def POST(self): data = web.input() if not (data.get('username') and data.get('password')): msg = u'用户名或密码不能为空' return render.login(cur_user=None, error=msg) else: if not model.check_user_is_duplicate(data.get('username')): #检查用户是否存在 if model.check_user_info(data.get('username'), data.get('password')): #检查用户名密码是否匹配 session.auth = 1 #置登录状态,视为通过登录 if data.get('autoLogin'): #检查是否为自动登录 token = data.get('username') + ';' + data.get('password') token = token.encode('utf-8') web.setcookie('token', AES.new(key, mode, iv).encrypt(token), 3600) #对用户名密码AES加密,存入cookie return web.seeother('/') return render.login(cur_user=None, error=u'用户名或密码错误') return render.login(cur_user=None, error=u'无效的用户名')
def my_processor(handler): if ('token' not in web.cookies()) \ and ('auth' not in session or session.get('auth') == 0): if web.ctx.fullpath != '/login' and web.ctx.fullpath != '/register' and web.ctx.fullpath != '/forget': print web.ctx.fullpath raise web.seeother('/login') elif web.ctx.fullpath == '/register': return handler() elif web.ctx.fullpath == '/forget': return handler() elif 'token' in web.cookies(): userinfo = AES.new(key, mode, iv).decrypt(web.cookies().get('token')).split(';') try: username = userinfo[0].strip() password = userinfo[1].strip() except IndexError: print 'IndexError' web.setcookie('token', 0, -1) raise web.seeother('/login') import model if not model.check_user_info(username, password): raise web.seeother('/login') return handler() return handler()