def post(self):
email = self.get_body_argument("email", default=None)
auth = self.get_body_argument("auth", default=None)
# after users submit their email
if email:
# check captcha
captcha = self.get_body_argument("captcha", default="")
if not Captcha.check(captcha, self):
self.custom_error("验证码错误")
user = yield self.db.member.find_one({"email": email})
if not user:
self.custom_error("不存在这个Email")
sign = "%s|%s|%s" % (user["username"], user["password"],
time.time())
svalue = xxtea.encrypt_hex(
utf8(sign),
self.get_byte_16(self.settings.get("cookie_secret")))
url = self.settings.get(
"base_url") + "/forgetpwd?auth=%s" % url_escape(svalue, False)
Sendemail(self.settings.get("email")).send(
to=user["email"],
orgin="*****@*****.**",
title=u"找回密码 - %s" % self.settings["site"]["webname"],
content=
u"点击链接找回你的密码:<br /><a href=\"%s\">%s</a><br />如果你没有找回密码,请忽视这封邮件"
% (url, url))
self.render("forgetpwd.htm", success=True)
# after users click url in their email, and submit a new password
elif auth:
newpwd = self.get_body_argument("password")
try:
svalue = xxtea.decrypt_hex(
utf8(auth),
self.get_byte_16(self.settings.get("cookie_secret")))
(username, password, t) = svalue.split("|")
except:
self.custom_error("参数错误,请重新找回密码", jump="/forgetpwd")
if time.time() - float(t) > 30 * 60:
self.custom_error("链接已过期,请在30分钟内点击链接找回密码", jump="/forgetpwd")
newpwd = yield self.backend.submit(hash.get, newpwd)
user = yield self.db.member.find_and_modify(
{
"username": username,
"password": password
}, {"$set": {
"password": newpwd
}})
if not user:
self.custom_error("参数错误,请重新找回密码", jump="/forgetpwd")
else:
self.custom_error("密码修改成功", jump="/login", status="success")
else:
self.custom_error("不存在这个Email")
def message(self, touser, content, fromuser = None, jump = None):
ret = yield self.db.message.insert({
"from": fromuser,
"to": touser,
"content": content,
"jump": jump,
"time": time.time(),
"read": False
})
user = yield self.db.member.find_one({
"username": touser
})
if self.settings["email"]["method"] == "mailgun" and "email" in user and user.get("allowemail"):
Sendemail(self.settings.get("email")).send(
title=u"来自%s的提醒:%s" % (self.settings["site"]["webname"], content),
content=u"%s <br /> <a href=\"%s%s\" target=\"_blank\">点击查看</a>"
% (content, self.settings.get("base_url"), jump),
to=user["email"]
)
raise gen.Return(ret)
def post(self, *args, **kwargs):
content = self.get_body_argument("ckeditor", default=None)
title = self.get_body_argument("title", default=None)
sort = self.get_body_argument("sort", default=None)
charge = intval(self.get_body_argument("charge", default=0))
freebegin = intval(self.get_body_argument("freebegin", default=0))
freeend = intval(self.get_body_argument("freeend", default=0))
private = self.get_body_argument('private', default='off')
if not title:
self.flash["article"] = content
self.custom_error("标题不能为空哦", jump="/publish")
if charge < 0:
self.flash["article"] = content
self.custom_error("收费不能低于0", jump="/publish")
if freebegin > freeend:
self.flash["article"] = content
self.custom_error("结束时间不能小于开始时间", jump="/publish")
if not sort:
self.flash["article"] = content
self.custom_error("不存在这个分类", jump="/publish")
tosort = yield self.db.sort.find_and_modify({"_id": ObjectId(sort)},
{"$inc": {
"article": 1
}})
if not tosort:
self.flash["article"] = content
self.custom_error("不存在这个分类", jump="/publish")
# filter html
content = xss_filter(content)
# attach file
attach = []
fs = motor.motor_tornado.MotorGridFS(self.db)
for file in self.request.files.get('file', []):
fs_id = yield fs.put(file['body'], filename=file['filename'])
attach.append(fs_id)
article = {
"title": title,
"content": content,
"user": self.current_user["username"],
"sort": tosort,
"view": 0,
"like": [],
"unlike": [],
"charge": charge,
"time": time.time(),
"freebegin": freebegin,
"freeend": freeend,
"buyer": [],
"thanks": [],
"star": False,
"rank": 0,
"comment": [],
"open": False,
"top": False,
"lastcomment": time.time(),
'attach': attach,
'private': private,
}
model = ArticleModel()
if not model(article):
self.flash["article"] = content
self.custom_error(model.error_msg, jump="/publish")
id = yield self.db.article.insert(article)
# send mail
users = self.db.member.find()
article_url = '{}/post/{}'.format(tornado.options.options.url, id)
content = "{}<br><br>{}".format(
'''<a href="{}" target="_blank">点击查看论坛文章</a>'''.format(
article_url), content)
while (yield users.fetch_next):
user = users.next_object()
if user.get('power') >= 0 and self.settings["email"][
"method"] == "mailgun" and "email" in user and user.get(
"allowemail"):
Sendemail(self.settings.get("email")).send(
title=u"论坛文章:《{}》,作者:{}".format(
title, self.current_user["username"]),
content=content,
to=user["email"])
self.redirect("/post/%s" % id)