def _set_login_session(self, userInfo):
try:
session['login'] = True
session['username'] = userInfo['username']
session['uid'] = userInfo['id']
session['login_user_agent'] = public.md5(
request.headers.get('User-Agent', ''))
public.WriteLog('TYPE_LOGIN', 'LOGIN_SUCCESS',
(userInfo['username'], public.GetClientIp() + ":" +
str(request.environ.get('REMOTE_PORT'))))
self.limit_address('-')
cache.delete('panelNum')
cache.delete('dologin')
session['session_timeout'] = time.time(
) + public.get_session_timeout()
self.set_request_token()
self.login_token()
login_type = 'data/app_login.pl'
if os.path.exists(login_type):
os.remove(login_type)
return public.returnJson(True, 'LOGIN_SUCCESS'), json_header
except Exception as ex:
stringEx = str(ex)
if stringEx.find('unsupported') != -1 or stringEx.find('-1') != -1:
public.ExecShell("rm -f /tmp/sess_*")
public.ExecShell("rm -f /www/wwwlogs/*log")
public.ServiceReload()
return public.returnJson(False, 'USER_INODE_ERR'), json_header
public.WriteLog('TYPE_LOGIN', 'LOGIN_ERR_PASS',
('****', '******', public.GetClientIp()))
num = self.limit_address('+')
return public.returnJson(False, 'LOGIN_USER_ERR',
(str(num), )), json_header
def check_app_login(self, get):
#判断是否存在绑定
btapp_info = json.loads(
public.readFile('/www/server/panel/config/api.json'))
if not btapp_info: return public.returnMsg(False, 'Unbound')
if not btapp_info['open']:
return public.returnMsg(False, 'API is not turned on')
if not 'apps' in btapp_info:
return public.returnMsg(False, 'Unbound phone')
if not btapp_info['apps']:
return public.returnMsg(False, 'Unbound phone')
try:
session_id = public.get_session_id()
if not os.path.exists(self.app_path + 'app_login_check.pl'):
return public.returnMsg(False,
'Waiting for APP scan code login 1')
data = public.readFile(self.app_path + 'app_login_check.pl')
public.ExecShell('rm ' + self.app_path + "app_login_check.pl")
secret_key, init_time = data.split(':')
if len(session_id) != 64:
return public.returnMsg(False,
'Waiting for APP scan code login 2')
if len(secret_key) != 64:
return public.returnMsg(False,
'Waiting for APP scan code login 2')
if time.time() - float(init_time) > 60:
return public.returnMsg(False,
'Waiting for APP scan code login')
if session_id != secret_key:
return public.returnMsg(False,
'Waiting for APP scan code login')
cache.delete(session_id)
userInfo = public.M('users').where(
"id=?", (1, )).field('id,username').find()
session['login'] = True
session['username'] = userInfo['username']
session['tmp_login'] = True
public.WriteLog(
'TYPE_LOGIN',
'APP scan code login, account: {}, login IP: {}'.format(
userInfo['username'],
public.GetClientIp() + ":" +
str(request.environ.get('REMOTE_PORT'))))
cache.delete('panelNum')
cache.delete('dologin')
session['session_timeout'] = time.time(
) + public.get_session_timeout()
login_type = 'data/app_login.pl'
self.set_request_token()
import config
config.config().reload_session()
public.writeFile(login_type, 'True')
public.login_send_body("aaPanel Mobile", userInfo['username'],
public.GetClientIp(),
str(request.environ.get('REMOTE_PORT')))
return public.returnMsg(True, 'login successful!')
except:
return public.returnMsg(False, 'Login failed 2')
def check_login(self):
try:
api_check = True
g.api_request = False
if not 'login' in session:
api_check = self.get_sk()
if api_check:
#session.clear()
return api_check
g.api_request = True
else:
if session['login'] == False:
session.clear()
return redirect('/login')
if 'tmp_login_expire' in session:
s_file = 'data/session/{}'.format(session['tmp_login_id'])
if session['tmp_login_expire'] < time.time():
session.clear()
if os.path.exists(s_file): os.remove(s_file)
return redirect('/login')
if not os.path.exists(s_file):
session.clear()
return redirect('/login')
ua_md5 = public.md5(g.ua)
if ua_md5 != session.get('login_user_agent', ua_md5):
session.clear()
return redirect('/login')
if api_check:
now_time = time.time()
session_timeout = session.get('session_timeout', 0)
if session_timeout < now_time and session_timeout != 0:
session.clear()
return redirect('/login?dologin=True&go=0')
login_token = session.get('login_token', '')
if login_token:
if login_token != public.get_login_token_auth():
session.clear()
return redirect('/login?dologin=True&go=1')
# if api_check:
# filename = 'data/sess_files/' + public.get_sess_key()
# if not os.path.exists(filename):
# session.clear()
# return redirect('/login?dologin=True&go=2')
# 标记新的会话过期时间
session['session_timeout'] = time.time(
) + public.get_session_timeout()
except:
public.WriteLog('Login auth', public.get_error_info())
session.clear()
return redirect('/login')
def request_tmp(self, get):
try:
if not hasattr(get, 'tmp_token'):
return public.returnJson(False, 'INIT_ARGS_ERR'), json_header
if len(get.tmp_token) == 48:
return self.request_temp(get)
if len(get.tmp_token) != 64:
return public.returnJson(False, 'INIT_ARGS_ERR'), json_header
if not re.match(r"^\w+$", get.tmp_token):
return public.returnJson(False, 'INIT_ARGS_ERR'), json_header
save_path = '/www/server/panel/config/api.json'
data = json.loads(public.ReadFile(save_path))
if not 'tmp_token' in data or not 'tmp_time' in data:
return public.returnJson(False,
'VERIFICATION_FAILED'), json_header
if (time.time() - data['tmp_time']) > 120:
return public.returnJson(False, 'EXPIRED_TOKEN'), json_header
if get.tmp_token != data['tmp_token']:
return public.returnJson(False, 'INIT_TOKEN_ERR'), json_header
userInfo = public.M('users').where(
"id=?", (1, )).field('id,username').find()
session['login'] = True
session['username'] = userInfo['username']
session['tmp_login'] = True
session['uid'] = userInfo['id']
public.WriteLog('TYPE_LOGIN', 'LOGIN_SUCCESS',
(userInfo['username'], public.GetClientIp() + ":" +
str(request.environ.get('REMOTE_PORT'))))
self.limit_address('-')
cache.delete('panelNum')
cache.delete('dologin')
session['session_timeout'] = time.time(
) + public.get_session_timeout()
del (data['tmp_token'])
del (data['tmp_time'])
public.writeFile(save_path, json.dumps(data))
self.set_request_token()
self.login_token()
self.set_cdn_host(get)
return redirect('/')
except:
return public.returnJson(False, 'Login failed,' +
public.get_error_info()), json_header
def request_temp(self, get):
try:
if len(get.__dict__.keys()) > 2:
return public.getMsg('INIT_ARGS_ERR')
if not hasattr(get, 'tmp_token'):
return public.getMsg('INIT_ARGS_ERR')
if len(get.tmp_token) != 48: return public.getMsg('INIT_ARGS_ERR')
if not re.match(r"^\w+$", get.tmp_token):
return public.getMsg('INIT_ARGS_ERR')
skey = public.GetClientIp() + '_temp_login'
if not public.get_error_num(skey, 10):
return public.getMsg('AUTH_FAILED')
s_time = int(time.time())
data = public.M('temp_login').where(
'state=? and expire>?',
(0, s_time)).field('id,token,salt,expire').find()
if not data:
public.set_error_num(skey)
return public.getMsg('VERIFICATION_FAILED')
if not isinstance(data, dict):
public.set_error_num(skey)
return public.getMsg('VERIFICATION_FAILED')
r_token = public.md5(get.tmp_token + data['salt'])
if r_token != data['token']:
public.set_error_num(skey)
return public.getMsg('VERIFICATION_FAILED')
public.set_error_num(skey, True)
userInfo = public.M('users').where(
"id=?", (1, )).field('id,username').find()
session['login'] = True
session['username'] = public.getMsg('TEMPORARY_ID', (data['id'], ))
session['tmp_login'] = True
session['tmp_login_id'] = str(data['id'])
session['tmp_login_expire'] = time.time() + 3600
session['uid'] = data['id']
sess_path = 'data/session'
if not os.path.exists(sess_path):
os.makedirs(sess_path, 384)
public.writeFile(sess_path + '/' + str(data['id']), '')
login_addr = public.GetClientIp() + ":" + str(
request.environ.get('REMOTE_PORT'))
public.WriteLog('TYPE_LOGIN', 'LOGIN_SUCCESS',
(userInfo['username'], login_addr))
public.M('temp_login').where('id=?', (data['id'], )).update({
"login_time":
s_time,
'state':
1,
'login_addr':
login_addr
})
self.limit_address('-')
cache.delete('panelNum')
cache.delete('dologin')
session['session_timeout'] = time.time(
) + public.get_session_timeout()
self.set_request_token()
self.login_token()
self.set_cdn_host(get)
public.login_send_body("Temporary authorization",
userInfo['username'], public.GetClientIp(),
str(request.environ.get('REMOTE_PORT')))
return redirect('/')
except:
return public.getMsg('LOGIN_FAIL')