def request_tmp(self,get): try: if not hasattr(get,'tmp_token'): return public.returnJson(False,'INIT_ARGS_ERR'),json_header save_path = '/www/server/panel/config/api.json' data = json.loads(public.ReadFile(save_path)) if not 'tmp_token' in data or not 'tmp_time' in data: return public.returnJson(False,'VERIFICATION_FAILED'),json_header if (time.time() - data['tmp_time']) > 120: return public.returnJson(False,'EXPIRED_TOKEN'),json_header if get.tmp_token != data['tmp_token']: return public.returnJson(False,'INIT_TOKEN_ERR'),json_header userInfo = public.M('users').where("id=?",(1,)).field('id,username').find() session['login'] = True session['username'] = userInfo['username'] session['tmp_login'] = True public.WriteLog('TYPE_LOGIN','LOGIN_SUCCESS',(userInfo['username'],public.GetClientIp())) self.limit_address('-') cache.delete('panelNum') cache.delete('dologin') sess_input_path = 'data/session_last.pl' public.writeFile(sess_input_path,str(int(time.time()))) del(data['tmp_token']) del(data['tmp_time']) public.writeFile(save_path,json.dumps(data)) self.set_request_token() self.login_token() self.set_cdn_host(get) return redirect('/') except: return public.returnJson(False,'Login failed,' + public.get_error_info()),json_header
def request_post(self,post): if not hasattr(post, 'username') or not hasattr(post, 'password'): return public.returnJson(False,'LOGIN_USER_EMPTY'),json_header self.error_num(False) if self.limit_address('?') < 1: return public.returnJson(False,'LOGIN_ERR_LIMIT'),json_header post.username = post.username.strip(); password = public.md5(post.password.strip()); sql = db.Sql(); userInfo = sql.table('users').where("id=?",(1,)).field('id,username,password').find() m_code = cache.get('codeStr') if 'code' in session: if session['code'] and not 'is_verify_password' in session: if not hasattr(post, 'code'): return public.returnJson(False,'验证码不能为空!'),json_header if not public.checkCode(post.code): public.WriteLog('TYPE_LOGIN','LOGIN_ERR_CODE',('****','****',public.GetClientIp())); return public.returnJson(False,'CODE_ERR'),json_header try: s_pass = public.md5(public.md5(userInfo['password'] + '_bt.cn')) if userInfo['username'] != post.username or s_pass != password: public.WriteLog('TYPE_LOGIN','LOGIN_ERR_PASS',('****','******',public.GetClientIp())); num = self.limit_address('+'); return public.returnJson(False,'LOGIN_USER_ERR',(str(num),)),json_header _key_file = "/www/server/panel/data/two_step_auth.txt" if hasattr(post,'vcode'): if self.limit_address('?',v="vcode") < 1: return public.returnJson(False,'您多次验证失败,禁止10分钟'),json_header import pyotp secret_key = public.readFile(_key_file) if not secret_key: return public.returnJson(False, "没有找到key,请尝试在命令行关闭谷歌验证后在开启"),json_header t = pyotp.TOTP(secret_key) result = t.verify(post.vcode) if not result: if public.sync_date(): result = t.verify(post.vcode) if not result: num = self.limit_address('++',v="vcode") return public.returnJson(False, '验证失败,您还可以尝试[{}]次!'.format(num)), json_header now = int(time.time()) public.writeFile("/www/server/panel/data/dont_vcode_ip.txt",json.dumps({"client_ip":public.GetClientIp(),"add_time":now})) self.limit_address('--',v="vcode") return self._set_login_session(userInfo) acc_client_ip = self.check_two_step_auth() if not os.path.exists(_key_file) or acc_client_ip: return self._set_login_session(userInfo) self.limit_address('-') session['is_verify_password'] = True return "1" except Exception as ex: stringEx = str(ex) if stringEx.find('unsupported') != -1 or stringEx.find('-1') != -1: os.system("rm -f /tmp/sess_*") os.system("rm -f /www/wwwlogs/*log") public.ServiceReload() return public.returnJson(False,'USER_INODE_ERR'),json_header public.WriteLog('TYPE_LOGIN','LOGIN_ERR_PASS',('****','******',public.GetClientIp())); num = self.limit_address('+'); return public.returnJson(False,'LOGIN_USER_ERR',(str(num),)),json_header
def test(): qb = pQbClient() # magnet_link = "magnet:?xt=urn:btih:57a0ec92a61c60585f1b7a206a75798aa69285a5" # print qb.download_from_link(magnet_link) torrents = qb.torrents(filter='downloading') for torrent in torrents: print public.returnJson(False, torrent)
def POST(self): get = web.input(backupfile={}, data=[]) if not public.checkToken(get): return public.returnJson(False, '无效的Token!') if not self.CheckPlugin(get.name): return public.returnJson(False, '您没有权限访问当前插件!') return self.funObj()
def setFileAccessApi(self): if public.isAppleSystem(): return public.returnJson(True, '开发机不设置!') filename = request.form.get('filename', '').encode('utf-8') user = request.form.get('user', '').encode('utf-8') access = request.form.get('access', '755') sall = '-R' try: if not self.checkDir(filename): return public.returnJson(False, '请不要花样作死') if not os.path.exists(filename): return public.returnJson(False, '指定文件不存在!') os.system('chmod ' + sall + ' ' + access + " '" + filename + "'") os.system('chown ' + sall + ' ' + user + ':' + user + " '" + filename + "'") msg = public.getInfo( '设置[{1}]权限为[{2}]所有者为[{3}]', (filename, access, user,)) public.writeLog('文件管理', msg) return public.returnJson(True, '设置成功!') except: return public.returnJson(False, '设置失败!')
def panel_safe(): get = get_input() pluginPath = 'plugin/safelogin' if hasattr(get, 'check'): if os.path.exists(pluginPath + '/safelogin_main.py'): return 'True' return 'False' get.data = check_token(get.data) if not get.data: return public.returnJson(False, 'INIT_CHECK_ERR') comm.setSession() comm.init() comm.checkWebType() comm.GetOS() sys.path.append(pluginPath) import safelogin_main reload(safelogin_main) s = safelogin_main.safelogin_main() if not hasattr(s, get.data['action']): return public.returnJson(False, 'INIT_FUN_NOT_EXISTS') defs = ('GetServerInfo', 'add_ssh_limit', 'remove_ssh_limit', 'get_ssh_limit', 'get_login_log', 'get_panel_limit', 'add_panel_limit', 'remove_panel_limit', 'close_ssh_limit', 'close_panel_limit', 'get_system_info', 'get_service_info', 'get_ssh_errorlogin') if not get.data['action'] in defs: return 'False' return public.getJson(eval('s.' + get.data['action'] + '(get)'))
def modUser(): args = getArgs() data = checkArgs(args, ['username', 'password']) if not data[0]: return data[1] path = getPathFile() username = args['username'] password = args['password'] # sed -i "/^\<${user}\>/d" /etc/ppp/chap-secrets # echo "${user} l2tpd ${pass} *" >> /etc/ppp/chap-secrets if public.isAppleSystem(): public.execShell("sed -i .bak '/^\(" + username + "\)/d' " + path) else: public.execShell("sed -i '/^\(" + username + "\)/d' " + path) # print 'echo "' + username + " l2tpd " + password + " *\" >>" # + path ret = public.execShell("echo \"" + username + " l2tpd " + password + " *\" >>" + path) if ret[1] == '': return public.returnJson(True, '修改成功!') return public.returnJson(False, '修改失败')
def _set_login_session(self, userInfo): try: session['login'] = True session['username'] = userInfo['username'] session['uid'] = userInfo['id'] public.WriteLog('TYPE_LOGIN', 'LOGIN_SUCCESS', (userInfo['username'], public.GetClientIp())) self.limit_address('-') cache.delete('panelNum') cache.delete('dologin') sess_input_path = 'data/session_last.pl' public.writeFile(sess_input_path, str(int(time.time()))) self.set_request_token() self.login_token() return public.returnJson(True, 'LOGIN_SUCCESS'), json_header except Exception as ex: stringEx = str(ex) if stringEx.find('unsupported') != -1 or stringEx.find('-1') != -1: os.system("rm -f /tmp/sess_*") os.system("rm -f /www/wwwlogs/*log") public.ServiceReload() return public.returnJson(False, 'USER_INODE_ERR'), json_header public.WriteLog('TYPE_LOGIN', 'LOGIN_ERR_PASS', ('****', '******', public.GetClientIp())) num = self.limit_address('+') return public.returnJson(False, 'LOGIN_USER_ERR', (str(num), )), json_header
def getUserList(): import re path = getPathFile() if not os.path.exists(path): return public.returnJson(False, '密码配置文件不存在!') conf = public.readFile(path) conf = re.sub('#(.*)\n', '', conf) if conf.strip() == '': return public.returnJson(True, 'ok', []) ulist = conf.strip().split('\n') user = [] for line in ulist: line_info = {} line = re.match(r'(\w*)\s*(\w*)\s*(\w*)\s*(.*)', line.strip(), re.M | re.I).groups() line_info['user'] = line[0] line_info['pwd'] = line[2] line_info['type'] = line[1] line_info['ip'] = line[3] user.append(line_info) return public.returnJson(True, 'ok', user)
def _set_login_session(self, userInfo): try: session['login'] = True session['username'] = userInfo['username'] session['uid'] = userInfo['id'] session['login_user_agent'] = public.md5( request.headers.get('User-Agent', '')) public.WriteLog('TYPE_LOGIN', 'LOGIN_SUCCESS', (userInfo['username'], public.GetClientIp() + ":" + str(request.environ.get('REMOTE_PORT')))) self.limit_address('-') cache.delete('panelNum') cache.delete('dologin') session['session_timeout'] = time.time( ) + public.get_session_timeout() self.set_request_token() self.login_token() login_type = 'data/app_login.pl' if os.path.exists(login_type): os.remove(login_type) return public.returnJson(True, 'LOGIN_SUCCESS'), json_header except Exception as ex: stringEx = str(ex) if stringEx.find('unsupported') != -1 or stringEx.find('-1') != -1: public.ExecShell("rm -f /tmp/sess_*") public.ExecShell("rm -f /www/wwwlogs/*log") public.ServiceReload() return public.returnJson(False, 'USER_INODE_ERR'), json_header public.WriteLog('TYPE_LOGIN', 'LOGIN_ERR_PASS', ('****', '******', public.GetClientIp())) num = self.limit_address('+') return public.returnJson(False, 'LOGIN_USER_ERR', (str(num), )), json_header
def GET(self): get = web.input() if not public.checkToken(get): return public.returnJson(False, '无效的Token!') if not self.CheckPlugin(get.name): return public.returnJson(False, '您没有权限访问当前插件!') return self.funObj()
def logsApi(self): sid = request.form.get('id', '') echo = public.M('crontab').where("id=?", (sid, )).field('echo').find() logFile = public.getServerDir() + '/cron/' + echo['echo'] + '.log' if not os.path.exists(logFile): return public.returnJson(False, '当前日志为空!') log = public.getNumLines(logFile, 2000) return public.returnJson(True, log)
def delLogsApi(self): sid = request.form.get('id', '') try: echo = public.M('crontab').where("id=?", (sid, )).getField('echo') logFile = public.getServerDir() + '/cron/' + echo + '.log' os.remove(logFile) return public.returnJson(True, '任务日志已清空!') except: return public.returnJson(False, '任务日志清空失败!')
def modifyCrondApi(self): sid = request.form.get('id', '') iname = request.form.get('name', '') field_type = request.form.get('type', '') week = request.form.get('week', '') where1 = request.form.get('where1', '') hour = request.form.get('hour', '') minute = request.form.get('minute', '') save = request.form.get('save', '') backup_to = request.form.get('backup_to', '') stype = request.form.get('stype', '') sname = request.form.get('sname', '') sbody = request.form.get('sbody', '') urladdress = request.form.get('urladdress', '') if len(iname) < 1: return public.returnJson(False, '任务名称不能为空!') params = { 'name': iname, 'type': field_type, 'week': week, 'where1': where1, 'hour': hour, 'minute': minute, 'save': save, 'backup_to': backup_to, 'stype': stype, 'sname': sname, 'sbody': sbody, 'urladdress': urladdress, } cuonConfig, get, name = self.getCrondCycle(params) cronInfo = public.M('crontab').where('id=?', (sid, )).field(self.field).find() del (cronInfo['id']) del (cronInfo['addtime']) cronInfo['name'] = get['name'] cronInfo['type'] = get['type'] cronInfo['where1'] = get['where1'] cronInfo['where_hour'] = get['hour'] cronInfo['where_minute'] = get['minute'] cronInfo['save'] = get['save'] cronInfo['backup_to'] = get['backup_to'] cronInfo['sbody'] = get['sbody'] cronInfo['urladdress'] = get['urladdress'] addData = public.M('crontab').where('id=?', (sid, )).save( 'name,type,where1,where_hour,where_minute,save,backup_to,sbody,urladdress', (get['name'], field_type, get['where1'], get['hour'], get['minute'], get['save'], get['backup_to'], get['sbody'], get['urladdress'])) self.removeForCrond(cronInfo['echo']) self.syncToCrond(cronInfo) public.writeLog('计划任务', '修改计划任务[' + cronInfo['name'] + ']成功') return public.returnJson(True, '修改成功')
def reload_mod(): comReturn = comm.local() if comReturn: return comReturn args = get_input() mod_name = None if 'mod_name' in args: mod_name = args.mod_name result = public.reload_mod(mod_name) if result: return public.returnJson(True,result),json_header return public.returnJson(False,'Reload failure!'),json_header
def getBody(self, path): if not os.path.exists(path): return public.returnJson(False, '文件不存在', (path,)) if os.path.getsize(path) > 2097152: return public.returnJson(False, u'不能在线编辑大于2MB的文件!') fp = open(path, 'rb') data = {} data['status'] = True try: if fp: from chardet.universaldetector import UniversalDetector detector = UniversalDetector() srcBody = b"" for line in fp.readlines(): detector.feed(line) srcBody += line detector.close() char = detector.result data['encoding'] = char['encoding'] if char['encoding'] == 'GB2312' or not char['encoding'] or char[ 'encoding'] == 'TIS-620' or char['encoding'] == 'ISO-8859-9': data['encoding'] = 'GBK' if char['encoding'] == 'ascii' or char[ 'encoding'] == 'ISO-8859-1': data['encoding'] = 'utf-8' if char['encoding'] == 'Big5': data['encoding'] = 'BIG5' if not char['encoding'] in ['GBK', 'utf-8', 'BIG5']: data['encoding'] = 'utf-8' try: if sys.version_info[0] == 2: data['data'] = srcBody.decode( data['encoding']).encode('utf-8', errors='ignore') else: data['data'] = srcBody.decode(data['encoding']) except: data['encoding'] = char['encoding'] if sys.version_info[0] == 2: data['data'] = srcBody.decode( data['encoding']).encode('utf-8', errors='ignore') else: data['data'] = srcBody.decode(data['encoding']) else: if sys.version_info[0] == 2: data['data'] = srcBody.decode('utf-8').encode('utf-8') else: data['data'] = srcBody.decode('utf-8') data['encoding'] = u'utf-8' return public.returnJson(True, 'OK', data) except Exception as ex: return public.returnJson(False, u'文件编码不被兼容,无法正确读取文件!' + str(ex))
def getLastBodyApi(self): path = request.form.get('path', '').encode('utf-8') line = request.form.get('line', '100') if not os.path.exists(path): return public.returnJson(False, '文件不存在', (path,)) try: data = public.getNumLines(path, int(line)) return public.returnJson(True, 'OK', data) except Exception as ex: return public.returnJson(False, u'无法正确读取文件!' + str(ex))
def addUser(): if public.isAppleSystem(): return public.returnJson(False, "Apple Computer does not support") args = getArgs() data = checkArgs(args, ['username']) if not data[0]: return data[1] ret = public.execShell('echo ' + args['username'] + '|l2tp -a') if ret[1] == '': return public.returnJson(True, '添加成功!:' + ret[0]) return public.returnJson(False, '添加失败:' + ret[0])
def batchPasteApi(self): path = request.form.get('path', '').encode('utf-8') stype = request.form.get('type', '').encode('utf-8') # filename = request.form.get('filename', '').encode('utf-8') import shutil if not self.checkDir(path): return public.returnJson(False, '请不要花样作死!') i = 0 myfiles = json.loads(session['selected']['data']) l = len(myfiles) if stype == '1': for key in myfiles: i += 1 public.writeSpeed(key, i, l) try: sfile = session['selected'][ 'path'] + '/' + key.encode('utf-8') dfile = path + '/' + key.encode('utf-8') if os.path.isdir(sfile): shutil.copytree(sfile, dfile) else: shutil.copyfile(sfile, dfile) stat = os.stat(sfile) os.chown(dfile, stat.st_uid, stat.st_gid) except: continue msg = public.getInfo('从[{1}]批量复制到[{2}]成功', (session['selected']['path'], path,)) public.writeLog('文件管理', msg) else: for key in myfiles: try: i += 1 public.writeSpeed(key, i, l) sfile = session['selected'][ 'path'] + '/' + key.encode('utf-8') dfile = path + '/' + key.encode('utf-8') shutil.move(sfile, dfile) except: continue msg = public.getInfo('从[{1}]批量移动到[{2}]成功', (session['selected']['path'], path,)) public.writeLog('文件管理', msg) public.writeSpeed(None, 0, 0) errorCount = len(myfiles) - i del(session['selected']) msg = public.getInfo('批量操作成功[{1}],失败[{2}]', (str(i), str(errorCount))) return public.returnJson(True, msg)
def recycleBinApi(self): c = 'data/recycle_bin.pl' db = request.form.get('db', '').encode('utf-8') if db != '': c = 'data/recycle_bin_db.pl' if os.path.exists(c): os.remove(c) public.writeLog('文件管理', '已关闭回收站功能!') return public.returnJson(True, '已关闭回收站功能!') else: public.writeFile(c, 'True') public.writeLog('文件管理', '已开启回收站功能!') return public.returnJson(True, '已开启回收站功能!')
def get_sk(self,): save_path = '/www/server/panel/config/api.json' if not os.path.exists(save_path): return redirect('/login') api_config = json.loads(public.ReadFile(save_path)) if not api_config['open']: return redirect('/login') from BTPanel import get_input get = get_input() if not 'request_token' in get or not 'request_time' in get: return redirect('/login') client_ip = public.GetClientIp() if not client_ip in api_config['limit_addr']: return public.returnJson(False,'IP校验失败,您的访问IP为['+client_ip+']') request_token = public.md5(get.request_time + api_config['token']) if get.request_token == request_token: return False return public.returnJson(False,'密钥校验失败')
def createDirApi(self): path = request.form.get('path', '').encode('utf-8') try: if not self.checkFileName(path): return public.returnJson(False, '目录名中不能包含特殊字符!') if os.path.exists(path): return public.returnJson(False, '指定目录已存在!') os.makedirs(path) self.setFileAccept(path) msg = public.getInfo('创建目录[{1}]成功!', (path,)) public.writeLog('文件管理', msg) return public.returnJson(True, '目录创建成功!') except Exception as e: return public.returnJson(False, '目录创建失败!')
def panel_cloud(): comReturn = comm.local() if comReturn: return comReturn get = get_input() if not os.path.exists('plugin/' + get.filename + '/' + get.filename + '_main.py'): return public.returnJson(False, '指定插件不存在!'), json_header sys.path.append('plugin/' + get.filename) plugin_main = __import__(get.filename + '_main') reload(plugin_main) tmp = eval("plugin_main.%s_main()" % get.filename) if not hasattr(tmp, 'download_file'): return public.returnJson(False, '指定插件没有文件下载方法!'), json_header return redirect(tmp.download_file(get.name))
def panel_pluginApi(): get = get_input() if not public.checkToken(get): return public.returnJson(False,'INIT_TOKEN_ERR'); infoFile = 'plugin/' + get.name + '/info.json'; if not os.path.exists(infoFile): return False; import json info = json.loads(public.readFile(infoFile)); if not info['api']: return public.returnJson(False,'INIT_PLU_ACC_ERR'); import panelPlugin pluginObject = panelPlugin.panelPlugin() defs = ('install','unInstall','getPluginList','getPluginInfo','getPluginStatus','setPluginStatus','a','getCloudPlugin','getConfigHtml','savePluginSort') return publicObject(pluginObject,defs);
def reRecycleBinApi(self): rPath = self.rPath path = request.form.get('path', '').encode('utf-8') dFile = path.replace('_mw_', '/').split('_t_')[0] try: import shutil shutil.move(rPath + path, dFile) msg = public.getInfo('移动文件[{1}]到回收站成功!', (dFile,)) public.writeLog('文件管理', msg) return public.returnJson(True, '恢复成功!') except Exception as e: msg = public.getInfo('从回收站恢复[{1}]失败!', (dFile,)) public.writeLog('文件管理', msg) return public.returnJson(False, '恢复失败!')
def get_sk(self): save_path = '/www/server/panel/config/api.json' if not os.path.exists(save_path): return redirect('/login') try: api_config = json.loads(public.ReadFile(save_path)) except: os.remove(save_path) return redirect('/login') if not api_config['open']: return redirect('/login') from BTPanel import get_input get = get_input() if not 'client_bind_token' in get: if not 'request_token' in get or not 'request_time' in get: return redirect('/login') client_ip = public.GetClientIp() if not client_ip in api_config['limit_addr']: return public.returnJson(False, 'IP校验失败,您的访问IP为[' + client_ip + ']') else: a_file = '/dev/shm/' + get.client_bind_token if not os.path.exists(a_file): import panelApi if not panelApi.panelApi().get_app_find(get.client_bind_token): return public.returnMsg(False, '未绑定的设备') public.writeFile(a_file, '') if not 'key' in api_config: return public.returnJson(False, '密钥校验失败') if not 'form_data' in get: return public.returnJson(False, '没有找到form_data数据') g.form_data = json.loads( public.aes_decrypt(get.form_data, api_config['key'])) get = get_input() if not 'request_token' in get or not 'request_time' in get: return redirect('/login') g.is_aes = True g.aes_key = api_config['key'] request_token = public.md5(get.request_time + api_config['token']) if get.request_token == request_token: return False return public.returnJson(False, '密钥校验失败')
def get_sk(self): save_path = '/www/server/panel/config/api.json' if not os.path.exists(save_path): return redirect('/login') try: api_config = json.loads(public.ReadFile(save_path)) except: os.remove(save_path) return redirect('/login') if not api_config['open']: return redirect('/login') from BTPanel import get_input get = get_input() if not 'client_bind_token' in get: if not 'request_token' in get or not 'request_time' in get: return redirect('/login') client_ip = public.GetClientIp() if not client_ip in api_config['limit_addr']: return public.returnJson( False, '%s[' % public.GetMsg("CHECK_IP_FALSE") + client_ip + ']') else: a_file = '/dev/shm/' + get.client_bind_token if not os.path.exists(a_file): import panelApi if not panelApi.panelApi().get_app_find(get.client_bind_token): return public.returnMsg(False, 'Unbound device') public.writeFile(a_file, '') if not 'key' in api_config: return public.returnJson(False, 'Key verification failed') if not 'form_data' in get: return public.returnJson(False, 'No form_data data found') g.form_data = json.loads( public.aes_decrypt(get.form_data, api_config['key'])) get = get_input() if not 'request_token' in get or not 'request_time' in get: return redirect('/login') g.is_aes = True g.aes_key = api_config['key'] request_token = public.md5(get.request_time + api_config['token']) if get.request_token == request_token: return False return public.returnJson(False, 'SECRET_KEY_CHECK_FALSE')
def pobject(self): get = web.input() pluginPath = '/www/server/panel/plugin/safelogin'; if hasattr(get,'check'): if os.path.exists(pluginPath + '/safelogin_main.py'): return 'True'; return 'False'; get.data = self.check_token(get.data); if not get.data: return public.returnJson(False,'验证失败'); sys.path.append(pluginPath); import safelogin_main; reload(safelogin_main); s = safelogin_main.safelogin_main(); if not hasattr(s,get.data['action']): return public.returnJson(False,'方法不存在'); defs = ('GetServerInfo','add_ssh_limit','remove_ssh_limit','get_ssh_limit','get_login_log','get_panel_limit','add_panel_limit','remove_panel_limit','close_ssh_limit','close_panel_limit','get_system_info','get_service_info','get_ssh_errorlogin') if not get.data['action'] in defs: return 'False'; return public.getJson(eval('s.' + get.data['action'] + '(get)'));
def startTaskApi(self): sid = request.form.get('id', '') echo = public.M('crontab').where('id=?', (sid, )).getField('echo') execstr = public.getServerDir() + '/cron/' + echo os.system('chmod +x ' + execstr) os.system('nohup ' + execstr + ' >> ' + execstr + '.log 2>&1 &') return public.returnJson(True, '任务已执行!')
def getRecycleBinApi(self): rPath = self.rPath if not os.path.exists(rPath): os.system('mkdir -p ' + rPath) data = {} data['dirs'] = [] data['files'] = [] data['status'] = os.path.exists('data/recycle_bin.pl') data['status_db'] = os.path.exists('data/recycle_bin_db.pl') for file in os.listdir(rPath): try: tmp = {} fname = rPath + file tmp1 = file.split('_mw_') tmp2 = tmp1[len(tmp1) - 1].split('_t_') tmp['rname'] = file tmp['dname'] = file.replace('_mw_', '/').split('_t_')[0] tmp['name'] = tmp2[0] tmp['time'] = int(float(tmp2[1])) if os.path.islink(fname): filePath = os.readlink(fname) link = ' -> ' + filePath if os.path.exists(filePath): tmp['size'] = os.path.getsize(filePath) else: tmp['size'] = 0 else: tmp['size'] = os.path.getsize(fname) if os.path.isdir(fname): data['dirs'].append(tmp) else: data['files'].append(tmp) except: continue return public.returnJson(True, 'OK', data)
def publicObject(toObject,defs): get = web.input(zunfile = {},data = []); if hasattr(get,'path'): get.path = get.path.replace('//','/').replace('\\','/'); if get.path.find('->') != -1: get.path = get.path.split('->')[0].strip(); for key in defs: if key == get.action: fun = 'toObject.'+key+'(get)' if hasattr(get,'html'): return eval(fun) else: return public.getJson(eval(fun)) return public.returnJson(False,'ARGS_ERR')
def POST(self): post = web.input() web.ctx.session.lan = public.get_language(); if not (hasattr(post, 'username') or hasattr(post, 'password') or hasattr(post, 'code')): return public.returnJson(False,'LOGIN_USER_EMPTY'); if not self.errorNum(False): return public.returnJson(False,'防暴破机制已被启动,解除命令: rm -f /tmp/panelN*.pl'); if self.limitAddress('?') < 1: return public.returnJson(False,'LOGIN_ERR_LIMIT'); post.username = post.username.strip(); password = public.md5(post.password.strip()); sql = db.Sql(); userInfo = sql.table('users').where("id=?",(1,)).field('id,username,password').find() if hasattr(web.ctx.session,'code'): if web.ctx.session.code: if not public.checkCode(post.code): public.WriteLog('TYPE_LOGIN','LOGIN_ERR_CODE',(userInfo['username'],web.ctx.session.code,web.ctx.ip)); return public.returnJson(False,'CODE_ERR'); try: if userInfo['username'] != post.username or userInfo['password'] != password: public.WriteLog('TYPE_LOGIN','LOGIN_ERR_PASS',(userInfo['username'],'******',web.ctx.ip)); num = self.limitAddress('+'); return public.returnJson(False,'LOGIN_USER_ERR',(str(num),)); import time; login_temp = 'data/login.temp' if not os.path.exists(login_temp): public.writeFile(login_temp,''); login_logs = public.readFile(login_temp); public.writeFile(login_temp,login_logs + web.ctx.ip + '|' + str(int(time.time())) + ','); web.ctx.session.login = True; web.ctx.session.username = userInfo['username']; public.WriteLog('TYPE_LOGIN','LOGIN_SUCCESS',(userInfo['username'],web.ctx.ip)); self.limitAddress('-'); numFile = '/tmp/panelNum.pl'; timeFile = '/tmp/panelNime.pl'; if os.path.exists(numFile): os.remove(numFile); if os.path.exists(timeFile): os.remove(timeFile); return public.returnJson(True,'LOGIN_SUCCESS'); except: public.WriteLog('TYPE_LOGIN','LOGIN_ERR_PASS',(userInfo['username'],'******',web.ctx.ip)); num = self.limitAddress('+'); return public.returnJson(False,'LOGIN_USER_ERR',(str(num),));
def GET(self): get = web.input(); if not public.checkToken(get): return public.returnJson(False,'无效的Token!'); if not self.CheckPlugin(get.name): return public.returnJson(False,'您没有权限访问当前插件!'); return self.funObj();
def POST(self): get = web.input(backupfile={},data=[]); if not public.checkToken(get): return public.returnJson(False,'无效的Token!'); if not self.CheckPlugin(get.name): return public.returnJson(False,'您没有权限访问当前插件!'); return self.funObj();
def POST(self): get = web.input(backup={},data=[]); public.writeFile('test.pl',get['backup'].file.read()); return public.returnJson(True,'OK!')