Esempio n. 1
0
    def POST(self):
        i = web.input()
        if i.has_key('email'):
            user = site_helper.getModel('User').getByEmail(i.email.strip())
            if user is not None:
                reset_model = site_helper.getModel('ResetPasswdCode')
                reset = reset_model.getACode(user.Userid)
                reset_model.updateACode(user.Userid, reset)
                reset_model.sendACode(user, reset)
            return page_helper.success('发送成功,查收您的邮箱.', '/')
        elif i.has_key('password'):
            user_id = site_helper.getUrlParams(site_helper.getEnv('HTTP_REFERER'))['userid']
            post_code = site_helper.getUrlParams(site_helper.getEnv('HTTP_REFERER'))['rcode']

            user_model = site_helper.getModel('User')
            code_model = site_helper.getModel('ResetPasswdCode')
            user = user_model.get(user_id)

            if user is not None:
                code = code_model.getByUserid(user_id)
                if code is not None and code.acode == post_code and ((datetime.now() - code.created).seconds < 3600*24):
                    assert(len(i.password) > 0)
                    user_model.resetPassword(user_id, i.password)
                    code_model.deleteByUserid(user_id)
                    site_helper.login(user)
                    return page_helper.success('重设密码成功,已登录.', '/')
                else:
                    return page_helper.failed('本重置密码链接已使用或已过期,请重新申请.','/accounts/forget')
            else:
                return page_helper.redirectToLogin()
        else:
            return page_helper.redirect404();
Esempio n. 2
0
    def POST(self, inputs=None):
        if not inputs: inputs = sh.inputs()
        assert(inputs.get('email', '').strip())
        assert(inputs.get('password', ''))

        uc = sh.ctrl('User')
        model = sh.model('User')
        action = sh.getEnv('REQUEST_URI').partition('?')[0].strip('/')

        if action == 'login':
            if not uc.validate(inputs.email, inputs.password):
                return sh.page.user.Login('您输入的用户名或密码不对, 请重新输入', inputs.email)

            user = model.getByEmail(inputs.email)

            if user.dead == 'yes':
                return sh.alert('登录失败,你已被列入黑名单,请联系管理员')

            uc.login(user, inputs.get('remember_me', '') == 'on')

            # 获得打开login页面时url中指定的referer
            referer = sh.getUrlParams(sh.getEnv('HTTP_REFERER')).get('referer', None)
            if referer:
                return sh.redirect(referer)
            elif sh.inputs().get('referer', None):
                return sh.redirect(sh.inputs().get('referer', None))
            else:
                return sh.redirect('/')
Esempio n. 3
0
def cachePage(handler):
    if sh.getSiteConfig('run_use_cache') != 'yes': return handler()

    key = str(sh.getEnv('HTTP_HOST')) + sh.getEnv('REQUEST_URI')
    method = sh.getEnv('REQUEST_METHOD')
    retention = getCacheRetention()
    now = time.time()

    if method == 'GET' and sh.getEnv('HTTP_HOST') != sh.config.HOST_NAME:
        # 如果处于缓存有效期
        data = getData(key)
        if (now - getLastCachedTime(key) < retention) and data:
            html = data['html']
            # 设置charset=utf-8,否则nginx不使用gzip压缩
            web.header('Content-Type', 'text/html; charset=utf-8')
            # 设置etag头,有利益客户端缓存
            web.header('Etag', data['etag'])
            if DEBUG: print 'get cache'
        else:
            html = handler()
            if retention > 0:
                etag = getMD5(str(html))
                cacheData(key, html, etag, int(retention), )
                web.header('Etag', etag)
                if DEBUG: print 'set cache'
            else:
                if DEBUG: print 'retention == 0'
                pass
    else: # POST 与admin 请求不缓存
        if DEBUG: print 'post no cache'
        html = handler()

    return html
Esempio n. 4
0
def validate(handler):
    request_uri = site_helper.getEnv('REQUEST_URI')

    is_login  = site_helper.session.get('is_login', False)
    is_admin  = site_helper.session.get('is_admin', False)
    activated = site_helper.session.get('activated', 'off') == 'on'

    # 禁止非admin用户访问admin页面
    if request_uri.startswith('/admin') and request_uri != '/admin/login' and (not is_admin):
        return web.seeother('/admin/login')

    # 禁止未登录用户post数据
    if request_uri.startswith('/post') and (not is_login):
        # 允许flash不登录
        if request_uri == '/post/userimage':
            pass
        else:
            return page_helper.redirectToLogin()

    # 禁止未验证邮件的用户post数据
    if request_uri.startswith('/post') and (not activated):
        # 允许flash及第三方登录不验证
        if request_uri == '/post/userimage':
            pass
        elif 'model_name=oauth' in request_uri:
            pass
        else:
            referer = site_helper.getEnv('HTTP_REFERER')
            return web.seeother('/noactivate?referer=%s' % referer)

    return handler()
Esempio n. 5
0
File: Login.py Progetto: ajiexw/note
    def POST(self, inputs=None):
        if not inputs: inputs = sh.inputs()
        assert(inputs.get('email', '').strip())
        assert(inputs.get('password', ''))

        uc = sh.ctrl('User')
        model = sh.model('User')
        action = sh.getEnv('REQUEST_URI').partition('?')[0].strip('/')

        if action == 'login':
            if not uc.validate(inputs.email, inputs.password):
                return sh.page.user.Login('您输入的用户名或密码不对, 请重新输入', inputs.email)

            user = model.getByEmail(inputs.email)

            if user.dead == 'yes':
                return sh.alert('登录失败,你已被列入黑名单,请联系管理员')

            uc.login(user, inputs.get('remember_me', '') == 'on')

            # 获得打开login页面时url中指定的referer
            referer = sh.getUrlParams(sh.getEnv('HTTP_REFERER')).get('referer', None)
            if referer:
                return sh.redirect(referer)
            elif sh.inputs().get('referer', None):
                return sh.redirect(sh.inputs().get('referer', None))
            else:
                return sh.alert('登录成功. 欢迎回来!')
Esempio n. 6
0
 def __writeInfo(self, data):
     data = sh.copy(data)
     for key, value in self.arguments.items():
         if hasattr(web.ctx, 'env') and sh.getEnv(value, None):
             data[key] = sh.getEnv(value)
         elif hasattr(sh, 'session') and sh.session.get(value, None):
             data[key] = sh.session.get(value)
     return data
Esempio n. 7
0
 def __writeInfo(self, data):
     data = sh.copy(data)
     for key, value in self.arguments.items():
         if sh.getEnv(value, None):
             data[key] = sh.getEnv(value)
         elif sh.session.get(value, None):
             data[key] = sh.session.get(value)
     return data
Esempio n. 8
0
 def __writeInfo(self, data):
     data = sh.copy(data)
     for key, value in self.arguments.items():
         if hasattr(web.ctx, 'env') and sh.getEnv(value, None):
             data[key] = sh.getEnv(value)
         elif hasattr(sh, 'session') and sh.session.get(value, None):
             data[key] = sh.session.get(value)
     return data
Esempio n. 9
0
 def __writeInfo(self, data):
     data = sh.copy(data)
     for key, value in self.arguments.items():
         assert not data.has_key(key), u'不应该显示给出%s,小心作弊' % key
         if sh.getEnv(value, None):
             data[key] = sh.getEnv(value)
         elif sh.session.get(value, None):
             data[key] = sh.session.get(value)
     return data
Esempio n. 10
0
 def __writeInfo(self, data):
     data = sh.copy(data)
     for key, value in self.arguments.items():
         assert not data.has_key(key), u'不应该显示给出%s,小心作弊' % key
         if sh.getEnv(value, None):
             data[key] = sh.getEnv(value)
         elif sh.session.get(value, None):
             data[key] = sh.session.get(value)
     return data
Esempio n. 11
0
 def GET(self):
     action = sh.getEnv('REQUEST_URI').partition('?')[0].strip('/')
     if action == 'admin/login':
         return sh.editor_nobase.user.Login()
     if action == 'admin/logout':
         sh.ctrl('AdminUser').logout()
         return sh.redirect('/')
Esempio n. 12
0
 def GET(self):
     action = sh.getEnv('REQUEST_URI').partition('?')[0].strip('/')
     if action == 'admin/login':
         return sh.editor_nobase.user.Login()
     if action == 'admin/logout':
         sh.ctrl('AdminUser').logout()
         return sh.redirect('/')
Esempio n. 13
0
def validate(handler):
    request_path = sh.getEnv('REQUEST_URI').partition('?')[0]

    is_login = sh.session.get('is_login', False)
    is_admin = sh.session.get('is_admin', False)
    method   = sh.getEnv('REQUEST_METHOD')

    # 禁止未登录用户访问REQUIRE_LOGIN_URL中的地址
    if not is_login and request_path in REQUIRE_LOGIN_URL:
        return sh.redirectToLogin()

    # 禁止非admin用户访问admin页面
    if not is_admin and request_path.startswith('/admin') and request_path != '/admin/login':
        return sh.redirect('/admin/login')

    return handler()
Esempio n. 14
0
    def POST(self, i=None):
        if i is None: i = web.input()
        assert(len(i.get('email','')) > 0)
        assert(len(i.get('password','')) > 0)

        user = UserCtrl().loginByEmail(i.email, i.password)
        if user:
            if user.dead == 'off':
                site_helper.login(user, i.get('rememberme', False) == 'on')
                # 根据当前url中的referer跳转
                params = site_helper.getUrlParams()
                if params.get('referer', False):
                    return page_helper.redirectTo(params['referer'])

                # 根据上一个页面地址中的referer跳转
                params = site_helper.getUrlParams(site_helper.getEnv('HTTP_REFERER'))
                if params.get('referer', False):
                    return page_helper.redirectTo(params['referer'])

                return page_helper.success('登录成功. 欢迎回来', i.get('referer', '/'))
            else:
                return page_render.failed('登录失败,你已被管理员列入黑名单,请联系我们.', '/')

        else:
            return site_helper.page_render.user.Login('用户名或密码错误, 请重新输入', i.get('email', ''), i.get('referer',''))
Esempio n. 15
0
File: Login.py Progetto: ajiexw/note
 def GET(self):
     action = sh.getEnv('REQUEST_URI').partition('?')[0].strip('/')
     if action == 'login':
         return sh.page.user.Login()
     if action == 'logout':
         sh.ctrl('User').logout()
         return sh.redirect('/')
Esempio n. 16
0
 def GET(self):
     action = sh.getEnv('REQUEST_URI').partition('?')[0].strip('/')
     if action == 'login':
         return sh.page.user.Login()
     if action == 'logout':
         sh.ctrl('User').logout()
         return sh.redirect('/')
Esempio n. 17
0
def saveShareUserid(handler):
    params = site_helper.getUrlParams()
    if params.has_key('shareUserid'):
        if params['shareUserid'].isdigit():
            session.share_user_id = int(params['shareUserid'])
            session.share_referer = site_helper.getEnv('HTTP_REFERER')

    return handler()
Esempio n. 18
0
def validate(handler):
    request_path = sh.getEnv('REQUEST_URI').partition('?')[0]

    is_login = sh.session.get('is_login', False)
    is_admin = sh.session.get('is_admin', False)
    method = sh.getEnv('REQUEST_METHOD')

    # 禁止未登录用户访问REQUIRE_LOGIN_URL中的地址
    if not is_login and request_path in REQUIRE_LOGIN_URL:
        return sh.redirectToLogin()

    # 禁止非admin用户访问admin页面
    if not is_admin and request_path.startswith(
            '/admin') and request_path != '/admin/login':
        return sh.redirect('/admin/login')

    return handler()
Esempio n. 19
0
    def getMenuConfig(self, menu=None, path=None, ):
        if not path:
            path = sh.getEnv('REQUEST_URI').partition('?')[0]
        if not menu:
            menu = self._getEditorMenu()

        menu_config = self.pickPageConfig(menu, path)
        if menu_config:
            for k, v in self.default_menu_config.items():
                menu_config.setdefault(k, v)

        return menu_config
Esempio n. 20
0
def cachePage(handler):
    if sh.getSiteConfig('run_use_cache') != 'yes': return handler()

    key = str(sh.getEnv('HTTP_HOST')) + sh.getEnv('REQUEST_URI')
    method = sh.getEnv('REQUEST_METHOD')
    retention = getCacheRetention()
    now = time.time()

    if method == 'GET' and sh.getEnv('HTTP_HOST') != sh.config.HOST_NAME:
        # 如果处于缓存有效期
        data = getData(key)
        if (now - getLastCachedTime(key) < retention) and data:
            html = data['html']
            # 设置charset=utf-8,否则nginx不使用gzip压缩
            web.header('Content-Type', 'text/html; charset=utf-8')
            # 设置etag头,有利益客户端缓存
            web.header('Etag', data['etag'])
            if DEBUG: print 'get cache'
        else:
            html = handler()
            if retention > 0:
                etag = getMD5(str(html))
                cacheData(
                    key,
                    html,
                    etag,
                    int(retention),
                )
                web.header('Etag', etag)
                if DEBUG: print 'set cache'
            else:
                if DEBUG: print 'retention == 0'
                pass
    else:  # POST 与admin 请求不缓存
        if DEBUG: print 'post no cache'
        html = handler()

    return html
Esempio n. 21
0
    def POST(self, inputs=None):
        if not inputs: inputs = web.input()
        assert (inputs.get('email', '').strip())
        assert (inputs.get('password', ''))

        uc = sh.ctrl('AdminUser')
        model = sh.model('AdminUser')
        action = sh.getEnv('REQUEST_URI').partition('?')[0].strip('/')

        if action == 'admin/login':
            if not uc.validate(inputs.email, inputs.password):
                return sh.editor_nobase.user.Login('密码不对', inputs.email)
            user = model.getByEmail(inputs.email)
            uc.login(user)
            return sh.redirect('/admin')
Esempio n. 22
0
    def getMenuConfig(self, menu=None, path=None, ):
        if not path:
            path = sh.getEnv('REQUEST_URI').partition('?')[0]
        if not menu:
            menu = self._getEditorMenu()

        menu_config = self.pickPageConfig(menu, path)
        if menu_config:
            for k, v in self.default_menu_config.items():
                menu_config.setdefault(k, v)

        if menu_config and menu_config.where:
            menu_config.where = [c.partition(' ')[::2] for c in sh.splitAndStrip(menu_config.where, '|')]

        return menu_config
Esempio n. 23
0
File: Login.py Progetto: ajiexw/note
    def POST(self, inputs=None):
        if not inputs: inputs = web.input()
        assert(inputs.get('email', '').strip())
        assert(inputs.get('password', ''))

        uc = sh.ctrl('AdminUser')
        model = sh.model('AdminUser')
        action = sh.getEnv('REQUEST_URI').partition('?')[0].strip('/')

        if action == 'admin/login':
            if not uc.validate(inputs.email, inputs.password):
                return sh.editor.user.Login('密码不对', inputs.email)
            user = model.getByEmail(inputs.email)
            uc.login(user)
            return sh.redirect('/admin')
Esempio n. 24
0
    def POST(self, i=None):
        #if i is None: i = web.input(imagefile={})
        i = web.input()
        has_portrait = False
        i.login_ip = i.register_ip = site_helper.session.ip

        assert(i.has_key('email') and len(i.email.strip()) < 100 )
        assert(i.has_key('username') and 2 <= len(i.username.strip()) <= 24 )
        assert(i.has_key('password') and len(i.password)<60 )
        i.email = i.email.strip()
        i.username = i.username.strip()
        user_model = getModel('User')

        if UserCtrl().isExists(i.email):
            return page_helper.failed('注册失败, 邮箱已被占用 :(')

        # 管理员注册不需要验证
        if site_helper.session.is_admin:
            i.activated = 'on'

        new_id = user_model.insert(i)
        user = user_model.get(new_id)
        site_helper.login(user)
        
        self.processShareLink(user)

        acode_model = site_helper.getModel('ACode')
        acode = acode_model.getACode(user.Userid)
        acode_model.updateACode(user.Userid, acode)
        acode_model.sendACode(user, acode)
        
        if has_portrait:
            #return site_helper.page_render.user.ModifyPortrait(user)
            raise web.seeother('/accounts/portrait?hideupload=true')
        else:
            # 根据当前url中的referer跳转
            params = site_helper.getUrlParams()
            if params.get('referer', False):
                return site_helper.page_render.Success('注册成功! 请打开您的Email进行验证, 只有验证后才能发表心得哦!', params['referer'])


            # 根据上一个页面地址中的referer跳转
            params = site_helper.getUrlParams(site_helper.getEnv('HTTP_REFERER'))
            if params.get('referer', False):
                return site_helper.page_render.Success('注册成功! 请打开您的Email进行验证, 只有验证后才能发表心得哦!', params['referer'])


            return site_helper.page_render.Success('注册成功! 请打开您的Email进行验证, 只有验证后才能发表心得哦!', '/')
Esempio n. 25
0
    def getMenuConfig(
        self,
        menu=None,
        path=None,
    ):
        if not path:
            path = sh.getEnv('REQUEST_URI').partition('?')[0]
        if not menu:
            menu = self._getEditorMenu()

        menu_config = self.pickPageConfig(menu, path)
        if menu_config:
            for k, v in self.default_menu_config.items():
                menu_config.setdefault(k, v)

        if menu_config and menu_config.where:
            menu_config.where = [
                c.partition(' ')[::2]
                for c in sh.splitAndStrip(menu_config.where, '|')
            ]

        return menu_config
Esempio n. 26
0
 def GET(self):
     referer = site_helper.getEnv('HTTP_REFERER')
     if not referer.startswith(site_helper.config.HOST_NAME):
         referer = ''
     return site_helper.page_render.user.Login('', '', referer)
Esempio n. 27
0
def appendHeader(handler):
    request_path = sh.getEnv('REQUEST_URI').partition('?')[0]
    if request_path.startswith('/api/'):
        web.header('Content-Type', 'text/plain; charset=utf-8')
    return handler()
Esempio n. 28
0
    def GET(self):
        if not sh.session.is_login:
            return sh.redirectToLogin(sh.getEnv('REQUEST_URI'))

        user = sh.model('User').get(sh.session.id)
        return sh.page.user.Portrait(user)
Esempio n. 29
0
    def GET(self):
        if not sh.session.is_login:
            return sh.redirectToLogin(sh.getEnv('REQUEST_URI'))

        user = sh.model('User').get(sh.session.id)
        return sh.page.user.Portrait(user)
Esempio n. 30
0
def appendHeader(handler):
    request_path = sh.getEnv('REQUEST_URI').partition('?')[0]
    if request_path.startswith('/api/'):
        web.header('Content-Type', 'text/plain; charset=utf-8')
    return handler()