def post(self):
username = self.get_argument("username", "")
password = self.get_argument("password", "")
error_messages = list()
if username == "" or password == "":
error_messages.append("参数不能为空")
self.render("login.html", error_messages=error_messages, username="")
return
user = self.db.get("SELECT * FROM accounts WHERE username = %s", username)
if user is None:
error_messages.append("用户名密码错误")
self.render("login.html", error_messages=error_messages, username=username)
return
if user["status"] == 0:
error_messages.append("帐户没有开通")
self.render("login.html", error_messages=error_messages, username=username)
return
password_generator = UserPassword()
password_hash = password_generator.generate_hash(password, user["password_salt"])
if password_hash != user["password_hash"]:
error_messages.append("用户名密码错误")
self.render("login.html", error_messages=error_messages, username=username)
return
session = Session(self.settings["session_secretSid"], self.settings["session_secretEid"], self.settings["session_expired"])
if session.encode(user["id"]) is False:
error_messages.append("用户数据错误")
self.render("login.html", error_messages=error_messages, username=username)
return
sid = session.getSid()
eid = session.getEid()
self.set_secure_cookie("sid", sid, None)
self.set_secure_cookie("eid", eid, None)
self.redirect(self.get_argument("next", "/"))
def get_current_user(self):
sid = self.get_secure_cookie("sid")
eid = self.get_secure_cookie("eid")
# 没有登录
if not sid or not eid:
return None
session = Session(self.settings["session_secretSid"], self.settings["session_secretEid"], self.settings["session_expired"])
# 登录超时
if session.decode(sid, eid) is False:
return None
user_id = session.getUid()
user = self.db.get("SELECT * FROM accounts WHERE id = %s", int(user_id))
# 帐户是否合法
if user is None or ("status" in user and user["status"] == 0):
return None
# 是否需要更新EID
if session.updateToken():
eid = session.getEid()
self.set_secure_cookie("eid", eid, None)
return user
