def POST(self):
i = web.input()
if i.has_key('email'):
user = site_helper.getModel('User').getByEmail(i.email.strip())
if user is not None:
reset_model = site_helper.getModel('ResetPasswdCode')
reset = reset_model.getACode(user.Userid)
reset_model.updateACode(user.Userid, reset)
reset_model.sendACode(user, reset)
return page_helper.success('发送成功,查收您的邮箱.', '/')
elif i.has_key('password'):
user_id = site_helper.getUrlParams(site_helper.getEnv('HTTP_REFERER'))['userid']
post_code = site_helper.getUrlParams(site_helper.getEnv('HTTP_REFERER'))['rcode']
user_model = site_helper.getModel('User')
code_model = site_helper.getModel('ResetPasswdCode')
user = user_model.get(user_id)
if user is not None:
code = code_model.getByUserid(user_id)
if code is not None and code.acode == post_code and ((datetime.now() - code.created).seconds < 3600*24):
assert(len(i.password) > 0)
user_model.resetPassword(user_id, i.password)
code_model.deleteByUserid(user_id)
site_helper.login(user)
return page_helper.success('重设密码成功,已登录.', '/')
else:
return page_helper.failed('本重置密码链接已使用或已过期,请重新申请.','/accounts/forget')
else:
return page_helper.redirectToLogin()
else:
return page_helper.redirect404();
def POST(self, inputs=None):
if not inputs: inputs = sh.inputs()
assert(inputs.get('email', '').strip())
assert(inputs.get('password', ''))
uc = sh.ctrl('User')
model = sh.model('User')
action = sh.getEnv('REQUEST_URI').partition('?')[0].strip('/')
if action == 'login':
if not uc.validate(inputs.email, inputs.password):
return sh.page.user.Login('您输入的用户名或密码不对, 请重新输入', inputs.email)
user = model.getByEmail(inputs.email)
if user.dead == 'yes':
return sh.alert('登录失败,你已被列入黑名单,请联系管理员')
uc.login(user, inputs.get('remember_me', '') == 'on')
# 获得打开login页面时url中指定的referer
referer = sh.getUrlParams(sh.getEnv('HTTP_REFERER')).get('referer', None)
if referer:
return sh.redirect(referer)
elif sh.inputs().get('referer', None):
return sh.redirect(sh.inputs().get('referer', None))
else:
return sh.redirect('/')
def cachePage(handler):
if sh.getSiteConfig('run_use_cache') != 'yes': return handler()
key = str(sh.getEnv('HTTP_HOST')) + sh.getEnv('REQUEST_URI')
method = sh.getEnv('REQUEST_METHOD')
retention = getCacheRetention()
now = time.time()
if method == 'GET' and sh.getEnv('HTTP_HOST') != sh.config.HOST_NAME:
# 如果处于缓存有效期
data = getData(key)
if (now - getLastCachedTime(key) < retention) and data:
html = data['html']
# 设置charset=utf-8,否则nginx不使用gzip压缩
web.header('Content-Type', 'text/html; charset=utf-8')
# 设置etag头,有利益客户端缓存
web.header('Etag', data['etag'])
if DEBUG: print 'get cache'
else:
html = handler()
if retention > 0:
etag = getMD5(str(html))
cacheData(key, html, etag, int(retention), )
web.header('Etag', etag)
if DEBUG: print 'set cache'
else:
if DEBUG: print 'retention == 0'
pass
else: # POST 与admin 请求不缓存
if DEBUG: print 'post no cache'
html = handler()
return html
def validate(handler):
request_uri = site_helper.getEnv('REQUEST_URI')
is_login = site_helper.session.get('is_login', False)
is_admin = site_helper.session.get('is_admin', False)
activated = site_helper.session.get('activated', 'off') == 'on'
# 禁止非admin用户访问admin页面
if request_uri.startswith('/admin') and request_uri != '/admin/login' and (not is_admin):
return web.seeother('/admin/login')
# 禁止未登录用户post数据
if request_uri.startswith('/post') and (not is_login):
# 允许flash不登录
if request_uri == '/post/userimage':
pass
else:
return page_helper.redirectToLogin()
# 禁止未验证邮件的用户post数据
if request_uri.startswith('/post') and (not activated):
# 允许flash及第三方登录不验证
if request_uri == '/post/userimage':
pass
elif 'model_name=oauth' in request_uri:
pass
else:
referer = site_helper.getEnv('HTTP_REFERER')
return web.seeother('/noactivate?referer=%s' % referer)
return handler()
def POST(self, inputs=None):
if not inputs: inputs = sh.inputs()
assert(inputs.get('email', '').strip())
assert(inputs.get('password', ''))
uc = sh.ctrl('User')
model = sh.model('User')
action = sh.getEnv('REQUEST_URI').partition('?')[0].strip('/')
if action == 'login':
if not uc.validate(inputs.email, inputs.password):
return sh.page.user.Login('您输入的用户名或密码不对, 请重新输入', inputs.email)
user = model.getByEmail(inputs.email)
if user.dead == 'yes':
return sh.alert('登录失败,你已被列入黑名单,请联系管理员')
uc.login(user, inputs.get('remember_me', '') == 'on')
# 获得打开login页面时url中指定的referer
referer = sh.getUrlParams(sh.getEnv('HTTP_REFERER')).get('referer', None)
if referer:
return sh.redirect(referer)
elif sh.inputs().get('referer', None):
return sh.redirect(sh.inputs().get('referer', None))
else:
return sh.alert('登录成功. 欢迎回来!')
def __writeInfo(self, data):
data = sh.copy(data)
for key, value in self.arguments.items():
if hasattr(web.ctx, 'env') and sh.getEnv(value, None):
data[key] = sh.getEnv(value)
elif hasattr(sh, 'session') and sh.session.get(value, None):
data[key] = sh.session.get(value)
return data
def __writeInfo(self, data):
data = sh.copy(data)
for key, value in self.arguments.items():
if sh.getEnv(value, None):
data[key] = sh.getEnv(value)
elif sh.session.get(value, None):
data[key] = sh.session.get(value)
return data
def __writeInfo(self, data):
data = sh.copy(data)
for key, value in self.arguments.items():
if hasattr(web.ctx, 'env') and sh.getEnv(value, None):
data[key] = sh.getEnv(value)
elif hasattr(sh, 'session') and sh.session.get(value, None):
data[key] = sh.session.get(value)
return data
def __writeInfo(self, data):
data = sh.copy(data)
for key, value in self.arguments.items():
assert not data.has_key(key), u'不应该显示给出%s,小心作弊' % key
if sh.getEnv(value, None):
data[key] = sh.getEnv(value)
elif sh.session.get(value, None):
data[key] = sh.session.get(value)
return data
def __writeInfo(self, data):
data = sh.copy(data)
for key, value in self.arguments.items():
assert not data.has_key(key), u'不应该显示给出%s,小心作弊' % key
if sh.getEnv(value, None):
data[key] = sh.getEnv(value)
elif sh.session.get(value, None):
data[key] = sh.session.get(value)
return data
def GET(self):
action = sh.getEnv('REQUEST_URI').partition('?')[0].strip('/')
if action == 'admin/login':
return sh.editor_nobase.user.Login()
if action == 'admin/logout':
sh.ctrl('AdminUser').logout()
return sh.redirect('/')
def GET(self):
action = sh.getEnv('REQUEST_URI').partition('?')[0].strip('/')
if action == 'admin/login':
return sh.editor_nobase.user.Login()
if action == 'admin/logout':
sh.ctrl('AdminUser').logout()
return sh.redirect('/')
def validate(handler):
request_path = sh.getEnv('REQUEST_URI').partition('?')[0]
is_login = sh.session.get('is_login', False)
is_admin = sh.session.get('is_admin', False)
method = sh.getEnv('REQUEST_METHOD')
# 禁止未登录用户访问REQUIRE_LOGIN_URL中的地址
if not is_login and request_path in REQUIRE_LOGIN_URL:
return sh.redirectToLogin()
# 禁止非admin用户访问admin页面
if not is_admin and request_path.startswith('/admin') and request_path != '/admin/login':
return sh.redirect('/admin/login')
return handler()
def POST(self, i=None):
if i is None: i = web.input()
assert(len(i.get('email','')) > 0)
assert(len(i.get('password','')) > 0)
user = UserCtrl().loginByEmail(i.email, i.password)
if user:
if user.dead == 'off':
site_helper.login(user, i.get('rememberme', False) == 'on')
# 根据当前url中的referer跳转
params = site_helper.getUrlParams()
if params.get('referer', False):
return page_helper.redirectTo(params['referer'])
# 根据上一个页面地址中的referer跳转
params = site_helper.getUrlParams(site_helper.getEnv('HTTP_REFERER'))
if params.get('referer', False):
return page_helper.redirectTo(params['referer'])
return page_helper.success('登录成功. 欢迎回来', i.get('referer', '/'))
else:
return page_render.failed('登录失败,你已被管理员列入黑名单,请联系我们.', '/')
else:
return site_helper.page_render.user.Login('用户名或密码错误, 请重新输入', i.get('email', ''), i.get('referer',''))
def GET(self):
action = sh.getEnv('REQUEST_URI').partition('?')[0].strip('/')
if action == 'login':
return sh.page.user.Login()
if action == 'logout':
sh.ctrl('User').logout()
return sh.redirect('/')
def GET(self):
action = sh.getEnv('REQUEST_URI').partition('?')[0].strip('/')
if action == 'login':
return sh.page.user.Login()
if action == 'logout':
sh.ctrl('User').logout()
return sh.redirect('/')
def saveShareUserid(handler):
params = site_helper.getUrlParams()
if params.has_key('shareUserid'):
if params['shareUserid'].isdigit():
session.share_user_id = int(params['shareUserid'])
session.share_referer = site_helper.getEnv('HTTP_REFERER')
return handler()
def validate(handler):
request_path = sh.getEnv('REQUEST_URI').partition('?')[0]
is_login = sh.session.get('is_login', False)
is_admin = sh.session.get('is_admin', False)
method = sh.getEnv('REQUEST_METHOD')
# 禁止未登录用户访问REQUIRE_LOGIN_URL中的地址
if not is_login and request_path in REQUIRE_LOGIN_URL:
return sh.redirectToLogin()
# 禁止非admin用户访问admin页面
if not is_admin and request_path.startswith(
'/admin') and request_path != '/admin/login':
return sh.redirect('/admin/login')
return handler()
def getMenuConfig(self, menu=None, path=None, ):
if not path:
path = sh.getEnv('REQUEST_URI').partition('?')[0]
if not menu:
menu = self._getEditorMenu()
menu_config = self.pickPageConfig(menu, path)
if menu_config:
for k, v in self.default_menu_config.items():
menu_config.setdefault(k, v)
return menu_config
def cachePage(handler):
if sh.getSiteConfig('run_use_cache') != 'yes': return handler()
key = str(sh.getEnv('HTTP_HOST')) + sh.getEnv('REQUEST_URI')
method = sh.getEnv('REQUEST_METHOD')
retention = getCacheRetention()
now = time.time()
if method == 'GET' and sh.getEnv('HTTP_HOST') != sh.config.HOST_NAME:
# 如果处于缓存有效期
data = getData(key)
if (now - getLastCachedTime(key) < retention) and data:
html = data['html']
# 设置charset=utf-8,否则nginx不使用gzip压缩
web.header('Content-Type', 'text/html; charset=utf-8')
# 设置etag头,有利益客户端缓存
web.header('Etag', data['etag'])
if DEBUG: print 'get cache'
else:
html = handler()
if retention > 0:
etag = getMD5(str(html))
cacheData(
key,
html,
etag,
int(retention),
)
web.header('Etag', etag)
if DEBUG: print 'set cache'
else:
if DEBUG: print 'retention == 0'
pass
else: # POST 与admin 请求不缓存
if DEBUG: print 'post no cache'
html = handler()
return html
def POST(self, inputs=None):
if not inputs: inputs = web.input()
assert (inputs.get('email', '').strip())
assert (inputs.get('password', ''))
uc = sh.ctrl('AdminUser')
model = sh.model('AdminUser')
action = sh.getEnv('REQUEST_URI').partition('?')[0].strip('/')
if action == 'admin/login':
if not uc.validate(inputs.email, inputs.password):
return sh.editor_nobase.user.Login('密码不对', inputs.email)
user = model.getByEmail(inputs.email)
uc.login(user)
return sh.redirect('/admin')
def getMenuConfig(self, menu=None, path=None, ):
if not path:
path = sh.getEnv('REQUEST_URI').partition('?')[0]
if not menu:
menu = self._getEditorMenu()
menu_config = self.pickPageConfig(menu, path)
if menu_config:
for k, v in self.default_menu_config.items():
menu_config.setdefault(k, v)
if menu_config and menu_config.where:
menu_config.where = [c.partition(' ')[::2] for c in sh.splitAndStrip(menu_config.where, '|')]
return menu_config
def POST(self, inputs=None):
if not inputs: inputs = web.input()
assert(inputs.get('email', '').strip())
assert(inputs.get('password', ''))
uc = sh.ctrl('AdminUser')
model = sh.model('AdminUser')
action = sh.getEnv('REQUEST_URI').partition('?')[0].strip('/')
if action == 'admin/login':
if not uc.validate(inputs.email, inputs.password):
return sh.editor.user.Login('密码不对', inputs.email)
user = model.getByEmail(inputs.email)
uc.login(user)
return sh.redirect('/admin')
def POST(self, i=None):
#if i is None: i = web.input(imagefile={})
i = web.input()
has_portrait = False
i.login_ip = i.register_ip = site_helper.session.ip
assert(i.has_key('email') and len(i.email.strip()) < 100 )
assert(i.has_key('username') and 2 <= len(i.username.strip()) <= 24 )
assert(i.has_key('password') and len(i.password)<60 )
i.email = i.email.strip()
i.username = i.username.strip()
user_model = getModel('User')
if UserCtrl().isExists(i.email):
return page_helper.failed('注册失败, 邮箱已被占用 :(')
# 管理员注册不需要验证
if site_helper.session.is_admin:
i.activated = 'on'
new_id = user_model.insert(i)
user = user_model.get(new_id)
site_helper.login(user)
self.processShareLink(user)
acode_model = site_helper.getModel('ACode')
acode = acode_model.getACode(user.Userid)
acode_model.updateACode(user.Userid, acode)
acode_model.sendACode(user, acode)
if has_portrait:
#return site_helper.page_render.user.ModifyPortrait(user)
raise web.seeother('/accounts/portrait?hideupload=true')
else:
# 根据当前url中的referer跳转
params = site_helper.getUrlParams()
if params.get('referer', False):
return site_helper.page_render.Success('注册成功! 请打开您的Email进行验证, 只有验证后才能发表心得哦!', params['referer'])
# 根据上一个页面地址中的referer跳转
params = site_helper.getUrlParams(site_helper.getEnv('HTTP_REFERER'))
if params.get('referer', False):
return site_helper.page_render.Success('注册成功! 请打开您的Email进行验证, 只有验证后才能发表心得哦!', params['referer'])
return site_helper.page_render.Success('注册成功! 请打开您的Email进行验证, 只有验证后才能发表心得哦!', '/')
def getMenuConfig(
self,
menu=None,
path=None,
):
if not path:
path = sh.getEnv('REQUEST_URI').partition('?')[0]
if not menu:
menu = self._getEditorMenu()
menu_config = self.pickPageConfig(menu, path)
if menu_config:
for k, v in self.default_menu_config.items():
menu_config.setdefault(k, v)
if menu_config and menu_config.where:
menu_config.where = [
c.partition(' ')[::2]
for c in sh.splitAndStrip(menu_config.where, '|')
]
return menu_config
def GET(self):
referer = site_helper.getEnv('HTTP_REFERER')
if not referer.startswith(site_helper.config.HOST_NAME):
referer = ''
return site_helper.page_render.user.Login('', '', referer)
def appendHeader(handler):
request_path = sh.getEnv('REQUEST_URI').partition('?')[0]
if request_path.startswith('/api/'):
web.header('Content-Type', 'text/plain; charset=utf-8')
return handler()
def GET(self):
if not sh.session.is_login:
return sh.redirectToLogin(sh.getEnv('REQUEST_URI'))
user = sh.model('User').get(sh.session.id)
return sh.page.user.Portrait(user)
def GET(self):
if not sh.session.is_login:
return sh.redirectToLogin(sh.getEnv('REQUEST_URI'))
user = sh.model('User').get(sh.session.id)
return sh.page.user.Portrait(user)
def appendHeader(handler):
request_path = sh.getEnv('REQUEST_URI').partition('?')[0]
if request_path.startswith('/api/'):
web.header('Content-Type', 'text/plain; charset=utf-8')
return handler()