def POST(self, inputs=None): if not inputs: inputs = sh.inputs() assert (inputs.get('email', '').strip()) assert (inputs.get('password', '')) uc = sh.ctrl('User') model = sh.model('User') action = sh.getEnv('REQUEST_URI').partition('?')[0].strip('/') if action == 'login': if not uc.validate(inputs.email, inputs.password): return sh.page.user.Login('您输入的用户名或密码不对, 请重新输入', inputs.email) user = model.getByEmail(inputs.email) if user.dead == 'yes': return sh.alert('登录失败,你已被列入黑名单,请联系管理员') uc.login(user, inputs.get('remember_me', '') == 'on') # 获得打开login页面时url中指定的referer referer = sh.getUrlParams(sh.getEnv('HTTP_REFERER')).get( 'referer', None) if referer: return sh.redirect(referer) elif sh.inputs().get('referer', None): return sh.redirect(sh.inputs().get('referer', None)) else: return sh.alert('登录成功. 欢迎回来!')
def POST(self, inputs=None): if not inputs: inputs = sh.inputs() assert(inputs.get('email', '').strip()) assert(inputs.get('password', '')) uc = sh.ctrl('User') model = sh.model('User') action = sh.getEnv('REQUEST_URI').partition('?')[0].strip('/') if action == 'login': if not uc.validate(inputs.email, inputs.password): return sh.page.user.Login('您输入的用户名或密码不对, 请重新输入', inputs.email) user = model.getByEmail(inputs.email) if user.dead == 'yes': return sh.alert('登录失败,你已被列入黑名单,请联系管理员') uc.login(user, inputs.get('remember_me', '') == 'on') # 获得打开login页面时url中指定的referer referer = sh.getUrlParams(sh.getEnv('HTTP_REFERER')).get('referer', None) if referer: return sh.redirect(referer) elif sh.inputs().get('referer', None): return sh.redirect(sh.inputs().get('referer', None)) else: return sh.alert('登录成功. 欢迎回来!')
def POST(self, inputs=None): if not inputs: inputs = sh.inputs() uc = sh.ctrl('User') error = uc.checkNewUser(inputs) if error: return sh.page.user.Register(error, inputs.get('email', '')) new_id = uc.register(inputs) uc.loginById(new_id, inputs.get('remember_me', 'no') == 'yes') if sh.model('User').validation_request: uc.sendValidationEmail(user) return sh.alert('注册成功,请查收您的验证邮件') else: return sh.alert('注册成功')
def __getSortedKeys(self, select): form_key = ' from ' if ' from ' in select else ' FROM ' if '*' in select.partition(form_key)[0] and ',' not in select.partition(form_key)[0]: return [] else: keys= [] key = [] bracket_count = 0 for c in select.partition(form_key)[0] + ',': if c == '(': bracket_count += 1 key.append(c) elif c == ')': bracket_count -= 1 key.append(c) elif bracket_count == 0 and c == ',': key = ''.join(key).strip().rpartition(' ')[2] keys.append(key) key = [] else: key.append(c) if bracket_count != 0: return sh.alert('select语句有语法错误', stay=10) return keys
def __getSortedKeys(self, select): form_key = " from " if " from " in select else " FROM " if "*" in select.partition(form_key)[0] and "," not in select.partition(form_key)[0]: return [] else: keys = [] key = [] bracket_count = 0 for c in select.partition(form_key)[0] + ",": if c == "(": bracket_count += 1 key.append(c) elif c == ")": bracket_count -= 1 key.append(c) elif bracket_count == 0 and c == ",": key = "".join(key).strip().rpartition(" ")[2] keys.append(key) key = [] else: key.append(c) if bracket_count != 0: return sh.alert("select语句有语法错误", stay=10) return keys
def POST(self): inputs = web.input() if inputs.action == 'send_code': user = sh.model('User').getByEmail(inputs.email.strip()) if user: sh.ctrl('User').sendForgetPasswordEmail(user) return sh.alert('发送成功,请查收您的邮件(可能在"垃圾邮件"中)。', '/') elif inputs.action == 'reset_password': assert(6 <= len(inputs.password) < 60) user_model = sh.model('User') code_model = sh.model('UserForgetPassword') exists = code_model.getOneByWhere('Userid=%s and code=%s', inputs.Userid, inputs.code) if not exists: return sh.alert('链接无效,请重新申请') if (datetime.now() - exists.created).seconds > code_model.expires: return sh.alert('链接已过期,请重新申请') user_model.update(inputs.Userid, dict(password=inputs.password)) code_model.delete(exists.id) return sh.alert('重设密码成功,请登录', '/login')
def POST(self): inputs = web.input() if inputs.action == 'send_code': user = sh.model('User').getByEmail(inputs.email.strip()) if user: sh.ctrl('User').sendForgetPasswordEmail(user) return sh.alert('发送成功,请查收您的邮件(可能在"垃圾邮件"中)。', '/') elif inputs.action == 'reset_password': assert (6 <= len(inputs.password) < 60) user_model = sh.model('User') code_model = sh.model('UserForgetPassword') exists = code_model.getOneByWhere('Userid=%s and code=%s', inputs.Userid, inputs.code) if not exists: return sh.alert('链接无效,请重新申请') if (datetime.now() - exists.created).seconds > code_model.expires: return sh.alert('链接已过期,请重新申请') user_model.update(inputs.Userid, dict(password=inputs.password)) code_model.delete(exists.id) return sh.alert('重设密码成功,请登录', '/login')
def GET(self, path): mc = sh.ctrl("Editor").getMenuConfig() # 禁止访问未公开的路径 if not mc: return sh.redirectTo404() inputs = sh.inputs() select = mc.get("select", "").replace("%", "%%") # 因为MySQLdb会转义% db = sh.getDBHelper() if mc.get("paging", ""): if " limit " in select.lower(): return sh.alert("使用paging选项时select中不能使用limit, 请检查后台配置", stay=10) # 如果使用了paging, select中就不允许出现limit if int(mc.get("paging")) <= 0: return sh.alert("paging配置参数应为正整数", stay=10) if " distinct " in select.lower(): return sh.alert("抱歉, 暂不支持paging与distinct一起使用", stay=10) # 查询count(*) form_key = " from " if " from " in select else " FROM " total = self.__getTotal(select) # 设置limit获得数据 select = select + " limit %d, %d" % self.__getLimit(inputs.get("page_num", 1), int(mc.paging)) items = db.fetchSome(select) # 获得分页 pagination_html = ( '<div fx="paging[style=zarkpy;pageCount=%d;totalCount=%d;displayPages=10;firstText=第一页;lastText=末页;]"></div>' % (int(mc.paging), total) ) else: items = db.fetchSome(select) pagination_html = "" keys = self.__getSortedKeys(select) if len(keys) == 0 and len(items) > 0: keys = items[0].keys() return sh.editor.ReportForms(items, pagination_html, keys, mc)
def GET(self): inputs = sh.inputs() assert(inputs.has_key('Userid')) assert(inputs.has_key('code')) model = sh.model('UserValidation') exists = model.getOneByWhere('Userid=%s and code=%s', inputs.Userid, inputs.code) if exists: sh.model('User').update(inputs.Userid, dict(activated='yes')) model.delete(exists.id) return sh.alert('验证邮箱成功') else: return sh.redirectTo404()
def GET(self, path): mc = sh.ctrl('Editor').getMenuConfig() # 禁止访问未公开的路径 if not mc: return sh.redirectTo404() inputs = sh.inputs() select = mc.get('select', '').replace('%', '%%') # 因为MySQLdb会转义% db = sh.getDBHelper() if mc.get('paging', ''): if ' limit ' in select.lower(): return sh.alert('使用paging选项时select中不能使用limit, 请检查后台配置', stay=10) # 如果使用了paging, select中就不允许出现limit if int(mc.get('paging')) <= 0: return sh.alert('paging配置参数应为正整数', stay=10) if ' distinct ' in select.lower(): return sh.alert('抱歉, 暂不支持paging与distinct一起使用', stay=10) # 查询count(*) form_key = ' from ' if ' from ' in select else ' FROM ' total = self.__getTotal(select) # 设置limit获得数据 select = select + ' limit %d, %d' % \ self.__getLimit(inputs.get('page_num', 1), int(mc.paging)) items = db.fetchSome(select) # 获得分页 pagination_html = '<div fx="paging[style=zarkpy;pageCount=%d;totalCount=%d;displayPages=10;firstText=第一页;lastText=末页;]"></div>' % (int(mc.paging), total) else: items = db.fetchSome(select) pagination_html = '' keys = self.__getSortedKeys(select) if len(keys) == 0 and len(items) > 0: keys = items[0].keys() return sh.editor.ReportForms(items, pagination_html, keys, mc)
def POST(self): if not sh.session.is_login: return sh.redirectToLogin() user_model = sh.model('User') user = user_model.get(sh.session.id) inputs = sh.inputs() assert inputs.get('action', '') if inputs.action == 'upload': if inputs.get('image_file', ''): self.savePortrait(sh.session.id, inputs.image_file) return sh.redirect('/accounts/portrait') elif inputs.action == 'crop': if not user.image: return sh.alert('请先上传头像') assert int(float(inputs.get('region_width', '0'))) > 0 assert int(float(inputs.get('region_height', '0'))) > 0 real_width, real_height = sh.imageSize(user.image.url) # 图片的真实宽高 crop = inputs.crop region_width = int(float(inputs.region_width)) # 选择区域的宽度 region_height = int(float(inputs.region_height)) # 选择区域的高度 start_x = int(crop.split()[0]) # 选中的起始位置 start_y = int(crop.split()[1]) region_x = int(crop.split()[2]) # 选中的宽度 region_y = int(crop.split()[3]) # 选中的高度 # convert 裁剪区域 region = '%dx%d+%d+%d' % (region_x * real_width / region_width, region_y * real_height / region_height, real_width * start_x / region_width, real_height * start_y / region_height) path = sh.urlToPath(user.image.url) os.system('convert %s -crop %s %s' % (path, region, path + '.crop')) user_model.update(sh.session.id, {'crop': crop}) # 删除以前裁剪图片的各种尺寸副本 os.system('rm %s.crop_*' % path) return sh.redirect('/accounts')
def POST(self): inputs = sh.inputs() assert (6 <= len(inputs.new_password) < 60) user_model = sh.model('User') user_ctrl = sh.ctrl('User') if not sh.session.is_login: return sh.redirectToLogin() Userid = sh.session.id user = user_model.get(Userid) assert (user is not None) if not user_ctrl.validate(user.email, inputs.old_password): return sh.page.user.ResetPassword('原密码输入错误, 请重新输入') user_model.update(Userid, dict(password=inputs.new_password)) return sh.alert('重置密码成功', '/')
def POST(self): inputs = sh.inputs() assert(6 <= len(inputs.new_password) < 60) user_model = sh.model('User') user_ctrl = sh.ctrl('User') if not sh.session.is_login: return sh.redirectToLogin() Userid = sh.session.id user = user_model.get(Userid) assert(user is not None) if not user_ctrl.validate(user.email, inputs.old_password): return sh.page.user.ResetPassword('原密码输入错误, 请重新输入') user_model.update(Userid, dict(password=inputs.new_password)) return sh.alert('重置密码成功', '/')
def POST(self): if not sh.session.is_login: return sh.redirectToLogin() user_model = sh.model('User') user = user_model.get(sh.session.id) inputs = sh.inputs() assert inputs.get('action', '') if inputs.action == 'upload': if inputs.get('image_file', ''): self.savePortrait(sh.session.id, inputs.image_file) return sh.redirect('/accounts/portrait') elif inputs.action == 'crop': if not user.image: return sh.alert('请先上传头像') assert int(float(inputs.get('region_width', '0'))) > 0 assert int(float(inputs.get('region_height', '0'))) > 0 real_width, real_height = sh.imageSize(user.image.url) # 图片的真实宽高 crop = inputs.crop region_width = int(float(inputs.region_width)) # 选择区域的宽度 region_height = int(float(inputs.region_height)) # 选择区域的高度 start_x = int(crop.split()[0]) # 选中的起始位置 start_y = int(crop.split()[1]) region_x = int(crop.split()[2])# 选中的宽度 region_y = int(crop.split()[3]) # 选中的高度 # convert 裁剪区域 region = '%dx%d+%d+%d' % (region_x * real_width / region_width, region_y * real_height / region_height, real_width * start_x / region_width, real_height * start_y / region_height) path = sh.urlToPath(user.image.url) os.system('convert %s -crop %s %s' % (path, region, path+'.crop')) user_model.update(sh.session.id, {'crop': crop}) # 删除以前裁剪图片的各种尺寸副本 os.system('rm %s.crop_*' % path) return sh.redirect('/accounts')
def POST(self, inputs=None): if not inputs: inputs = sh.inputs() new_id = sh.model('Note').insert(inputs) return sh.alert('注册成功')