def del_attach_file(request):
usr_id_gy = request.session.get('usr_id_gy', '') or testid
if usr_id_gy == 0:
s = """
{
"errcode": -1,
"errmsg": "无权访问,请先关注"
} """
return HttpResponseJsonCORS(s)
fname = request.GET.get('fname', '')
sql = "SELECT fname,YEAR(ctime),MONTH(ctime) FROM file_pic_gy WHERE fname='%s' and cid = %s" % (
fname, usr_id_gy)
lT, iN = db.select(sql)
if iN > 0:
L = list(lT[0])
ext = L[0].split('.')[-1]
year = L[1]
month = L[2]
path = os.path.join(upload_path, '%s/%s' % (year, month))
if fname != '':
path = os.path.join(path, fname)
try:
os.remove(path)
except:
pass
sql = "delete from file_pic_gy WHERE fname='%s' and cid=%s" % (fname,
usr_id)
db.executesql(sql)
s = """
{
"error": false
}
"""
return HttpResponseJsonCORS(s)
def saveSelectedOptions(field_type, options_type, usr_id, sel_value):
type = int(options_type)
iN = 0
if type == 21:
L, iN = get_proj_info_selected(sel_value)
elif type == 23: #供应商
L, iN = get_sup_info_selected(sel_value)
#elif type==24: #人员
# L,iN = get_addr_book_selected(sel_value)
elif type == 26:
L, iN = get_mat_info_selected(sel_value)
if iN > 0:
sql = "select id from user_options where usr_id=%s and option_type=%s and option_id=%s" % (
usr_id, options_type, sel_value)
lT, iN1 = db.select(sql)
if iN1 > 0:
sql = "update user_options set ctime=now(), hits = hits +1 where id=%s" % (
lT[0][0])
else:
sql = """insert into `user_options` (`usr_id`,`option_type`,`option_id`,`option_value`,`option_level`,`option_parent_id`,`option_tips`,`ctime`,`hits`)
values (%s,%s,'%s','%s','%s','%s','%s',now(),1)
""" % (usr_id, options_type, L[0][0], L[0][1], L[0][2],
L[0][3], L[0][4])
print ToGBK(sql)
db.executesql(sql)
return
def del_attach_file(request):
fname = request.GET.get('fname', '')
sql = "SELECT fname,YEAR(ctime),MONTH(ctime) FROM file_pic WHERE fname='%s'" % fname
lT, iN = db.select(sql)
if iN > 0:
L = list(lT[0])
ext = L[0].split('.')[-1]
year = L[1]
month = L[2]
path = os.path.join(upload_path, '%s/%s' % (year, month))
if fname != '':
path1 = os.path.join(path, fname)
try:
os.remove(path1)
except:
pass
path1 = os.path.join(path, "small_%s" % fname)
try:
os.remove(path1)
except:
pass
sql = "delete from file_pic WHERE fname='%s'" % fname
db.executesql(sql)
s = """
{
"error": false
}
"""
return HttpResponseJsonCORS(request, s)
def modify_pwd(request):
import base64, time
import random
random_no = '%s' % (random.randint(0, 999999))
#print request.POST
login_id = request.POST.get('login_id', '')
oldPwd = request.POST.get('oldPwd', '')
newPwd = request.POST.get('newPwd', '')
if login_id == '':
errCode = 1
msg = u'用户名不存在'
s = """
{
"errcode": %s,
"errmsg": "%s",
"login_id": "%s",
}
""" % (errCode, msg, login_id)
response = HttpResponseCORS(request, s)
return response
login_id = login_id.replace("'", "")
if oldPwd != '':
oldPwd = oldPwd.lower()
s1 = ''
sql = """SELECT U.usr_id,U.usr_name,ifnull(U.dept_id,0),ifnull(D.cname,''),IFNULL(U.pic,''),U.password
FROM users U LEFT JOIN dept D ON U.dept_id=D.id
WHERE U.login_id='%s' AND U.status=1
""" % (login_id)
lT, iN = db.select(sql)
if iN > 0:
usr_id = lT[0][0]
pwd1 = lT[0][5]
m1 = md5.new()
m1.update(lT[0][5])
pwd = m1.hexdigest()
if oldPwd != pwd:
errCode = 2
msg = u'密码错误'
else:
sql = "update users set password = '******' where usr_id =%s" % (
newPwd, usr_id)
db.executesql(sql)
errCode = 0
msg = u'修改成功'
else:
errCode = 1
msg = u'用户名不存在'
s = """
{
"errcode": %s,
"errmsg": "%s",
"login_id": "%s",
}
""" % (errCode, msg, login_id)
return HttpResponseCORS(request, s)
def setRecentlyProj(request):
#ret,errmsg,d_value = mValidateUser(request,"view",104)
#if ret!=0:
# return HttpResponseCORS(request,errmsg)
usr_id = 2 #d_value[0]
proj_id = request.POST.get('proj_id', '')
if (usr_id == 0 or proj_id == ''):
s = """
{
"errcode": -1,
"errmsg": "参数错误"
} """
return HttpResponseJsonCORS(request, s)
sql = """select id,gc_no,cname from out_proj where id=%s
""" % (proj_id)
rows, iN = db.select(sql)
proj_name = '(%s)%s' % (rows[0][1], rows[0][2])
sql = "select id from user_options where usr_id=%s and option_type=21 and option_id=%s" % (
usr_id, proj_id)
rows, iN = db.select(sql)
if iN > 0:
sql = "update user_options set option_value='%s',option_tips='%s',ctime=now(),hits=hits+1 where id=%s" % (
proj_name, proj_name, rows[0][0])
else:
sql = """insert into user_options (usr_id,option_type,option_id,option_value,option_tips,ctime,hits)
values (%s,21,%s,'%s','%s',now(),1)""" % (usr_id, proj_id,
proj_name, proj_name)
#print sql
db.executesql(sql)
s = """
{
"errcode": 0,
"errmsg": "保存成功"
} """
return HttpResponseJsonCORS(request, s)
def attach_save(request):
#print request.POST
today = datetime.date.today()
year = today.year
month = today.month
if request.method == "POST": # 请求方法为POST时,进行处理
pk = request.POST.get('pk', '')
random_no = request.POST.get('random_no', '')
usr_id_gy = request.session.get('usr_id_gy', '') or testid
# file_type = request.POST.get('file_type', '')
if usr_id_gy == 0:
s = """
{
"errcode": -1,
"errmsg": "无权访问,请先关注"
} """
return HttpResponseJsonCORS(s)
myFile = request.FILES.get("file", None) # 获取上传的文件,如果没有文件,则默认为None
if not myFile:
s = """
{
"error": true
}
"""
return HttpResponseJsonCORS(s)
title = myFile.name
f_ext = title.split('.')[-1]
fname = "gy_%s_%s_%s.%s" % (usr_id_gy, time.time(),
random.randint(0, 99), f_ext)
make_sub_path(upload_path)
path = os.path.join(upload_path, str(year))
make_sub_path(path) #检查目录是否存在,如果不存在,生成目录 make_sub_path
path = os.path.join(path, str(month))
make_sub_path(path) #检查目录是否存在,如果不存在,生成目录 make_sub_path
destination = open(os.path.join(path, fname),
'wb+') # 打开特定的文件进行二进制的写操作
for chunk in myFile.chunks(): # 分块写入文件
destination.write(chunk)
destination.close()
import imghdr
imgType = imghdr.what(os.path.join(path, fname))
if imgType in [
'rgb', 'gif', 'pbm', 'pgm', 'ppm', 'tiff', 'rast', 'xbm',
'jpeg', 'bmp', 'png'
]:
is_pic = 1
else:
is_pic = 0
if pk == '': pk = 'NULL'
sql = """insert into file_pic_gy (title,fname,file_size,is_pic,random_no,cid,ctime,file_type)
values('%s','%s',%s,%s,'%s',%s,now(),'tstj');
""" % (title, fname, myFile.size, is_pic, random_no, usr_id_gy)
#print sql
db.executesql(sql)
if is_pic == 1:
img = Image.open(os.path.join(path, fname))
x, y = img.size
if x > 80:
x1 = 80
y1 = 80 * y / x
else:
x1 = x
y1 = y
img = img.resize((x1, y1), Image.ANTIALIAS)
path = os.path.join(path, 'thumbnail')
make_sub_path(path) #检查目录是否存在,如果不存在,生成目录 make_sub_path
img.save(os.path.join(path, fname))
pic_url = os.path.join(front_url, str(year), str(month),
'thumbnail', fname)
else:
pic_url = ""
url = os.path.join(front_url, str(year), str(month), fname)
s = """{"files":[{
"error":false,
"size":%s,
"name":"%s",
"thumbnail_url":"%s",
"url":"%s/fileUpload_gy/file_down?fname=%s",
"delete_url":"%s/fileUpload_gy/del_attach_file?fname=%s"
}]}
""" % (myFile.size, myFile.name, pic_url, data_url, fname,
data_url, fname)
return HttpResponseJsonCORS(s)
s = """
{
"error": true
}
"""
return HttpResponseJsonCORS(s)
def getFormData1518(pk, field_id, menu_id, usr_id, request):
mode = request.GET.get('mode', 'view')
sql = """SELECT mfc.col_name
,mfc.label
,ft.name,mfc.requireds,mfc.size,mfc.readonlys,IFNULL(mfc.default_value,'')
,mfc.hides
,IFNULL(mfc.max_length,'')
,mfc.hint
,''
,''
,''
,btn_type
,btn_color
,url
,IFNULL(field_col_name,'')
,mfc.field_type
,mfc.default_type
,mfc.field_options_type
,IFNULL(mfc.field_options_txt,'')
,IFNULL(mfc.field_options_default,'')
,IFNULL(mfc.linkfield1,'')
,IFNULL(mfc.linkfield2,'')
,mfc.url_target
,ifnull(mfc.change_cols,'')
,ifnull(mfc.para_cols,'')
,mfc.id
FROM menu_form_cols mfc
LEFT join field_type ft on mfc.field_type = ft.id
where mfc.id = '1519'"""
sql += """ order by mfc.sort """
#print sql
names = 'cid label field_type required size readonly value hide max_length hint field_options table_col table_data btn_type btn_color url'.split(
)
rows1, iN1 = db.select(sql)
L1 = []
for i in range(0, iN1):
e = list(rows1[i])
table_name = request.POST.get('table_name', '')
col_name = request.POST.get('col_name', '')
field_type = request.POST.get('field_type', '')
id = request.POST.get('id', '')
menu_id = request.POST.get('menu_id', '')
field_options_type = request.POST.get('field_options_type', '')
new_field = request.POST.get('new_field[]', '')
new_field = handleMutilValue(new_field, 1)
field_col_name = request.POST.get('field_col_name', '')
#field_type = request.POST.get('field_type','')
sql = """select t.table_ab from menu_list_tables t
where t.menu_id =%s and t.`table_name` = '%s'""" % (
menu_id, table_name)
rows, iN = db.select(sql)
if iN == 0:
table_ab = ''
col = col_name
else:
table_ab = rows[0][0]
col = '%s.%s' % (table_ab, col_name)
if str(new_field) == '1':
field_col_name = col_name
if field_type in ['17', '22', '24']:
e[6] = ''
elif str(field_type) in ['3', '5', '6', '18', '26', '32']:
type = int(field_options_type)
if type == 1:
pass
elif type == 2:
pass
elif type == 3:
pass
elif type == 4:
pass
elif type == 5:
pass
elif type == 6:
pass
elif type == 7:
pass
elif type == 10:
pass
elif type == 8:
pass
elif type == 9:
pass
elif type == 11:
pass
elif type == 12:
pass
elif type == 13:
pass
elif type == 14:
pass
elif type == 15:
pass
elif type == 16:
pass
elif type == 17:
pass
elif type == 18:
pass
elif type == 19:
pass
elif type == 20:
pass
elif type == 21:
tn = 'out_proj'
tb = 'OP'
tid = 'id'
e[6] = "concat('(',ifnull(OP.gc_no,''),')',ifnull(OP.cname,''))"
elif type == 22:
tn = 'contract_sg_file'
tb = 'SG'
tid = 'id'
e[6] = "ifnull(SG.code,'')"
elif type == 23:
tn = 'suppliers'
tb = 'su'
tid = 'id'
e[6] = "ifnull(su.cname,'')"
sql = "select id,page_name,ifnull(where_sql,'') from menu_list_pages where menu_id=%s" % (
menu_id)
rows1, iN1 = db.select(sql)
for e1 in rows1:
sql = "select id from menu_list_tables where page_id = %s and table_name='%s'" % (
e1[0], tn)
#print sql
rows2, iN2 = db.select(sql)
if iN2 == 0:
sql = """insert into menu_list_tables
(menu_id,page_id,join_type,table_name,table_ab,index_name,link_table,link_ab,link_index,sort)
values (%s,%s,'LEFT JOIN','%s','%s','%s','%s','%s','%s',%s)
""" % (menu_id, e1[0], tn, tb, tid, table_name,
table_ab, field_col_name, 99)
db.executesql(sql)
sql = "select join_type,table_name,table_ab,index_name,link_ab,link_index,ifnull(table_sql,'') from menu_list_tables where page_id = %s order by sort" % (
e1[0])
#print sql
rows, iN = db.select(sql)
table_sql = encode_table_sql(rows)
table_sql = '%s %s' % (table_sql, e1[2])
sql = """update menu_list_pages set table_sql="%s" where id=%s
""" % (table_sql, e1[0])
#print sql
db.executesql(sql)
else:
e[6] = col
L1.append(e)
data = [dict(zip(names, d)) for d in L1]
#print data
formData = json.dumps(data, ensure_ascii=False)
return formData
def login_wx_func(request):
import base64, time
import random
random_no = '%s' % (random.randint(0, 999999))
usr_id, usr_name, dept_id, dept_name = '', '', '', ''
source = 'wx'
if request.META.has_key('HTTP_X_FORWARDED_FOR'):
ip = request.META['HTTP_X_FORWARDED_FOR']
else:
ip = request.META['REMOTE_ADDR']
code = request.GET.get('code', '')
login_id = getLoginID(code)
if login_id == '':
errCode = 1
msg = u'用户名不存在'
s = """
{
"errcode": %s,
"errmsg": "%s",
"login_id": "%s",
}
""" % (errCode, msg, login_id)
return s
login_id = login_id.replace("'", "")
s1 = ''
sql = """SELECT U.usr_id,U.usr_name,U.dept_id,D.cname,IFNULL(U.pic,''),U.password,U.login_id
FROM users U LEFT JOIN dept D ON U.dept_id=D.id
WHERE ifnull(U.wxqy_id,U.login_id)='%s' AND U.status=1
""" % (login_id)
lT, iN = db.select(sql)
if iN > 0:
usr_id = lT[0][0]
login_id = lT[0][6]
#求得用户的权限
dActiveUser[usr_id] = {}
dActiveUser[usr_id]['roles'] = {} #用户角色
dActiveUser[usr_id]['access_dept_data'] = [
] #访问部门内所有人员数据的权限,格式:['部门ID1','部门ID2',...]
dActiveUser[usr_id]['access_person_data'] = [
] #访问人员数据的权限,格式:['人员ID1','人员ID2',...]
dActiveUser[usr_id]['login_time'] = time.time() #登入时间
dActiveUser[usr_id]['usr_name'] = lT[0][1] #用户名
dActiveUser[usr_id]['login_id'] = login_id
dActiveUser[usr_id]['usr_dept'] = lT[0][2], lT[0][3] #用户部门
dActiveUser[usr_id]['pic'] = lT[0][4]
#用户角色/访问部门内所有人员数据的权限
sql = """SELECT WUR.role_id,WR.role_name,WR.sort,WR.dept_id
FROM usr_role WUR LEFT JOIN roles WR ON WUR.role_id=WR.role_id
WHERE WUR.usr_id=%s
""" % usr_id
lT1, iN1 = db.select(sql)
if iN1 > 0:
for e in lT1:
#用户角色
dActiveUser[usr_id]['roles'][e[0]] = e[1:]
request.session['usr_id'] = usr_id
request.session['usr_name'] = dActiveUser[usr_id]['usr_name']
request.session['dept_id'] = lT[0][2]
request.session['dept_name'] = lT[0][3]
request.session['dActiveUser'] = dActiveUser
d_value = ['', '', '', '', '']
d_value[0] = usr_id
d_value[1] = dActiveUser[usr_id]['usr_name']
d_value[2] = lT[0][2]
d_value[3] = lT[0][3]
d_value[4] = 0
g_data.set_value(d_value)
errCode = 0
msg = 'OK'
pic = lT[0][4]
if pic == '':
pic_url = "%s/user_pic/default.jpg" % fs_url
else:
pic_url = "%s/user_pic/small_" % fs_url + pic
sTimeStamp = str(time.time())
wxcpt = WXBizMsgCrypt('szoworld', m_aesKey)
ret, token = wxcpt.EncryptMsg(login_id, random_no, sTimeStamp)
if usr_id in [1, 2]:
sql = """SELECT distinct WMF.menu,WMF.menu_id,WMF.menu_name,
WMF.sort,WMF.parent_id,WMF.status,WMF.url,WMF.icon
FROM menu_func WMF
Left JOIN menu_func WMF1 on WMF.parent_id = WMF1.menu_id
WHERE WMF.status=1 and WMF.menu_id>0 and WMF1.status=1
ORDER BY WMF.parent_id,WMF.menu,WMF.sort,WMF.menu_id
"""
else:
sql = """SELECT distinct WMF.menu,WMF.menu_id,WMF.menu_name,
WMF.sort,WMF.parent_id,WMF.status,WMF.url,WMF.icon
FROM usr_role WUR JOIN (role_menu WRM JOIN menu_func WMF ON WRM.menu_id=WMF.menu_id) ON WUR.role_id=WRM.role_id
WHERE WUR.usr_id='%s' AND WMF.status=1 and WMF.menu_id>0 and WRM.can_view=1
ORDER BY WMF.parent_id,WMF.menu,WMF.sort,WMF.menu_id
""" % usr_id
#print sql
rows, iN = db.select(sql)
L1 = [2]
L2 = []
#L = formatData(rows,L1,L2)
names = 'level menu_id menu_name sort parent_id status url icon'.split(
)
data = [dict(zip(names, d)) for d in rows]
s3 = json.dumps(data, ensure_ascii=False)
s1 = """"userid":%s,
"username":"******",
"dept_id":%s,
"dept_name":"%s",
"pic_url":"%s",
"AccessToken":"%s",
"menu_data":%s,""" % (lT[0][0], (lT[0][1]), lT[0][2],
(lT[0][3]), pic_url, token, s3)
sql = """insert into users_login (usr_id,source,token,login_ip,login_time,refresh_time,expire_time)
values (%s,'%s','%s','%s',now(),now(),%s)
""" % (lT[0][0], source, token, ip, int(TIME_OUT) * 60)
#print ToGBK(sql)
db.executesql(sql)
else:
errCode = 1
msg = u'用户名不存在'
s = """
{
"errcode": %s,
"errmsg": "%s",
"login_id": "%s",
%s
}
""" % (errCode, msg, login_id, s1)
#print ToGBK(s)
response = HttpResponseCORS(request, s)
return response
def index_wx_func(request):
import base64, time
import random
random_no = '%s' % (random.randint(0, 999999))
source = 'wx'
if request.META.has_key('HTTP_X_FORWARDED_FOR'):
ip = request.META['HTTP_X_FORWARDED_FOR']
else:
ip = request.META['REMOTE_ADDR']
print ip
code = request.GET.get('code', '')
func = request.GET.get('func', '')
if func == '':
func = request.GET.get('state', '')
func = func.lower()
if func in ['gwlist', 'gw_view', 'gw_audit', 'gw_sign']:
agentname = '公文审批'
elif func in [
'info_send', 'info_list', 'info_upd', 'info_detail', 'info_audit'
]:
agentname = '信息交换'
elif func in ['myloglist', 'otherloglist', 'writelog', 'logdetail']:
agentname = '工作日志'
elif func in ['fa_code']:
agentname = '固定资产管理'
else:
agentname = '通讯录'
print func
error_url = '%s/wx/mui/error.html' % front_url
if func == 'FA_Code':
FAcode = request.GET.get('facode', '')
url = '%s/wx/mui/fixedAssetsInfo.html?code=%s' % (front_url, FAcode)
return HttpResponseRedirect(url)
url = ''
if func == 'gwlist':
type = request.GET.get('type', '')
if str(type) in ['1', '2', '3']:
url = '%s/wx/mui/examine.html?func=%s&type=%s' % (front_url, func,
type)
else:
url = '%s/wx/mui/myExamine.html?func=%s&type=%s' % (front_url,
func, type)
elif func == 'gw_view':
menu_id = request.GET.get('menu_id', '')
pk = request.GET.get('pk', '')
url = '%s/wx/examineDetail.html?menu_id=%s&pk=%s&mode=view&infotype=msg' % (
front_url, menu_id, pk)
elif func == 'gw_audit':
menu_id = request.GET.get('menu_id', '')
pk = request.GET.get('pk', '')
url = '%s/wx/examineDetail.html?menu_id=%s&pk=%s&mode=audit&infotype=msg' % (
front_url, menu_id, pk)
elif func == 'gw_sign':
menu_id = request.GET.get('menu_id', '')
pk = request.GET.get('pk', '')
url = '%s/wx/examineDetail.html?menu_id=%s&pk=%s&mode=sign&infotype=msg' % (
front_url, menu_id, pk)
elif func == 'info_send':
url = '%s/wx/mui/infoExchange_index.html?id=2' % (front_url)
elif func == 'info_list':
id = request.GET.get('id', '')
type = request.GET.get('type', '')
url = '%s/wx/mui/infoExchange_index.html?id=%s&type=%s' % (front_url,
id, type)
elif func == 'info_audit':
pk = request.GET.get('pk', '')
must_reply = request.GET.get('must_reply', '')
url = '%s/wx/mui/infoExamine.html?seq=%s&must_reply=%s&infotype=msg' % (
front_url, pk, must_reply)
elif func == 'info_detail':
pk = request.GET.get('pk', '')
must_reply = request.GET.get('must_reply', '')
url = '%s/wx/mui/infoDetail.html?seq=%s&must_reply=%s&index=0&infotype=msg' % (
front_url, pk, must_reply)
elif func == 'info_upd':
pk = request.GET.get('pk', '')
url = '%s/wx/mui/changeInfo.html?seq=%s&infotype=msg' % (front_url, pk)
elif func == 'fa_code':
FAcode = request.GET.get('facode', '')
url = '%s/wx/mui/fixedAssetsInfo.html?code=%s' % (front_url, FAcode)
elif func == 'myloglist':
url = '%s/wx/mui/myLogList.html?source=%s' % (front_url, source)
elif func == 'otherloglist':
url = '%s/wx/mui/otherLogList.html?source=%s' % (front_url, source)
elif func == 'writelog':
url = '%s/wx/mui/writeLog.html?source=%s' % (front_url, source)
elif func == 'logdetail':
id = request.GET.get('id', '')
url = '%s/wx/mui/logDetail.html?id=%s' % (front_url, id)
else:
return HttpResponseRedirect(error_url)
if request.session.has_key('login_data_wx'):
d = request.session.get('login_data_wx', '')
#userid = request.COOKIES.get('usr_wx_id','')
userid = d[0]
print "userid=%s" % (userid)
sql = """select token,id from users_login where source='%s' and usr_id ='%s' and time_to_sec(now()) - time_to_sec(refresh_time) < expire_time order by refresh_time desc limit 1
""" % (source, userid)
print sql
lT, iN = db.select(sql)
if iN > 0:
token = lT[0][0]
id = lT[0][1]
sql = "update users_login set refresh_time=now() where id=%s" % (
id)
db.executesql(sql)
url += "&AccessToken=%s" % token
print url
dt = datetime.datetime.now() + datetime.timedelta(hours=2)
response = HttpResponseRedirect(url)
response.set_cookie("usr_wx_id", userid, expires=dt)
#sql = "select usr_id,usr_name,dept_id,login_id,d.cname from users u left join dept d on d.id=u.dept_id where usr_id='%s' and status=1"%userid
#lT,iN = db.select(sql)
#if iN>0:
# value=[userid,lT[0][1],lT[0][2],lT[0][4],lT[0][3]]
# print value
# request.session['login_data_wx'] = value
return response
if code != '':
ddata = getuserinfo(code, agentname)
try:
print ddata
uName = ddata['UserId']
DeviceId = ddata['DeviceId']
except Exception, e:
uName = ''
DeviceId = ''
return HttpResponseRedirect(error_url)
sql = "select usr_id,usr_name,dept_id,login_id,d.cname from users u left join dept d on d.id=u.dept_id where ifnull(wxqy_id,login_id)='%s' and status=1" % uName
print sql
lT, iN = db.select(sql)
if iN > 0:
userid = lT[0][0]
usr_name = lT[0][1]
dept_id = lT[0][2]
dept_name = lT[0][4]
login_id = lT[0][3]
sTimeStamp = str(time.time())
wxcpt = WXBizMsgCrypt('szoworld', m_aesKey)
ret, token = wxcpt.EncryptMsg(login_id, random_no, sTimeStamp)
sql = """insert into users_login (usr_id,source,token,login_ip,login_time,refresh_time,expire_time)
values (%s,'%s','%s','%s',now(),now(),%s)
""" % (userid, source, token, ip, int(TIME_OUT) * 60)
print ToGBK(sql)
db.executesql(sql)
token = urllib.quote(token)
url += "&AccessToken=%s" % token
dt = datetime.datetime.now() + datetime.timedelta(hours=2)
response = HttpResponseRedirect(url)
response.set_cookie("usr_wx_id", userid, expires=dt)
value = [userid, usr_name, dept_id, dept_name, login_id]
print value
request.session['login_data_wx'] = value
return response
else:
return HttpResponseRedirect(error_url)
def attach_save(request):
#print request.POST
today = datetime.date.today()
year = today.year
month = today.month
if request.method == "POST": # 请求方法为POST时,进行处理
menu_id = request.POST.get('menu_id', 0)
pk = request.POST.get('pk', '')
source = request.POST.get('option', '')
if source == '': source = 0
random_no = request.POST.get('random_no', '')
ret, errmsg, d_value = mValidateUser(request, "view", menu_id)
if ret != 0:
s = """
{
"error": true
}
"""
return HttpResponseJsonCORS(request, s)
usr_id = d_value[0]
usr_name = d_value[1]
myFile = request.FILES.get("files[]", None) # 获取上传的文件,如果没有文件,则默认为None
if not myFile:
s = """
{
"error": true
}
"""
return HttpResponseJsonCORS(request, s)
title = myFile.name
f_ext = title.split('.')[-1]
fname = "%s_%s_%s.%s" % (usr_id, time.time(), random.randint(
0, 99), f_ext)
small_name = "small_%s" % (fname)
if f_ext.upper() in ['GIF', 'JPG', 'JPEG', 'PNG', 'BMP']:
is_pic = 1
else:
is_pic = 0
if pk == '': pk = 'NULL'
sql = """insert into file_pic (menu_id,gw_id,title,fname,file_size,is_pic,random_no,cid,cusrname,ctime,source)
values(%s,%s,'%s','%s',%s,%s,'%s',%s,'%s',now(),%s);
""" % (menu_id, pk, title, fname, myFile.size, is_pic, random_no,
usr_id, usr_name, source)
#print sql
db.executesql(sql)
sql = "select last_insert_id();"
rows, iN = db.select(sql)
file_id = rows[0][0]
make_sub_path(upload_path)
path = os.path.join(upload_path, str(year))
make_sub_path(path) #检查目录是否存在,如果不存在,生成目录 make_sub_path
path = os.path.join(path, str(month))
make_sub_path(path) #检查目录是否存在,如果不存在,生成目录 make_sub_path
destination = open(os.path.join(path, fname),
'wb+') # 打开特定的文件进行二进制的写操作
for chunk in myFile.chunks(): # 分块写入文件
destination.write(chunk)
destination.close()
import imghdr
imgType = imghdr.what(os.path.join(path, fname))
if imgType in [
'rgb', 'gif', 'pbm', 'pgm', 'ppm', 'tiff', 'rast', 'xbm',
'jpeg', 'bmp', 'png'
]:
is_pic = 1
else:
is_pic = 0
sql = 'update file_pic set is_pic=%s where id=%s' % (is_pic, file_id)
db.executesql(sql)
if is_pic == 1:
img = Image.open(os.path.join(path, fname))
x, y = img.size
x1 = 80
y1 = 80 * y / x
try:
img = img.resize((x1, y1), Image.ANTIALIAS)
img.save(os.path.join(path, small_name))
pic_url = os.path.join(front_url, 'attach', str(year),
str(month), small_name)
except:
pic_url = ""
else:
pic_url = ""
url = os.path.join(front_url, 'attach', str(year), str(month), fname)
s = """{"files":[{
"error":false,
"file_id":%s,
"size":%s,
"name":"%s",
"thumbnail_url":"%s",
"url":"%s",
"delete_url":"%s/del_file/?fname=%s"
}]}
""" % (file_id, myFile.size, myFile.name, pic_url, url, data_url,
fname)
return HttpResponseJsonCORS(request, s)
s = """
{
"error": true
}
"""
return HttpResponseJsonCORS(request, s)
def login_wx_func(request):
import base64, time
import random
random_no = '%s' % (random.randint(0, 999999))
usr_id, usr_name, dept_id, dept_name = '', '', '', ''
source = 'wx'
if request.META.has_key('HTTP_X_FORWARDED_FOR'):
ip = request.META['HTTP_X_FORWARDED_FOR']
else:
ip = request.META['REMOTE_ADDR']
code = request.GET.get('code', '')
union_id = ''
if code != '':
conn = httplib.HTTPSConnection('api.weixin.qq.com')
sToken = read_access_token_common('access_token_web')
if sToken == '':
url = "/cgi-bin/token?grant_type=client_credential&appid=%s&secret=%s" % (
AppId_web, AppSecret_web)
conn.request('GET', '%s' % url)
res = conn.getresponse()
body = res.read()
ddata = json.loads(body)
sToken = ddata['access_token']
conn.close()
write_access_token_common(body, 'access_token_web')
url = "/sns/oauth2/access_token?appid=%s&secret=%s&code=%s&grant_type=authorization_code" % (
AppId_web, AppSecret_web, code)
conn.request('GET', '%s' % url)
res = conn.getresponse()
body = res.read()
print body
ddata = json.loads(body)
access_token = ddata['access_token']
openid = ddata['openid']
union_id = ddata.get('unionid', '')
if union_id == '':
errCode = 1
msg = u'用户未注册供应商服务平台'
s = """
{
"errcode": %s,
"errmsg": "%s",
}
""" % (errCode, msg)
response = HttpResponseCORS(request, s)
return response
s1 = ''
if union_id == 'or0EJv-sW7K_rmSakUfKH1ONE5hg':
union_id = 'or0EJvw-Y-E7k7zPTdR6vX0OdRlI'
sql = """SELECT U.usr_id,U.usr_name,ifnull(ab.sup_id,0),ifnull(su.cname,''),IFNULL(U.headimgurl,'')
FROM users_gy U
LEFT JOIN addr_book ab on ab.id = U.addr_id
LEFT JOIN suppliers su on su.id = ab.sup_id
WHERE U.unionid='%s' AND U.status=1
""" % (union_id)
print sql
lT, iN = db.select(sql)
if iN > 0:
usr_id = lT[0][0]
request.session['usr_id'] = usr_id
request.session['usr_name'] = lT[0][1]
request.session['sup_id'] = lT[0][2]
request.session['sup_name'] = lT[0][3]
d_value = ['', '', '', '', '']
d_value[0] = usr_id
d_value[1] = lT[0][1]
d_value[2] = lT[0][2]
d_value[3] = lT[0][3]
d_value[4] = 0
g_data.set_value(d_value)
errCode = 0
msg = 'OK'
pic = lT[0][4]
sTimeStamp = str(time.time())
wxcpt = WXBizMsgCrypt('szoworld_gy', m_aesKey)
ret, token = wxcpt.EncryptMsg(str(usr_id), random_no, sTimeStamp)
sql = """SELECT distinct WMF.menu,WMF.menu_id,WMF.menu_name,
WMF.sort,WMF.parent_id,WMF.status-1,WMF.url,WMF.icon
FROM menu_func WMF
Left JOIN menu_func WMF1 on WMF.parent_id = WMF1.menu_id
WHERE WMF.status=2 and WMF.menu_id>0 and WMF1.status=2
ORDER BY WMF.parent_id,WMF.menu,WMF.sort,WMF.menu_id
"""
#print sql
rows, iN = db.select(sql)
L1 = [2]
L2 = []
#L = formatData(rows,L1,L2)
names = 'level menu_id menu_name sort parent_id status url icon'.split(
)
data = [dict(zip(names, d)) for d in rows]
s3 = json.dumps(data, ensure_ascii=False)
s1 = """"userid":%s,
"username":"******",
"sup_id":%s,
"sup_name":"%s",
"pic_url":"%s",
"AccessToken":"%s",
"menu_data":%s""" % (lT[0][0], (lT[0][1]), lT[0][2],
(lT[0][3]), pic, token, s3)
sql = """insert into users_login_gy (usr_id,source,token,login_ip,login_time,refresh_time,expire_time)
values (%s,'%s','%s','%s',now(),now(),%s)
""" % (lT[0][0], source, token, ip, int(TIME_OUT) * 60)
#print ToGBK(sql)
db.executesql(sql)
else:
errCode = 1
msg = u'用户未注册供应商服务平台'
s = """
{
"errcode": %s,
"errmsg": "%s",
%s
}
""" % (errCode, msg, s1)
#print ToGBK(s)
response = HttpResponseCORS(request, s)
return response
def attach_save_qy(request):
#print request.POST
today = datetime.date.today()
year = today.year
month = today.month
if request.method == "POST": # 请求方法为POST时,进行处理
pk = request.POST.get('pk', '')
random_no = request.POST.get('random_no', '')
usr_id_qy = request.session.get('usr_id_qy', '') or testid
file_type = ''
btntype = request.POST.get('btnType', '') or 'NULL'
# print request.POST
if str(btntype) == '0':
file_type = 'jb'
if str(btntype) == '-1':
file_type = 'sbld'
if str(btntype) == '1':
file_type = 'tjsl'
if str(btntype) == '2':
file_type = 'jgsb'
if str(btntype) == '3':
file_type = 'jgqr'
if str(btntype) == '4':
file_type = 'jsz'
if usr_id_qy == 0:
s = """
{
"errcode": -1,
"errmsg": "无权访问,请先关注"
} """
return HttpResponseJsonCORS(s)
myFile = request.FILES.get("file", None) # 获取上传的文件,如果没有文件,则默认为None
# print myFile
if not myFile:
s = """
{
"error": true
}
"""
return HttpResponseJsonCORS(s)
title = myFile.name
f_ext = title.split('.')[-1]
fname = "qy_%s_%s_%s.%s" % (usr_id_qy, time.time(),
random.randint(0, 99), f_ext)
if f_ext.upper() in ['GIF', 'JPG', 'PNG', 'BMP']:
is_pic = 1
else:
is_pic = 0
if pk == '': pk = 'NULL'
sql = """insert into file_pic_lw (m_id,title,fname,file_size,is_pic,random_no,cid,ctime,file_type,file_type_id)
values(%s,'%s','%s',%s,%s,'%s',%s,now(),'%s',%s);
""" % (pk, title, fname, myFile.size, is_pic, random_no,
usr_id_qy, file_type, btntype)
# print sql
db.executesql(sql)
make_sub_path(upload_path)
path = os.path.join(upload_path, str(year))
make_sub_path(path) #检查目录是否存在,如果不存在,生成目录 make_sub_path
path = os.path.join(path, str(month))
make_sub_path(path) #检查目录是否存在,如果不存在,生成目录 make_sub_path
destination = open(os.path.join(path, fname),
'wb+') # 打开特定的文件进行二进制的写操作
for chunk in myFile.chunks(): # 分块写入文件
destination.write(chunk)
destination.close()
# if is_pic == 1: pic_url = "%s/get_file/?fname=%s"%(data_url,fname)
# else: pic_url=""
# s = """{"files":[{
# "error":false,
# "size":%s,
# "fname":"%s"
# }]}
# """%(myFile.size,fname)
if is_pic == 1:
pic_url = "%s/fileUpload/file_down?fname=%s" % (data_url, fname)
else:
pic_url = ""
s = """{"files":[{
"error":false,
"size":%s,
"name":"%s",
"thumbnail_url":"%s",
"url":"%s/fileUpload/file_down?fname=%s",
"delete_url":"%s/fileUpload/del_attach_file?fname=%s"
}]}
""" % (myFile.size, myFile.name, pic_url, data_url, fname,
data_url, fname)
return HttpResponseJsonCORS(s)
s = """
{
"error": true
}
"""
return HttpResponseJsonCORS(s)
def login_func(request):
import base64 , time
import random
random_no='%s'%(random.randint(0,999999))
print(request.POST)
usr_id,usr_name,dept_id,dept_name='','','',''
login_id = request.POST.get('login_id','') or request.GET.get('login_id','')
password = request.POST.get('password','') or request.GET.get('password','')
source = request.POST.get('source','web')
lang_id = request.POST.get('lang_id') or request.GET.get('lang_id','')
if lang_id=='':lang_id=1
else:lang_id = int(lang_id)
if request.META.has_key('HTTP_X_FORWARDED_FOR'):
ip = request.META['HTTP_X_FORWARDED_FOR']
else:
ip = request.META['REMOTE_ADDR']
response = login_test(request)
if response:
return response
errCode, msg = -1, '该账户已失效!'
# ----#
# if login_id=='':
# errCode = 1
# msg = u'用户名不存在'
# s = """
# {
# "errcode": %s,
# "errmsg": "%s",
# "login_id": "%s",
# }
# """ %(errCode,msg,login_id)
# response = HttpResponseCORS(request,s)
# return response
# login_id=login_id.replace("'","")
# if password!='':
# password=password.lower()
# ---#
s1 =''
sql="""SELECT U.usr_id,U.usr_name,ifnull(U.dept_id,0),ifnull(D.cname,''),IFNULL(U.pic,''),U.password
FROM users U LEFT JOIN dept D ON U.dept_id=D.id
WHERE U.login_id='%s' AND U.status=1
""" % (login_id)
lT,iN = db.select(sql)
if iN>0:
# pwd1 = lT[0][5]
# m1 = md5.new()
# m1.update(lT[0][5])
# pwd = m1.hexdigest()
# print(password,pwd,'###')
# if password != pwd:
# errCode = 2
# msg = u'密码错误'
# else:
# if m_prjname == 'kjerp':
# ret = ProcessPassword(pwd1)
# else:
# ret = True
# if ret == False:
# errCode = 3
# msg = u'密码过于简单,请修改密码后重新登陆'
# s = """
# {
# "errcode": %s,
# "errmsg": "%s",
# "login_id": "%s",
# }
# """ %(errCode,msg,login_id)
# response = HttpResponseCORS(request,s)
# return response
usr_id=lT[0][0]
#求得用户的权限
dActiveUser[usr_id]={}
dActiveUser[usr_id]['roles']={} #用户角色
dActiveUser[usr_id]['access_dept_data']=[] #访问部门内所有人员数据的权限,格式:['部门ID1','部门ID2',...]
dActiveUser[usr_id]['access_person_data']=[] #访问人员数据的权限,格式:['人员ID1','人员ID2',...]
dActiveUser[usr_id]['login_time']=time.time() #登入时间
dActiveUser[usr_id]['usr_name']=lT[0][1] #用户名
dActiveUser[usr_id]['login_id']=login_id
dActiveUser[usr_id]['usr_dept']=lT[0][2],lT[0][3] #用户部门
dActiveUser[usr_id]['pic']=lT[0][4]
#用户角色/访问部门内所有人员数据的权限
sql="""SELECT WUR.role_id,WR.role_name,WR.sort,WR.dept_id
FROM usr_role WUR LEFT JOIN roles WR ON WUR.role_id=WR.role_id
WHERE WUR.usr_id=%s
""" % usr_id
print(sql)
lT1,iN1 = db.select(sql)
if iN1>0:
for e in lT1:
#用户角色
dActiveUser[usr_id]['roles'][e[0]]=e[1:]
request.session['usr_id'] = usr_id
request.session['usr_name'] = dActiveUser[usr_id]['usr_name']
request.session['dept_id'] = lT[0][2]
request.session['dept_name'] = lT[0][3]
request.session['dActiveUser'] = dActiveUser
d_value = ['','','','','']
d_value[0] = usr_id
d_value[1] = dActiveUser[usr_id]['usr_name']
d_value[2] = lT[0][2]
d_value[3] = lT[0][3]
d_value[4] = 0
g_data.set_value(d_value)
errCode = 0
msg = 'OK'
pic = lT[0][4]
if pic=='':
pic_url = "%s/user_pic/default.jpg"%fs_url
else:
pic_url = "%s/user_pic/small_"%fs_url+pic
sTimeStamp = str(time.time())
wxcpt=WXBizMsgCrypt('szoworld',m_aesKey)
ret,token = wxcpt.EncryptMsg(login_id,random_no,sTimeStamp)
if m_muti_lang==1 and lang_id>1:
if usr_id in [1,2]:
sql="""SELECT distinct WMF.menu,WMF.menu_id,case l.`name` when '' then WMF.menu_name else l.`name` end,
WMF.sort,WMF.parent_id,WMF.status,WMF.url,WMF.icon
FROM menu_func WMF
Left JOIN menu_func WMF1 on WMF.parent_id = WMF1.menu_id
left join muti_lang_menu l on l.menu_id = WMF.menu_id and l.lang_id = %s
WHERE WMF.status=1 and WMF.menu_id>0 and WMF1.status=1
ORDER BY WMF.parent_id,WMF.menu,WMF.sort,WMF.menu_id
"""%(lang_id)
else:
sql="""SELECT distinct WMF.menu,WMF.menu_id,case l.`name` when '' then WMF.menu_name else l.`name` end,
WMF.sort,WMF.parent_id,WMF.status,WMF.url,WMF.icon
FROM usr_role WUR JOIN (role_menu WRM JOIN menu_func WMF ON WRM.menu_id=WMF.menu_id) ON WUR.role_id=WRM.role_id
left join muti_lang_menu l on l.menu_id = WMF.menu_id and l.lang_id = %s
WHERE WUR.usr_id='%s' AND WMF.status=1 and WMF.menu_id>0 and WRM.can_view=1
ORDER BY WMF.parent_id,WMF.menu,WMF.sort,WMF.menu_id
"""%(lang_id,usr_id)
else:
if usr_id in [1,2]:
sql="""SELECT distinct WMF.menu,WMF.menu_id,WMF.menu_name,
WMF.sort,WMF.parent_id,WMF.status,WMF.url,WMF.icon
FROM menu_func WMF
Left JOIN menu_func WMF1 on WMF.parent_id = WMF1.menu_id
WHERE WMF.status=1 and WMF.menu_id>0 and WMF1.status=1
ORDER BY WMF.parent_id,WMF.menu,WMF.sort,WMF.menu_id
"""
else:
sql="""SELECT distinct WMF.menu,WMF.menu_id,WMF.menu_name,
WMF.sort,WMF.parent_id,WMF.status,WMF.url,WMF.icon
FROM usr_role WUR JOIN (role_menu WRM JOIN menu_func WMF ON WRM.menu_id=WMF.menu_id) ON WUR.role_id=WRM.role_id
WHERE WUR.usr_id='%s' AND WMF.status=1 and WMF.menu_id>0 and WRM.can_view=1
ORDER BY WMF.parent_id,WMF.menu,WMF.sort,WMF.menu_id
"""%usr_id
#print sql # ---#
print(sql)
rows,iN = db.select(sql)
L1=[2]
L2=[]
#L = formatData(rows,L1,L2)
names = 'level menu_id menu_name sort parent_id status url icon'.split()
data = [dict(zip(names, d)) for d in rows]
s3 = json.dumps(data,ensure_ascii=False)
s1 = """"userid":%s,
"username":"******",
"dept_id":%s,
"dept_name":"%s",
"pic_url":"%s",
"AccessToken":"%s",
"menu_data":%s,"""%(lT[0][0],(lT[0][1]),lT[0][2],(lT[0][3]),pic_url,token,s3)
sql = """insert into users_login (usr_id,source,token,login_ip,login_time,refresh_time,expire_time)
values (%s,'%s','%s','%s',now(),now(),%s)
"""%(lT[0][0],source,token,ip,int(TIME_OUT)*60)
#print ToGBK(sql)
db.executesql(sql)
# --#
# else:
# errCode = 1
# msg = u'用户名不存在'
# print('##:',s1)
s = """
{
"errcode": %s,
"errmsg": "%s",
"login_id": "%s",
%s
}
""" %(errCode,msg,login_id,s1)
#print ToGBK(s)
response = HttpResponseCORS(request,s)
return response
def forgetpwd(request,Opname):
errCode = 0
s = """ """
msg = ''
tel = ''
if request.META.has_key('HTTP_X_FORWARDED_FOR'):
login_ip = request.META['HTTP_X_FORWARDED_FOR']
else:
login_ip = request.META['REMOTE_ADDR']
name = request.POST.get('usrname','') or request.GET.get('usrname','')
login_id = request.POST.get('login_id','') or request.GET.get('login_id','')
mobil = request.POST.get('mobil','') or request.GET.get('mobil','')
mobil_valid = request.POST.get('mobil_valid','') or request.GET.get('mobil_valid','')
# 发送短信
if Opname in ['getmobilvalid']:
tel='%s'%(random.randint(0,999999))
res = test_getValid(mobil,tel)
if res['Code'].lower() in ['ok']:
# 删除相应的数据存在验证码在临时表中
_sql = "delete from `temp_sheet` where temp_id='%s' and temp_ip='%s'"%(login_id,login_ip)
db.executesql(_sql)
DB_Op('temp_sheet',['temp_id','temp_ip','valid_code'],\
["'%s'"%login_id,"'%s'"%login_ip,"'%s'"%(tel)],'insert')
errCode = 0
msg = 'sucess'
else:
errCode = -1
msg = '验证码发送失败'
s +="""{
"errcode":%s,
"errmsg": "%s",
"tel": "%s",
}
"""%(errCode,msg,mobil)
return HttpResponseCORS(request,s)
# if Opname in ['fillcount']:
# s +="""{
# "errcode":"%s",
# "errmsg": "%s",
# "tel": "%s",}
# """%(errCode,msg,tel)
# return HttpResponseCORS(request,s)
if Opname in ['checkVerify']:
# 获取验证码
sql = " select valid_code from `temp_sheet` where temp_id='%s' "%(login_id)
rows,iN = db.select(sql)
if iN:
# 验证码正确
if str(rows[0][-1]) == str(mobil_valid):
errCode = 0
msg = 'sucess'
_sql = "delete from `temp_sheet` where temp_id='%s' and temp_ip='%s'"%(login_id,login_ip)
db.executesql(_sql)
else:
errCode = -1
msg = '验证码错误'
else:
errCode = -1
msg = '该手机未收到验证码!'
# 验证码正确
s +="""{
"errcode":'%s',
"errmsg": "%s",
"valid": "%s",}
"""%(errCode,msg,mobil_valid)
return HttpResponseCORS(request,s)
def login_test(request):
currentTime = datetime.datetime.now() # 当前时间
errCode = -1
msg, s='', '' # 返回的基础信息
error_count = 0
login_id = request.POST.get('login_id','') or request.GET.get('login_id','')
password = request.POST.get('password','') or request.GET.get('password','')
valid_code = request.POST.get('valid','') or request.GET.get('valid','')
print('VALID`VALID`:',valid_code)
image_code, valid_code_real = '','' # 图片数据 验证码 -1 or ''
# print(valid_code_real)
if request.META.has_key('HTTP_X_FORWARDED_FOR'):
login_ip = request.META['HTTP_X_FORWARDED_FOR']
else:
login_ip = request.META['REMOTE_ADDR']
# 获取验证码
_sql = """
select valid_code from `temp_sheet` where temp_id='%s' and temp_ip='%s'
"""%(login_id,login_ip)
rows,iN = db.select(_sql)
if iN:
valid_code_real = rows[0][-1] # 验证码
print('valid:',valid_code_real)
# login_id = 'abc'
sql = """
select password,usr_name from `users` where login_id='%s'
"""%(login_id)
rows,iN= db.select(sql)
if iN:
real_pwd = [_[0] for _ in rows][0]
else:
real_pwd = ''
print(sql)
if not iN:
errCode = -1
msg = u'用户名不存在!'
s = """
{
"errcode": %s,
"errmsg": "%s",
"login_id": "%s",
}
""" %(errCode,msg,login_id)
response = HttpResponseCORS(request,s)
return response
else:
usr_name = rows[0][1]
# 密码正确 记录登录信息到相应表
# m1 = md5.new()
# m1.update(real_pwd.lower())
# pwd_l = m1.hexdigest()
# pwd_h = md5.new(real_pwd.upper()).hexdigest()
pwd_real = md5.new(real_pwd).hexdigest()
print('#-#valid:',valid_code_real,valid_code)
if (password==real_pwd or password in [pwd_real]) and any([valid_code_real in ['','-1'],valid_code_real.lower() == valid_code.lower()]):
# 检验是否过期
if is_valid(login_id)>=90:
errCode = -2 # 用户过期
msg = u'用户已过期!'
s ="""
{
"errcode":%s,
"errmsg:":"%s",
"login_id":"%s",
"usr_name":"%s",
}
"""%(errCode,msg,login_id,usr_name)
return HttpResponseCORS(request,s)
if is_lock(login_id)>=60:
errCode = -3 # 用户锁定
msg = u'用户已锁定!'
s ="""
{
"errcode":%s,
"errmsg:":'%s',
"login_id":"%s",
"usr_name":"%s",
}
"""%(errCode,msg,login_id,usr_name)
return HttpResponseCORS(request,s)
# else:
# pass # 更新登录时间
# DB_Op('usr_info',['login_time'],[''])
# print('match:',bool(re.compile('[a-z0-9A-Z]{8,16}').match(password)))
if len(password)<8 or not bool(re.compile(r'^(?:(?=.*[A-Z])(?=.*[a-z])(?=.*[0-9])).*$').match(password)):
errCode = 4 # 弱密码
msg = u'密码不符合要求请修改密码!'
_sql = """
select login_id from `login_record` where login_id='%s'
"""%(login_id)
print(_sql)
print db.executesql(_sql)
# 记录登录信息
if not db.executesql(_sql):
DB_Op('login_record',['login_id','login_ip','login_time'],\
["'%s'"%login_id,"'%s'"%login_ip,"'%s'"%(currentTime)],'insert')
s ="""
{
"errcode":%s,
"errmsg:":'%s',
"login_id":"%s",
"usr_name":"%s",
}
"""%(errCode,msg,login_id,usr_name)
return HttpResponseCORS(request,s)
errCode = 0
msg = u'操作正确'
_sql = """
select login_id from `login_record` where login_id='%s'
"""%(login_id)
print db.executesql(_sql)
# 记录登录信息
if not db.executesql(_sql):
DB_Op('login_record',['login_id','login_ip','login_time'],\
["'%s'"%login_id,"'%s'"%login_ip,"'%s'"%(currentTime)],'insert')
else:
DB_Op('login_record',['login_ip','login_time'],\
["'%s'"%login_ip,"'%s'"%(currentTime)]," where login_id='%s'"%(login_id))
# 删除临时表中的记录
_sql = "delete from `temp_sheet` where temp_id='%s' and temp_ip='%s'"%(login_id,login_ip)
db.executesql(_sql)
return None
# 密码错误记录到临时表
else:
_sql = """
select temp_id,temp_ip,login_num from `temp_sheet` where temp_id='%s' and temp_ip='%s'
"""%(login_id,login_ip)
rows,iN = db.select(_sql)
s +=''
# 不存在记录 插入数据
if not iN:
DB_Op('temp_sheet',['temp_id','temp_ip','login_num','valid_code'],\
["'%s'"%login_id,"'%s'"%login_ip,1,"''"],'insert')
error_count = 1
else:
# 更新数据
if int(rows[0][2])>=2:
image_code, valid_code_real = generate_valid()
DB_Op('temp_sheet',['login_num','valid_code'],\
[int(rows[0][2])+1,"'%s'"%valid_code_real],"where temp_id='%s'"%(login_id))
error_count =int(rows[0][2])+1
errCode = -1
msg = u'账户或密码错误!'
print(password,real_pwd,password == real_pwd)
if password == real_pwd:
msg = u'验证码错误!'
s = """
{
"errcode": %s,
"errmsg": "%s",
"login_id": "%s",
"image_code":"%s",
"error_count":%s,
"usr_name":"%s",
}
""" %(errCode,msg,login_id,image_code,error_count,usr_name)
response = HttpResponseCORS(request,s)
return response
def login_func(request):
import base64, time
import random
random_no = '%s' % (random.randint(0, 999999))
source = request.POST.get('source', 'web')
if request.META.has_key('HTTP_X_FORWARDED_FOR'):
ip = request.META['HTTP_X_FORWARDED_FOR']
else:
ip = request.META['REMOTE_ADDR']
union_id = 'or0EJv-sW7K_rmSakUfKH1ONE5hg'
if union_id == '':
errCode = 1
msg = u'用户未注册供应商服务平台'
s = """
{
"errcode": %s,
"errmsg": "%s",
}
""" % (errCode, msg)
response = HttpResponseCORS(request, s)
return response
s1 = ''
sql = """SELECT U.usr_id,U.usr_name,ifnull(ab.sup_id,0),ifnull(su.cname,''),IFNULL(U.headimgurl,'')
FROM users_gy U
LEFT JOIN addr_book ab on ab.id = U.addr_id
LEFT JOIN suppliers su on su.id = ab.sup_id
WHERE U.unionid='%s' AND U.status=1
""" % (union_id)
lT, iN = db.select(sql)
if iN > 0:
usr_id = lT[0][0]
request.session['usr_id'] = usr_id
request.session['usr_name'] = lT[0][1]
request.session['sup_id'] = lT[0][2]
request.session['sup_name'] = lT[0][3]
d_value = ['', '', '', '', '']
d_value[0] = usr_id
d_value[1] = lT[0][1]
d_value[2] = lT[0][2]
d_value[3] = lT[0][3]
d_value[4] = 0
g_data.set_value(d_value)
errCode = 0
msg = 'OK'
pic = lT[0][4]
sTimeStamp = str(time.time())
wxcpt = WXBizMsgCrypt('szoworld_gy', m_aesKey)
ret, token = wxcpt.EncryptMsg(str(usr_id), random_no, sTimeStamp)
sql = """SELECT distinct WMF.menu,WMF.menu_id,WMF.menu_name,
WMF.sort,WMF.parent_id,WMF.status-1,WMF.url,WMF.icon
FROM menu_func WMF
Left JOIN menu_func WMF1 on WMF.parent_id = WMF1.menu_id
WHERE WMF.status=2 and WMF.menu_id>0 and WMF1.status=2
ORDER BY WMF.parent_id,WMF.menu,WMF.sort,WMF.menu_id
"""
#print sql
rows, iN = db.select(sql)
L1 = [2]
L2 = []
#L = formatData(rows,L1,L2)
names = 'level menu_id menu_name sort parent_id status url icon'.split(
)
data = [dict(zip(names, d)) for d in rows]
s3 = json.dumps(data, ensure_ascii=False)
s1 = """"userid":%s,
"username":"******",
"sup_id":%s,
"sup_name":"%s",
"pic_url":"%s",
"AccessToken":"%s",
"menu_data":%s""" % (lT[0][0], (lT[0][1]), lT[0][2],
(lT[0][3]), pic, token, s3)
sql = """insert into users_login_gy (usr_id,source,token,login_ip,login_time,refresh_time,expire_time)
values (%s,'%s','%s','%s',now(),now(),%s)
""" % (lT[0][0], source, token, ip, int(TIME_OUT) * 60)
#print ToGBK(sql)
db.executesql(sql)
else:
errCode = 1
msg = u'用户不存在'
s = """
{
"errcode": %s,
"errmsg": "%s",
%s
}
""" % (errCode, msg, s1)
#print ToGBK(s)
response = HttpResponseCORS(request, s)
return response
