public.ReadFile(save_path))
if not 'tmp_token' in data or not 'tmp_time' in data: return public.returnJson(False,'验证失败!'),json_header
if (time.time() - data['tmp_time']) > 120: return public.returnJson(False,'过期的Token'),json_header
if get.tmp_token != data['tmp_token']: return public.returnJson(False,'错误的Token'),json_header
userInfo = public.M('users').where("id=?",(1,)).field('id,username').find()
session['login'] = True
session['username'] = userInfo['username']
session['tmp_login'] = True
public.WriteLog('TYPE_LOGIN','LOGIN_SUCCESS',(userInfo['username'],public.GetClientIp()+ ":" + str(request.environ.get('REMOTE_PORT'))))
self.limit_address('-')
cache.delete('panelNum')
cache.delete('dologin')
sess_input_path = 'data/session_last.pl'
public.writeFile(sess_input_path,str(int(time.time())))
del(data['tmp_token'])
del(data['tmp_time'])
public.writeFile(save_path,json.dumps(data))
self.set_request_token()
self.login_token()
self.set_cdn_host(get)
return redirect('/')
except:
return public.returnJson(False,'登录失败,' + public.get_error_info()),json_header
def _set_login_session(self, userInfo):
try:
session['login'] = True
session['username'] = userInfo['username']
session['uid'] = userInfo['id']
session['login_user_agent'] = public.md5(
request.headers.get('User-Agent', ''))
public.WriteLog('TYPE_LOGIN', 'LOGIN_SUCCESS',
(userInfo['username'], public.GetClientIp() + ":" +
str(request.environ.get('REMOTE_PORT'))))
self.limit_address('-')
cache.delete('panelNum')
cache.delete('dologin')
session['session_timeout'] = time.time(
) + public.get_session_timeout()
self.set_request_token()
self.login_token()
login_type = 'data/app_login.pl'
if os.path.exists(login_type):
os.remove(login_type)
return public.returnJson(True, 'LOGIN_SUCCESS'), json_header
except Exception as ex:
stringEx = str(ex)
if stringEx.find('unsupported') != -1 or stringEx.find('-1') != -1:
public.ExecShell("rm -f /tmp/sess_*")
public.ExecShell("rm -f /www/wwwlogs/*log")
public.ServiceReload()
return public.returnJson(False, 'USER_INODE_ERR'), json_header
public.WriteLog('TYPE_LOGIN', 'LOGIN_ERR_PASS',
('****', '******', public.GetClientIp()))
num = self.limit_address('+')
return public.returnJson(False, 'LOGIN_USER_ERR',
(str(num), )), json_header
def install_task():
if cache.get('install_task'): return True
if cache.get('install_exists'): return True
sql = db.Sql()
sql.table('tasks').where("status=?", ('-1', )).setField('status', '0')
taskArr = sql.table('tasks').where(
"status=?", ('0', )).field('id,type,execstr').order("id asc").select()
cache.set('install_exists', True)
cache.delete('install_task')
logPath = '/tmp/panelExec.log'
for value in taskArr:
start = int(time.time())
if not sql.table('tasks').where("id=?", (value['id'], )).count():
continue
sql.table('tasks').where("id=?",
(value['id'], )).save('status,start',
('-1', start))
if value['type'] == 'download':
import downloadFile
argv = value['execstr'].split('|bt|')
downloadFile.downloadFile().DownloadFile(argv[0], argv[1])
elif value['type'] == 'execshell':
os.system(value['execstr'] + " > " + logPath + " 2>&1")
end = int(time.time())
sql.table('tasks').where("id=?",
(value['id'], )).save('status,end',
('1', end))
cache.delete('install_exists')
def request_post(self, post):
if not (hasattr(post, 'username') or hasattr(post, 'password')
or hasattr(post, 'code')):
return public.returnJson(False, 'LOGIN_USER_EMPTY'), json_header
self.error_num(False)
if self.limit_address('?') < 1:
return public.returnJson(False, 'LOGIN_ERR_LIMIT'), json_header
post.username = post.username.strip()
password = public.md5(post.password.strip())
sql = db.Sql()
userInfo = sql.table('users').where(
"id=?", (1, )).field('id,username,password').find()
m_code = cache.get('codeStr')
if 'code' in session:
if session['code']:
if not public.checkCode(post.code):
public.WriteLog('TYPE_LOGIN', 'LOGIN_ERR_CODE',
('****', '****', public.GetClientIp()))
return public.returnJson(False, 'CODE_ERR'), json_header
try:
s_pass = public.md5(public.md5(userInfo['password'] + '_bt.cn'))
if userInfo['username'] != post.username or s_pass != password:
public.WriteLog('TYPE_LOGIN', 'LOGIN_ERR_PASS',
('****', '******', public.GetClientIp()))
num = self.limit_address('+')
return public.returnJson(False, 'LOGIN_USER_ERR',
(str(num), )), json_header
session['login'] = True
session['username'] = userInfo['username']
public.WriteLog('TYPE_LOGIN', 'LOGIN_SUCCESS',
(userInfo['username'], public.GetClientIp()))
self.limit_address('-')
cache.delete('panelNum')
cache.delete('dologin')
sess_input_path = 'data/session_last.pl'
public.writeFile(sess_input_path, str(int(time.time())))
self.set_request_token()
self.login_token()
return public.returnJson(True, 'LOGIN_SUCCESS'), json_header
except Exception as ex:
stringEx = str(ex)
if stringEx.find('unsupported') != -1 or stringEx.find('-1') != -1:
os.system("rm -f /tmp/sess_*")
os.system("rm -f /www/wwwlogs/*log")
public.ServiceReload()
return public.returnJson(False, 'USER_INODE_ERR'), json_header
public.WriteLog('TYPE_LOGIN', 'LOGIN_ERR_PASS',
('****', '******', public.GetClientIp()))
num = self.limit_address('+')
return public.returnJson(False, 'LOGIN_USER_ERR',
(str(num), )), json_header
def checkCode(code,outime = 120):
#校验验证码
from BTPanel import session,cache
try:
codeStr = cache.get('codeStr')
cache.delete('codeStr')
if not codeStr:
session['login_error'] = GetMsg('CODE_TIMEOUT')
return False
if md5(code.lower()) != codeStr:
session['login_error'] = GetMsg('CODE_ERR')
return False
return True
except:
session['login_error'] = GetMsg('CODE_NOT_EXISTS')
return False
def set_login(self, get):
if os.path.exists(self.app_path+"login.pl"):
data = public.readFile(self.app_path+'login.pl')
public.ExecShell('rm ' + self.app_path+"login.pl")
secret_key, init_time = data.split(':')
if time.time() - float(init_time) < 60 and get['secret_key'] == secret_key:
sql = db.Sql()
userInfo = sql.table('users').where(
"id=?", (1,)).field('id,username,password').find()
session['login'] = True
session['username'] = userInfo['username']
cache.delete('panelNum')
cache.delete('dologin')
public.WriteLog('TYPE_LOGIN', 'LOGIN_SUCCESS1',
(public.GetMsg("WECHAT_SCAN_QRCORE"), public.GetClientIp()))
return public.returnMsg(True, 'LOGIN_SUCCESS')
return public.returnMsg(False, 'LOGIN_FAIL')
def GetToken(self,get):
rtmp = ""
data = {}
data['username'] = get.username;
data['password'] = public.md5(get.password);
pdata = {}
pdata['data'] = self.De_Code(data);
try:
rtmp = public.httpPost(self.__APIURL+'/GetToken',pdata)
result = json.loads(rtmp);
result['data'] = self.En_Code(result['data']);
if result['data']: public.writeFile(self.__UPATH,json.dumps(result['data']));
del(result['data']);
cache.delete('plugin_soft_list')
return result;
except Exception as ex:
return public.returnMsg(False,'连接服务器失败!<br>' + str(rtmp))
def install(self, get):
taskName = 'frps'
if self.__getTaskStatus(taskName) != 1:
return public.returnMsg(False, '安装任务已在队列中')
release = self.release()
if release['result'] != 'success':
return public.returnMsg(False, release['result'])
cmd = "cd %s && /bin/bash install.sh download \"%s\"" % (
pluginPath, release['url'])
public.M('tasks').add(
'id, name, type, status, addtime, execstr',
(None, '安装 [' + taskName + '-' + release['version'] + ']',
'execshell', '0', time.strftime('%Y-%m-%d %H:%M:%S'), cmd))
cache.delete('install_task')
public.writeFile('/tmp/panelTask.pl', 'True')
public.WriteLog('TYPE_SETUP', 'PLUGIN_ADD',
(taskName, release['version']))
return public.returnMsg(True, '已将安装任务添加到队列')
def limit_address(self,type,v=""):
import time
clientIp = public.GetClientIp();
numKey = 'limitIpNum_' + v + clientIp
limit = 6;
outTime = 600;
try:
#初始化
num1 = cache.get(numKey)
if not num1:
cache.set(numKey,1,outTime);
num1 = 1;
#计数
if type == '+':
cache.inc(numKey,1)
self.error_num();
session['code'] = True;
return limit - (num1+1);
#计数验证器
if type == '++':
cache.inc(numKey,1)
self.error_num();
session['code'] = False;
return limit - (num1+1);
#清空
if type == '-':
cache.delete(numKey);
session['code'] = False;
return 1;
#清空验证器
if type == '--':
cache.delete(numKey);
session['code'] = False;
return 1;
return limit - num1;
except:
return limit;
def check_app_login(self, get):
session_id = public.get_session_id()
if cache.get(session_id) != 'True':
return public.returnMsg(
False, 'Wait for the app to scan the code and log in')
cache.delete(session_id)
userInfo = public.M('users').where("id=?",
(1, )).field('id,username').find()
session['login'] = True
session['username'] = userInfo['username']
session['tmp_login'] = True
public.WriteLog(
'TYPE_LOGIN',
'APP scan code login, account: {}, login IP: {}'.format(
userInfo['username'],
public.GetClientIp() + ":" +
str(request.environ.get('REMOTE_PORT'))))
cache.delete('panelNum')
cache.delete('dologin')
sess_input_path = 'data/session_last.pl'
public.writeFile(sess_input_path, str(int(time.time())))
login_type = 'data/app_login.pl'
self.set_request_token()
import config
config.config().reload_session()
public.writeFile(login_type, 'True')
return public.returnMsg(True, 'login successful!')
def check_app_login(self, get):
#判断是否存在绑定
btapp_info = json.loads(
public.readFile('/www/server/panel/config/api.json'))
if not btapp_info: return public.returnMsg(False, 'Unbound')
if not btapp_info['open']:
return public.returnMsg(False, 'API is not turned on')
if not 'apps' in btapp_info:
return public.returnMsg(False, 'Unbound phone')
if not btapp_info['apps']:
return public.returnMsg(False, 'Unbound phone')
try:
session_id = public.get_session_id()
if not os.path.exists(self.app_path + 'app_login_check.pl'):
return public.returnMsg(False,
'Waiting for APP scan code login 1')
data = public.readFile(self.app_path + 'app_login_check.pl')
public.ExecShell('rm ' + self.app_path + "app_login_check.pl")
secret_key, init_time = data.split(':')
if len(session_id) != 64:
return public.returnMsg(False,
'Waiting for APP scan code login 2')
if len(secret_key) != 64:
return public.returnMsg(False,
'Waiting for APP scan code login 2')
if time.time() - float(init_time) > 60:
return public.returnMsg(False,
'Waiting for APP scan code login')
if session_id != secret_key:
return public.returnMsg(False,
'Waiting for APP scan code login')
cache.delete(session_id)
userInfo = public.M('users').where(
"id=?", (1, )).field('id,username').find()
session['login'] = True
session['username'] = userInfo['username']
session['tmp_login'] = True
public.WriteLog(
'TYPE_LOGIN',
'APP scan code login, account: {}, login IP: {}'.format(
userInfo['username'],
public.GetClientIp() + ":" +
str(request.environ.get('REMOTE_PORT'))))
cache.delete('panelNum')
cache.delete('dologin')
session['session_timeout'] = time.time(
) + public.get_session_timeout()
login_type = 'data/app_login.pl'
self.set_request_token()
import config
config.config().reload_session()
public.writeFile(login_type, 'True')
public.login_send_body("aaPanel Mobile", userInfo['username'],
public.GetClientIp(),
str(request.environ.get('REMOTE_PORT')))
return public.returnMsg(True, 'login successful!')
except:
return public.returnMsg(False, 'Login failed 2')
def check_app_login(self,get):
session_id = public.get_session_id()
if cache.get(session_id) != 'True':
return public.returnMsg(False,'等待APP扫码登录')
cache.delete(session_id)
userInfo = public.M('users').where("id=?",(1,)).field('id,username').find()
session['login'] = True
session['username'] = userInfo['username']
session['tmp_login'] = True
public.WriteLog('TYPE_LOGIN','APP扫码登录,帐号:{},登录IP:{}'.format(userInfo['username'],public.GetClientIp()+ ":" + str(request.environ.get('REMOTE_PORT'))))
cache.delete('panelNum')
cache.delete('dologin')
sess_input_path = 'data/session_last.pl'
public.writeFile(sess_input_path,str(int(time.time())))
login_type = 'data/app_login.pl'
import config
config.config().reload_session()
public.writeFile(login_type,'True')
return public.returnMsg(True,'登录成功!')
def cache_remove(key):
from BTPanel import cache
return cache.delete(key)
def DelToken(self, get):
os.system("rm -f " + self.__UPATH)
cache.delete('plugin_soft_list')
return public.returnMsg(True, "SSL_BTUSER_UN")