def check_login(self): try: api_check = True if not 'login' in session: api_check = self.get_sk() if api_check: session.clear() return api_check else: if session['login'] == False: session.clear() return redirect('/login') if api_check: try: sess_out_path = 'data/session_timeout.pl' sess_input_path = 'data/session_last.pl' if not os.path.exists(sess_out_path): public.writeFile(sess_out_path, '86400') if not os.path.exists(sess_input_path): public.writeFile(sess_input_path, str(int(time.time()))) session_timeout = int(public.readFile(sess_out_path)) session_last = int(public.readFile(sess_input_path)) if time.time() - session_last > session_timeout: os.remove(sess_input_path) session['login'] = False cache.set('dologin', True) session.clear() return redirect('/login') public.writeFile(sess_input_path, str(int(time.time()))) except: pass filename = '/www/server/panel/data/login_token.pl' if os.path.exists(filename): token = public.readFile(filename).strip() if 'login_token' in session: if session['login_token'] != token: session.clear() return redirect('/login?dologin=True') except: return public.returnMsg(False, public.get_error_info()) session.clear() return redirect('/login')
def check_login(self): try: api_check = True g.api_request = False if not 'login' in session: api_check = self.get_sk() if api_check: #session.clear() return api_check g.api_request = True else: if session['login'] == False: session.clear() return redirect('/login') if 'tmp_login_expire' in session: s_file = 'data/session/{}'.format(session['tmp_login_id']) if session['tmp_login_expire'] < time.time(): session.clear() if os.path.exists(s_file): os.remove(s_file) return redirect('/login') if not os.path.exists(s_file): session.clear() return redirect('/login') ua_md5 = public.md5(g.ua) if ua_md5 != session.get('login_user_agent', ua_md5): session.clear() return redirect('/login') if api_check: now_time = time.time() session_timeout = session.get('session_timeout', 0) if session_timeout < now_time and session_timeout != 0: session.clear() return redirect('/login?dologin=True&go=0') login_token = session.get('login_token', '') if login_token: if login_token != public.get_login_token_auth(): session.clear() return redirect('/login?dologin=True&go=1') # if api_check: # filename = 'data/sess_files/' + public.get_sess_key() # if not os.path.exists(filename): # session.clear() # return redirect('/login?dologin=True&go=2') # 标记新的会话过期时间 session['session_timeout'] = time.time( ) + public.get_session_timeout() except: public.WriteLog('Login auth', public.get_error_info()) session.clear() return redirect('/login')
def check_login(self): try: api_check = True g.api_request = False if not 'login' in session: api_check = self.get_sk() if api_check: session.clear() return api_check g.api_request = True else: if session['login'] == False: public.WriteLog('Login auth', 'The current session has been logged out') session.clear() return redirect('/login') if 'tmp_login_expire' in session: s_file = 'data/session/{}'.format(session['tmp_login_id']) if session['tmp_login_expire'] < time.time(): public.WriteLog('Login auth', 'Temporary authorization has expired {}'.format(public.get_client_ip())) session.clear() if os.path.exists(s_file): os.remove(s_file) return redirect('/login') if not os.path.exists(s_file): public.WriteLog('Login auth', 'Forced withdrawal due to cancellation of temporary authorization {}'.format(public.get_client_ip())) session.clear() return redirect('/login') ua_md5 = public.md5(g.ua) if ua_md5 != session.get('login_user_agent',ua_md5): public.WriteLog('Login auth', 'UA verification failed {}'.format(public.get_client_ip())) session.clear() return redirect('/login') if api_check: session_timeout = session.get('session_timeout',0) if session_timeout < time.time() and session_timeout != 0: public.WriteLog('Login auth', 'The session has expired {}'.format(public.get_client_ip())) session.clear() return redirect('/login?dologin=True&go=0') login_token = session.get('login_token','') if login_token: if login_token != public.get_login_token_auth(): public.WriteLog('Login auth', 'Session ID does not match {}'.format(public.get_client_ip())) session.clear() return redirect('/login?dologin=True&go=1') if api_check: filename = 'data/sess_files/' + public.get_sess_key() if not os.path.exists(filename): public.WriteLog('Login auth', 'Trigger CSRF defense {}'.format(public.get_client_ip())) session.clear() return redirect('/login?dologin=True&go=2') except: public.WriteLog('Login auth',public.get_error_info()) session.clear() return redirect('/login')
def check_login(self): try: api_check = True g.api_request = False if not 'login' in session: api_check = self.get_sk() if api_check: session.clear() return api_check g.api_request = True else: if session['login'] == False: session.clear() return redirect('/login') if 'tmp_login_expire' in session: s_file = 'data/session/{}'.format(session['tmp_login_id']) if session['tmp_login_expire'] < time.time(): session.clear() if os.path.exists(s_file): os.remove(s_file) return redirect('/login') if not os.path.exists(s_file): session.clear() return redirect('/login') if api_check: try: sess_out_path = 'data/session_timeout.pl' sess_input_path = 'data/session_last.pl' if not os.path.exists(sess_out_path): public.writeFile(sess_out_path,'86400') if not os.path.exists(sess_input_path): public.writeFile(sess_input_path,str(int(time.time()))) session_timeout = int(public.readFile(sess_out_path)) session_last = int(public.readFile(sess_input_path)) if time.time() - session_last > session_timeout: os.remove(sess_input_path) session['login'] = False cache.set('dologin', True) session.clear() return redirect('/login') public.writeFile(sess_input_path, str(int(time.time()))) except: pass filename = '/www/server/panel/data/login_token.pl' if os.path.exists(filename): token = public.readFile(filename).strip() if 'login_token' in session: if session['login_token'] != token: session.clear() return redirect('/login?dologin=True&go=1') if api_check: filename = 'data/sess_files/' + public.get_sess_key() if not os.path.exists(filename): session.clear() return redirect('/login?dologin=True&go=2') except: session.clear() return redirect('/login')