def post(self): email = self.get_body_argument("email", default=None) auth = self.get_body_argument("auth", default=None) # after users submit their email if email: # check captcha captcha = self.get_body_argument("captcha", default="") if not Captcha.check(captcha, self): self.custom_error("验证码错误") user = yield self.db.member.find_one({"email": email}) if not user: self.custom_error("不存在这个Email") sign = "%s|%s|%s" % (user["username"], user["password"], time.time()) svalue = xxtea.encrypt_hex( utf8(sign), self.get_byte_16(self.settings.get("cookie_secret"))) url = self.settings.get( "base_url") + "/forgetpwd?auth=%s" % url_escape(svalue, False) Sendemail(self.settings.get("email")).send( to=user["email"], orgin="*****@*****.**", title=u"找回密码 - %s" % self.settings["site"]["webname"], content= u"点击链接找回你的密码:<br /><a href=\"%s\">%s</a><br />如果你没有找回密码,请忽视这封邮件" % (url, url)) self.render("forgetpwd.htm", success=True) # after users click url in their email, and submit a new password elif auth: newpwd = self.get_body_argument("password") try: svalue = xxtea.decrypt_hex( utf8(auth), self.get_byte_16(self.settings.get("cookie_secret"))) (username, password, t) = svalue.split("|") except: self.custom_error("参数错误,请重新找回密码", jump="/forgetpwd") if time.time() - float(t) > 30 * 60: self.custom_error("链接已过期,请在30分钟内点击链接找回密码", jump="/forgetpwd") newpwd = yield self.backend.submit(hash.get, newpwd) user = yield self.db.member.find_and_modify( { "username": username, "password": password }, {"$set": { "password": newpwd }}) if not user: self.custom_error("参数错误,请重新找回密码", jump="/forgetpwd") else: self.custom_error("密码修改成功", jump="/login", status="success") else: self.custom_error("不存在这个Email")
def message(self, touser, content, fromuser = None, jump = None): ret = yield self.db.message.insert({ "from": fromuser, "to": touser, "content": content, "jump": jump, "time": time.time(), "read": False }) user = yield self.db.member.find_one({ "username": touser }) if self.settings["email"]["method"] == "mailgun" and "email" in user and user.get("allowemail"): Sendemail(self.settings.get("email")).send( title=u"来自%s的提醒:%s" % (self.settings["site"]["webname"], content), content=u"%s <br /> <a href=\"%s%s\" target=\"_blank\">点击查看</a>" % (content, self.settings.get("base_url"), jump), to=user["email"] ) raise gen.Return(ret)
def post(self, *args, **kwargs): content = self.get_body_argument("ckeditor", default=None) title = self.get_body_argument("title", default=None) sort = self.get_body_argument("sort", default=None) charge = intval(self.get_body_argument("charge", default=0)) freebegin = intval(self.get_body_argument("freebegin", default=0)) freeend = intval(self.get_body_argument("freeend", default=0)) private = self.get_body_argument('private', default='off') if not title: self.flash["article"] = content self.custom_error("标题不能为空哦", jump="/publish") if charge < 0: self.flash["article"] = content self.custom_error("收费不能低于0", jump="/publish") if freebegin > freeend: self.flash["article"] = content self.custom_error("结束时间不能小于开始时间", jump="/publish") if not sort: self.flash["article"] = content self.custom_error("不存在这个分类", jump="/publish") tosort = yield self.db.sort.find_and_modify({"_id": ObjectId(sort)}, {"$inc": { "article": 1 }}) if not tosort: self.flash["article"] = content self.custom_error("不存在这个分类", jump="/publish") # filter html content = xss_filter(content) # attach file attach = [] fs = motor.motor_tornado.MotorGridFS(self.db) for file in self.request.files.get('file', []): fs_id = yield fs.put(file['body'], filename=file['filename']) attach.append(fs_id) article = { "title": title, "content": content, "user": self.current_user["username"], "sort": tosort, "view": 0, "like": [], "unlike": [], "charge": charge, "time": time.time(), "freebegin": freebegin, "freeend": freeend, "buyer": [], "thanks": [], "star": False, "rank": 0, "comment": [], "open": False, "top": False, "lastcomment": time.time(), 'attach': attach, 'private': private, } model = ArticleModel() if not model(article): self.flash["article"] = content self.custom_error(model.error_msg, jump="/publish") id = yield self.db.article.insert(article) # send mail users = self.db.member.find() article_url = '{}/post/{}'.format(tornado.options.options.url, id) content = "{}<br><br>{}".format( '''<a href="{}" target="_blank">点击查看论坛文章</a>'''.format( article_url), content) while (yield users.fetch_next): user = users.next_object() if user.get('power') >= 0 and self.settings["email"][ "method"] == "mailgun" and "email" in user and user.get( "allowemail"): Sendemail(self.settings.get("email")).send( title=u"论坛文章:《{}》,作者:{}".format( title, self.current_user["username"]), content=content, to=user["email"]) self.redirect("/post/%s" % id)