def request_post(self,post):
if not hasattr(post, 'username') or not hasattr(post, 'password'):
return public.returnJson(False,'LOGIN_USER_EMPTY'),json_header
self.error_num(False)
if self.limit_address('?') < 1: return public.returnJson(False,'LOGIN_ERR_LIMIT'),json_header
post.username = post.username.strip();
password = public.md5(post.password.strip());
sql = db.Sql();
userInfo = sql.table('users').where("id=?",(1,)).field('id,username,password').find()
m_code = cache.get('codeStr')
if 'code' in session:
if session['code'] and not 'is_verify_password' in session:
if not hasattr(post, 'code'): return public.returnJson(False,'验证码不能为空!'),json_header
if not public.checkCode(post.code):
public.WriteLog('TYPE_LOGIN','LOGIN_ERR_CODE',('****','****',public.GetClientIp()));
return public.returnJson(False,'CODE_ERR'),json_header
try:
s_pass = public.md5(public.md5(userInfo['password'] + '_bt.cn'))
if userInfo['username'] != post.username or s_pass != password:
public.WriteLog('TYPE_LOGIN','LOGIN_ERR_PASS',('****','******',public.GetClientIp()));
num = self.limit_address('+');
return public.returnJson(False,'LOGIN_USER_ERR',(str(num),)),json_header
_key_file = "/www/server/panel/data/two_step_auth.txt"
if hasattr(post,'vcode'):
if self.limit_address('?',v="vcode") < 1: return public.returnJson(False,'您多次验证失败,禁止10分钟'),json_header
import pyotp
secret_key = public.readFile(_key_file)
if not secret_key:
return public.returnJson(False, "没有找到key,请尝试在命令行关闭谷歌验证后在开启"),json_header
t = pyotp.TOTP(secret_key)
result = t.verify(post.vcode)
if not result:
if public.sync_date(): result = t.verify(post.vcode)
if not result:
num = self.limit_address('++',v="vcode")
return public.returnJson(False, '验证失败,您还可以尝试[{}]次!'.format(num)), json_header
now = int(time.time())
public.writeFile("/www/server/panel/data/dont_vcode_ip.txt",json.dumps({"client_ip":public.GetClientIp(),"add_time":now}))
self.limit_address('--',v="vcode")
return self._set_login_session(userInfo)
acc_client_ip = self.check_two_step_auth()
if not os.path.exists(_key_file) or acc_client_ip:
return self._set_login_session(userInfo)
self.limit_address('-')
session['is_verify_password'] = True
return "1"
except Exception as ex:
stringEx = str(ex)
if stringEx.find('unsupported') != -1 or stringEx.find('-1') != -1:
os.system("rm -f /tmp/sess_*")
os.system("rm -f /www/wwwlogs/*log")
public.ServiceReload()
return public.returnJson(False,'USER_INODE_ERR'),json_header
public.WriteLog('TYPE_LOGIN','LOGIN_ERR_PASS',('****','******',public.GetClientIp()));
num = self.limit_address('+');
return public.returnJson(False,'LOGIN_USER_ERR',(str(num),)),json_header
def POST(self):
post = web.input()
web.ctx.session.lan = public.get_language()
if not (hasattr(post, 'username') or hasattr(post, 'password')
or hasattr(post, 'code')):
return public.returnJson(False, 'LOGIN_USER_EMPTY')
self.errorNum(False)
if self.limitAddress('?') < 1:
return public.returnJson(False, 'LOGIN_ERR_LIMIT')
post.username = post.username.strip()
password = public.md5(post.password.strip())
sql = db.Sql()
userInfo = sql.table('users').where(
"id=?", (1, )).field('id,username,password').find()
if hasattr(web.ctx.session, 'code'):
if web.ctx.session.code:
if not public.checkCode(post.code):
public.WriteLog('TYPE_LOGIN', 'LOGIN_ERR_CODE',
('****', web.ctx.session.code, web.ctx.ip))
return public.returnJson(False, 'CODE_ERR')
try:
if userInfo['username'] != post.username or userInfo[
'password'] != password:
public.WriteLog('TYPE_LOGIN', 'LOGIN_ERR_PASS',
('****', '******', web.ctx.ip))
num = self.limitAddress('+')
return public.returnJson(False, 'LOGIN_USER_ERR', (str(num), ))
import time
login_temp = 'data/login.temp'
if not os.path.exists(login_temp): public.writeFile(
login_temp, '')
login_logs = public.readFile(login_temp)
public.writeFile(
login_temp,
login_logs + web.ctx.ip + '|' + str(int(time.time())) + ',')
web.ctx.session.login = True
web.ctx.session.username = userInfo['username']
public.WriteLog('TYPE_LOGIN', 'LOGIN_SUCCESS',
(userInfo['username'], web.ctx.ip))
self.limitAddress('-')
numFile = '/tmp/panelNum.pl'
timeFile = '/tmp/panelNime.pl'
if os.path.exists(numFile): os.remove(numFile)
if os.path.exists(timeFile): os.remove(timeFile)
return public.returnJson(True, 'LOGIN_SUCCESS')
except Exception, ex:
stringEx = str(ex)
if stringEx.find('unsupported') != -1 or stringEx.find('-1') != -1:
btClear()
return public.returnJson(False,
'磁盘Inode已用完,面板已尝试释放Inode,请重试...')
public.WriteLog('TYPE_LOGIN', 'LOGIN_ERR_PASS',
('****', '******', web.ctx.ip))
num = self.limitAddress('+')
return public.returnJson(False, 'LOGIN_USER_ERR', (str(num), ))
def request_post(self, post):
if not (hasattr(post, 'username') or hasattr(post, 'password')
or hasattr(post, 'code')):
return public.returnJson(False, 'LOGIN_USER_EMPTY'), json_header
self.error_num(False)
if self.limit_address('?') < 1:
return public.returnJson(False, 'LOGIN_ERR_LIMIT'), json_header
post.username = post.username.strip()
password = public.md5(post.password.strip())
sql = db.Sql()
userInfo = sql.table('users').where(
"id=?", (1, )).field('id,username,password').find()
m_code = cache.get('codeStr')
if 'code' in session:
if session['code']:
if not public.checkCode(post.code):
public.WriteLog('TYPE_LOGIN', 'LOGIN_ERR_CODE',
('****', '****', public.GetClientIp()))
return public.returnJson(False, 'CODE_ERR'), json_header
try:
s_pass = public.md5(public.md5(userInfo['password'] + '_bt.cn'))
if userInfo['username'] != post.username or s_pass != password:
public.WriteLog('TYPE_LOGIN', 'LOGIN_ERR_PASS',
('****', '******', public.GetClientIp()))
num = self.limit_address('+')
return public.returnJson(False, 'LOGIN_USER_ERR',
(str(num), )), json_header
session['login'] = True
session['username'] = userInfo['username']
public.WriteLog('TYPE_LOGIN', 'LOGIN_SUCCESS',
(userInfo['username'], public.GetClientIp()))
self.limit_address('-')
cache.delete('panelNum')
cache.delete('dologin')
sess_input_path = 'data/session_last.pl'
public.writeFile(sess_input_path, str(int(time.time())))
self.set_request_token()
self.login_token()
return public.returnJson(True, 'LOGIN_SUCCESS'), json_header
except Exception as ex:
stringEx = str(ex)
if stringEx.find('unsupported') != -1 or stringEx.find('-1') != -1:
os.system("rm -f /tmp/sess_*")
os.system("rm -f /www/wwwlogs/*log")
public.ServiceReload()
return public.returnJson(False, 'USER_INODE_ERR'), json_header
public.WriteLog('TYPE_LOGIN', 'LOGIN_ERR_PASS',
('****', '******', public.GetClientIp()))
num = self.limit_address('+')
return public.returnJson(False, 'LOGIN_USER_ERR',
(str(num), )), json_header
def POST(self):
post = web.input()
web.ctx.session.lan = public.get_language()
if not (hasattr(post, 'username') or hasattr(post, 'password')
or hasattr(post, 'code')):
return public.returnJson(False, 'LOGIN_USER_EMPTY')
if self.limitAddress('?') < 1:
return public.returnJson(False, 'LOGIN_ERR_LIMIT')
post.username = post.username.strip()
password = public.md5(post.password.strip())
if hasattr(web.ctx.session, 'code'):
if web.ctx.session.code:
if not public.checkCode(post.code):
public.WriteLog('TYPE_LOGIN', 'LOGIN_ERR_CODE',
(post.username, post.code, web.ctx.ip))
return public.returnJson(False, 'CODE_ERR')
sql = db.Sql()
userInfo = sql.table('users').where(
"username=? AND password=?",
(post.username, password)).field('id,username,password').find()
try:
if userInfo['username'] != post.username or userInfo[
'password'] != password:
public.WriteLog('TYPE_LOGIN', 'LOGIN_ERR_PASS',
(post.username, '******', web.ctx.ip))
num = self.limitAddress('+')
return public.returnJson(False, 'LOGIN_USER_ERR', (str(num), ))
import time
login_temp = 'data/login.temp'
if not os.path.exists(login_temp): public.writeFile(
login_temp, '')
login_logs = public.readFile(login_temp)
public.writeFile(
login_temp,
login_logs + web.ctx.ip + '|' + str(int(time.time())) + ',')
web.ctx.session.login = True
web.ctx.session.username = post.username
public.WriteLog('TYPE_LOGIN', 'LOGIN_SUCCESS',
(post.username, web.ctx.ip))
self.limitAddress('-')
return public.returnJson(True, 'LOGIN_SUCCESS')
except:
public.WriteLog('TYPE_LOGIN', 'LOGIN_ERR_PASS',
(post.username, '******', web.ctx.ip))
num = self.limitAddress('+')
return public.returnJson(False, 'LOGIN_USER_ERR', (str(num), ))
def POST(self):
post = web.input()
web.ctx.session.lan = public.get_language();
if not (hasattr(post, 'username') or hasattr(post, 'password') or hasattr(post, 'code')):
return public.returnJson(False,'LOGIN_USER_EMPTY');
if not self.errorNum(False): return public.returnJson(False,'防暴破机制已被启动,解除命令: rm -f /tmp/panelN*.pl');
if self.limitAddress('?') < 1: return public.returnJson(False,'LOGIN_ERR_LIMIT');
post.username = post.username.strip();
password = public.md5(post.password.strip());
sql = db.Sql();
userInfo = sql.table('users').where("id=?",(1,)).field('id,username,password').find()
if hasattr(web.ctx.session,'code'):
if web.ctx.session.code:
if not public.checkCode(post.code):
public.WriteLog('TYPE_LOGIN','LOGIN_ERR_CODE',(userInfo['username'],web.ctx.session.code,web.ctx.ip));
return public.returnJson(False,'CODE_ERR');
try:
if userInfo['username'] != post.username or userInfo['password'] != password:
public.WriteLog('TYPE_LOGIN','LOGIN_ERR_PASS',(userInfo['username'],'******',web.ctx.ip));
num = self.limitAddress('+');
return public.returnJson(False,'LOGIN_USER_ERR',(str(num),));
import time;
login_temp = 'data/login.temp'
if not os.path.exists(login_temp): public.writeFile(login_temp,'');
login_logs = public.readFile(login_temp);
public.writeFile(login_temp,login_logs + web.ctx.ip + '|' + str(int(time.time())) + ',');
web.ctx.session.login = True;
web.ctx.session.username = userInfo['username'];
public.WriteLog('TYPE_LOGIN','LOGIN_SUCCESS',(userInfo['username'],web.ctx.ip));
self.limitAddress('-');
numFile = '/tmp/panelNum.pl';
timeFile = '/tmp/panelNime.pl';
if os.path.exists(numFile): os.remove(numFile);
if os.path.exists(timeFile): os.remove(timeFile);
return public.returnJson(True,'LOGIN_SUCCESS');
except:
public.WriteLog('TYPE_LOGIN','LOGIN_ERR_PASS',(userInfo['username'],'******',web.ctx.ip));
num = self.limitAddress('+');
return public.returnJson(False,'LOGIN_USER_ERR',(str(num),));
def request_post(self,post):
if not hasattr(post, 'username') or not hasattr(post, 'password'):
return public.returnJson(False,'LOGIN_USER_EMPTY'),json_header
self.error_num(False)
if self.limit_address('?') < 1: return public.returnJson(False,'LOGIN_ERR_LIMIT'),json_header
post.username = post.username.strip()
password = public.md5(post.password.strip())
sql = db.Sql()
user_list = sql.table('users').field('id,username,password').select()
userInfo = None
for u_info in user_list:
if u_info['username'] == post.username:
userInfo = u_info
if 'code' in session:
if session['code'] and not 'is_verify_password' in session:
if not hasattr(post, 'code'): return public.returnMsg(False,'Verification code can not be empty!')
if not public.checkCode(post.code):
public.WriteLog('TYPE_LOGIN','LOGIN_ERR_CODE',('****','****',public.GetClientIp()))
return public.returnJson(False,'CODE_ERR'),json_header
try:
s_pass = public.md5(public.md5(userInfo['password'] + '_bt.cn'))
if userInfo['username'] != post.username or s_pass != password:
public.WriteLog('TYPE_LOGIN','LOGIN_ERR_PASS',('****','******',public.GetClientIp()))
num = self.limit_address('+')
return public.returnJson(False,'LOGIN_USER_ERR',(str(num),)),json_header
_key_file = "/www/server/panel/data/two_step_auth.txt"
if hasattr(post,'vcode'):
if self.limit_address('?',v="vcode") < 1: return public.returnJson(False,'您多次验证失败,禁止10分钟'),json_header
import pyotp
secret_key = public.readFile(_key_file)
if not secret_key:
return public.returnJson(False, "Did not find the key, please close Google verification on the command line and trun on again"),json_header
t = pyotp.TOTP(secret_key)
result = t.verify(post.vcode)
if not result:
if public.sync_date(): result = t.verify(post.vcode)
if not result:
num = self.limit_address('++',v="vcode")
return public.returnJson(False, 'Invalid Verification code. You have [{}] times left to try!'.format(num)), json_header
now = int(time.time())
public.writeFile("/www/server/panel/data/dont_vcode_ip.txt",json.dumps({"client_ip":public.GetClientIp(),"add_time":now}))
self.limit_address('--',v="vcode")
self.set_cdn_host(post)
return self._set_login_session(userInfo)
acc_client_ip = self.check_two_step_auth()
if not os.path.exists(_key_file) or acc_client_ip:
self.set_cdn_host(post)
return self._set_login_session(userInfo)
self.limit_address('-')
session['is_verify_password'] = True
return "1"
except Exception as ex:
stringEx = str(ex)
if stringEx.find('unsupported') != -1 or stringEx.find('-1') != -1:
os.system("rm -f /tmp/sess_*")
os.system("rm -f /www/wwwlogs/*log")
public.ServiceReload()
return public.returnJson(False,'USER_INODE_ERR'),json_header
public.WriteLog('TYPE_LOGIN','LOGIN_ERR_PASS',('****','******',public.GetClientIp()))
num = self.limit_address('+')
return public.returnJson(False,'LOGIN_USER_ERR',(str(num),)),json_header
