Example #1
0
 def initialize(self):
     self.init()
     self.muser = MUser()
     self.mclass = MPycateCatalog()
     if self.get_current_user():
         self.userinfo = self.muser.get_by_id(self.get_current_user())
     else:
         self.userinfo = None
Example #2
0
 def init(self):
     self.tmpl_name = 'doc'
     self.muser = MUser()
     if self.get_current_user():
         self.userinfo = self.muser.get_by_id(self.get_current_user())
     else:
         self.userinfo = None
 def initialize(self):
     self.init()
     self.muser = MUser()
     self.mclass = MPycateCatalog()
     if self.get_current_user():
         self.userinfo = self.muser.get_by_id(self.get_current_user())
     else:
         self.userinfo = None
Example #4
0
    def __init__(self):

        self.tab = TabUsage
        try:
            TabUsage.create_table()
        except:
            pass
        self.mapp2catalog = MApp2Catalog()
        self.muser = MUser()
Example #5
0
class BaseHandler(tornado.web.RequestHandler):
    def init(self):
        self.muser = MUser()
        if self.get_current_user():
            self.userinfo = self.muser.get_by_id(self.get_current_user())
        else:
            self.userinfo = None

    def parse_url(self, url_str):
        url_str = url_str.strip()
        url_arr = [] if len(url_str) == 0 else url_str.split('/')
        return url_arr

    def check_doc_priv(self, userinfo):
        priv_dic = {
            'ADD': False,
            'EDIT': False,
            'DELETE': False,
            'ADMIN': False
        }
        if userinfo:
            pass
        else:
            return priv_dic
        if userinfo.privilege[1] >= '1':
            priv_dic['ADD'] = True
        if userinfo.privilege[1] >= '2':
            priv_dic['EDIT'] = True
        if userinfo.privilege[1] >= '4':
            priv_dic['DELETE'] = True
        if userinfo.privilege[1] >= '7':
            priv_dic['ADMIN'] = True
        return priv_dic

    def get_current_user(self):
        return self.get_secure_cookie("user")

    def is_admin(self):
        if self.userinfo and self.check_doc_priv(self.userinfo)['ADMIN']:
            return True
        else:
            return False

    def editable(self):
        # Deprecated.
        if self.get_current_user():
            return 1
        else:
            return 0
Example #6
0
class BaseHandler(tornado.web.RequestHandler, TemplateRendring):
    def init(self):
        self.tmpl_name = 'doc'
        self.muser = MUser()
        if self.get_current_user():
            self.userinfo = self.muser.get_by_id(self.get_current_user())
        else:
            self.userinfo = None

    def parse_url(self, url_str):
        url_str = url_str.strip()
        url_arr = [] if len(url_str) == 0 else url_str.split('/')
        return url_arr

    def get_current_user(self):
        return self.get_secure_cookie("user")

    def is_admin(self):
        if self.userinfo and self.userinfo.privilege[4] == '1':
            return True
        return False

    def editable(self):
        # Deprecated.
        if self.get_current_user():
            return 1
        else:
            return 0

    def render_jinja2(self, template_name, **kwargs):
        kwargs.update({
            'settings': self.settings,
            'STATIC_URL': self.settings.get('static_url_prefix', '/static/'),
            'request': self.request,
            'current_user': self.current_user,
            'xsrf_token': self.xsrf_token,
            'xsrf_form_html': self.xsrf_form_html,
        })
        content = self.render_template(template_name, **kwargs)
        self.write(content)
Example #7
0
 def initialize(self):
     self.init()
     self.muser = MUser()
     self.user_name = self.get_current_user()
     self.tmpl_router = 'user'
Example #8
0
class UserHandler(BaseHandler):
    def initialize(self):
        self.init()
        self.muser = MUser()
        self.user_name = self.get_current_user()
        self.tmpl_router = 'user'

    def get(self, url_str):
        url_arr = self.parse_url(url_str)

        if url_str == 'regist':
            if self.get_current_user():
                self.redirect('/')
            else:
                self.__to_register__()
        elif url_str == 'login':
            self.to_login()
        elif url_str == 'info':
            self.show_info()
        elif url_str == 'logout':
            self.logout()
        elif url_str == 'reset-password':
            self.to_reset_password()
        elif url_str == 'changepass':
            self.changepass()

        elif url_str == 'changeinfo':
            self.change_info()
        elif url_str == 'reset-passwd':
            if self.gen_passwd():
                pass
            else:
                self.redirect(config.site_url)
        elif url_arr[0] == 'changeprivilege':
            self.change_privilege(url_arr[1])
        elif url_str == 'find':
            if self.tmpl_router == "user":
                self.to_find()
            else:
                self.p_to_find()

        elif url_arr[0] == 'find':

            self.find(url_arr[1])
        elif url_arr[0] == 'delete_user':
            self.delete(url_arr[1])

    def post(self, url_str):
        url_arr = self.parse_url(url_str)

        if url_str == 'regist':
            self.register()
        elif url_str == 'login':
            self.login()
        elif url_str == 'changepass':
            self.changepassword()
        elif url_arr[0] == 'changepass':
            self.p_changepassword()
        elif url_str == 'changeinfo':
            self.changeinfo()
        elif url_arr[0] == 'changeinfo':
            self.p_changeinfo()
        elif url_str == 'find':
            self.post_find()
        elif url_arr[0] == 'find':
            self.find(url_arr[1])
        elif url_str == 'reset-password':
            self.reset_password()
        elif url_arr[0] == 'changeprivilege':
            self.changeprivilege(url_arr[1])

    @tornado.web.authenticated
    def p_changepassword(self):

        post_data = {}
        for key in self.request.arguments:
            post_data[key] = self.get_arguments(key)

        uu = self.muser.check_user(self.user_name, post_data['rawpass'][0])
        if uu == 1:
            self.muser.update_pass(self.user_name, post_data['user_pass'][0])
            output = {
                'changepass ': uu,
            }
        else:
            output = {
                'changepass ': 0,
            }
        return json.dump(output, self)

    @tornado.web.authenticated
    def p_changeinfo(self):

        post_data = {}
        for key in self.request.arguments:
            post_data[key] = self.get_arguments(key)

        uu = self.muser.check_user(self.user_name, post_data['rawpass'][0])

        if uu == 1:
            self.muser.update_info(self.user_name, post_data['user_email'][0])
            output = {
                'changeinfo ': uu,
            }
        else:
            output = {
                'changeinfo ': 0,
            }
        return json.dump(output, self)

    @tornado.web.authenticated
    def changepassword(self):

        post_data = {}
        for key in self.request.arguments:
            post_data[key] = self.get_arguments(key)

        uu = self.muser.check_user(self.user_name, post_data['rawpass'][0])
        if uu == 1:
            self.muser.update_pass(self.user_name, post_data['user_pass'][0])
            self.redirect(('/{0}/info').format(self.tmpl_router))
        else:
            return False

    @tornado.web.authenticated
    def changeinfo(self):
        post_data = {}
        for key in self.request.arguments:
            post_data[key] = self.get_arguments(key)

        uu = self.muser.check_user(self.user_name, post_data['rawpass'][0])

        if uu == 1:
            self.muser.update_info(self.user_name, post_data['user_email'][0])
            self.redirect(('/user/info'))
        else:
            return False

    @tornado.web.authenticated
    def changeprivilege(self, xg_username):
        post_data = {}
        for key in self.request.arguments:
            post_data[key] = self.get_arguments(key)
        if self.tmpl_router == "user":
            self.muser.update_privilege(xg_username, post_data['privilege'][0])
            self.redirect(('/user/info'))
        else:
            if self.muser.update_privilege(xg_username, post_data['privilege'][0]):
                output = {
                    'del_category ': 1,
                }
            else:
                output = {
                    'del_category ': 0,
                }
            return json.dump(output, self)

    @tornado.web.authenticated
    def logout(self):
        self.clear_all_cookies()
        self.redirect('/')

    @tornado.web.authenticated
    def changepass(self):

        self.render('{0}/{1}/changepass.html'.format(self.tmpl_name, self.tmpl_router),
                    user_info=self.muser.get_by_id(self.user_name))

    @tornado.web.authenticated
    def change_info(self):
        self.render('{0}/{1}/changeinfo.html'.format(self.tmpl_name, self.tmpl_router),
                    user_info=self.muser.get_by_id(self.user_name))

    @tornado.web.authenticated
    def change_privilege(self, xg_username):
        self.render('{0}/{1}/changeprivilege.html'.format(self.tmpl_name, self.tmpl_router),

                    user_info=self.muser.get_by_id(xg_username))

    @tornado.web.authenticated
    def show_info(self):
        self.render('{0}/{1}/info.html'.format(self.tmpl_name, self.tmpl_router),
                    user_info=self.muser.get_by_id(self.user_name),
                    userinfo=self.muser.get_by_id(self.user_name), )

    def to_reset_password(self):
        self.render('{0}/{1}/reset_password.html'.format(self.tmpl_name, self.tmpl_router))

    def to_login(self):
        if self.get_current_user():
            self.redirect('/')
        else:
            kwd = {
                'pager': '',
            }
            self.render('{0}/{1}/login.html'.format(self.tmpl_name, self.tmpl_router),
                        kwd=kwd,
                        userinfo = None,
                        )

    def register(self):
        post_data = {}

        for key in self.request.arguments:
            post_data[key] = self.get_arguments(key)

        form = SumForm(self.request.arguments)

        if form.validate():
            if self.muser.insert_data(post_data):
                self.redirect('/user/login')
            else:
                kwd = {
                    'info': '注册不成功',
                }
                self.set_status(400)
                self.render('html/404.html',
                            cfg = config.cfg,
                            kwd=kwd,
                            userinfo = None,)

        else:
            kwd = {
                    'info': '注册不成功',
                }
            self.set_status(400)
            self.render('html/404.html',
                        cfg = config.cfg,
                        kwd=kwd,
                        userinfo = None,)

    def __to_register__(self):
        kwd = {
            'pager': '',
        }
        self.render('{0}/{1}/regist.html'.format(self.tmpl_name, self.tmpl_router),
                    cfg = config.cfg,
                    userinfo = None,
                    kwd=kwd)

    def login(self):
        post_data = {}
        for key in self.request.arguments:
            post_data[key] = self.get_arguments(key)
        if 'next' in post_data:
            next_url = post_data['next'][0]
        else:
            next_url = '/'
        u_name = post_data['user_name'][0]
        u_pass = post_data['user_pass'][0]

        kwd = {
            'pager': '',
        }
        result = self.muser.check_user(u_name, u_pass)
        if result == 1:
            self.set_secure_cookie("user", u_name)
            self.redirect("{0}".format(next_url))
        elif result == 0:
            self.set_status(401)
            kwd = {
                'info': '密码验证出错,请<a href="/user/login">重新登陆</a>。'
            }
            self.render('html/404.html',
                        cfg = config.cfg,
                        kwd=kwd,
                        userinfo = self.userinfo,)
        elif result == -1:
            self.set_status(401)
            kwd = {
                'info': '没有这个用户'
            }
            self.render('html/404.html',
                        cfg = config.cfg,
                        kwd=kwd,
                        userinfo = self.userinfo,)
        else:
            self.set_status(305)
            self.redirect("{0}".format(next_url))

    def to_find(self, ):
        kwd = {
            'pager': '',
        }
        self.render('{0}/{1}/find.html'.format(self.tmpl_name, self.tmpl_router),
                    cfg = config.cfg,
                    kwd=kwd,
                    userinfo = self.userinfo,
                    )

    def p_to_find(self, ):

        kwd = {
            'pager': '',

        }
        self.render('{0}/{1}/find_list.html'.format(self.tmpl_name, self.tmpl_router),
                    kwd=kwd,
                    view=self.muser.get_by_keyword(""),
                    cfg = config.cfg,
                    userinfo = self.userinfo,
                        )

    def find(self, keyword):
        kwd = {
            'pager': '',
            'unescape': tornado.escape.xhtml_unescape,
            'title': '查找结果',
        }
        if self.tmpl_router == "user":
            self.render('{0}/{1}/find_list.html'.format(self.tmpl_name, self.tmpl_router),
                        kwd=kwd,
                        view=self.muser.get_by_keyword(keyword),
                        cfg = config.cfg,
                        userinfo  = self.userinfo,
                        )
        else:
            result=self.muser.get_by_keyword(keyword)
            if result:
                output = {
                    'find': result
                }
            else:
                output = {
                    'find': 0,
                }

            return json.dump(output, self)

    def delete(self, del_id):

        if self.tmpl_router == "user":

            is_deleted = self.muser.delete(del_id)
            if is_deleted:
                self.redirect('/user/find')
            else:
                return False
        else:
            if self.muser.delete(del_id):
                output = {
                    'del_category': 1
                }
            else:
                output = {
                    'del_category': 0,
                }

            return json.dump(output, self)

    def post_find(self):
        keyword = self.get_argument('keyword')
        self.find(keyword)

    def reset_password(self):
        post_data = {}
        for key in self.request.arguments:
            post_data[key] = self.get_arguments(key)

        if 'email' in post_data:
            userinfo = self.muser.get_by_email(post_data['email'][0])

            if tools.timestamp() - userinfo.reset_passwd_timestamp < 70:
                self.set_status(400)
                kwd = {
                    'info': '两次重置密码时间应该大于1分钟',
                }
                self.render('html/404.html', kwd=kwd, userinfo = self.userinfo)
                return False

            if userinfo:
                timestamp = tools.timestamp()
                passwd = userinfo.user_pass
                username = userinfo.user_name
                hash_str = tools.md5(username + str(timestamp) + passwd)
                url_reset = '{0}/user/reset-passwd?u={1}&t={2}&p={3}'.format(config.site_url, username, timestamp,
                                                                             hash_str)
                email_cnt = '''
            <div>请查看下面的信息,并<span style="color:red">谨慎操作</span>:</div>
            <div>您在"{0}"网站({1})申请了密码重置,如果确定要进行密码重置,请打开下面链接:</div>
            <div><a href={2}>{2}</a></div>
            <div>如果无法确定本信息的有效性,请忽略本邮件。</div>
            '''.format(config.site_name, config.site_url, url_reset)

                if send_mail([userinfo.user_email], "{0}|密码重置".format(config.site_name), email_cnt):
                    self.muser.update_reset_passwd_timestamp(username, timestamp)
                    self.set_status(200)
                    return True
                else:
                    self.set_status(400)
                    return False
            else:
                self.set_status(400)
                return False
        else:
            self.set_status(400)
            return False

    def gen_passwd(self):
        post_data = {}
        for key in self.request.arguments:
            post_data[key] = self.get_arguments(key)
        userinfo = self.muser.get_by_id(post_data['u'][0])

        sub_timestamp = int(post_data['t'][0])
        cur_timestamp = tools.timestamp()
        if cur_timestamp - sub_timestamp < 600 and cur_timestamp > sub_timestamp:
            pass
        else:
            kwd = {
                'info': '密码重置已超时!',
            }
            self.set_status(400)
            self.render('html/404.html',
                        kwd=kwd,
                        userinfo = self.userinfo)

        hash_str = tools.md5(userinfo.user_name + post_data['t'][0] + userinfo.user_pass)
        if hash_str == post_data['p'][0]:
            pass
        else:
            kwd = {
                'info': '密码重置验证出错!',
            }
            self.set_status(400)
            self.render('html/404.html',
                        kwd=kwd,
                        userinfo = self.userinfo,)

        new_passwd = tools.get_uu8d()
        self.muser.update_pass(userinfo.user_name, new_passwd)
        kwd = {
            'user_name': userinfo.user_name,
            'new_pass': new_passwd,
        }
        self.render('{0}/{1}/show_pass.html'.format(self.tmpl_name, self.tmpl_router),
                    cfg = config.cfg,
                    kwd=kwd,
                    userinfo = self.userinfo,)
class MaintainPycateCategoryHandler(BaseHandler):
    def initialize(self):
        self.init()
        self.muser = MUser()
        self.mclass = MPycateCatalog()
        if self.get_current_user():
            self.userinfo = self.muser.get_by_id(self.get_current_user())
        else:
            self.userinfo = None

    def get(self, url_str=''):
        url_arr = self.parse_url(url_str)


        if url_str == 'add':
            self.to_add_class()
        elif url_str == 'list':
            self.recent()
        elif url_str == 'refresh':
            self.refresh()
        elif url_arr[0] == 'modify':
            self.to_modify(url_arr[1])
        elif url_arr[0] == 'delete':
            self.delete(url_arr[1])

        else:
            kwd = {
                'info': '页面未找到',
            }
            self.render('html/404.html', kwd=kwd)

    def post(self, url_str=''):
        url_arr = self.parse_url(url_str)

        if len(url_arr) == 1 and url_str.endswith('.html'):
            self.add_post()

        if url_arr[0] == 'modify':
            self.update(url_arr[1])
        elif url_str == 'add':
            self.user_add_class()
        else:
            self.redirect('html/404.html')

    def recent(self):
        kwd = {
            'pager': '',
            'unescape': tornado.escape.xhtml_unescape,
            'title': '最近文档',
        }
        self.render('{0}/maintain/pycatecategory/category_list.html'.format(self.tmpl_name),
                    kwd=kwd,
                    view=self.mclass.query_recent(),
                    format_date=tools.format_date,
                    userinfo=self.userinfo,
                    )

    def refresh(self):

        kwd = {
            'pager': '',
            'title': '最近文档',
        }
        self.render('{0}/maintain/pycatecategory/category_list.html'.format(self.tmpl_name),
                    kwd=kwd,
                    userinfo=self.userinfo,
                    view=self.mclass.query_dated(10),
                    format_date=tools.format_date,
                    unescape=tornado.escape.xhtml_unescape, )

    def get_random(self):
        return self.mclass.query_random()

    def wiki(self, uid):
        dbdate = self.mclass.get_by_id(uid)
        if dbdate:

            self.viewit(uid)
        else:

            self.to_add(uid)

    def to_add_class(self, ):
        kwd = {
            'pager': '',
            'uid': '',
        }
        self.render('{0}/maintain/pycatecategory/category_add.html'.format(self.tmpl_name),
                    topmenu='',
                    kwd=kwd,
                    userinfo=self.userinfo,
                    )

    @tornado.web.authenticated
    def to_add(self, uid):
        if self.is_admin():
            pass
        else:
            return False
        kwd = {
            'uid': uid,
            'pager': '',
        }
        self.render('{0}/maintain/pycatecategory/list.html'.format(self.tmpl_name),
                    kwd=kwd,
                    )

    @tornado.web.authenticated
    def update(self, uid):
        if self.is_admin():
            pass
        else:
            return False
        raw_data = self.mclass.get_by_id(uid)

        post_data = {}
        for key in self.request.arguments:
            post_data[key] = self.get_arguments(key)
        post_data['user_name'] = self.get_current_user()

        self.mclass.update(uid, post_data)

        self.redirect('/maintain/pycatecategory/list'.format(uid))

    @tornado.web.authenticated
    def to_modify(self, id_rec):
        a = self.mclass.get_by_id(id_rec)
        # 用户具有管理权限,或文章是用户自己发布的。
        if self.is_admin():
            pass
        else:
            return False

        kwd = {
            'pager': '',

        }
        self.render('{0}/maintain/pycatecategory/category_edit.html'.format(self.tmpl_name),
                    kwd=kwd,
                    unescape=tornado.escape.xhtml_unescape,
                    dbrec=a,
                    userinfo=self.userinfo,
                    )

    @tornado.web.authenticated
    def viewit(self, post_id):

        rec = self.mclass.get_by_uid(post_id)

        if not rec:
            kwd = {
                'info': '您要找的分类不存在。',
            }
            self.render('html/404.html', kwd=kwd)
            return False

        kwd = {
            'pager': '',
            'editable': self.editable(),

        }

        self.render('{0}/maintain/pycatecategory/category_view.html'.format(self.tmpl_name),
                    view=rec,
                    unescape=tornado.escape.xhtml_unescape,
                    kwd=kwd,
                    userinfo=self.userinfo,

                    )

    @tornado.web.authenticated
    def user_add_class(self):
        if self.is_admin():
            pass
        else:
            return False
        post_data = {}
        for key in self.request.arguments:
            post_data[key] = self.get_arguments(key)

        post_data['user_name'] = self.get_current_user()

        self.mclass.insert_data(post_data)

        self.redirect('/maintain/pycatecategory/list'.format())

    @tornado.web.authenticated
    def delete(self, del_id):
        if self.is_admin():
            pass
        else:
            return False
        is_deleted = self.mclass.delete(del_id)
        if is_deleted:
            self.redirect('/maintain/pycatecategory/list')
        else:
            return False
Example #10
0
 def init(self):
     self.muser = MUser()
     if self.get_current_user():
         self.userinfo = self.muser.get_by_id(self.get_current_user())
     else:
         self.userinfo = None
Example #11
0
class BaseHandler(tornado.web.RequestHandler, TemplateRendring):
    def init(self):
        self.muser = MUser()
        if self.get_current_user():
            self.userinfo = self.muser.get_by_id(self.get_current_user())
        else:
            self.userinfo = None

    def parse_url(self, url_str):
        url_str = url_str.strip()
        url_arr = [] if len(url_str) == 0 else url_str.split('/')
        return url_arr

    def check_doc_priv(self, userinfo):
        priv_dic = {
            'ADD': False,
            'EDIT': False,
            'DELETE': False,
            'ADMIN': False
        }
        if userinfo.privilege[1] >= '1':
            priv_dic['ADD'] = True
        if userinfo.privilege[1] >= '2':
            priv_dic['EDIT'] = True
        if userinfo.privilege[1] >= '4':
            priv_dic['DELETE'] = True
        if userinfo.privilege[1] >= '8':
            priv_dic['ADMIN'] = True
        return priv_dic

    def get_current_user(self):
        return self.get_secure_cookie("user")

    def is_admin(self):
        if self.userinfo and self.userinfo.privilege[4] == '1':
            return True
        return False

    def editable(self):
        # Deprecated.
        if self.get_current_user():
            return 1
        else:
            return 0

    def render_jinja2(self, template_name, **kwargs):
        kwargs.update({
            'settings':
            self.settings,
            'STATIC_URL':
            self.settings.get('static_url_prefix', '/static/'),
            'request':
            self.request,
            'current_user':
            self.current_user,
            'xsrf_token':
            self.xsrf_token,
            'xsrf_form_html':
            self.xsrf_form_html,
        })
        content = self.render_template(template_name, **kwargs)
        self.write(content)
Example #12
0
 def initialize(self):
     self.init()
     self.muser = MUser()
     self.user_name = self.get_current_user()
     self.tmpl_router = 'user_ajax'
Example #13
0
class UserHandler(BaseHandler):
    def initialize(self):
        self.init()
        self.muser = MUser()
        self.user_name = self.get_current_user()
        self.tmpl_router = 'info'

    def get(self, url_str):
        url_arr = self.parse_url(url_str)

        if url_str == 'regist':
            if self.get_current_user():
                self.redirect('/')
            else:
                self.__to_register__()
        elif url_str == 'login':
            self.to_login()
        elif url_str == 'info':
            self.show_info()
        elif url_str == 'logout':
            self.logout()
        elif url_str == 'reset-password':
            self.to_reset_password()
        elif url_str == 'changepass':
            self.changepass()

        elif url_str == 'changeinfo':
            self.change_info()
        elif url_str == 'reset-passwd':
            if self.gen_passwd():
                pass
            else:
                self.redirect(config.site_url)
        elif url_arr[0] == 'changeprivilege':
            self.change_privilege(url_arr[1])
        elif url_str == 'find':
            if self.tmpl_router == "user":
                self.to_find()
            else:
                self.p_to_find()

        elif url_arr[0] == 'find':

            self.find(url_arr[1])
        elif url_arr[0] == 'delete_user':
            self.delete(url_arr[1])

    def post(self, url_str):
        url_arr = self.parse_url(url_str)

        if url_str == 'regist':
            self.register()
        elif url_str == 'login':
            self.login()
        elif url_str == 'changepass':
            self.changepassword()
        elif url_arr[0] == 'changepass':
            self.p_changepassword()
        elif url_str == 'changeinfo':
            self.changeinfo()
        elif url_arr[0] == 'changeinfo':
            self.p_changeinfo()
        elif url_str == 'find':
            self.post_find()
        elif url_arr[0] == 'find':
            self.find(url_arr[1])
        elif url_str == 'reset-password':
            self.reset_password()
        elif url_arr[0] == 'changeprivilege':
            self.changeprivilege(url_arr[1])

    @tornado.web.authenticated
    def p_changepassword(self):

        post_data = {}
        for key in self.request.arguments:
            post_data[key] = self.get_arguments(key)

        uu = self.muser.check_user(self.user_name, post_data['rawpass'][0])
        if uu == 1:
            self.muser.update_pass(self.user_name, post_data['user_pass'][0])
            output = {
                'changepass ': uu,
            }
        else:
            output = {
                'changepass ': 0,
            }
        return json.dump(output, self)

    @tornado.web.authenticated
    def p_changeinfo(self):

        post_data = {}
        for key in self.request.arguments:
            post_data[key] = self.get_arguments(key)

        uu = self.muser.check_user(self.user_name, post_data['rawpass'][0])

        if uu == 1:
            self.muser.update_info(self.user_name, post_data['user_email'][0])
            output = {
                'changeinfo ': uu,
            }
        else:
            output = {
                'changeinfo ': 0,
            }
        return json.dump(output, self)

    @tornado.web.authenticated
    def changepassword(self):

        post_data = {}
        for key in self.request.arguments:
            post_data[key] = self.get_arguments(key)

        uu = self.muser.check_user(self.user_name, post_data['rawpass'][0])
        if uu == 1:
            self.muser.update_pass(self.user_name, post_data['user_pass'][0])
            self.redirect(('/{0}/info').format(self.tmpl_router))
        else:
            return False

    @tornado.web.authenticated
    def changeinfo(self):
        post_data = {}
        for key in self.request.arguments:
            post_data[key] = self.get_arguments(key)

        uu = self.muser.check_user(self.user_name, post_data['rawpass'][0])

        if uu == 1:
            self.muser.update_info(self.user_name, post_data['user_email'][0])
            self.redirect(('/user/info'))
        else:
            return False

    @tornado.web.authenticated
    def changeprivilege(self, xg_username):
        post_data = {}
        for key in self.request.arguments:
            post_data[key] = self.get_arguments(key)
        if self.tmpl_router == "user":
            self.muser.update_privilege(xg_username, post_data['privilege'][0])
            self.redirect(('/user/info'))
        else:
            if self.muser.update_privilege(xg_username, post_data['privilege'][0]):
                output = {
                    'del_category ': 1,
                }
            else:
                output = {
                    'del_category ': 0,
                }
            return json.dump(output, self)

    @tornado.web.authenticated
    def logout(self):
        self.clear_all_cookies()
        self.redirect('/')

    @tornado.web.authenticated
    def changepass(self):

        self.render('user/{0}/changepass.html'.format(self.tmpl_router),
                    userinfo=self.muser.get_by_id(self.user_name))

    @tornado.web.authenticated
    def change_info(self):
        self.render('user/{0}/changeinfo.html'.format(self.tmpl_router),
                    userinfo=self.muser.get_by_id(self.user_name))

    @tornado.web.authenticated
    def change_privilege(self, xg_username):
        self.render('user/{0}/changeprivilege.html'.format(self.tmpl_router),

                    userinfo=self.muser.get_by_id(xg_username))

    @tornado.web.authenticated
    def show_info(self):
        self.render('user/{0}/info.html'.format(self.tmpl_router),
                    userinfo=self.muser.get_by_id(self.user_name), )

    def to_reset_password(self):
        self.render('user/{0}/reset_password.html'.format(self.tmpl_router))

    def to_login(self):
        if self.get_current_user():
            self.redirect('/')
        else:
            kwd = {
                'pager': '',
            }
            self.render('user/{0}/login.html'.format(self.tmpl_router),
                        kwd=kwd,
                        userinfo=None,
                        )

    def register(self):
        post_data = {}

        for key in self.request.arguments:
            post_data[key] = self.get_arguments(key)

        form = SumForm(self.request.arguments)

        if form.validate():
            if self.muser.insert_data(post_data):
                self.redirect('/user/login')
            else:
                kwd = {
                    'info': '注册不成功',
                }
                self.set_status(400)
                self.render('html/404.html',
                            cfg=config.cfg,
                            kwd=kwd,
                            userinfo=None, )

        else:
            kwd = {
                'info': '注册不成功',
            }
            self.set_status(400)
            self.render('html/404.html',
                        cfg=config.cfg,
                        kwd=kwd,
                        userinfo=None, )

    def __to_register__(self):
        kwd = {
            'pager': '',
        }
        self.render('user/{0}/regist.html'.format(self.tmpl_router),
                    cfg=config.cfg,
                    userinfo=None,
                    kwd=kwd)

    def login(self):
        post_data = {}
        for key in self.request.arguments:
            post_data[key] = self.get_arguments(key)
        if 'next' in post_data:
            next_url = post_data['next'][0]
        else:
            next_url = '/'
        u_name = post_data['user_name'][0]
        u_pass = post_data['user_pass'][0]

        kwd = {
            'pager': '',
        }
        result = self.muser.check_user(u_name, u_pass)
        if result == 1:
            self.set_secure_cookie("user", u_name)
            self.redirect("{0}".format(next_url))
        elif result == 0:
            self.set_status(401)
            kwd = {
                'info': '密码验证出错,请<a href="/user/login">重新登陆</a>。'
            }
            self.render('html/404.html',
                        cfg=config.cfg,
                        kwd=kwd,
                        userinfo=self.userinfo, )
        elif result == -1:
            self.set_status(401)
            kwd = {
                'info': '没有这个用户'
            }
            self.render('html/404.html',
                        cfg=config.cfg,
                        kwd=kwd,
                        userinfo=self.userinfo, )
        else:
            self.set_status(305)
            self.redirect("{0}".format(next_url))

    def to_find(self, ):
        kwd = {
            'pager': '',
        }
        self.render('user/{0}/find.html'.format(self.tmpl_router),
                    cfg=config.cfg,
                    kwd=kwd,
                    userinfo=self.userinfo,
                    )

    def p_to_find(self, ):

        kwd = {
            'pager': '',

        }
        self.render('user/{0}/find_list.html'.format(self.tmpl_router),
                    kwd=kwd,
                    view=self.muser.get_by_keyword(""),
                    cfg=config.cfg,
                    userinfo=self.userinfo,
                    )

    def find(self, keyword):
        kwd = {
            'pager': '',
            'unescape': tornado.escape.xhtml_unescape,
            'title': '查找结果',
        }
        if self.tmpl_router == "user":
            self.render('user/{0}/find_list.html'.format(self.tmpl_router),
                        kwd=kwd,
                        view=self.muser.get_by_keyword(keyword),
                        cfg=config.cfg,
                        userinfo=self.userinfo,
                        )
        else:
            result = self.muser.get_by_keyword(keyword)
            if result:
                output = {
                    'find': result
                }
            else:
                output = {
                    'find': 0,
                }

            return json.dump(output, self)

    def delete(self, del_id):

        if self.tmpl_router == "user":

            is_deleted = self.muser.delete(del_id)
            if is_deleted:
                self.redirect('/user/find')
            else:
                return False
        else:
            if self.muser.delete(del_id):
                output = {
                    'del_category': 1
                }
            else:
                output = {
                    'del_category': 0,
                }

            return json.dump(output, self)

    def post_find(self):
        keyword = self.get_argument('keyword')
        self.find(keyword)

    def reset_password(self):
        post_data = {}
        for key in self.request.arguments:
            post_data[key] = self.get_arguments(key)

        if 'email' in post_data:
            userinfo = self.muser.get_by_email(post_data['email'][0])

            if tools.timestamp() - userinfo.reset_passwd_timestamp < 70:
                self.set_status(400)
                kwd = {
                    'info': '两次重置密码时间应该大于1分钟',
                }
                self.render('html/404.html', kwd=kwd, userinfo=self.userinfo)
                return False

            if userinfo:
                timestamp = tools.timestamp()
                passwd = userinfo.user_pass
                username = userinfo.user_name
                hash_str = tools.md5(username + str(timestamp) + passwd)
                url_reset = '{0}/user/reset-passwd?u={1}&t={2}&p={3}'.format(config.site_url, username, timestamp,
                                                                             hash_str)
                email_cnt = '''
            <div>请查看下面的信息,并<span style="color:red">谨慎操作</span>:</div>
            <div>您在"{0}"网站({1})申请了密码重置,如果确定要进行密码重置,请打开下面链接:</div>
            <div><a href={2}>{2}</a></div>
            <div>如果无法确定本信息的有效性,请忽略本邮件。</div>
            '''.format(config.site_name, config.site_url, url_reset)

                if send_mail([userinfo.user_email], "{0}|密码重置".format(config.site_name), email_cnt):
                    self.muser.update_reset_passwd_timestamp(username, timestamp)
                    self.set_status(200)
                    return True
                else:
                    self.set_status(400)
                    return False
            else:
                self.set_status(400)
                return False
        else:
            self.set_status(400)
            return False

    def gen_passwd(self):
        post_data = {}
        for key in self.request.arguments:
            post_data[key] = self.get_arguments(key)
        userinfo = self.muser.get_by_id(post_data['u'][0])

        sub_timestamp = int(post_data['t'][0])
        cur_timestamp = tools.timestamp()
        if cur_timestamp - sub_timestamp < 600 and cur_timestamp > sub_timestamp:
            pass
        else:
            kwd = {
                'info': '密码重置已超时!',
            }
            self.set_status(400)
            self.render('html/404.html',
                        kwd=kwd,
                        userinfo=self.userinfo)

        hash_str = tools.md5(userinfo.user_name + post_data['t'][0] + userinfo.user_pass)
        if hash_str == post_data['p'][0]:
            pass
        else:
            kwd = {
                'info': '密码重置验证出错!',
            }
            self.set_status(400)
            self.render('html/404.html',
                        kwd=kwd,
                        userinfo=self.userinfo, )

        new_passwd = tools.get_uu8d()
        self.muser.update_pass(userinfo.user_name, new_passwd)
        kwd = {
            'user_name': userinfo.user_name,
            'new_pass': new_passwd,
        }
        self.render('user/{0}/show_pass.html'.format(self.tmpl_router),
                    cfg=config.cfg,
                    kwd=kwd,
                    userinfo=self.userinfo, )
Example #14
0
class MaintainPycateCategoryHandler(BaseHandler):
    def initialize(self):
        self.init()
        self.muser = MUser()
        self.mclass = MPycateCatalog()
        if self.get_current_user():
            self.userinfo = self.muser.get_by_id(self.get_current_user())
        else:
            self.userinfo = None

    def get(self, url_str=''):
        url_arr = self.parse_url(url_str)

        if url_str == 'add':
            self.to_add_class()
        elif url_str == 'list':
            self.recent()
        elif url_str == 'refresh':
            self.refresh()
        elif url_arr[0] == 'modify':
            self.to_modify(url_arr[1])
        elif url_arr[0] == 'delete':
            self.delete(url_arr[1])

        else:
            kwd = {
                'info': '页面未找到',
            }
            self.render('html/404.html', kwd=kwd)

    def post(self, url_str=''):
        url_arr = self.parse_url(url_str)

        if len(url_arr) == 1 and url_str.endswith('.html'):
            self.add_post()

        if url_arr[0] == 'modify':
            self.update(url_arr[1])
        elif url_str == 'add':
            self.user_add_class()
        else:
            self.redirect('html/404.html')

    def recent(self):
        kwd = {
            'pager': '',
            'unescape': tornado.escape.xhtml_unescape,
            'title': '最近文档',
        }
        self.render(
            'doc/maintain/pycatecategory/category_list.html',
            kwd=kwd,
            view=self.mclass.query_recent(),
            format_date=tools.format_date,
            userinfo=self.userinfo,
        )

    def refresh(self):

        kwd = {
            'pager': '',
            'title': '最近文档',
        }
        self.render(
            'doc/maintain/pycatecategory/category_list.html',
            kwd=kwd,
            userinfo=self.userinfo,
            view=self.mclass.query_dated(10),
            format_date=tools.format_date,
            unescape=tornado.escape.xhtml_unescape,
        )

    def get_random(self):
        return self.mclass.query_random()

    def wiki(self, uid):
        dbdate = self.mclass.get_by_id(uid)
        if dbdate:

            self.viewit(uid)
        else:

            self.to_add(uid)

    def to_add_class(self, ):
        kwd = {
            'pager': '',
            'uid': '',
        }
        self.render(
            'doc/maintain/pycatecategory/category_add.html',
            topmenu='',
            kwd=kwd,
            userinfo=self.userinfo,
        )

    @tornado.web.authenticated
    def to_add(self, uid):
        if self.is_admin():
            pass
        else:
            return False
        kwd = {
            'uid': uid,
            'pager': '',
        }
        self.render(
            'doc/maintain/pycatecategory/list.html',
            kwd=kwd,
        )

    @tornado.web.authenticated
    def update(self, uid):
        if self.is_admin():
            pass
        else:
            return False
        raw_data = self.mclass.get_by_id(uid)

        post_data = {}
        for key in self.request.arguments:
            post_data[key] = self.get_arguments(key)
        post_data['user_name'] = self.get_current_user()

        self.mclass.update(uid, post_data)

        self.redirect('/maintain/pycatecategory/list'.format(uid))

    @tornado.web.authenticated
    def to_modify(self, id_rec):
        a = self.mclass.get_by_id(id_rec)
        # 用户具有管理权限,或文章是用户自己发布的。
        if self.is_admin():
            pass
        else:
            return False

        kwd = {
            'pager': '',
        }
        self.render(
            'doc/maintain/pycatecategory/category_edit.html',
            kwd=kwd,
            unescape=tornado.escape.xhtml_unescape,
            dbrec=a,
            userinfo=self.userinfo,
        )

    @tornado.web.authenticated
    def viewit(self, post_id):

        rec = self.mclass.get_by_uid(post_id)

        if not rec:
            kwd = {
                'info': '您要找的分类不存在。',
            }
            self.render('html/404.html', kwd=kwd)
            return False

        kwd = {
            'pager': '',
            'editable': self.editable(),
        }

        self.render(
            'doc/maintain/pycatecategory/category_view.html',
            view=rec,
            unescape=tornado.escape.xhtml_unescape,
            kwd=kwd,
            userinfo=self.userinfo,
        )

    @tornado.web.authenticated
    def user_add_class(self):
        if self.is_admin():
            pass
        else:
            return False
        post_data = {}
        for key in self.request.arguments:
            post_data[key] = self.get_arguments(key)

        post_data['user_name'] = self.get_current_user()

        self.mclass.insert_data(post_data)

        self.redirect('/maintain/pycatecategory/list'.format())

    @tornado.web.authenticated
    def delete(self, del_id):
        if self.is_admin():
            pass
        else:
            return False
        is_deleted = self.mclass.delete(del_id)
        if is_deleted:
            self.redirect('/maintain/pycatecategory/list')
        else:
            return False