def email_confirm(request, id, sign):
"""邮件确认"""
if not sign:
return HttpResponseForbidden()
if not get_md5(settings.SECRET_KEY + str(id) + settings.SECRET_KEY).upper() == sign.upper():
return HttpResponseForbidden()
oauthuser = get_object_or_404(OAuthUser, pk=id)
with transaction.atomic():
if oauthuser.author:
author = get_user_model().objects.get(pk=oauthuser.author_id)
else:
result = get_user_model().objects.get_or_create(email=oauthuser.email)
author = result[0]
if result[1]:
author.source = 'email_confirm'
author.username = oauthuser.nickname.strip() if oauthuser.nickname.strip() else 'blog' + datetime.datetime.now().strftime('%Y%m%d%H%M%S')
author.save()
oauthuser.author = author
oauthuser.save()
oauth_user_login_signal.send(sender=email_confirm.__class__, id=oauthuser.id)
login(request, author)
site = get_current_site().domain
content = '''
<p>恭喜您,您已经成功绑定邮箱,您可以使用{type}类绵密登录本网站,欢迎您继续关注本站</p>
<a href='{url}' rel='bookmark'>{url}</a>
<br />
如果上面的链接无法打开,请讲次链接复制到浏览器。
{url}
'''.format(type=oauthuser.type, url='http://' + site)
send_email(emailto=[oauthuser.email, ], title='恭喜您绑定成功!', content = content)
url = reverse('oauth: bind_success', kwargs={'oauthid': id})
url = url + '?type=success'
return HttpResponseRedirect(url)
def form_valid(self, form):
email = form.cleaned_data['email']
authid = form.cleaned_data['authid']
authuser = get_object_or_404(AuthUser, pk=authid)
authuser.email = email
authuser.save()
sign = get_md5(settings.SECRET_KEY + str(authuser.id) +
settings.SECRET_KEY)
site = get_current_site().domain
if settings.DEBUG:
site = '127.0.0.1:8000'
path = reverse('auth: email_confirm',
kwargs={
'id': authid,
'sign': sign
})
url = 'http://{site}{path}'.format(site=site, path=path)
content = """
<a href="{url}" rel="bookmark">{url}</a>
""".format(url=url)
senf_email(emailto=[
email,
], title='绑定您的电子邮箱', content=content)
url = reverse('auth: bindsuccess', kwargs={'authid': authid})
url = url + "?type=email"
return HttpResponseRedirect(url)
def fileupload(request):
"""图片上传"""
if request.method == 'POST':
sign = request.GET.get('sign', None)
if not sign:
return HttpResponseForbidden()
if not sign == get_md5(get_md5(settings.SECRET_KEY)):
return HttpResponseForbidden()
response = []
for filename in request.FILES:
timestr = datetime.datetime.now().strftime('%Y%m%d')
imgextensions = ['jpg', 'png', 'jpeg', 'bmp']
file_name = ''.join(str(filename))
is_image = len(
[i for i in imgextensions if file_name.find(i) >= 0]) > 0
blogsetting = get_blog_setting()
basepath = r'{basedir}/{type}/{timestr}'.format(
basedir=blogsetting.resource_path,
type='files' if not is_image else 'image',
timestr=timestr)
if settings.TESTING:
basepath = settings.BASE_DIR + '/uploads'
url = 'http://localhost/{type}/{timestr}/{filename}'.format(
type='files' if not is_image else 'image',
timestr=timestr,
filename=filename)
if not os.path.exists(basepath):
os.makedirs(basepath)
savepath = os.path.join(basepath, filename)
with open(savepath, 'wb') as f:
for chunk in request.FILES[filename].chunks():
f.write(chunk)
if is_image:
from PIL import Image
image = Image.open(savepath)
image.save(savepath, quality=20, optimize=True)
response.append(url)
return HttpResponse(response)
else:
return HttpResponse('only for post')
def handler(self):
info = self.message.content
if self.userinfo.isAdmin and info.upper() == "EXIT":
self.userinfo = WxUserInfo()
self.savesession()
return '退出成功'
if info.upper() == 'ADMIN':
self.userinfo.isAdmin = True
self.savesession()
return "输入管理员密码"
if self.userinfo.isAdmin and not self.userinfo.isPasswordSet:
passwd = settings.WXADMIN
if settings.TESTING:
passwd = '123'
if passwd.upper() == get_md5(get_md5(info)).upper():
self.userinfo.isPasswordSet = True
self.savesession()
return "验证通过,请输入命令或者要执行的命令代码:输入helpme获取帮助"
else:
if self.userinfo.Count >= 3:
self.userinfo = WxUserInfo()
self.savesession()
return '超过验证次数'
self.userinfo.Count += 1
self.savesession()
return '验证失败,请重新输入管理员密码:'
if self.userinfo.isAdmin and self.userinfo.isPasswordSet:
if self.userinfo.Command != '' and info.upper() == 'Y':
return cmdhandler.run(self.userinfo.Command)
else:
if info.upper() == 'HELPME':
return cmdhandler.get_help()
self.userinfo.Command = info
self.savesession()
return '确认执行:' + info + '命令'
resp = tuling.getdata(info)
return resp
def emailconfirm(request, id, sign):
"""
:param request:
:param id:
:param sign:
:return:
"""
if not sign:
return HttpResponseForbidden()
if not get_md5(settings.SECRET_KEY + str(id) +
settings.SECRET_KEY).upper() == sign.upper():
return HttpResponseForbidden()
authuser = get_object_or_404(AuthUser, pk=id)
with transaction.atomic():
if authuser.author:
author = get_user_model().objects.get(pk=authuser.author_id)
else:
result = get_user_model().objects.get_or_create(
email=authuser.email)
author = result[0]
if result[1]:
author.source = 'emailconfirm'
author.username = authuser.nickname.strip(
) if authuser.nickname.strip(
) else 'bolg' + datetime.datetime.now().strftime(
'%y%m%d%H%M%S')
author.save()
authuser.author = author
author.save()
auth_user_login_signal.send(sender=emailconfirm.__class__, id=authuser.id)
login(request, author)
site = get_current_site().domain
content = f'''
<p>恭喜您, 您已经成功绑定您的邮箱,您可以使用{type}来直接免密码登录
'''
send_email(emailto=[
authuser.email,
], title='恭喜您绑定成功!', content=content)
url = reverse('auth:bindsuccess', kwargs={'authid': id})
url = url + '?type=success'
return HttpResponseRedirect(url)