Exemple #1
0
 def post(self):
     username = self.get_argument("username", "")
     password = self.get_argument("password", "")
     password_confirm = self.get_argument("password_confirm", "")
     error_messages = list()
     if username == "" or password == "" or password_confirm == "":
         error_messages.append("参数不能为空")
         self.render("signup.html", error_messages=error_messages)
         return
     if not username.encode("utf-8").isalnum() or not password.encode("utf-8").isalnum():
         error_messages.append("参数不能包含数字和字母以外的字符")
         self.render("signup.html", error_messages=error_messages)
         return
     if len(password) < 8:
         error_messages.append("密码不能小于8位")
         self.render("signup.html", error_messages=error_messages)
         return
     if password != password_confirm:
         error_messages.append("两次密码输入不一致")
         self.render("signup.html", error_messages=error_messages)
         return
     password_generator = UserPassword()
     password_salt = password_generator.generate_salt(64)
     password_hash = password_generator.generate_hash(password, password_salt)
     status = 0
     self.db.execute(
         "INSERT INTO accounts (username, password_hash, password_salt, status,"
         "created) VALUES (%s,%s,%s,%s,UTC_TIMESTAMP())",
         username, password_hash, password_salt, status)
     self.redirect(self.get_argument("next", "/"))
Exemple #2
0
 def post(self):
     username = self.get_argument("username", "")
     password = self.get_argument("password", "")
     error_messages = list()
     if username == "" or password == "":
         error_messages.append("参数不能为空")
         self.render("login.html", error_messages=error_messages, username="")
         return
     user = self.db.get("SELECT * FROM accounts WHERE username = %s", username)
     if user is None:
         error_messages.append("用户名密码错误")
         self.render("login.html", error_messages=error_messages, username=username)
         return
     if user["status"] == 0:
         error_messages.append("帐户没有开通")
         self.render("login.html", error_messages=error_messages, username=username)
         return
     password_generator = UserPassword()
     password_hash = password_generator.generate_hash(password, user["password_salt"])
     if password_hash != user["password_hash"]:
         error_messages.append("用户名密码错误")
         self.render("login.html", error_messages=error_messages, username=username)
         return
     session = Session(self.settings["session_secretSid"], self.settings["session_secretEid"], self.settings["session_expired"])
     if session.encode(user["id"]) is False:
         error_messages.append("用户数据错误")
         self.render("login.html", error_messages=error_messages, username=username)
         return
     sid = session.getSid()
     eid = session.getEid()
     self.set_secure_cookie("sid", sid, None)
     self.set_secure_cookie("eid", eid, None)
     self.redirect(self.get_argument("next", "/"))