def pc_validate_captcha():
gt = GeetestLib(pc_geetest_id, pc_geetest_key)
challenge = request.form[gt.FN_CHALLENGE]
validate = request.form[gt.FN_VALIDATE]
seccode = request.form[gt.FN_SECCODE]
status = session[gt.GT_STATUS_SESSION_KEY]
user_id = session["user_id"]
if status:
result = gt.success_validate(challenge, validate, seccode, user_id)
else:
result = gt.failback_validate(challenge, validate, seccode)
result = "<html><body><h1>登录成功</h1></body></html>" if result else "<html><body><h1>登录失败</h1></body></html>"
return result
def validate_capthca(request):
gt = GeetestLib(settings.GEETEST_CAPTCHAID, settings.GEETEST_PRIVATEKEY)
status = request.session[gt.GT_STATUS_SESSION_KEY]
challenge = request.POST[gt.FN_CHALLENGE]
validate = request.POST[gt.FN_VALIDATE]
seccode = request.POST[gt.FN_SECCODE]
if status:
result = gt.success_validate(challenge, validate, seccode)
else:
result = gt.failback_validate(challenge, validate, seccode)
request.session['isValidated'] = result
result = stateCode.SUCCESS if result else stateCode.ERROR
return JsonResponse({'state': result, 'info': _('validate failed')})
def validate_captcha(request):
if request.is_ajax:
gt = GeetestLib(settings.CAPTCHA_PUB, settings.CAPTCHA_PRI)
status = request.session[gt.GT_STATUS_SESSION_KEY]
challenge = request.POST['challenge']
validate = request.POST['validate']
seccode = request.POST['seccode']
if status:
result = gt.success_validate(challenge, validate, seccode)
else:
result = gt.failback_validate(challenge, validate, seccode)
return OKAY if result else FAIL
return ERROR
def ajax_validate():
gt = GeetestLib(captcha_id, private_key)
challenge = request.form[gt.FN_CHALLENGE]
validate = request.form[gt.FN_VALIDATE]
seccode = request.form[gt.FN_SECCODE]
status = session[gt.GT_STATUS_SESSION_KEY]
if status:
result = gt.success_validate(challenge, validate, seccode)
else:
result = gt.failback_validate(challenge, validate, seccode)
return result
def validate_capthca():
gt = GeetestLib(captcha_id, private_key)
challenge = request.form[gt.FN_CHALLENGE]
validate = request.form[gt.FN_VALIDATE]
seccode = request.form[gt.FN_SECCODE]
status = session[gt.GT_STATUS_SESSION_KEY]
user_id = session["user_id"]
if status:
result = gt.success_validate(challenge, validate, seccode, user_id)
else:
result = gt.failback_validate(challenge, validate, seccode)
result = "success" if result else "fail"
return result
def mobile_ajax_validate():
gt = GeetestLib(mobile_geetest_id,mobile_geetest_key)
challenge = request.form[gt.FN_CHALLENGE]
validate = request.form[gt.FN_VALIDATE]
seccode = request.form[gt.FN_SECCODE]
status = session[gt.GT_STATUS_SESSION_KEY]
user_id = session["user_id"]
if status:
result = gt.success_validate(challenge, validate, seccode, user_id,data='',userinfo='')
else:
result = gt.failback_validate(challenge, validate, seccode)
result = {"status":"success"} if result else {"status":"fail"}
return json.dumps(result)
def post(self):
gt = GeetestLib(pc_geetest_id, pc_geetest_key)
challenge = self.get_argument(gt.FN_CHALLENGE, "")
validate = self.get_argument(gt.FN_VALIDATE, "")
seccode = self.get_argument(gt.FN_SECCODE, "")
status = self.session[gt.GT_STATUS_SESSION_KEY]
user_id = self.session["user_id"]
if status:
result = gt.success_validate(challenge, validate, seccode, user_id)
else:
result = gt.failback_validate(challenge, validate, seccode)
self.session["user_id"] = user_id
result = "<html><body><h1>登录成功</h1></body></html>" if result else "<html><body><h1>登录失败</h1></body></html>"
self.write(result)
def post(self):
gt = GeetestLib(mobile_geetest_id, mobile_geetest_key)
challenge = self.get_argument(gt.FN_CHALLENGE, "")
validate = self.get_argument(gt.FN_VALIDATE, "")
seccode = self.get_argument(gt.FN_SECCODE, "")
status = self.session[gt.GT_STATUS_SESSION_KEY]
user_id = self.session["user_id"]
if status:
result = gt.success_validate(challenge, validate, seccode, user_id)
else:
result = gt.failback_validate(challenge, validate, seccode)
self.session["user_id"] = user_id
result = result = {"status":"success"} if result else {"status":"fail"}
self.write(json.dumps(result))
def ajax_validate(request):
if request.method == "POST":
gt = GeetestLib(captcha_id, private_key)
challenge = request.POST.get(gt.FN_CHALLENGE, '')
validate = request.POST.get(gt.FN_VALIDATE, '')
seccode = request.POST.get(gt.FN_SECCODE, '')
status = request.session[gt.GT_STATUS_SESSION_KEY]
user_id = request.session["user_id"]
if status:
result = gt.success_validate(challenge, validate, seccode, user_id)
else:
result = gt.failback_validate(challenge, validate, seccode)
result = {"status":"success"} if result else {"status":"fail"}
return HttpResponse(json.dumps(result))
return HttpResponse("error")
def validate(request):
if request.method == "POST":
gt = GeetestLib(captcha_id, private_key)
challenge = request.POST.get(gt.FN_CHALLENGE, '')
validate = request.POST.get(gt.FN_VALIDATE, '')
seccode = request.POST.get(gt.FN_SECCODE, '')
status = request.session[gt.GT_STATUS_SESSION_KEY]
user_id = request.session["user_id"]
if status:
result = gt.success_validate(challenge, validate, seccode, user_id)
else:
result = gt.failback_validate(challenge, validate, seccode)
result = "<html><body><h1>登录成功</h1></body></html>" if result else "<html><body><h1>登录失败</h1></body></html>"
return HttpResponse(result)
return HttpResponse("error")
def validate_capthca():
session['vote'] = 0
gt = GeetestLib(captcha_id, private_key)
challenge = request.form[gt.FN_CHALLENGE]
validate = request.form[gt.FN_VALIDATE]
seccode = request.form[gt.FN_SECCODE]
status = session[gt.GT_STATUS_SESSION_KEY]
user_id = session["user_id"]
session['refer'] = request.referrer
if status:
result = gt.success_validate(challenge, validate, seccode, user_id)
else:
result = gt.failback_validate(challenge, validate, seccode)
result = "success" if result else "fail"
if result == "success":
session['vote'] = 1
return redirect(session['refer'])
else:
flash("验证码错误!")
return redirect(session['refer'])
def validate_capthca():
if request.method == "POST":
gt = GeetestLib(captcha_id, private_key)
challenge = request.form[gt.FN_CHALLENGE]
validate = request.form[gt.FN_VALIDATE]
seccode = request.form[gt.FN_SECCODE]
status = session[gt.GT_STATUS_SESSION_KEY]
user_id = session.get("user_id", None)
if status:
result = gt.success_validate(challenge, validate, seccode, user_id)
else:
result = gt.failback_validate(challenge, validate, seccode)
if result:
# 验证安全,完成登录
_user = redis_store.get("pre_login")
if _user:
session["logged_in"] = _user
# 验证安全,完成添加留言
_body = redis_store.hgetall("pre_add_msg")
if _body:
title = _body.get("title")
message = _body.get("message")
user = User.query.filter_by(
username=session["logged_in"]).first()
msg = Message(title=title, body=message, user=user)
db.session.add(msg)
db.session.commit()
return redirect("/")
else:
return redirect("/login")
return render_template("validate.html")
def login(request):
# if request.is_ajax(): # 如果是AJAX请求
if request.method == "POST":
# 初始化一个给AJAX返回的数据
ret = {"status": 0, "msg": ""}
# 从提交过来的数据中 取到用户名和密码
username = request.POST.get("username")
pwd = request.POST.get("password")
# 获取极验 滑动验证码相关的参数
gt = GeetestLib(pc_geetest_id, pc_geetest_key)
challenge = request.POST.get(gt.FN_CHALLENGE, '')
validate = request.POST.get(gt.FN_VALIDATE, '')
seccode = request.POST.get(gt.FN_SECCODE, '')
status = request.session[gt.GT_STATUS_SESSION_KEY]
user_id = request.session["user_id"]
if status:
result = gt.success_validate(challenge, validate, seccode, user_id)
else:
result = gt.failback_validate(challenge, validate, seccode)
if result:
# 验证码正确
# 利用auth模块做用户名和密码的校验
user = auth.authenticate(username=username, password=pwd)
if user:
# 用户名密码正确
# 给用户做登录
auth.login(request, user)
ret["msg"] = "/index/"
else:
# 用户名密码错误
ret["status"] = 1
ret["msg"] = "用户名或密码错误!"
else:
ret["status"] = 1
ret["msg"] = "验证码错误"
return JsonResponse(ret)
return render(request, "01html/01login.html")
def submit(user_id, dummy=None):
if request.method != 'POST':
return render_template('submit.html', user_id=user_id)
gt = GeetestLib(pc_geetest_id, pc_geetest_key)
challenge = request.form[gt.FN_CHALLENGE]
validate = request.form[gt.FN_VALIDATE]
seccode = request.form[gt.FN_SECCODE]
status = session.get(gt.GT_STATUS_SESSION_KEY, None)
if status:
success = gt.success_validate(challenge, validate, seccode, user_id)
del session[gt.GT_STATUS_SESSION_KEY]
else:
success = False
if not success:
flash("验证失败")
return render_template('submit.html', user_id=user_id)
url = request.form.get('url', '').strip()
if len(url) == 0:
flash("内容为空")
return render_template('submit.html', user_id=user_id)
url_pattern = url_for('.base_path', user_id=user_id, _external=True)
if not url.startswith(url_pattern):
flash("URL必须以{}为开头".format(url_pattern))
return render_template('submit.html', user_id=user_id)
ret = spawn_chrome(user_id, url_pattern, url, request.headers['Host'], app)
if ret is None:
flash("Jumbo已经看过你提交的链接了.")
return redirect(url_for('.home', user_id=user_id))
app.logger.exception(ret)
flash("Unexpected error occurred")
return render_template('submit.html', user_id=user_id)
def login(request):
if request.method == "POST":
# 初始化登录状态字典
ret = {'status': False, 'mes': None}
# 获取极验所需验证信息
gt = GeetestLib(pc_geetest_id, pc_geetest_key)
challenge = request.POST.get(gt.FN_CHALLENGE, '')
validate = request.POST.get(gt.FN_VALIDATE, '')
seccode = request.POST.get(gt.FN_SECCODE, '')
status = request.session[gt.GT_STATUS_SESSION_KEY]
user_id = request.session["user_id"]
# 判断验证码是否正确
if status:
result = gt.success_validate(challenge, validate, seccode, user_id)
else:
result = gt.failback_validate(challenge, validate, seccode)
# 如果验证码正确,获取用户数据
if result:
# print(request.POST.get('username'))
# print(request.POST.get('userpass'))
userinfo = myforms.Login(request.POST)
# 通过校验
if userinfo.is_valid():
request.session['login_user_name'] = userinfo.cleaned_data[
'username']
ret['status'] = True
ret['mes'] = '/index/'
else:
ret['mes'] = userinfo.errors
# print(ret)
return HttpResponse(json.dumps(ret))
elif request.method == 'GET':
form_obj = myforms.Login()
return render(request, 'login.html', {'forms_obj': form_obj})
def login(request):
# 初始化一个给AJAX返回的数据
ret = {"status": 0, "msg": ""}
if request.method == "POST":
next = request.POST.get("next")
print(next)
user = request.POST.get("username")
pwd = request.POST.get("password")
# 获取极验 验证码相关的参数
gt = GeetestLib(pc_geetest_id, pc_geetest_key)
challenge = request.POST.get(gt.FN_CHALLENGE, '')
validate = request.POST.get(gt.FN_VALIDATE, '')
seccode = request.POST.get(gt.FN_SECCODE, '')
status = request.session[gt.GT_STATUS_SESSION_KEY]
user_id = request.session["user_id"]
if status:
result = gt.success_validate(challenge, validate, seccode, user_id)
else:
result = gt.failback_validate(challenge, validate, seccode)
if result:
# 判断用户名密码是否正确
user = auth.authenticate(username=user, password=pwd)
if user:
# 将登陆的用户封装到request.user
auth.login(request, user)
if next:
ret["msg"] = next
else:
ret["msg"] = "/index/"
else:
ret["status"] = 1
ret["msg"] = "用户名或密码错误"
else:
ret["status"] = 1
ret["msg"] = "验证码错误"
return JsonResponse(ret)
return render(request, "login.html")
def post(self, request):
res = BaseResponse()
gt = GeetestLib(pc_geetest_id, pc_geetest_key)
username = request.data.get("username", "")
pwd = request.data.get("pwd", "")
challenge = request.data.get("geetest_challenge", '')
validate = request.data.get("geetest_validate", '')
seccode = request.data.get("geetest_seccode", '')
# status = request.session.get(gt.GT_STATUS_SESSION_KEY)
status = 1
# user_id = request.session.get("user_id")
user_id = "test"
if status:
result = gt.success_validate(challenge, validate, seccode, user_id)
else:
result = gt.failback_validate(challenge, validate, seccode)
if result:
user = Account.objects.filter(username=username, pwd=pwd).first()
if not user:
res.code = 1030
res.error = "用户名或密码错误"
else:
token = str(uuid.uuid4()).replace("-", "")
try:
conn = redis.Redis(connection_pool=POOL)
# conn.set(token, user.id, ex=36000)
conn.set(token, user.id)
res.code = 1000
res.data = {"username": user.username, "token": token, "avatar": user.head_img}
except Exception as e:
res.code = 1033
res.error = "创建token失败,reason:" + str(e)
else:
res.code = 1001
res.error = "二次验证失败"
return Response(res.dict)
def validate_capthca():
if request.method == "POST":
gt = GeetestLib(captcha_id, private_key)
challenge = request.form[gt.FN_CHALLENGE]
validate = request.form[gt.FN_VALIDATE]
seccode = request.form[gt.FN_SECCODE]
status = session[gt.GT_STATUS_SESSION_KEY]
user_id = session.get("user_id", None)
if status:
result = gt.success_validate(challenge, validate, seccode, user_id)
else:
result = gt.failback_validate(challenge, validate, seccode)
if result:
# 验证安全,完成登录
_user = redis_store.get("pre_login")
if _user:
session["logged_in"] = _user
# 验证安全,完成添加留言
_body = redis_store.hgetall("pre_add_msg")
if _body:
title = _body.get("title")
message = _body.get("message")
user = User.query.filter_by(username = session["logged_in"]).first()
msg = Message(title=title, body=message, user = user)
db.session.add(msg)
db.session.commit()
return redirect("/")
else:
return redirect("/login")
return render_template("validate.html")
def post(self):
next_url = self.get_argument('next', '/cms/')
try:
gt = GeetestLib(GT_ID, GT_KEY)
challenge = self.get_argument(gt.FN_CHALLENGE, "")
validate = self.get_argument(gt.FN_VALIDATE, "")
seccode = self.get_argument(gt.FN_SECCODE, "")
status = int(self.session[gt.GT_STATUS_SESSION_KEY])
user_id = self.session["user_id"]
password = self.get_argument('password')
password = make_password(password)
if status:
verify_res = gt.success_validate(challenge, validate, seccode,
user_id)
else:
verify_res = gt.failback_validate(challenge, validate, seccode)
self.session["user_id"] = user_id
if verify_res:
try:
user_email = self.get_argument('user_email')
cms_user_coll = BaseMotor(
).client[MongoBasicInfoDb][CMS_USER]
cms_user_doc = yield cms_user_coll.find_one(
{"_id": user_email})
if not cms_user_doc:
self.render("cms/user_login.html",
msg="账户不存在",
next_url=next_url)
else:
pwd = cms_user_doc['password']
status = cms_user_doc['status']
if status == bool(False):
self.render("cms/user_login.html",
msg="此用户已被禁用",
next_url=next_url)
if pwd == password:
self.session['current_email'] = user_email
self.session['role'] = cms_user_doc['role']
self.session['permission'] = cms_user_doc[
'permission']
self.session['username'] = cms_user_doc[
'user_name']
self.set_secure_cookie("user",
user_email +
cms_user_doc['role'],
expires_days=1)
self.redirect(next_url)
else:
msg = "此账号密码有误,请重新输入!"
self.render("cms/user_login.html",
msg=msg,
next_url=next_url)
except Exception as e:
logging.exception(e)
msg = "账户出现异常!"
self.render("cms/user_login.html",
msg=msg,
next_url=next_url)
else:
msg = '验证码验证失败,请重新验证'
self.render("cms/user_login.html", msg=msg, next_url=next_url)
except Exception as e:
logging.exception(e)
msg = '验证码参数获取异常,请稍后重试'
self.render("cms/user_login.html", msg=msg, next_url=next_url)
seccode = form[gt.FN_SECCODE].value
# 读取用户 cookies 里面的 status 和 user_id
# 是的,没有轮子可以用,只能自己造
cookies = {}
for cookie in os.getenv('HTTP_COOKIE').split('; '):
cookie = cookie.split('=')
cookies[cookie[0]] = cookie[1]
status = cookies[gt.GT_STATUS_SESSION_KEY]
user_id = cookies['user_id']
# 通过状态判定极验服务器是否宕机,如果没有宕机,执行上面方案
# result:值为 1 或 0
# 1 表示验证成功,0 表示失败
if status:
result = gt.success_validate(challenge, validate, seccode, user_id)
else:
result = gt.failback_validate(challenge, validate, seccode)
# 断言(什么?你说给为什么不给玩家返回一个验证码错误的提示界面?)
assert result == 1
# 标题获取
title = form['title'].value
# 标签获取,因为可以为空,也可能是数组,判定较为复杂
tags = []
try:
tags = form['inlineCheckbox'].value
except AttributeError:
for i in form['inlineCheckbox']:
def post(self, request):
username = request.POST.get("username")
pwd = request.POST.get("pwd")
# 验证码验证
gt = GeetestLib(pc_geetest_id, pc_geetest_key)
challenge = request.POST.get(gt.FN_CHALLENGE, '')
validate = request.POST.get(gt.FN_VALIDATE, '')
seccode = request.POST.get(gt.FN_SECCODE, '')
status = request.session[gt.GT_STATUS_SESSION_KEY]
user_id = request.session["user_id"]
if status:
result = gt.success_validate(challenge, validate, seccode, user_id)
else:
result = gt.failback_validate(challenge, validate, seccode)
if result:
if not all([username, pwd]):
response = {"statu": 1, "err": "数据不完整"}
return JsonResponse(response)
user = authenticate(username=username, password=pwd)
if not user:
response = {"statu": 1, "err": "用户名或者密码错误"}
return JsonResponse(response)
li(request, user)
user_id = request.user.id
user = UserInfo.objects.get(id=user_id)
roles = Role.objects.filter(userinfo=user)
# <QuerySet [{'permission__url': '/', 'permission__group__id': 1, 'permission__operation': 'list'}]>
permissions = roles.values("permission__url",
"permission__group__id",
"permission__operation").distinct()
p = []
# 查询用户的所有权限并且注册到session中去 方案一
# for permission in permissions:
# for k, v in permission.items():
# p.append(v)
# request.session["permissions"] = p
# 查询用户的所有权限并且注册到session中去 方案二
permission_dict = {}
for permission in permissions:
permission__group__id = permission["permission__group__id"]
permission__url = permission["permission__url"]
permission__operation = permission["permission__operation"]
if permission__group__id not in permission_dict:
permission_dict[permission__group__id] = {
"url": [permission__url],
"operation": [permission__operation]
}
else:
print(permission__group__id)
permission_dict[permission__group__id]["url"].append(
permission__url)
permission_dict[permission__group__id]["operation"].append(
permission__operation)
request.session["permission_dict"] = permission_dict
next_url = request.GET.get("next", reverse("index"))
response = {"statu": 0, "next_url": next_url}
return JsonResponse(response)
else:
response = {"statu": 1, "err": "验证码错误"}
return JsonResponse(response)
def admin_check(request):
"""
检测登录返回状态
:param request:
:return:
"""
# 账号
account = request.POST.get('username', None).strip()
# 密码
pwd = request.POST.get('password', None).strip()
# 极验 验证start
gt = GeetestLib(settings.GEETEST['id'], settings.GEETEST['key'])
challenge = request.POST.get(gt.FN_CHALLENGE, '')
validate = request.POST.get(gt.FN_VALIDATE, '')
seccode = request.POST.get(gt.FN_SECCODE, '')
status = request.session[gt.GT_STATUS_SESSION_KEY]
user_id = request.session["user_id"]
if status:
result = gt.success_validate(challenge, validate, seccode, user_id)
else:
result = gt.failback_validate(challenge, validate, seccode)
# 极验 验证end
# result: True验证通过,False 验证没有通过
if not result:
return JsonResponse(lscommon.get_json_error('验证码错误', 1001))
# # 验证码
# code = request.POST.get('code').strip()
# # 判断验证码是否存在
# if not code:
# return '验证码不能为空!'
# # 验证码是否输入正确
# if code.lower() != request.session.get('verifys').lower():
# return '验证码不正确,请重新输入!'
# 账号 或者密码不能为空
if not account or not pwd:
return JsonResponse(lscommon.get_json_error('账号或者密码不能为空!', 1002))
# 从数据库获取指定账号的信息
adminInfo = Admin.objects.filter(account=account).values('id', 'account', 'pwd', 'login_ip', 'login_num')
if len(adminInfo) <= 0:
return JsonResponse(lscommon.get_json_error('该账号不存在!', 1003))
# 对前台传递过来的密码进行hash
pwd = settings.SALT + pwd + settings.SALT
# 参与哈希运算
md5 = hashlib.md5()
md5.update(pwd.encode('utf-8'))
# 获取哈希后的密文
pwd = md5.hexdigest()
# 验证密码是否正确
if adminInfo[0]['pwd'] != pwd:
return JsonResponse(lscommon.get_json_error('密码错误!', 1004))
# 生成令牌的字符串
sign = settings.SALT + str(datetime.time()) + settings.SALT
# 参与哈希运算
md5 = hashlib.md5()
md5.update(sign.encode('utf-8'))
# 获取哈希后的密文
access_token = md5.hexdigest()
# 当用户登录成功时 要保存当前用户的身份令牌
admin = Admin.objects.get(id=adminInfo[0]['id'])
admin.access_token = access_token
admin.save()
result = {
"code": 0
, "msg": "登录成功"
, "data": {
"access_token": access_token
}
}
return JsonResponse(result)
