def article_create():
form = ArticleCreateForm()
form.category_id.choices = Category.choices()
if request.method == 'POST' and form.validate():
if not g.user.is_admin():
flash(u'非管理员不能创建文章!')
return redirect(url_for('index'))
else:
nowtime = datetime.datetime.now()
article = Article(title=form.title.data,
body=form.body.data,
user_id=g.user.id,
category_id=form.category_id.data,
text=request.form.get('textformat'),
timestamp=nowtime,
tag=form.tag.data,
is_open=form.is_open.data)
article.post_date = nowtime
db.session.add(article)
db.session.commit()
flash(u'文章已创建!')
Blog_info.new_article()
return redirect(url_for('article_edit', id=article.id))
return render_template('article_create.html',
title=u'创建文章',
form=form)
def visit_statistics(max_id):
import socket
print u'%s -> 开始归档访问数据 -----' % datetime.datetime.now()
logs = db.session.query(Visit_log).filter(Visit_log.id <= max_id).order_by(Visit_log.id).all()
if logs:
for log in logs:
log.date = str(log.timestamp)[:10]
if not robot(log):
if not php_url(log):
Blog_info.new_visit(log.date)
else:
print u'%s -> 没有需要归档的黑名单数据' % datetime.datetime.now()
def visit_statistics(max_id):
import socket
print u'%s -> 开始归档访问数据 -----' % datetime.datetime.now()
logs = db.session.query(Visit_log).filter(Visit_log.id <= max_id).order_by(
Visit_log.id).all()
if logs:
for log in logs:
log.date = str(log.timestamp)[:10]
if not robot(log):
if not php_url(log):
Blog_info.new_visit(log.date)
else:
print u'%s -> 没有需要归档的黑名单数据' % datetime.datetime.now()
def robot(log):
r = is_robot(log.ip, log.agent)
if r == 1:
Blog_info.new_robot_visit(log.date)
elif r and r != 1:
try:
a = socket.gethostbyaddr(log.ip)
v = ROBOT.get(r)
if a[0].find(v) >= 0:
print u'%s -> 新增机器人 IP ----- %s' % (datetime.datetime.now(), log.ip)
rob = Robot(name=r,
dns_name=v,
ip=log.ip,
address=get_ip_location(log.ip)
)
db.session.add(rob)
db.commit()
Blog_info.new_robot_visit(log.date) #
return True
else:
alter_ip_blacklist(log, u'爬虫欺骗访问')
Blog_info.new_attack_visit(log.date)
return False
except:
alter_ip_blacklist(log, u'爬虫欺骗访问')
Blog_info.new_attack_visit(log.date)
return False
else:
return False
def robot(log):
r = is_robot(log.ip, log.agent)
if r == 1:
Blog_info.new_robot_visit(log.date)
elif r and r != 1:
try:
a = socket.gethostbyaddr(log.ip)
v = ROBOT.get(r)
if a[0].find(v) >= 0:
print u'%s -> 新增机器人 IP ----- %s' % (datetime.datetime.now(),
log.ip)
rob = Robot(name=r,
dns_name=v,
ip=log.ip,
address=get_ip_location(log.ip))
db.session.add(rob)
db.commit()
Blog_info.new_robot_visit(log.date) #
return True
else:
alter_ip_blacklist(log, u'爬虫欺骗访问')
Blog_info.new_attack_visit(log.date)
return False
except:
alter_ip_blacklist(log, u'爬虫欺骗访问')
Blog_info.new_attack_visit(log.date)
return False
else:
return False
def alter_ip_blacklist(log, reason):
ip = Ip_blacklist.find_by_ip(log.ip)
Blog_info.new_attack_visit(log.date)
if ip:
print u'%s -> 更新记录 IP ----- %s ,原因 ----- %s' % (datetime.datetime.now(), log.ip, reason)
ip.visit_count += 1
ip.attack_count += 1
else:
print u'%s -> 新增记录 IP ----- %s ,原因 ----- %s' % (datetime.datetime.now(), log.ip, reason)
ip = Ip_blacklist(ip=log.ip,
address=get_ip_location(log.ip),
attack_count=0,
is_forbid=0,
reason=reason
)
ip.forbid_date = datetime.date.today()
db.session.add(ip)
db.session.commit()
def login():
if g.user is not None and g.user.is_authenticated():
return redirect(url_for('index'))
form = LoginForm(request.form)
if form.validate_on_submit() and request.method == 'POST':
user = User.user_check(passwd=form.passwd.data, email=form.email.data)
remember_me = form.remember_me.data
if user:
login_user(user, remember=remember_me)
flash(u'恭喜,登录成功!')
log = Login_log(email=user.email, ip=request.remote_addr)
db.session.add(log)
db.session.commit()
Blog_info.new_login()
return redirect(request.args.get("next") or url_for("index"))
else:
flash(u'用户名或密码错误')
return redirect(url_for('login'))
return render('login.html', title=u'请登陆', form=form)
def alter_ip_blacklist(log, reason):
ip = Ip_blacklist.find_by_ip(log.ip)
Blog_info.new_attack_visit(log.date)
if ip:
print u'%s -> 更新记录 IP ----- %s ,原因 ----- %s' % (
datetime.datetime.now(), log.ip, reason)
ip.visit_count += 1
ip.attack_count += 1
else:
print u'%s -> 新增记录 IP ----- %s ,原因 ----- %s' % (
datetime.datetime.now(), log.ip, reason)
ip = Ip_blacklist(ip=log.ip,
address=get_ip_location(log.ip),
attack_count=0,
is_forbid=0,
reason=reason)
ip.forbid_date = datetime.date.today()
db.session.add(ip)
db.session.commit()
def login():
if g.user is not None and g.user.is_authenticated():
return redirect(url_for('index'))
form = LoginForm(request.form)
if form.validate_on_submit() and request.method == 'POST':
user = User.user_check(passwd=form.passwd.data, email=form.email.data)
remember_me = form.remember_me.data
if user:
login_user(user, remember=remember_me)
flash(u'恭喜,登录成功!')
log = Login_log(email=user.email,
ip=request.remote_addr)
db.session.add(log)
db.session.commit()
Blog_info.new_login()
return redirect(request.args.get("next") or url_for("index"))
else:
flash(u'用户名或密码错误')
return redirect(url_for('login'))
return render('login.html',
title=u'请登陆',
form=form)
def register():
from blog.extend.EmailHelper import register_mail
form = RegisterForm(request.form)
if request.method == 'POST' and form.validate():
pwd = User.make_random_passwd(email=form.email.data)
user = User(email=pwd['email'],
role=ROLE_USER,
nicename=form.email.data,
passwd=pwd['pwdmd5'],
is_locked=User_LOCKED,
register_ip=request.remote_addr,
salt=pwd['salt'])
user.register_date = datetime.datetime.now(),
db.session.add(user)
db.session.commit()
user.passwd = pwd['pwd']
register_mail(user)
flash(u'恭喜,注册成功!')
Blog_info.new_user()
return redirect(url_for('login'))
return render_template('register.html', title=u'欢迎注册', form=form)
def register():
from blog.extend.EmailHelper import register_mail
form = RegisterForm(request.form)
if request.method == 'POST' and form.validate():
pwd = User.make_random_passwd(email=form.email.data)
user = User(email=pwd['email'],
role=ROLE_USER,
nicename=form.email.data,
passwd=pwd['pwdmd5'],
is_locked=User_LOCKED,
register_ip=request.remote_addr,
salt=pwd['salt'])
user.register_date = datetime.datetime.now(),
db.session.add(user)
db.session.commit()
user.passwd = pwd['pwd']
register_mail(user)
flash(u'恭喜,注册成功!')
Blog_info.new_user()
return redirect(url_for('login'))
return render_template('register.html',
title=u'欢迎注册',
form=form)
def article_create():
form = ArticleCreateForm()
form.category_id.choices = Category.choices()
if request.method == 'POST' and form.validate():
if not g.user.is_admin():
flash(u'非管理员不能创建文章!')
return redirect(url_for('index'))
else:
nowtime = datetime.datetime.now()
article = Article(title=form.title.data,
body=form.body.data,
user_id=g.user.id,
category_id=form.category_id.data,
text=request.form.get('textformat'),
timestamp=nowtime,
tag=form.tag.data,
is_open=form.is_open.data)
article.post_date = nowtime
db.session.add(article)
db.session.commit()
flash(u'文章已创建!')
Blog_info.new_article()
return redirect(url_for('article_edit', id=article.id))
return render_template('article_create.html', title=u'创建文章', form=form)
def before_request():
g.search_form = SearchForm()
g.user = current_user
g.info = Blog_info.info()
g.first_bar = Settings.first_bar()
g.count = Article.count_by_month()
g.top_five = Article.top(10)
if g.user.is_authenticated():
g.user.last_seen = datetime.datetime.now()
db.session.add(g.user)
db.session.commit()
g.list_bar = Settings.admin_second_bar()
if request.url.find('static') < 0 and request.url.find('favicon.ico') < 0:
agent = request.headers['User-Agent']
url = request.base_url
log = Visit_log(timestamp=datetime.datetime.now(),
ip=request.remote_addr,
url=url,
agent=agent)
db.session.add(log)
db.session.commit()
def before_request():
g.search_form = SearchForm()
g.user = current_user
g.info = Blog_info.info()
g.first_bar = Settings.first_bar()
g.count = Article.count_by_month()
g.top_five = Article.top(10)
if g.user.is_authenticated():
g.user.last_seen = datetime.datetime.now()
db.session.add(g.user)
db.session.commit()
g.list_bar = Settings.admin_second_bar()
if request.url.find('static') < 0 and request.url.find('favicon.ico') < 0:
agent = request.headers['User-Agent']
url = request.base_url
log = Visit_log(timestamp=datetime.datetime.now(),
ip=request.remote_addr,
url=url,
agent=agent)
db.session.add(log)
db.session.commit()
def test_new_visit(self):
old = Blog_info.get_info_by_day('2014-11-27')
Blog_info.new_visit('2014-11-27')
new = Blog_info.get_info_by_day('2014-11-27')
print new.visit_day - old.visit_day
assert new.visit_day - old.visit_day == 1
def php_url(log):
if log.url.find('php') >= 0:
alter_ip_blacklist(log, u'访问带有PHP的链接')
Blog_info.new_attack_visit(log.date)
return True
return False
def php_url(log):
if log.url.find('php') >= 0:
alter_ip_blacklist(log, u'访问带有PHP的链接')
Blog_info.new_attack_visit(log.date)
return True
return False
def Blog_info_data():
blog_info = Blog_info()
blog_info.date = str(datetime.now().date())
blog_info.visit_all = 0
blog_info.visit_day = 0
blog_info.visit_month = 0
blog_info.visit_attack = 0
blog_info.visit_attack_day = 0
blog_info.visit_robot = 0
blog_info.visit_robot_day = 0
blog_info.article_all = 0
blog_info.article_month = 0
blog_info.user_all = 0
blog_info.login_all = 0
db.session.add(blog_info)
db.session.commit()
def Blog_info_data():
blog_info = Blog_info()
blog_info.date = str(datetime.now().date())
blog_info.visit_all = 0
blog_info.visit_day = 0
blog_info.visit_month = 0
blog_info.visit_attack = 0
blog_info.visit_attack_day = 0
blog_info.visit_robot = 0
blog_info.visit_robot_day = 0
blog_info.article_all = 0
blog_info.article_month = 0
blog_info.user_all = 0
blog_info.login_all = 0
db.session.add(blog_info)
db.session.commit()
def test_new_visit(self):
old = Blog_info.get_info_by_day('2014-11-27')
Blog_info.new_visit('2014-11-27')
new = Blog_info.get_info_by_day('2014-11-27')
print new.visit_day - old.visit_day
assert new.visit_day - old.visit_day == 1
