def new_user():
data = json.loads(redisdb.get(request.cookies["token"]))
otpkey = data["OTP_key"]
user_id = request.form["s_id"]
user_auth = request.form["auth"]
otp_passwd = request.form["otppassword"]
otp_checker = pyotp.TOTP(otpkey)
if otp_checker.verify(otp_passwd):
user_otp_key = pyotp.random_base32()
user_salt = str(uuid.uuid4())
md5 = hashlib.md5()
new_random_password = random_password()
md5.update(f"{new_random_password}{user_salt}".encode("utf-8"))
md5_passwd = md5.hexdigest()
try:
sql = f"INSERT INTO admin values (%s,%s,%s,{int(user_auth)},%s)"
mysqldb.execute(sql,
(user_id, md5_passwd, user_salt, user_otp_key))
mysqlconn.commit()
return json.dumps({
"state": "success",
"password": new_random_password
})
except Exception as e:
print(e)
return json.dumps({"state": "fail", "message": "该用户已存在"})
return json.dumps({"state": "fail", "message": "动态密码错误或超时"})
def send_private_message():
operator = json.loads(redisdb.get(request.cookies["token"]))
qid = request.form["qid"]
message = request.form["message"]
#print(qid,message)
sql = "SELECT * FROM message WHERE sender=%s"
data = mysqldb.execute(sql, (qid))
if data > 0:
sql = "SELECT * FROM message WHERE sender=%s and res='none'"
state = mysqldb.execute(sql, (qid))
#print(state)
if state > 0:
sql = "UPDATE message SET res='ignore',res_time=NOW(),res_user_id=%s WHERE res='none' and sender=%s"
mysqldb.execute(sql, (operator["id"], qid))
sql = "UPDATE message SET res=%s WHERE sender=%s ORDER BY send_time DESC LIMIT 1"
mysqldb.execute(sql, (message, qid))
else:
uid = str(uuid.uuid4())
sql = "INSERT INTO message values(%s,%s,NOW(),'Dialogue_Detail_None',%s,%s,NOW())"
mysqldb.execute(sql, (uid, qid, message, operator["id"]))
data = {"qid": qid, "message": message}
res = requests.post(
"http://127.0.0.1:5000/API/send_private_message.json",
data).json()
#print(res)
if res["state"] == "success":
mysqlconn.commit()
return json.dumps({"state": "success", "message": ""})
else:
return json.dumps({"state": "fail", "message": "系统出错"})
else:
return json.dumps({"state": "fail", "message": "无留言可以回复"})
def reset_by_admin():
target_id = request.form["s_id"]
newpassword = request.form["newpassword"]
otppassword = request.form["otppassword"]
data = json.loads(redisdb.get(request.cookies["token"]))
otp_key = data["OTP_key"]
sql = "SELECT * FROM admin where id = %s"
mysqldb.execute(sql, (target_id))
user_data = mysqldb.fetchall()[0]
otp_checker = pyotp.TOTP(otp_key)
#print(otp_checker.now(),otppassword)
if otp_checker.verify(otppassword):
md5 = hashlib.md5()
md5.update(f"{newpassword}{user_data[2]}".encode("utf-8"))
md5_passwd = md5.hexdigest()
try:
sql = "UPDATE admin SET password=%s WHERE id=%s"
mysqldb.execute(sql, (md5_passwd, target_id))
mysqlconn.commit()
return "success"
except Exception as e:
print(e)
return "fail"
else:
return "fail"
def reset_by_user():
oldpassword = request.form["oldpassword"]
newpassword = request.form["newpassword"]
data = json.loads(redisdb.get(request.cookies["token"]))
user_id = data["id"]
sql = "SELECT * FROM admin where id = %s"
mysqldb.execute(sql, (user_id))
user_data = mysqldb.fetchall()[0]
if check(user_data, oldpassword):
md5 = hashlib.md5()
md5.update(f"{newpassword}{user_data[2]}".encode("utf-8"))
md5_passwd = md5.hexdigest()
try:
sql = "UPDATE admin SET password=%s WHERE id=%s"
mysqldb.execute(sql, (md5_passwd, user_id))
mysqlconn.commit()
return json.dumps({"state": "success", "message": "修改成功"})
except Exception as e:
return json.dumps({"state": "fail", "message": "服务器异常"})
else:
return json.dumps({"state": "fail", "message": "密码有误"})
def user_home(user_id):
userdata = json.loads(redisdb.get(request.cookies["token"]))
operator_id = userdata["id"]
operator_auth = userdata["auth_class"]
if operator_id == user_id:
operator_otpkey = userdata["OTP_key"]
otp_url = pyotp.totp.TOTP(operator_otpkey).provisioning_uri(
f"{operator_id}@sues.edu.cn", issuer_name="qq_bot_service")
return render_template("user_personal.html",
s_id=operator_id,
usertype=operator_auth,
otpuri=otp_url)
else:
if operator_auth > 0:
return "<h1>无权访问</h1>"
else:
sql = "SELECT * FROM admin WHERE id=%s"
mysqldb.execute(sql, (user_id))
data = mysqldb.fetchall()[0]
return render_template("user_root.html",
s_id=data[0],
usertype=data[-2])
def respond_private(privateMessageHandles,context,bot):
key = str(context["sender"]["user_id"]) + "pm"
exc_state = False
while True:
#预加载
if redisdb.exists(key):#尝试加载缓存,恢复会话
event_data = json.loads(redisdb.get(key))
context["signal"] = event_data[0]["signal"]
context["inherited"] = event_data[0]["inherited"]
else:#全新会话
event_data=[]
context["signal"] = context["message"]
#开始遍历
#print(event_data)
state = "finish"
for plugin in privateMessageHandles:#遍历插件
if re.search(plugin[0],context["signal"]):
exc_state = True
logging.info("event take by {}".format(plugin[0]))
state,data = plugin[1](context,bot)
#print(plugin)
sample_active_word = plugin[2]
break
#状态检测
if state == "finish":
if len(event_data) <= 1:
redisdb.delete(key)
break#会话正常结束,缓存清除
else:
event_data.pop(0)
redisdb.set(key,json.dumps(event_data))
redisdb.expire(key,300)
# 跳回到原先插件,缓存覆盖
elif state == "break":
redisdb.delete(key)
bot.send(context,"该会话被一个服务强制中断")
break#强制中断,缓存清除
elif state == 'continue':
if len(event_data) == 0:
new_data = {"signal": sample_active_word,
"inherited": data["inherited"]}
event_data.insert(0,new_data)
redisdb.set(key, json.dumps(event_data))
redisdb.expire(key, 300)
break#等待用户应答,缓存覆盖
else:
event_data[0]["inherited"] = data["inherited"]
redisdb.set(key, json.dumps(event_data))
redisdb.expire(key, 300)
break#等待用户应答,缓存覆盖
elif state == 'redirect':
if len(event_data) == 0:
new_data = {"signal": sample_active_word,
"inherited": data["inherited"]}
event_data.insert(0,new_data)
else:
event_data[0]["inherited"] = data["inherited"]
new_data={"signal":data["target_sample"],
"inherited":data["redirect_init"]}
event_data.insert(0,new_data)
redisdb.set(key, json.dumps(event_data))
redisdb.expire(key, 300)
# 跳转到新插件,缓存覆盖
else:
redisdb.delete(key)
bot.send("服务器发生内部错误,请稍后重试")
break
#print(event_data)
return exc_state
def frame():
data = json.loads(redisdb.get(request.cookies["token"]))
return render_template("frame.html",
private_plugin=private_plugin,
group_plugin=group_plugin,
username=data["id"])