def POST(self): inputs = sh.inputs() if inputs['action'] == 'isLogin': if sh.session.is_login: return sh.toJsonp({'is_login': True, 'name': sh.session.name, 'id': sh.session.id}) else: return sh.toJsonp({'is_login': False, 'name': '', 'id': 0}) if inputs['action'] == 'login': assert(inputs.get('email', '').strip()) assert(inputs.get('password', '')) model = sh.model('User') uc = sh.ctrl('User') if not uc.validate(inputs.email, inputs.password): return sh.toJsonp({'is_login':False, 'error':'邮箱或密码不对'}) user = model.getByEmail(inputs.email) if user.dead == 'yes': return sh.toJsonp({'is_login':False, 'error':'你已被列入黑名单'}) uc.login(user, inputs.get('remember_me', '') == 'on') return sh.toJsonp({'is_login':True, 'name': user.name, 'id': user.id}) if inputs['action'] == 'logout': sh.ctrl('User').logout() return 'bye'
def _insert(self, inputs): assert inputs.has_key('model_name'), u'请指明需要插入的数据类型' if not sh.session.is_login: return sh.toJsonp({'success':False, 'error': '请先登录'}) if inputs.has_key('Userid'): return sh.toJsonp({'success':False, 'error': '不能指定Userid'}) inputs.Userid = sh.session.id return sh.toJsonp({'success':True, 'new_id': sh.model(inputs.model_name).insert(inputs)})
def POST(self,inputs=None): if not inputs: inputs = sh.inputs() assert inputs.has_key('model_name'), u'请指明需要修改的数据类型' assert inputs.has_key('model_id'), u'请指明需要修改的数据id' model = sh.model(inputs.model_name) # 只允许删除自己的东西 exists = model.get(inputs.model_id) if not exists: return sh.toJsonp({'success':True, 'affected': 0}) if sh.session.is_login and exists.get('Userid', None) == int(sh.session.id): return sh.toJsonp({'success':True, 'affected': model.delete(inputs.model_id)}) else: return sh.toJsonp({'success':False, 'msg':'不能删除不属于你的东西.'})
def POST(self, inputs=None): if not inputs: inputs = sh.inputs() uc = sh.ctrl('User') error = uc.checkNewUser(inputs) if error: return sh.toJsonp({'is_login': False, 'error': error}) new_id = uc.register(inputs) uc.loginById(new_id, inputs.get('remember_me', 'no') == 'yes') if sh.model('User').validation_request: uc.sendValidationEmail(user) return sh.toJsonp({'is_login': True, 'id': new_id, 'msg': '注册成功,请查收您的验证邮件'}) else: return sh.toJsonp({'is_login': True, 'id': new_id, 'msg': '注册成功'})
def POST(self, inputs=None): if not inputs: inputs = sh.inputs() uc = sh.ctrl('User') error = uc.checkNewUser(inputs) if error: return sh.toJsonp({'is_login': False, 'error': error}) new_id = uc.register(inputs) uc.loginById(new_id, inputs.get('remember_me', 'off') == 'on') if sh.model('User').validation_request: uc.sendValidationEmail(user) return sh.toJsonp({'is_login': True, 'id': new_id, 'msg': '注册成功,请查收您的验证邮件'}) else: return sh.toJsonp({'is_login': True, 'id': new_id, 'msg': '注册成功'})
def _update(self, inputs): assert inputs.has_key('model_name'), u'请指明需要修改的数据类型' assert inputs.has_key('model_id'), u'请指明需要修改的数据id' if not sh.session.is_login: return sh.toJsonp({'success':False, 'error': '请先登录'}) model = sh.model(inputs.model_name) exists = model.get(inputs.model_id) if not exists: return sh.toJsonp({'success':True, 'affected': 0}) if exists.get('Userid', 0) != sh.session.id: return sh.toJsonp({'success':False, 'error': '您不能修改别人的数据'}) return sh.toJsonp({'success':True, 'affected': model.update(inputs.model_id, inputs)})
def POST(self): inputs = sh.inputs() assert inputs.get('access_token', '') assert inputs.get('access_expires', '') assert inputs.get('uid', '') assert inputs.get('state', '') site_name = inputs.state.partition('_')[0] oauth_ctrl = sh.ctrl('oauth.%s' % site_name) oauth_model = sh.model('oauth.%sOAuth2' % site_name) user_ctrl = sh.ctrl('User') user_model = sh.model('User') requested_uid = oauth_ctrl.requestUidWithAccessToken( inputs.access_token) # 如果access_token和uid验证不对,则不让登录 if not requested_uid or requested_uid != inputs.uid: return sh.toJsonp(dict(error="该第三方帐号未绑定任何站内帐号", is_login=False)) exists = oauth_model.getByUid(requested_uid) # 如果当前uid还没有插入数据库,则先插入再考虑绑定Userid if not exists: new_id = oauth_model.insert( dict(uid=requested_uid, access_token=inputs.access_token, access_expires=inputs.access_expires)) exists = oauth_model.get(new_id) if exists.Userid: # 如果已绑定本站帐号 return self.login(exists.Userid) inputs = oauth_ctrl.assignUserInfo(inputs, inputs.access_token) self.assignRandomPassword(inputs) self.assignRegisterIP(inputs) conflict = user_ctrl.checkNewUser(inputs) if conflict: return sh.toJsonp( dict(is_login=False, error=conflict, name=inputs.get('name', ''), sex=inputs.get('sex', ''))) new_id = user_model.insert(inputs) oauth_model.update(exists.id, dict(Userid=new_id)) return self.login(new_id)
def GET(self, inputs=None): if not inputs: inputs = sh.inputs() assert inputs.has_key('action') model = sh.model('UserImage') if inputs.action in ['delete', 'recover']: assert sh.session.is_login assert inputs.get('UserImageid', None) exists = model.get(inputs.UserImageid) assert exists and exists.Userid == sh.session.id if inputs.action == 'delete': if sh.inModifyTime(exists.created): model.delete(inputs.UserImageid) return sh.toJsonp({'success': True}) else: return sh.toJsonp({'success': False, 'error': '超过了修改时限'})
def GET(self, inputs=None): if not inputs: inputs = sh.inputs() assert inputs.has_key("action") model = sh.model("UserImage") if inputs.action in ["delete", "recover"]: assert sh.session.is_login assert inputs.get("UserImageid", None) exists = model.get(inputs.UserImageid) assert exists and exists.Userid == sh.session.id if inputs.action == "delete": if sh.inModifyTime(exists.created): model.delete(inputs.UserImageid) return sh.toJsonp({"success": True}) else: return sh.toJsonp({"success": False, "error": "超过了修改时限"})
def GET(self, inputs=None): if not inputs: inputs = sh.inputs() assert inputs.has_key('model_name'), u'请指明需要查询的数据类型' assert inputs.has_key('model_id'), u'请指明需要查询的数据id' item = sh.model(inputs.model_name).get(inputs.model_id) if item: item = dict(item) item['id'] = int(inputs.model_id) return sh.toJsonp(item)
def POST(self): inputs = sh.inputs() assert inputs.get("access_token", "") assert inputs.get("access_expires", "") assert inputs.get("uid", "") assert inputs.get("state", "") site_name = inputs.state.partition("_")[0] oauth_ctrl = sh.ctrl("oauth.%s" % site_name) oauth_model = sh.model("oauth.%sOAuth2" % site_name) user_ctrl = sh.ctrl("User") user_model = sh.model("User") requested_uid = oauth_ctrl.requestUidWithAccessToken(inputs.access_token) # 如果access_token和uid验证不对,则不让登录 if not requested_uid or requested_uid != inputs.uid: return sh.toJsonp(dict(error="该第三方帐号未绑定任何站内帐号", is_login=False)) exists = oauth_model.getByUid(requested_uid) # 如果当前uid还没有插入数据库,则先插入再考虑绑定Userid if not exists: new_id = oauth_model.insert( dict(uid=requested_uid, access_token=inputs.access_token, access_expires=inputs.access_expires) ) exists = oauth_model.get(new_id) if exists.Userid: # 如果已绑定本站帐号 return self.login(exists.Userid) inputs = oauth_ctrl.assignUserInfo(inputs, inputs.access_token) self.assignRandomPassword(inputs) self.assignRegisterIP(inputs) conflict = user_ctrl.checkNewUser(inputs) if conflict: return sh.toJsonp( dict(is_login=False, error=conflict, name=inputs.get("name", ""), sex=inputs.get("sex", "")) ) new_id = user_model.insert(inputs) oauth_model.update(exists.id, dict(Userid=new_id)) return self.login(new_id)
def POST(self, inputs=None): if not inputs: inputs = sh.inputs() assert inputs.has_key('model_name'), u'请指明需要修改的数据类型' assert inputs.has_key('model_id'), u'请指明需要修改的数据id' model = sh.model(inputs.model_name) # 只允许删除自己的东西 exists = model.get(inputs.model_id) if not exists: return sh.toJsonp({'success': True, 'affected': 0}) if sh.session.is_login and exists.get('Userid', None) == int( sh.session.id): return sh.toJsonp({ 'success': True, 'affected': model.delete(inputs.model_id) }) else: return sh.toJsonp({'success': False, 'msg': '不能删除不属于你的东西.'})
def POST(self): inputs = sh.inputs() if inputs['action'] == 'isLogin': if sh.session.is_login: return sh.toJsonp({ 'is_login': True, 'name': sh.session.name, 'id': sh.session.id }) else: return sh.toJsonp({'is_login': False, 'name': '', 'id': 0}) if inputs['action'] == 'login': assert (inputs.get('email', '').strip()) assert (inputs.get('password', '')) model = sh.model('User') uc = sh.ctrl('User') if not uc.validate(inputs.email, inputs.password): return sh.toJsonp({'is_login': False, 'error': '邮箱或密码不对'}) user = model.getByEmail(inputs.email) if user.dead == 'yes': return sh.toJsonp({'is_login': False, 'error': '你已被列入黑名单'}) uc.login(user, inputs.get('remember_me', '') == 'on') return sh.toJsonp({ 'is_login': True, 'name': user.name, 'id': user.id }) if inputs['action'] == 'logout': sh.ctrl('User').logout() return 'bye'
def POST(self, inputs=None): if not inputs: inputs = sh.inputs() return self._update(inputs) return sh.toJsonp({'success':True, 'affected': self._update(inputs)})
def login(self, Userid): exists_user = sh.model('User').get(Userid) assert exists_user, u'用户不存在' sh.ctrl('User').login(exists_user, self.REMEMBER_ME) return sh.toJsonp( dict(is_login=True, Userid=Userid, name=sh.session.name))
def login(self, Userid): exists_user = sh.model("User").get(Userid) assert exists_user, u"用户不存在" sh.ctrl("User").login(exists_user, self.REMEMBER_ME) return sh.toJsonp(dict(is_login=True, Userid=Userid, name=sh.session.name))