def create_user(post_data):
'''
Create the user.
The code used if `False`.
11: standsfor invalid username.
21: standsfor invalide E-mail.
91: standsfor unkown reson.
'''
out_dic = {'success': False, 'code': '00'}
if not tools.check_username_valid(post_data['user_name']):
out_dic['code'] = '11'
return out_dic
if not tools.check_email_valid(post_data['user_email']):
out_dic['code'] = '21'
return out_dic
try:
TabMember.create(uid=tools.get_uuid(),
user_name=post_data['user_name'],
user_pass=tools.md5(post_data['user_pass']),
user_email=post_data['user_email'],
role=post_data.get('role', '1000'),
time_create=tools.timestamp(),
time_update=tools.timestamp(),
time_reset_passwd=tools.timestamp(),
time_login=tools.timestamp(),
time_email=tools.timestamp())
out_dic['success'] = True
except:
out_dic['code'] = '91'
return out_dic
def create_user(post_data):
out_dic = {'success': False, 'code': '00'}
if tools.check_username_valid(post_data['user_name']):
pass
else:
out_dic['code'] = '11'
return out_dic
if tools.check_email_valid(post_data['user_email']):
pass
else:
out_dic['code'] = '21'
return out_dic
if 'role' in post_data:
role = post_data['role']
else:
role = '1000'
TabMember.create(uid=tools.get_uuid(),
user_name=post_data['user_name'],
user_pass=tools.md5(post_data['user_pass']),
user_email=post_data['user_email'],
role=role,
time_create=tools.timestamp(),
time_update=tools.timestamp(),
time_reset_passwd=tools.timestamp(),
time_login=tools.timestamp(),
time_email=tools.timestamp())
out_dic['success'] = True
return out_dic
def insert_data(self, post_data):
if '/' in post_data['user_name'][0]:
return False
if ':' in post_data['user_name'][0]:
return False
if len(post_data['user_name'][0]) < 5 or len(post_data['user_name'][0]) > 20:
return False
if '\\' in post_data['user_name'][0]:
return False
if '#' in post_data['user_name'][0]:
return False
if '+' in post_data['user_name'][0]:
return False
if "'" in post_data['user_name'][0]:
return False
if '"' in post_data['user_name'][0]:
return False
if '(' in post_data['user_name'][0]:
return False
if ')' in post_data['user_name'][0]:
return False
if ' ' in post_data['user_name'][0]:
return False
try:
CabMember.create(uid=tools.get_uuid(),
user_name=post_data['user_name'][0],
user_pass=tools.md5(post_data['user_pass'][0]),
user_email=post_data['user_email'][0],
privilege='10000',
reset_passwd_timestamp=0, )
return True
except:
return False
def test_update_pass(self):
self.add_mess()
post_data = {'user_pass': '******'}
self.uu.update_pass(self.uid, post_data['user_pass'])
tt = self.uu.get_by_uid(self.uid)
assert tt.user_pass == tools.md5(post_data['user_pass'])
self.tearDown()
def check_user(self, u_name, u_pass):
tt = CabMember.select().where(CabMember.user_name == u_name).count()
if tt == 0:
return -1
a = CabMember.get(user_name=u_name)
if a.user_pass == tools.md5(u_pass):
return 1
return 0
def check_user(user_id, u_pass):
tt = g_Member.select().where(g_Member.uid == user_id).count()
if tt == 0:
return -1
a = g_Member.get(uid=user_id)
if a.user_pass == tools.md5(u_pass):
return 1
return 0
def check_user(self, u_name, u_pass):
tt = CabMember.select().where(CabMember.user_name == u_name).count()
if tt == 0:
return -1
a = CabMember.get(user_name=u_name)
if a.user_pass == tools.md5(u_pass):
return 1
return 0
def check_user_by_name(user_id, u_pass):
tt = TabMember.select().where(TabMember.user_name == user_id).count()
if tt == 0:
return -1
a = TabMember.get(user_name=user_id)
if a.user_pass == tools.md5(u_pass):
return 1
return 0
def update_pass(user_id, newpass):
out_dic = {'success': False, 'code': '00'}
entry = g_Member.update(user_pass=tools.md5(newpass)).where(
g_Member.uid == user_id)
entry.execute()
out_dic['success'] = True
return out_dic
def check_user(user_id, u_pass):
'''
Checking the password by user's ID.
'''
user_count = TabMember.select().where(TabMember.uid == user_id).count()
if user_count == 0:
return -1
the_user = TabMember.get(uid=user_id)
if the_user.user_pass == tools.md5(u_pass):
return 1
return 0
def check_user_by_name(user_name, u_pass):
'''
Checking the password by user's name.
'''
tt = TabMember.select().where(TabMember.user_name == user_name).count()
if tt == 0:
return -1
a = TabMember.get(user_name=user_name)
if a.user_pass == tools.md5(u_pass):
return 1
return 0
def check_user_by_name(user_name, u_pass):
'''
Checking the password by user's name.
'''
the_query = TabMember.select().where(TabMember.user_name == user_name)
if the_query.count() == 0:
return -1
the_user = the_query.get()
if the_user.user_pass == tools.md5(u_pass):
return 1
return 0
def create_user(post_data, extinfo=None):
'''
Create the user.
The code used if `False`.
11: invalid username.
21: invalide E-mail.
31: E-mail exists..
91: unkown reason.
'''
out_dic = {'success': False, 'code': '00'}
if post_data['user_name'].startswith('_'):
'''
the user_name startwith with ``_``, ONLY used for inner, not for login.
'''
pass
elif not tools.check_username_valid(post_data['user_name']):
out_dic['code'] = '11'
return out_dic
if not tools.check_email_valid(post_data['user_email']):
out_dic['code'] = '21'
return out_dic
if MUser.get_by_email(post_data['user_email']):
out_dic['code'] = '31'
return out_dic
if extinfo is None:
extinfo = {}
try:
TabMember.create(
uid=tools.get_uuid(),
user_name=post_data['user_name'],
user_pass=tools.md5(post_data['user_pass']),
user_email=post_data['user_email'],
role='1000', # ‘1000' as default role.
time_create=tools.timestamp(),
time_update=tools.timestamp(),
time_reset_passwd=tools.timestamp(),
time_login=tools.timestamp(),
time_email=tools.timestamp(),
extinfo=extinfo,
)
out_dic['success'] = True
except Exception as err:
print(repr(err))
out_dic['code'] = '91'
return out_dic
def update_pass(user_id, newpass):
'''
Update the password of a user.
'''
out_dic = {'success': False, 'code': '00'}
entry = TabMember.update(user_pass=tools.md5(newpass)).where(TabMember.uid == user_id)
entry.execute()
out_dic['success'] = True
return out_dic
def reset_password(self):
'''
Do reset password
:return:
'''
post_data = self.get_post_data()
if 'email' in post_data:
userinfo = MUser.get_by_email(post_data['email'])
if tools.timestamp() - userinfo.time_reset_passwd < 70:
self.set_status(400)
kwd = {
'info': '两次重置密码时间应该大于1分钟',
'link': '/user/reset-password',
}
self.render('misc/html/404.html', kwd=kwd, userinfo=self.userinfo)
return False
if userinfo:
timestamp = tools.timestamp()
passwd = userinfo.user_pass
username = userinfo.user_name
hash_str = tools.md5(username + str(timestamp) + passwd)
url_reset = '{0}/user/reset-passwd?u={1}&t={2}&p={3}'.format(
config.SITE_CFG['site_url'],
username,
timestamp,
hash_str)
email_cnt = '''<div>请查看下面的信息,并<span style="color:red">谨慎操作</span>:</div>
<div>您在"{0}"网站({1})申请了密码重置,如果确定要进行密码重置,请打开下面链接:</div>
<div><a href={2}>{2}</a></div>
<div>如果无法确定本信息的有效性,请忽略本邮件。</div>'''.format(config.SMTP_CFG['name'],
config.SITE_CFG['site_url'],
url_reset)
if send_mail([userinfo.user_email], "{0}|密码重置".format(config.SMTP_CFG['name']),
email_cnt):
MUser.update_time_reset_passwd(username, timestamp)
self.set_status(200)
logger.info('password has been reset.')
return True
else:
self.set_status(400)
return False
else:
self.set_status(400)
return False
else:
self.set_status(400)
return False
def check_user(user_id, u_pass):
'''
Checking the password by user's ID.
:param user_id:
:param u_pass:
:return:
'''
tt = TabMember.select().where(TabMember.uid == user_id).count()
if tt == 0:
return -1
a = TabMember.get(uid=user_id)
if a.user_pass == tools.md5(u_pass):
return 1
return 0
def gen_passwd(self):
'''
reseting password
:return:
'''
post_data = self.get_post_data()
userinfo = MUser.get_by_name(post_data['u'])
sub_timestamp = int(post_data['t'])
cur_timestamp = tools.timestamp()
if cur_timestamp - sub_timestamp < 600 and cur_timestamp > sub_timestamp:
pass
else:
kwd = {
'info': '密码重置已超时!',
'link': '/user/reset-password',
}
self.set_status(400)
self.render('misc/html/404.html', kwd=kwd, userinfo=self.userinfo)
hash_str = tools.md5(userinfo.user_name + post_data['t'] +
userinfo.user_pass)
if hash_str == post_data['p']:
pass
else:
kwd = {
'info': '密码重置验证出错!',
'link': '/user/reset-password',
}
self.set_status(400)
self.render(
'misc/html/404.html',
kwd=kwd,
userinfo=self.userinfo,
)
new_passwd = tools.get_uu8d()
MUser.update_pass(userinfo.uid, new_passwd)
kwd = {
'user_name': userinfo.user_name,
'new_pass': new_passwd,
}
self.render(
'user/user_show_pass.html',
cfg=config.CMS_CFG,
kwd=kwd,
userinfo=self.userinfo,
)
def reset_password(self):
post_data = {}
for key in self.request.arguments:
post_data[key] = self.get_arguments(key)
if 'email' in post_data:
userinfo = self.muser.get_by_email(post_data['email'][0])
if tools.timestamp() - userinfo.time_reset_passwd < 70:
self.set_status(400)
kwd = {
'info': '两次重置密码时间应该大于1分钟',
}
self.render('html/404.html', kwd=kwd, userinfo=self.userinfo)
return False
if userinfo:
timestamp = tools.timestamp()
passwd = userinfo.user_pass
username = userinfo.user_name
hash_str = tools.md5(username + str(timestamp) + passwd)
url_reset = '{0}/user/reset-passwd?u={1}&t={2}&p={3}'.format(
config.site_url, username, timestamp, hash_str)
email_cnt = '''
<div>请查看下面的信息,并<span style="color:red">谨慎操作</span>:</div>
<div>您在"{0}"网站({1})申请了密码重置,如果确定要进行密码重置,请打开下面链接:</div>
<div><a href={2}>{2}</a></div>
<div>如果无法确定本信息的有效性,请忽略本邮件。</div>
'''.format(config.smtp_cfg['name'], config.site_url, url_reset)
if send_mail([userinfo.user_email],
"{0}|密码重置".format(config.smtp_cfg['name']),
email_cnt):
self.muser.update_time_reset_passwd(username, timestamp)
self.set_status(200)
return True
else:
self.set_status(400)
return False
else:
self.set_status(400)
return False
else:
self.set_status(400)
return False
def gen_passwd(self):
post_data = {}
for key in self.request.arguments:
post_data[key] = self.get_arguments(key)
userinfo = self.muser.get_by_name(post_data['u'][0])
sub_timestamp = int(post_data['t'][0])
cur_timestamp = tools.timestamp()
if cur_timestamp - sub_timestamp < 600 and cur_timestamp > sub_timestamp:
pass
else:
kwd = {
'info': '密码重置已超时!',
}
self.set_status(400)
self.render('html/404.html', kwd=kwd, userinfo=self.userinfo)
hash_str = tools.md5(userinfo.user_name + post_data['t'][0] +
userinfo.user_pass)
if hash_str == post_data['p'][0]:
pass
else:
kwd = {
'info': '密码重置验证出错!',
}
self.set_status(400)
self.render(
'html/404.html',
kwd=kwd,
userinfo=self.userinfo,
)
new_passwd = tools.get_uu8d()
self.muser.update_pass(userinfo.user_name, new_passwd)
kwd = {
'user_name': userinfo.user_name,
'new_pass': new_passwd,
}
self.render(
'user/{0}/show_pass.html'.format(self.tmpl_router),
cfg=config.cfg,
kwd=kwd,
userinfo=self.userinfo,
)
def reset_password(self):
post_data = {}
for key in self.request.arguments:
post_data[key] = self.get_arguments(key)
if 'email' in post_data:
userinfo = self.muser.get_by_email(post_data['email'][0])
if tools.timestamp() - userinfo.reset_passwd_timestamp < 70:
self.set_status(400)
kwd = {
'info': '两次重置密码时间应该大于1分钟',
}
self.render('html/404.html', kwd=kwd, userinfo = self.userinfo)
return False
if userinfo:
timestamp = tools.timestamp()
passwd = userinfo.user_pass
username = userinfo.user_name
hash_str = tools.md5(username + str(timestamp) + passwd)
url_reset = '{0}/user/reset-passwd?u={1}&t={2}&p={3}'.format(config.site_url, username, timestamp,
hash_str)
email_cnt = '''
<div>请查看下面的信息,并<span style="color:red">谨慎操作</span>:</div>
<div>您在"{0}"网站({1})申请了密码重置,如果确定要进行密码重置,请打开下面链接:</div>
<div><a href={2}>{2}</a></div>
<div>如果无法确定本信息的有效性,请忽略本邮件。</div>
'''.format(config.site_name, config.site_url, url_reset)
if send_mail([userinfo.user_email], "{0}|密码重置".format(config.site_name), email_cnt):
self.muser.update_reset_passwd_timestamp(username, timestamp)
self.set_status(200)
return True
else:
self.set_status(400)
return False
else:
self.set_status(400)
return False
else:
self.set_status(400)
return False
def gen_passwd(self):
post_data = {}
for key in self.request.arguments:
post_data[key] = self.get_arguments(key)
userinfo = self.muser.get_by_id(post_data['u'][0])
sub_timestamp = int(post_data['t'][0])
cur_timestamp = tools.timestamp()
if cur_timestamp - sub_timestamp < 600 and cur_timestamp > sub_timestamp:
pass
else:
kwd = {
'info': '密码重置已超时!',
}
self.set_status(400)
self.render('html/404.html',
kwd=kwd,
userinfo = self.userinfo)
hash_str = tools.md5(userinfo.user_name + post_data['t'][0] + userinfo.user_pass)
if hash_str == post_data['p'][0]:
pass
else:
kwd = {
'info': '密码重置验证出错!',
}
self.set_status(400)
self.render('html/404.html',
kwd=kwd,
userinfo = self.userinfo,)
new_passwd = tools.get_uu8d()
self.muser.update_pass(userinfo.user_name, new_passwd)
kwd = {
'user_name': userinfo.user_name,
'new_pass': new_passwd,
}
self.render('{0}/{1}/show_pass.html'.format(self.tmpl_name, self.tmpl_router),
cfg = config.cfg,
kwd=kwd,
userinfo = self.userinfo,)
def create_user(post_data):
'''
Create the user.
The code used if `False`.
11: standsfor invalid username.
21: standsfor invalide E-mail.
91: standsfor unkown reson.
'''
out_dic = {'success': False, 'code': '00'}
if post_data['user_name'].startswith('_'):
'''
the user_name startwith with ``_``, ONLY used for inner, not for login.
'''
pass
elif not tools.check_username_valid(post_data['user_name']):
out_dic['code'] = '11'
return out_dic
if not tools.check_email_valid(post_data['user_email']):
out_dic['code'] = '21'
return out_dic
try:
TabMember.create(
uid=tools.get_uuid(),
user_name=post_data['user_name'],
user_pass=tools.md5(post_data['user_pass']),
user_email=post_data['user_email'],
role='1000', # ‘1000' as default role.
time_create=tools.timestamp(),
time_update=tools.timestamp(),
time_reset_passwd=tools.timestamp(),
time_login=tools.timestamp(),
time_email=tools.timestamp())
out_dic['success'] = True
except:
out_dic['code'] = '91'
return out_dic
def insert_data(self, post_data):
if '/' in post_data['user_name'][0]:
return False
if ':' in post_data['user_name'][0]:
return False
if len(post_data['user_name'][0]) < 5 or len(
post_data['user_name'][0]) > 20:
return False
if '\\' in post_data['user_name'][0]:
return False
if '#' in post_data['user_name'][0]:
return False
if '+' in post_data['user_name'][0]:
return False
if "'" in post_data['user_name'][0]:
return False
if '"' in post_data['user_name'][0]:
return False
if '(' in post_data['user_name'][0]:
return False
if ')' in post_data['user_name'][0]:
return False
if ' ' in post_data['user_name'][0]:
return False
try:
CabMember.create(
uid=tools.get_uuid(),
user_name=post_data['user_name'][0],
user_pass=tools.md5(post_data['user_pass'][0]),
user_email=post_data['user_email'][0],
privilege='10000',
reset_passwd_timestamp=0,
)
return True
except:
return False
def update_pass(self, u_name, newpass):
entry = CabMember.update(user_pass=tools.md5(newpass), ).where(
CabMember.user_name == u_name)
entry.execute()
return entry
def update_pass(self, u_name, newpass):
entry = CabMember.update(
user_pass=tools.md5(newpass),
).where(CabMember.user_name == u_name)
entry.execute()
return entry
