def pc_validate_captcha(): gt = GeetestLib(pc_geetest_id, pc_geetest_key) challenge = request.form[gt.FN_CHALLENGE] validate = request.form[gt.FN_VALIDATE] seccode = request.form[gt.FN_SECCODE] status = session[gt.GT_STATUS_SESSION_KEY] user_id = session["user_id"] if status: result = gt.success_validate(challenge, validate, seccode, user_id) else: result = gt.failback_validate(challenge, validate, seccode) result = "<html><body><h1>登录成功</h1></body></html>" if result else "<html><body><h1>登录失败</h1></body></html>" return result
def validate_capthca(request): gt = GeetestLib(settings.GEETEST_CAPTCHAID, settings.GEETEST_PRIVATEKEY) status = request.session[gt.GT_STATUS_SESSION_KEY] challenge = request.POST[gt.FN_CHALLENGE] validate = request.POST[gt.FN_VALIDATE] seccode = request.POST[gt.FN_SECCODE] if status: result = gt.success_validate(challenge, validate, seccode) else: result = gt.failback_validate(challenge, validate, seccode) request.session['isValidated'] = result result = stateCode.SUCCESS if result else stateCode.ERROR return JsonResponse({'state': result, 'info': _('validate failed')})
def validate_captcha(request): if request.is_ajax: gt = GeetestLib(settings.CAPTCHA_PUB, settings.CAPTCHA_PRI) status = request.session[gt.GT_STATUS_SESSION_KEY] challenge = request.POST['challenge'] validate = request.POST['validate'] seccode = request.POST['seccode'] if status: result = gt.success_validate(challenge, validate, seccode) else: result = gt.failback_validate(challenge, validate, seccode) return OKAY if result else FAIL return ERROR
def ajax_validate(): gt = GeetestLib(captcha_id, private_key) challenge = request.form[gt.FN_CHALLENGE] validate = request.form[gt.FN_VALIDATE] seccode = request.form[gt.FN_SECCODE] status = session[gt.GT_STATUS_SESSION_KEY] if status: result = gt.success_validate(challenge, validate, seccode) else: result = gt.failback_validate(challenge, validate, seccode) return result
def validate_capthca(): gt = GeetestLib(captcha_id, private_key) challenge = request.form[gt.FN_CHALLENGE] validate = request.form[gt.FN_VALIDATE] seccode = request.form[gt.FN_SECCODE] status = session[gt.GT_STATUS_SESSION_KEY] user_id = session["user_id"] if status: result = gt.success_validate(challenge, validate, seccode, user_id) else: result = gt.failback_validate(challenge, validate, seccode) result = "success" if result else "fail" return result
def mobile_ajax_validate(): gt = GeetestLib(mobile_geetest_id,mobile_geetest_key) challenge = request.form[gt.FN_CHALLENGE] validate = request.form[gt.FN_VALIDATE] seccode = request.form[gt.FN_SECCODE] status = session[gt.GT_STATUS_SESSION_KEY] user_id = session["user_id"] if status: result = gt.success_validate(challenge, validate, seccode, user_id,data='',userinfo='') else: result = gt.failback_validate(challenge, validate, seccode) result = {"status":"success"} if result else {"status":"fail"} return json.dumps(result)
def post(self): gt = GeetestLib(pc_geetest_id, pc_geetest_key) challenge = self.get_argument(gt.FN_CHALLENGE, "") validate = self.get_argument(gt.FN_VALIDATE, "") seccode = self.get_argument(gt.FN_SECCODE, "") status = self.session[gt.GT_STATUS_SESSION_KEY] user_id = self.session["user_id"] if status: result = gt.success_validate(challenge, validate, seccode, user_id) else: result = gt.failback_validate(challenge, validate, seccode) self.session["user_id"] = user_id result = "<html><body><h1>登录成功</h1></body></html>" if result else "<html><body><h1>登录失败</h1></body></html>" self.write(result)
def post(self): gt = GeetestLib(mobile_geetest_id, mobile_geetest_key) challenge = self.get_argument(gt.FN_CHALLENGE, "") validate = self.get_argument(gt.FN_VALIDATE, "") seccode = self.get_argument(gt.FN_SECCODE, "") status = self.session[gt.GT_STATUS_SESSION_KEY] user_id = self.session["user_id"] if status: result = gt.success_validate(challenge, validate, seccode, user_id) else: result = gt.failback_validate(challenge, validate, seccode) self.session["user_id"] = user_id result = result = {"status":"success"} if result else {"status":"fail"} self.write(json.dumps(result))
def ajax_validate(request): if request.method == "POST": gt = GeetestLib(captcha_id, private_key) challenge = request.POST.get(gt.FN_CHALLENGE, '') validate = request.POST.get(gt.FN_VALIDATE, '') seccode = request.POST.get(gt.FN_SECCODE, '') status = request.session[gt.GT_STATUS_SESSION_KEY] user_id = request.session["user_id"] if status: result = gt.success_validate(challenge, validate, seccode, user_id) else: result = gt.failback_validate(challenge, validate, seccode) result = {"status":"success"} if result else {"status":"fail"} return HttpResponse(json.dumps(result)) return HttpResponse("error")
def validate(request): if request.method == "POST": gt = GeetestLib(captcha_id, private_key) challenge = request.POST.get(gt.FN_CHALLENGE, '') validate = request.POST.get(gt.FN_VALIDATE, '') seccode = request.POST.get(gt.FN_SECCODE, '') status = request.session[gt.GT_STATUS_SESSION_KEY] user_id = request.session["user_id"] if status: result = gt.success_validate(challenge, validate, seccode, user_id) else: result = gt.failback_validate(challenge, validate, seccode) result = "<html><body><h1>登录成功</h1></body></html>" if result else "<html><body><h1>登录失败</h1></body></html>" return HttpResponse(result) return HttpResponse("error")
def validate_capthca(): session['vote'] = 0 gt = GeetestLib(captcha_id, private_key) challenge = request.form[gt.FN_CHALLENGE] validate = request.form[gt.FN_VALIDATE] seccode = request.form[gt.FN_SECCODE] status = session[gt.GT_STATUS_SESSION_KEY] user_id = session["user_id"] session['refer'] = request.referrer if status: result = gt.success_validate(challenge, validate, seccode, user_id) else: result = gt.failback_validate(challenge, validate, seccode) result = "success" if result else "fail" if result == "success": session['vote'] = 1 return redirect(session['refer']) else: flash("验证码错误!") return redirect(session['refer'])
def validate_capthca(): if request.method == "POST": gt = GeetestLib(captcha_id, private_key) challenge = request.form[gt.FN_CHALLENGE] validate = request.form[gt.FN_VALIDATE] seccode = request.form[gt.FN_SECCODE] status = session[gt.GT_STATUS_SESSION_KEY] user_id = session.get("user_id", None) if status: result = gt.success_validate(challenge, validate, seccode, user_id) else: result = gt.failback_validate(challenge, validate, seccode) if result: # 验证安全,完成登录 _user = redis_store.get("pre_login") if _user: session["logged_in"] = _user # 验证安全,完成添加留言 _body = redis_store.hgetall("pre_add_msg") if _body: title = _body.get("title") message = _body.get("message") user = User.query.filter_by( username=session["logged_in"]).first() msg = Message(title=title, body=message, user=user) db.session.add(msg) db.session.commit() return redirect("/") else: return redirect("/login") return render_template("validate.html")
def login(request): # if request.is_ajax(): # 如果是AJAX请求 if request.method == "POST": # 初始化一个给AJAX返回的数据 ret = {"status": 0, "msg": ""} # 从提交过来的数据中 取到用户名和密码 username = request.POST.get("username") pwd = request.POST.get("password") # 获取极验 滑动验证码相关的参数 gt = GeetestLib(pc_geetest_id, pc_geetest_key) challenge = request.POST.get(gt.FN_CHALLENGE, '') validate = request.POST.get(gt.FN_VALIDATE, '') seccode = request.POST.get(gt.FN_SECCODE, '') status = request.session[gt.GT_STATUS_SESSION_KEY] user_id = request.session["user_id"] if status: result = gt.success_validate(challenge, validate, seccode, user_id) else: result = gt.failback_validate(challenge, validate, seccode) if result: # 验证码正确 # 利用auth模块做用户名和密码的校验 user = auth.authenticate(username=username, password=pwd) if user: # 用户名密码正确 # 给用户做登录 auth.login(request, user) ret["msg"] = "/index/" else: # 用户名密码错误 ret["status"] = 1 ret["msg"] = "用户名或密码错误!" else: ret["status"] = 1 ret["msg"] = "验证码错误" return JsonResponse(ret) return render(request, "01html/01login.html")
def submit(user_id, dummy=None): if request.method != 'POST': return render_template('submit.html', user_id=user_id) gt = GeetestLib(pc_geetest_id, pc_geetest_key) challenge = request.form[gt.FN_CHALLENGE] validate = request.form[gt.FN_VALIDATE] seccode = request.form[gt.FN_SECCODE] status = session.get(gt.GT_STATUS_SESSION_KEY, None) if status: success = gt.success_validate(challenge, validate, seccode, user_id) del session[gt.GT_STATUS_SESSION_KEY] else: success = False if not success: flash("验证失败") return render_template('submit.html', user_id=user_id) url = request.form.get('url', '').strip() if len(url) == 0: flash("内容为空") return render_template('submit.html', user_id=user_id) url_pattern = url_for('.base_path', user_id=user_id, _external=True) if not url.startswith(url_pattern): flash("URL必须以{}为开头".format(url_pattern)) return render_template('submit.html', user_id=user_id) ret = spawn_chrome(user_id, url_pattern, url, request.headers['Host'], app) if ret is None: flash("Jumbo已经看过你提交的链接了.") return redirect(url_for('.home', user_id=user_id)) app.logger.exception(ret) flash("Unexpected error occurred") return render_template('submit.html', user_id=user_id)
def login(request): if request.method == "POST": # 初始化登录状态字典 ret = {'status': False, 'mes': None} # 获取极验所需验证信息 gt = GeetestLib(pc_geetest_id, pc_geetest_key) challenge = request.POST.get(gt.FN_CHALLENGE, '') validate = request.POST.get(gt.FN_VALIDATE, '') seccode = request.POST.get(gt.FN_SECCODE, '') status = request.session[gt.GT_STATUS_SESSION_KEY] user_id = request.session["user_id"] # 判断验证码是否正确 if status: result = gt.success_validate(challenge, validate, seccode, user_id) else: result = gt.failback_validate(challenge, validate, seccode) # 如果验证码正确,获取用户数据 if result: # print(request.POST.get('username')) # print(request.POST.get('userpass')) userinfo = myforms.Login(request.POST) # 通过校验 if userinfo.is_valid(): request.session['login_user_name'] = userinfo.cleaned_data[ 'username'] ret['status'] = True ret['mes'] = '/index/' else: ret['mes'] = userinfo.errors # print(ret) return HttpResponse(json.dumps(ret)) elif request.method == 'GET': form_obj = myforms.Login() return render(request, 'login.html', {'forms_obj': form_obj})
def login(request): # 初始化一个给AJAX返回的数据 ret = {"status": 0, "msg": ""} if request.method == "POST": next = request.POST.get("next") print(next) user = request.POST.get("username") pwd = request.POST.get("password") # 获取极验 验证码相关的参数 gt = GeetestLib(pc_geetest_id, pc_geetest_key) challenge = request.POST.get(gt.FN_CHALLENGE, '') validate = request.POST.get(gt.FN_VALIDATE, '') seccode = request.POST.get(gt.FN_SECCODE, '') status = request.session[gt.GT_STATUS_SESSION_KEY] user_id = request.session["user_id"] if status: result = gt.success_validate(challenge, validate, seccode, user_id) else: result = gt.failback_validate(challenge, validate, seccode) if result: # 判断用户名密码是否正确 user = auth.authenticate(username=user, password=pwd) if user: # 将登陆的用户封装到request.user auth.login(request, user) if next: ret["msg"] = next else: ret["msg"] = "/index/" else: ret["status"] = 1 ret["msg"] = "用户名或密码错误" else: ret["status"] = 1 ret["msg"] = "验证码错误" return JsonResponse(ret) return render(request, "login.html")
def post(self, request): res = BaseResponse() gt = GeetestLib(pc_geetest_id, pc_geetest_key) username = request.data.get("username", "") pwd = request.data.get("pwd", "") challenge = request.data.get("geetest_challenge", '') validate = request.data.get("geetest_validate", '') seccode = request.data.get("geetest_seccode", '') # status = request.session.get(gt.GT_STATUS_SESSION_KEY) status = 1 # user_id = request.session.get("user_id") user_id = "test" if status: result = gt.success_validate(challenge, validate, seccode, user_id) else: result = gt.failback_validate(challenge, validate, seccode) if result: user = Account.objects.filter(username=username, pwd=pwd).first() if not user: res.code = 1030 res.error = "用户名或密码错误" else: token = str(uuid.uuid4()).replace("-", "") try: conn = redis.Redis(connection_pool=POOL) # conn.set(token, user.id, ex=36000) conn.set(token, user.id) res.code = 1000 res.data = {"username": user.username, "token": token, "avatar": user.head_img} except Exception as e: res.code = 1033 res.error = "创建token失败,reason:" + str(e) else: res.code = 1001 res.error = "二次验证失败" return Response(res.dict)
def validate_capthca(): if request.method == "POST": gt = GeetestLib(captcha_id, private_key) challenge = request.form[gt.FN_CHALLENGE] validate = request.form[gt.FN_VALIDATE] seccode = request.form[gt.FN_SECCODE] status = session[gt.GT_STATUS_SESSION_KEY] user_id = session.get("user_id", None) if status: result = gt.success_validate(challenge, validate, seccode, user_id) else: result = gt.failback_validate(challenge, validate, seccode) if result: # 验证安全,完成登录 _user = redis_store.get("pre_login") if _user: session["logged_in"] = _user # 验证安全,完成添加留言 _body = redis_store.hgetall("pre_add_msg") if _body: title = _body.get("title") message = _body.get("message") user = User.query.filter_by(username = session["logged_in"]).first() msg = Message(title=title, body=message, user = user) db.session.add(msg) db.session.commit() return redirect("/") else: return redirect("/login") return render_template("validate.html")
def post(self): next_url = self.get_argument('next', '/cms/') try: gt = GeetestLib(GT_ID, GT_KEY) challenge = self.get_argument(gt.FN_CHALLENGE, "") validate = self.get_argument(gt.FN_VALIDATE, "") seccode = self.get_argument(gt.FN_SECCODE, "") status = int(self.session[gt.GT_STATUS_SESSION_KEY]) user_id = self.session["user_id"] password = self.get_argument('password') password = make_password(password) if status: verify_res = gt.success_validate(challenge, validate, seccode, user_id) else: verify_res = gt.failback_validate(challenge, validate, seccode) self.session["user_id"] = user_id if verify_res: try: user_email = self.get_argument('user_email') cms_user_coll = BaseMotor( ).client[MongoBasicInfoDb][CMS_USER] cms_user_doc = yield cms_user_coll.find_one( {"_id": user_email}) if not cms_user_doc: self.render("cms/user_login.html", msg="账户不存在", next_url=next_url) else: pwd = cms_user_doc['password'] status = cms_user_doc['status'] if status == bool(False): self.render("cms/user_login.html", msg="此用户已被禁用", next_url=next_url) if pwd == password: self.session['current_email'] = user_email self.session['role'] = cms_user_doc['role'] self.session['permission'] = cms_user_doc[ 'permission'] self.session['username'] = cms_user_doc[ 'user_name'] self.set_secure_cookie("user", user_email + cms_user_doc['role'], expires_days=1) self.redirect(next_url) else: msg = "此账号密码有误,请重新输入!" self.render("cms/user_login.html", msg=msg, next_url=next_url) except Exception as e: logging.exception(e) msg = "账户出现异常!" self.render("cms/user_login.html", msg=msg, next_url=next_url) else: msg = '验证码验证失败,请重新验证' self.render("cms/user_login.html", msg=msg, next_url=next_url) except Exception as e: logging.exception(e) msg = '验证码参数获取异常,请稍后重试' self.render("cms/user_login.html", msg=msg, next_url=next_url)
seccode = form[gt.FN_SECCODE].value # 读取用户 cookies 里面的 status 和 user_id # 是的,没有轮子可以用,只能自己造 cookies = {} for cookie in os.getenv('HTTP_COOKIE').split('; '): cookie = cookie.split('=') cookies[cookie[0]] = cookie[1] status = cookies[gt.GT_STATUS_SESSION_KEY] user_id = cookies['user_id'] # 通过状态判定极验服务器是否宕机,如果没有宕机,执行上面方案 # result:值为 1 或 0 # 1 表示验证成功,0 表示失败 if status: result = gt.success_validate(challenge, validate, seccode, user_id) else: result = gt.failback_validate(challenge, validate, seccode) # 断言(什么?你说给为什么不给玩家返回一个验证码错误的提示界面?) assert result == 1 # 标题获取 title = form['title'].value # 标签获取,因为可以为空,也可能是数组,判定较为复杂 tags = [] try: tags = form['inlineCheckbox'].value except AttributeError: for i in form['inlineCheckbox']:
def post(self, request): username = request.POST.get("username") pwd = request.POST.get("pwd") # 验证码验证 gt = GeetestLib(pc_geetest_id, pc_geetest_key) challenge = request.POST.get(gt.FN_CHALLENGE, '') validate = request.POST.get(gt.FN_VALIDATE, '') seccode = request.POST.get(gt.FN_SECCODE, '') status = request.session[gt.GT_STATUS_SESSION_KEY] user_id = request.session["user_id"] if status: result = gt.success_validate(challenge, validate, seccode, user_id) else: result = gt.failback_validate(challenge, validate, seccode) if result: if not all([username, pwd]): response = {"statu": 1, "err": "数据不完整"} return JsonResponse(response) user = authenticate(username=username, password=pwd) if not user: response = {"statu": 1, "err": "用户名或者密码错误"} return JsonResponse(response) li(request, user) user_id = request.user.id user = UserInfo.objects.get(id=user_id) roles = Role.objects.filter(userinfo=user) # <QuerySet [{'permission__url': '/', 'permission__group__id': 1, 'permission__operation': 'list'}]> permissions = roles.values("permission__url", "permission__group__id", "permission__operation").distinct() p = [] # 查询用户的所有权限并且注册到session中去 方案一 # for permission in permissions: # for k, v in permission.items(): # p.append(v) # request.session["permissions"] = p # 查询用户的所有权限并且注册到session中去 方案二 permission_dict = {} for permission in permissions: permission__group__id = permission["permission__group__id"] permission__url = permission["permission__url"] permission__operation = permission["permission__operation"] if permission__group__id not in permission_dict: permission_dict[permission__group__id] = { "url": [permission__url], "operation": [permission__operation] } else: print(permission__group__id) permission_dict[permission__group__id]["url"].append( permission__url) permission_dict[permission__group__id]["operation"].append( permission__operation) request.session["permission_dict"] = permission_dict next_url = request.GET.get("next", reverse("index")) response = {"statu": 0, "next_url": next_url} return JsonResponse(response) else: response = {"statu": 1, "err": "验证码错误"} return JsonResponse(response)
def admin_check(request): """ 检测登录返回状态 :param request: :return: """ # 账号 account = request.POST.get('username', None).strip() # 密码 pwd = request.POST.get('password', None).strip() # 极验 验证start gt = GeetestLib(settings.GEETEST['id'], settings.GEETEST['key']) challenge = request.POST.get(gt.FN_CHALLENGE, '') validate = request.POST.get(gt.FN_VALIDATE, '') seccode = request.POST.get(gt.FN_SECCODE, '') status = request.session[gt.GT_STATUS_SESSION_KEY] user_id = request.session["user_id"] if status: result = gt.success_validate(challenge, validate, seccode, user_id) else: result = gt.failback_validate(challenge, validate, seccode) # 极验 验证end # result: True验证通过,False 验证没有通过 if not result: return JsonResponse(lscommon.get_json_error('验证码错误', 1001)) # # 验证码 # code = request.POST.get('code').strip() # # 判断验证码是否存在 # if not code: # return '验证码不能为空!' # # 验证码是否输入正确 # if code.lower() != request.session.get('verifys').lower(): # return '验证码不正确,请重新输入!' # 账号 或者密码不能为空 if not account or not pwd: return JsonResponse(lscommon.get_json_error('账号或者密码不能为空!', 1002)) # 从数据库获取指定账号的信息 adminInfo = Admin.objects.filter(account=account).values('id', 'account', 'pwd', 'login_ip', 'login_num') if len(adminInfo) <= 0: return JsonResponse(lscommon.get_json_error('该账号不存在!', 1003)) # 对前台传递过来的密码进行hash pwd = settings.SALT + pwd + settings.SALT # 参与哈希运算 md5 = hashlib.md5() md5.update(pwd.encode('utf-8')) # 获取哈希后的密文 pwd = md5.hexdigest() # 验证密码是否正确 if adminInfo[0]['pwd'] != pwd: return JsonResponse(lscommon.get_json_error('密码错误!', 1004)) # 生成令牌的字符串 sign = settings.SALT + str(datetime.time()) + settings.SALT # 参与哈希运算 md5 = hashlib.md5() md5.update(sign.encode('utf-8')) # 获取哈希后的密文 access_token = md5.hexdigest() # 当用户登录成功时 要保存当前用户的身份令牌 admin = Admin.objects.get(id=adminInfo[0]['id']) admin.access_token = access_token admin.save() result = { "code": 0 , "msg": "登录成功" , "data": { "access_token": access_token } } return JsonResponse(result)