def POST(self):
data = web.input()
if not (data.get('username') and data.get('password')):
msg = u'用户名或密码不能为空'
return render.login(cur_user=None, error=msg)
else:
if not model.check_user_is_duplicate(data.get('username')): #检查用户是否存在
if model.check_user_info(data.get('username'), data.get('password')): #检查用户名密码是否匹配
session.auth = 1 #置登录状态,视为通过登录
if data.get('autoLogin'): #检查是否为自动登录
token = data.get('username') + ';' + data.get('password')
token = token.encode('utf-8')
web.setcookie('token', AES.new(key, mode, iv).encrypt(token), 3600) #对用户名密码AES加密,存入cookie
return web.seeother('/')
return render.login(cur_user=None, error=u'用户名或密码错误')
return render.login(cur_user=None, error=u'无效的用户名')
def my_processor(handler):
if ('token' not in web.cookies()) \
and ('auth' not in session or session.get('auth') == 0):
if web.ctx.fullpath != '/login' and web.ctx.fullpath != '/register' and web.ctx.fullpath != '/forget':
print web.ctx.fullpath
raise web.seeother('/login')
elif web.ctx.fullpath == '/register':
return handler()
elif web.ctx.fullpath == '/forget':
return handler()
elif 'token' in web.cookies():
userinfo = AES.new(key, mode, iv).decrypt(web.cookies().get('token')).split(';')
try:
username = userinfo[0].strip()
password = userinfo[1].strip()
except IndexError:
print 'IndexError'
web.setcookie('token', 0, -1)
raise web.seeother('/login')
import model
if not model.check_user_info(username, password):
raise web.seeother('/login')
return handler()
return handler()
