def post(self): username = self.get_argument("username", "") password = self.get_argument("password", "") error_messages = list() if username == "" or password == "": error_messages.append("参数不能为空") self.render("login.html", error_messages=error_messages, username="") return user = self.db.get("SELECT * FROM accounts WHERE username = %s", username) if user is None: error_messages.append("用户名密码错误") self.render("login.html", error_messages=error_messages, username=username) return if user["status"] == 0: error_messages.append("帐户没有开通") self.render("login.html", error_messages=error_messages, username=username) return password_generator = UserPassword() password_hash = password_generator.generate_hash(password, user["password_salt"]) if password_hash != user["password_hash"]: error_messages.append("用户名密码错误") self.render("login.html", error_messages=error_messages, username=username) return session = Session(self.settings["session_secretSid"], self.settings["session_secretEid"], self.settings["session_expired"]) if session.encode(user["id"]) is False: error_messages.append("用户数据错误") self.render("login.html", error_messages=error_messages, username=username) return sid = session.getSid() eid = session.getEid() self.set_secure_cookie("sid", sid, None) self.set_secure_cookie("eid", eid, None) self.redirect(self.get_argument("next", "/"))
def get_current_user(self): sid = self.get_secure_cookie("sid") eid = self.get_secure_cookie("eid") # 没有登录 if not sid or not eid: return None session = Session(self.settings["session_secretSid"], self.settings["session_secretEid"], self.settings["session_expired"]) # 登录超时 if session.decode(sid, eid) is False: return None user_id = session.getUid() user = self.db.get("SELECT * FROM accounts WHERE id = %s", int(user_id)) # 帐户是否合法 if user is None or ("status" in user and user["status"] == 0): return None # 是否需要更新EID if session.updateToken(): eid = session.getEid() self.set_secure_cookie("eid", eid, None) return user