def get(self, *args): # 访问日志处理 dic_login_p = {} dic_t = {} txt_log = "" # 日志的文本内容 path_p = config.path_main + "data\\log\\z_log_web_index.csv" file_file = inc_file.File_file() dic_t["time_v"] = str_split(datetime.datetime.now()) # 访问时间 dic_t["ip"] = self.request.remote_ip # 获得IP dic_t["id"] = 0 # 获得用户cookie资料 try: str_t = self.get_secure_cookie("session_lqab_user") str_t = str_t.decode('utf-8') # 解密session字典 str_t = secret_lqab(str_t, key_p=config.dic_config["secret_key"], salt_p=config.dic_config["secret_salt"], secret_if="no") dic_login_p = eval(str_t) if ("id" in dic_login_p): dic_t["id"] = dic_login_p["id"] except: pass #print ("日志参数",path_p,dic_t) # 调试用 # 将访问日志字典转化为csv格式 if (dic_t): txt_log = str( dic_t["id"]) + "," + dic_t["ip"] + "," + dic_t["time_v"] + "\n" # 写入访问日志 try: file_file.write_add(path_p=path_p, renew_if=0, content_p=txt_log) except: pass # 渲染首页 self.render('index.html', name_soft=config.dic_config["name_soft"], type_soft=config.dic_config["type_soft"], vol_soft=config.dic_config["vol_soft"], authority_soft=config.dic_config["authority_soft"], author_soft=config.dic_config["author_soft"], qq_group=config.dic_config["qq_group"], tel_lqab=config.dic_config["tel_lqab"], url_lqab=config.dic_config["url_lqab"], sys_time=str(datetime.datetime.now())) #渲染首页
def do_it(self, *args): roles_p = "" # 权限值初始化 file_p = "" # 请求功能模块名 code_p = "" # 请求功能模块名 output = "" # 请求结果的输出方式 time_now_p = str_split(datetime.datetime.now()) # 请求时间 path_p = config.path_main + "data\\log\\" dic_t = {} str_log = "" args_p = {} # 取得web端提交参数 dic_t = self.request.arguments for x in dic_t: try: args_p[x] = dic_t[x][0].decode('utf-8') except: pass # 登录校验 pass_if, dic_login_p = self.admin_login_check( time_alive_p=config.dic_config["time_alive"]) if (pass_if is False): self.render( 'login_admin.html', name_soft=config.dic_config["name_soft"], type_soft=config.dic_config["type_soft"], vol_soft=config.dic_config["vol_soft"], ) # 参数处理 roles_p = dic_login_p["roles"] try: file_p = self.browser_argument(name_p="file") code_p = self.browser_argument(name_p="code") output = self.browser_argument(name_p="output") except: pass print("脚本调用参数", roles_p, file_p, code_p, output) # 调试用 # 业务处理 args_p["roles"] = roles_p # 追加操作权限参数 if ("aid" in dic_login_p): args_p["aid"] = str(dic_login_p["aid"]) # 追加管理员ID content = self.content_get(roles_p=roles_p, file_p=file_p, code_p=code_p, args_p=args_p) # 写入操作日志 if (config.dic_config["log_if"] == "1"): path_p += "z_log_script.csv" args_p["time_run"] = str_split( datetime.datetime.now()).encode('utf_8') file_file = inc_file.File_file() # 将访问日志字典转化为csv格式 txt_log = "" #print ("基础参数字典",args_p) # 调试用 print("日志路径", path_p) # 调试用 if (args_p): try: txt_log = args_p["file"][0] + "," + args_p["code"][ 0] + "," + args_p["output"][0] + "," + args_p[ "roles"] + "," + args_p["time_run"] + "\n" file_file.write_add(path_p=path_p, renew_if=0, content_p=txt_log) except: pass # 结果展示 if (output == "html"): self.write(content) # 调试用
def file_do(self, roles_p=0): file_p = "" # 请求功能模块名 code_p = "" # 请求功能模块名 output = "" # 请求结果的输出方式 time_now_p = str_split(datetime.datetime.now()) # 请求时间 path_p = config.path_main + "data\\log\\" dic_t = {} str_log = "" args_p = {} result = "<center><br><br>N/A</center>" content = "" # 取得web端提交参数 dic_t = self.request.arguments for x in dic_t: try: args_p[x] = dic_t[x][0].decode('utf-8') except: pass # 登录校验 pass_if, dic_login_p = self.user_login_check( time_alive_p=config.dic_config["time_alive"]) #print ("基础参数",pass_if,dic_login_p) # 调试用 # 追加参数字典 #print ("追加前的参数字典",args_p) # 调试用 args_p.update(dic_login_p) if (pass_if is False): result = "没有权限或登录超时" return result try: file_p = self.browser_argument(name_p="file") code_p = self.browser_argument(name_p="code") output = self.browser_argument(name_p="output") except: pass #print ("脚本调用参数",roles_p,file_p,code_p,output) # 调试用 # 业务处理 args_p["roles"] = roles_p # 追加操作权限参数 content = self.content_get(roles_p=roles_p, file_p=file_p, code_p=code_p, args_p=args_p) # print ("内容",content) # 调试用 # 写入操作日志 if (config.dic_config["log_if"] == "1"): path_p += "z_log_script.csv" args_p["time_run"] = str_split(datetime.datetime.now()) file_file = inc_file.File_file() # 将访问日志字典转化为csv格式 txt_log = "" if (args_p): txt_logo = args_p["file"] + "," + args_p[ "code"] + "," + args_p["output"] + "," + str( args_p["roles"]) + "," + args_p["time_run"] + "\n" try: file_file.write_add(path_p=path_p, renew_if=0, content_p=txt_log) except: pass # 结果展示 if (output == "html"): result = content # 调试用 return result
def admin_login_do(self, username_p="", password_p="", cookie_if=1): pass_if_p = False roles_p = "" dic_t = {} str_log = "" aid_p = 0 # 管理员ID str_t = "" dic_t["username"] = username_p dic_t["password"] = password_p username_p = hash_make(hash_make(username_p)) #密文处理 password_p = hash_make(hash_make(password_p)) #密文处理 path_p = config.path_main + "data\\log\\admin\\" #查询用户管理数据库 rs_sqlite_file = Conn_sqlite3(config.path_main + config.dic_config["path_sqlite"], 0) # 生成文件数据库实例 sql = "select roles,id from user_main where username='******' and password = '******' order by id desc limit 0,1" res_m, rows_m = rs_sqlite_file.read_sql(sql) if (res_m > 0): roles_p = rows_m[0][0] dic_t["roles"] = rows_m[0][0] dic_t["id"] = rows_m[0][1] aid_p = rows_m[0][1] dic_t["time_login"] = str_split(datetime.datetime.now()) dic_t["ip"] = self.request.remote_ip str_log = str(dic_t) # 日志操作 if (config.dic_config["log_if"] == "1"): path_p += "z_admin_login_" + str(rows_m[0][1]) + ".csv" file_file = inc_file.File_file() # 加密session字典 str_t = secret_lqab(str_log, key_p=config.dic_config["secret_key"], salt_p=config.dic_config["secret_salt"], secret_if="yes") pass_if_p = True if (pass_if_p == True): #print ("加密的session字典",str_t) # 调试用 if (cookie_if == 1): self.set_secure_cookie("session_lqab_admin", str_t) txt_log = "" # 将访问日志字典转化为csv格式 if (dic_t): txt_log = str( dic_t["id"]) + "," + dic_t["username"] + "," + dic_t[ "password"] + "," + dic_t["roles"] + "," + dic_t[ "time_login"] + "," + dic_t["ip"] + "\n" try: file_file.write_add(path_p=path_p, renew_if=0, content_p=txt_log) except: pass rs_sqlite_file.close_cur() # 关闭数据库游标 rs_sqlite_file.close() # 关闭数据库连接 return pass_if_p, roles_p, aid_p