def doLogin():
username = request.form.get('username', '').strip()
password = request.form.get('password', '').strip()
code = request.form.get('code', '').strip()
# print(session)
if 'code' in session:
if session['code'] != mw.md5(code):
return mw.returnJson(False, '验证码错误,请重新输入!')
userInfo = mw.M('users').where("id=?",
(1, )).field('id,username,password').find()
# print(userInfo)
# print(password)
password = mw.md5(password)
# print('md5-pass', password)
login_cache_count = 5
login_cache_limit = cache.get('login_cache_limit')
filename = 'data/close.pl'
if os.path.exists(filename):
return mw.returnJson(False, '面板已经关闭!')
if userInfo['username'] != username or userInfo['password'] != password:
msg = "<a style='color: red'>密码错误</a>,帐号:{1},密码:{2},登录IP:{3}", ((
'****', '******', request.remote_addr))
if login_cache_limit == None:
login_cache_limit = 1
else:
login_cache_limit = int(login_cache_limit) + 1
if login_cache_limit >= login_cache_count:
mw.writeFile(filename, 'True')
return mw.returnJson(False, '面板已经关闭!')
cache.set('login_cache_limit', login_cache_limit, timeout=10000)
login_cache_limit = cache.get('login_cache_limit')
mw.writeLog('用户登录', mw.getInfo(msg))
return mw.returnJson(
False,
mw.getInfo("用户名或密码错误,您还可以尝试[{1}]次!",
(str(login_cache_count - login_cache_limit))))
cache.delete('login_cache_limit')
session['login'] = True
session['username'] = userInfo['username']
#print('do_login', session)
# fix 跳转时,数据消失,可能是跨域问题
mw.writeFile('data/api_login.txt', userInfo['username'])
return mw.returnJson(True, '登录成功,正在跳转...')
def initUserInfo():
data = mw.M('users').where('id=?', (1, )).getField('password')
if data == '21232f297a57a5a743894a0e4a801fc3':
pwd = mw.getRandomString(8).lower()
file_pw = mw.getRunDir() + '/data/default.pl'
mw.writeFile(file_pw, pwd)
mw.M('users').where('id=?', (1, )).setField('password', mw.md5(pwd))
def setPasswordApi(self):
password1 = request.form.get('password1', '')
password2 = request.form.get('password2', '')
if password1 != password2:
return mw.returnJson(False, '两次输入的密码不一致,请重新输入!')
if len(password1) < 5:
return mw.returnJson(False, '用户密码不能小于5位!')
mw.M('users').where("username=?", (session['username'],)).setField(
'password', mw.md5(password1.strip()))
return mw.returnJson(True, '密码修改成功!')
def set_panel_pwd(password, ncli=False):
# 设置面板密码
import db
sql = db.Sql()
result = sql.table('users').where('id=?', (1,)).setField(
'password', mw.md5(password))
username = sql.table('users').where('id=?', (1,)).getField('username')
if ncli:
print("|-用户名: " + username)
print("|-新密码: " + password)
else:
print(username)
def code():
import vilidate
vie = vilidate.vieCode()
codeImage = vie.GetCodeImage(80, 4)
try:
from cStringIO import StringIO
except:
from StringIO import StringIO
out = StringIO()
codeImage[0].save(out, "png")
session['code'] = mw.md5(''.join(codeImage[1]).lower())
img = Response(out.getvalue(), headers={'Content-Type': 'image/png'})
return make_response(img)
def toDbBase(find):
pdb = pMysqlDb()
psdb = pSqliteDb('databases')
if len(find['password']) < 3:
find['username'] = find['name']
find['password'] = mw.md5(str(time.time()) + find['name'])[0:10]
psdb.where("id=?", (find['id'],)).save(
'password,username', (find['password'], find['username']))
result = pdb.execute("create database `" + find['name'] + "`")
if "using password:"******"Connection refused" in str(result):
return -1
password = find['password']
__createUser(find['name'], find['username'], password, find['accept'])
return 1
def getCsvnPwd(user):
if app_debug:
return user + '123'
pwd_file = 'data/csvn_sync.pl'
if os.path.exists(pwd_file):
return mw.readFile(pwd_file).strip()
import time
cur_time = time.time()
rand_pwd = mw.md5(str(cur_time))
pwd = user + rand_pwd[:5]
htpasswd = getServerDir() + "/bin/htpasswd"
svn_auth_file = getServerDir() + "/data/conf/svn_auth_file"
cmd = htpasswd + ' -b ' + svn_auth_file + ' ' + user + ' ' + pwd
data = mw.execShell(cmd)
mw.writeFile(pwd_file, pwd)
return pwd
def addDb():
args = getArgs()
data = checkArgs(args,
['password', 'name', 'codeing', 'db_user', 'dataAccess', 'ps'])
if not data[0]:
return data[1]
if not 'address' in args:
address = ''
else:
address = args['address'].strip()
dbname = args['name'].strip()
dbuser = args['db_user'].strip()
codeing = args['codeing'].strip()
password = args['password'].strip()
dataAccess = args['dataAccess'].strip()
ps = args['ps'].strip()
reg = "^[\w\.-]+$"
if not re.match(reg, args['name']):
return mw.returnJson(False, '数据库名称不能带有特殊符号!')
checks = ['root', 'mysql', 'test', 'sys', 'panel_logs']
if dbuser in checks or len(dbuser) < 1:
return mw.returnJson(False, '数据库用户名不合法!')
if dbname in checks or len(dbname) < 1:
return mw.returnJson(False, '数据库名称不合法!')
if len(password) < 1:
password = mw.md5(time.time())[0:8]
wheres = {
'utf8': 'utf8_general_ci',
'utf8mb4': 'utf8mb4_general_ci',
'gbk': 'gbk_chinese_ci',
'big5': 'big5_chinese_ci'
}
codeStr = wheres[codeing]
pdb = pMysqlDb()
psdb = pSqliteDb('databases')
if psdb.where("name=? or username=?", (dbname, dbuser)).count():
return mw.returnJson(False, '数据库已存在!')
result = pdb.execute("create database `" + dbname +
"` DEFAULT CHARACTER SET " + codeing + " COLLATE " + codeStr)
# print result
isError = isSqlError(result)
if isError != None:
return isError
pdb.execute("drop user '" + dbuser + "'@'localhost'")
for a in address.split(','):
pdb.execute("drop user '" + dbuser + "'@'" + a + "'")
__createUser(dbname, dbuser, password, address)
addTime = time.strftime('%Y-%m-%d %X', time.localtime())
psdb.add('pid,name,username,password,accept,ps,addtime',
(0, dbname, dbuser, password, address, ps, addTime))
return mw.returnJson(True, '添加成功!')
