def article_create(): form = ArticleCreateForm() form.category_id.choices = Category.choices() if request.method == 'POST' and form.validate(): if not g.user.is_admin(): flash(u'非管理员不能创建文章!') return redirect(url_for('index')) else: nowtime = datetime.datetime.now() article = Article(title=form.title.data, body=form.body.data, user_id=g.user.id, category_id=form.category_id.data, text=request.form.get('textformat'), timestamp=nowtime, tag=form.tag.data, is_open=form.is_open.data) article.post_date = nowtime db.session.add(article) db.session.commit() flash(u'文章已创建!') Blog_info.new_article() return redirect(url_for('article_edit', id=article.id)) return render_template('article_create.html', title=u'创建文章', form=form)
def visit_statistics(max_id): import socket print u'%s -> 开始归档访问数据 -----' % datetime.datetime.now() logs = db.session.query(Visit_log).filter(Visit_log.id <= max_id).order_by(Visit_log.id).all() if logs: for log in logs: log.date = str(log.timestamp)[:10] if not robot(log): if not php_url(log): Blog_info.new_visit(log.date) else: print u'%s -> 没有需要归档的黑名单数据' % datetime.datetime.now()
def visit_statistics(max_id): import socket print u'%s -> 开始归档访问数据 -----' % datetime.datetime.now() logs = db.session.query(Visit_log).filter(Visit_log.id <= max_id).order_by( Visit_log.id).all() if logs: for log in logs: log.date = str(log.timestamp)[:10] if not robot(log): if not php_url(log): Blog_info.new_visit(log.date) else: print u'%s -> 没有需要归档的黑名单数据' % datetime.datetime.now()
def robot(log): r = is_robot(log.ip, log.agent) if r == 1: Blog_info.new_robot_visit(log.date) elif r and r != 1: try: a = socket.gethostbyaddr(log.ip) v = ROBOT.get(r) if a[0].find(v) >= 0: print u'%s -> 新增机器人 IP ----- %s' % (datetime.datetime.now(), log.ip) rob = Robot(name=r, dns_name=v, ip=log.ip, address=get_ip_location(log.ip) ) db.session.add(rob) db.commit() Blog_info.new_robot_visit(log.date) # return True else: alter_ip_blacklist(log, u'爬虫欺骗访问') Blog_info.new_attack_visit(log.date) return False except: alter_ip_blacklist(log, u'爬虫欺骗访问') Blog_info.new_attack_visit(log.date) return False else: return False
def robot(log): r = is_robot(log.ip, log.agent) if r == 1: Blog_info.new_robot_visit(log.date) elif r and r != 1: try: a = socket.gethostbyaddr(log.ip) v = ROBOT.get(r) if a[0].find(v) >= 0: print u'%s -> 新增机器人 IP ----- %s' % (datetime.datetime.now(), log.ip) rob = Robot(name=r, dns_name=v, ip=log.ip, address=get_ip_location(log.ip)) db.session.add(rob) db.commit() Blog_info.new_robot_visit(log.date) # return True else: alter_ip_blacklist(log, u'爬虫欺骗访问') Blog_info.new_attack_visit(log.date) return False except: alter_ip_blacklist(log, u'爬虫欺骗访问') Blog_info.new_attack_visit(log.date) return False else: return False
def alter_ip_blacklist(log, reason): ip = Ip_blacklist.find_by_ip(log.ip) Blog_info.new_attack_visit(log.date) if ip: print u'%s -> 更新记录 IP ----- %s ,原因 ----- %s' % (datetime.datetime.now(), log.ip, reason) ip.visit_count += 1 ip.attack_count += 1 else: print u'%s -> 新增记录 IP ----- %s ,原因 ----- %s' % (datetime.datetime.now(), log.ip, reason) ip = Ip_blacklist(ip=log.ip, address=get_ip_location(log.ip), attack_count=0, is_forbid=0, reason=reason ) ip.forbid_date = datetime.date.today() db.session.add(ip) db.session.commit()
def login(): if g.user is not None and g.user.is_authenticated(): return redirect(url_for('index')) form = LoginForm(request.form) if form.validate_on_submit() and request.method == 'POST': user = User.user_check(passwd=form.passwd.data, email=form.email.data) remember_me = form.remember_me.data if user: login_user(user, remember=remember_me) flash(u'恭喜,登录成功!') log = Login_log(email=user.email, ip=request.remote_addr) db.session.add(log) db.session.commit() Blog_info.new_login() return redirect(request.args.get("next") or url_for("index")) else: flash(u'用户名或密码错误') return redirect(url_for('login')) return render('login.html', title=u'请登陆', form=form)
def alter_ip_blacklist(log, reason): ip = Ip_blacklist.find_by_ip(log.ip) Blog_info.new_attack_visit(log.date) if ip: print u'%s -> 更新记录 IP ----- %s ,原因 ----- %s' % ( datetime.datetime.now(), log.ip, reason) ip.visit_count += 1 ip.attack_count += 1 else: print u'%s -> 新增记录 IP ----- %s ,原因 ----- %s' % ( datetime.datetime.now(), log.ip, reason) ip = Ip_blacklist(ip=log.ip, address=get_ip_location(log.ip), attack_count=0, is_forbid=0, reason=reason) ip.forbid_date = datetime.date.today() db.session.add(ip) db.session.commit()
def register(): from blog.extend.EmailHelper import register_mail form = RegisterForm(request.form) if request.method == 'POST' and form.validate(): pwd = User.make_random_passwd(email=form.email.data) user = User(email=pwd['email'], role=ROLE_USER, nicename=form.email.data, passwd=pwd['pwdmd5'], is_locked=User_LOCKED, register_ip=request.remote_addr, salt=pwd['salt']) user.register_date = datetime.datetime.now(), db.session.add(user) db.session.commit() user.passwd = pwd['pwd'] register_mail(user) flash(u'恭喜,注册成功!') Blog_info.new_user() return redirect(url_for('login')) return render_template('register.html', title=u'欢迎注册', form=form)
def before_request(): g.search_form = SearchForm() g.user = current_user g.info = Blog_info.info() g.first_bar = Settings.first_bar() g.count = Article.count_by_month() g.top_five = Article.top(10) if g.user.is_authenticated(): g.user.last_seen = datetime.datetime.now() db.session.add(g.user) db.session.commit() g.list_bar = Settings.admin_second_bar() if request.url.find('static') < 0 and request.url.find('favicon.ico') < 0: agent = request.headers['User-Agent'] url = request.base_url log = Visit_log(timestamp=datetime.datetime.now(), ip=request.remote_addr, url=url, agent=agent) db.session.add(log) db.session.commit()
def test_new_visit(self): old = Blog_info.get_info_by_day('2014-11-27') Blog_info.new_visit('2014-11-27') new = Blog_info.get_info_by_day('2014-11-27') print new.visit_day - old.visit_day assert new.visit_day - old.visit_day == 1
def php_url(log): if log.url.find('php') >= 0: alter_ip_blacklist(log, u'访问带有PHP的链接') Blog_info.new_attack_visit(log.date) return True return False
def Blog_info_data(): blog_info = Blog_info() blog_info.date = str(datetime.now().date()) blog_info.visit_all = 0 blog_info.visit_day = 0 blog_info.visit_month = 0 blog_info.visit_attack = 0 blog_info.visit_attack_day = 0 blog_info.visit_robot = 0 blog_info.visit_robot_day = 0 blog_info.article_all = 0 blog_info.article_month = 0 blog_info.user_all = 0 blog_info.login_all = 0 db.session.add(blog_info) db.session.commit()