def check_login(self):
try:
api_check = True
if not 'login' in session:
api_check = self.get_sk()
if api_check:
session.clear()
return api_check
else:
if session['login'] == False:
session.clear()
return redirect('/login')
if api_check:
try:
sess_out_path = 'data/session_timeout.pl'
sess_input_path = 'data/session_last.pl'
if not os.path.exists(sess_out_path):
public.writeFile(sess_out_path, '86400')
if not os.path.exists(sess_input_path):
public.writeFile(sess_input_path,
str(int(time.time())))
session_timeout = int(public.readFile(sess_out_path))
session_last = int(public.readFile(sess_input_path))
if time.time() - session_last > session_timeout:
os.remove(sess_input_path)
session['login'] = False
cache.set('dologin', True)
session.clear()
return redirect('/login')
public.writeFile(sess_input_path, str(int(time.time())))
except:
pass
filename = '/www/server/panel/data/login_token.pl'
if os.path.exists(filename):
token = public.readFile(filename).strip()
if 'login_token' in session:
if session['login_token'] != token:
session.clear()
return redirect('/login?dologin=True')
except:
return public.returnMsg(False, public.get_error_info())
session.clear()
return redirect('/login')
def check_login(self):
try:
api_check = True
g.api_request = False
if not 'login' in session:
api_check = self.get_sk()
if api_check:
#session.clear()
return api_check
g.api_request = True
else:
if session['login'] == False:
session.clear()
return redirect('/login')
if 'tmp_login_expire' in session:
s_file = 'data/session/{}'.format(session['tmp_login_id'])
if session['tmp_login_expire'] < time.time():
session.clear()
if os.path.exists(s_file): os.remove(s_file)
return redirect('/login')
if not os.path.exists(s_file):
session.clear()
return redirect('/login')
ua_md5 = public.md5(g.ua)
if ua_md5 != session.get('login_user_agent', ua_md5):
session.clear()
return redirect('/login')
if api_check:
now_time = time.time()
session_timeout = session.get('session_timeout', 0)
if session_timeout < now_time and session_timeout != 0:
session.clear()
return redirect('/login?dologin=True&go=0')
login_token = session.get('login_token', '')
if login_token:
if login_token != public.get_login_token_auth():
session.clear()
return redirect('/login?dologin=True&go=1')
# if api_check:
# filename = 'data/sess_files/' + public.get_sess_key()
# if not os.path.exists(filename):
# session.clear()
# return redirect('/login?dologin=True&go=2')
# 标记新的会话过期时间
session['session_timeout'] = time.time(
) + public.get_session_timeout()
except:
public.WriteLog('Login auth', public.get_error_info())
session.clear()
return redirect('/login')
def check_login(self):
try:
api_check = True
g.api_request = False
if not 'login' in session:
api_check = self.get_sk()
if api_check:
session.clear()
return api_check
g.api_request = True
else:
if session['login'] == False:
public.WriteLog('Login auth', 'The current session has been logged out')
session.clear()
return redirect('/login')
if 'tmp_login_expire' in session:
s_file = 'data/session/{}'.format(session['tmp_login_id'])
if session['tmp_login_expire'] < time.time():
public.WriteLog('Login auth', 'Temporary authorization has expired {}'.format(public.get_client_ip()))
session.clear()
if os.path.exists(s_file): os.remove(s_file)
return redirect('/login')
if not os.path.exists(s_file):
public.WriteLog('Login auth', 'Forced withdrawal due to cancellation of temporary authorization {}'.format(public.get_client_ip()))
session.clear()
return redirect('/login')
ua_md5 = public.md5(g.ua)
if ua_md5 != session.get('login_user_agent',ua_md5):
public.WriteLog('Login auth', 'UA verification failed {}'.format(public.get_client_ip()))
session.clear()
return redirect('/login')
if api_check:
session_timeout = session.get('session_timeout',0)
if session_timeout < time.time() and session_timeout != 0:
public.WriteLog('Login auth', 'The session has expired {}'.format(public.get_client_ip()))
session.clear()
return redirect('/login?dologin=True&go=0')
login_token = session.get('login_token','')
if login_token:
if login_token != public.get_login_token_auth():
public.WriteLog('Login auth', 'Session ID does not match {}'.format(public.get_client_ip()))
session.clear()
return redirect('/login?dologin=True&go=1')
if api_check:
filename = 'data/sess_files/' + public.get_sess_key()
if not os.path.exists(filename):
public.WriteLog('Login auth', 'Trigger CSRF defense {}'.format(public.get_client_ip()))
session.clear()
return redirect('/login?dologin=True&go=2')
except:
public.WriteLog('Login auth',public.get_error_info())
session.clear()
return redirect('/login')
def check_login(self):
try:
api_check = True
g.api_request = False
if not 'login' in session:
api_check = self.get_sk()
if api_check:
session.clear()
return api_check
g.api_request = True
else:
if session['login'] == False:
session.clear()
return redirect('/login')
if 'tmp_login_expire' in session:
s_file = 'data/session/{}'.format(session['tmp_login_id'])
if session['tmp_login_expire'] < time.time():
session.clear()
if os.path.exists(s_file): os.remove(s_file)
return redirect('/login')
if not os.path.exists(s_file):
session.clear()
return redirect('/login')
if api_check:
try:
sess_out_path = 'data/session_timeout.pl'
sess_input_path = 'data/session_last.pl'
if not os.path.exists(sess_out_path): public.writeFile(sess_out_path,'86400')
if not os.path.exists(sess_input_path): public.writeFile(sess_input_path,str(int(time.time())))
session_timeout = int(public.readFile(sess_out_path))
session_last = int(public.readFile(sess_input_path))
if time.time() - session_last > session_timeout:
os.remove(sess_input_path)
session['login'] = False
cache.set('dologin', True)
session.clear()
return redirect('/login')
public.writeFile(sess_input_path, str(int(time.time())))
except:
pass
filename = '/www/server/panel/data/login_token.pl'
if os.path.exists(filename):
token = public.readFile(filename).strip()
if 'login_token' in session:
if session['login_token'] != token:
session.clear()
return redirect('/login?dologin=True&go=1')
if api_check:
filename = 'data/sess_files/' + public.get_sess_key()
if not os.path.exists(filename):
session.clear()
return redirect('/login?dologin=True&go=2')
except:
session.clear()
return redirect('/login')
