def gen_passwd(self): post_data = {} for key in self.request.arguments: post_data[key] = self.get_arguments(key) userinfo = self.muser.get_by_id(post_data['u'][0]) sub_timestamp = int(post_data['t'][0]) cur_timestamp = tools.timestamp() if cur_timestamp - sub_timestamp < 600 and cur_timestamp > sub_timestamp: pass else: kwd = { 'info': '密码重置已超时!', } self.set_status(400) self.render('html/404.html', kwd=kwd) hash_str = tools.md5(userinfo.user_name + post_data['t'][0] + userinfo.user_pass) if hash_str == post_data['p'][0]: pass else: kwd = { 'info': '密码重置验证出错!', } self.set_status(400) self.render('html/404.html', kwd=kwd) new_passwd = tools.get_uu8d() self.muser.update_pass(userinfo.user_name, new_passwd) kwd = { 'user_name': userinfo.user_name, 'new_pass': new_passwd, } self.render('{0}/user/show_pass.html'.format(self.tmpl_name), kwd=kwd)
def insert_data(self, post_data): if '/' in post_data['user_name'][0]: return False if ':' in post_data['user_name'][0]: return False if len(post_data['user_name'][0]) < 5 or len(post_data['user_name'][0]) > 20: return False if '\\' in post_data['user_name'][0]: return False if '#' in post_data['user_name'][0]: return False if '+' in post_data['user_name'][0]: return False if "'" in post_data['user_name'][0]: return False if '"' in post_data['user_name'][0]: return False if '(' in post_data['user_name'][0]: return False if ')' in post_data['user_name'][0]: return False if ' ' in post_data['user_name'][0]: return False try: CabMember.create(uid=tools.get_uuid(), user_name=post_data['user_name'][0], user_pass=tools.md5(post_data['user_pass'][0]), user_email=post_data['user_email'][0], privilege='10000', reset_passwd_timestamp=0, ) return True except: return False
def gen_passwd(self): post_data = {} for key in self.request.arguments: post_data[key] = self.get_arguments(key) userinfo = self.muser.get_by_id(post_data['u'][0]) sub_timestamp = int(post_data['t'][0]) cur_timestamp = tools.timestamp() if cur_timestamp - sub_timestamp < 600 and cur_timestamp > sub_timestamp: pass else: kwd = { 'info': '密码重置已超时!', } self.set_status(400) self.render('html/404.html', kwd=kwd) hash_str = tools.md5(userinfo.user_name + post_data['t'][0] + userinfo.user_pass) if hash_str == post_data['p'][0]: pass else: kwd = { 'info': '密码重置验证出错!', } self.set_status(400) self.render('html/404.html', kwd=kwd) new_passwd = tools.get_uu8d() self.muser.update_pass(userinfo.user_name, new_passwd) kwd = { 'user_name': userinfo.user_name, 'new_pass': new_passwd, } self.render('{0}/{1}/show_pass.html'.format(self.tmpl_name, self.tmpl_router), kwd=kwd)
def check_user(self, u_name, u_pass): tt = CabMember.select().where(CabMember.user_name == u_name).count() if tt == 0: return -1 a = CabMember.get(user_name=u_name) if a.user_pass == tools.md5(u_pass): return 1 return 0
def insert_data(self, post_data): try: CabMember.create(uid=tools.get_uuid(), user_name=post_data['user_name'][0], user_pass=tools.md5(post_data['user_pass'][0]), user_email=post_data['user_email'][0], privilege='10000', reset_passwd_timestamp=0, ) return True except: return False
def reset_password(self): post_data = {} for key in self.request.arguments: post_data[key] = self.get_arguments(key) if 'email' in post_data: userinfo = self.muser.get_by_email(post_data['email'][0]) if tools.timestamp() - userinfo.reset_passwd_timestamp < 70: self.set_status(400) kwd = { 'info': '两次重置密码时间应该大于1分钟', } self.render('html/404.html', kwd=kwd, userinfo=self.userinfo) return False if userinfo: timestamp = tools.timestamp() passwd = userinfo.user_pass username = userinfo.user_name hash_str = tools.md5(username + str(timestamp) + passwd) url_reset = '{0}/user/reset-passwd?u={1}&t={2}&p={3}'.format( config.site_url, username, timestamp, hash_str) email_cnt = ''' <div>请查看下面的信息,并<span style="color:red">谨慎操作</span>:</div> <div>您在"{0}"网站({1})申请了密码重置,如果确定要进行密码重置,请打开下面链接:</div> <div><a href={2}>{2}</a></div> <div>如果无法确定本信息的有效性,请忽略本邮件。</div> '''.format(config.site_name, config.site_url, url_reset) if send_mail([userinfo.user_email], "{0}|密码重置".format(config.site_name), email_cnt): self.muser.update_reset_passwd_timestamp( username, timestamp) self.set_status(200) return True else: self.set_status(400) return False else: self.set_status(400) return False else: self.set_status(400) return False
def reset_password(self): post_data = {} for key in self.request.arguments: post_data[key] = self.get_arguments(key) if 'email' in post_data: userinfo = self.muser.get_by_email(post_data['email'][0]) if tools.timestamp() - userinfo.reset_passwd_timestamp < 70: self.set_status(400) kwd = { 'info': '两次重置密码时间应该大于1分钟', } self.render('html/404.html', kwd=kwd) return False if userinfo: timestamp = tools.timestamp() passwd = userinfo.user_pass username = userinfo.user_name hash_str = tools.md5(username + str(timestamp) + passwd) url_reset = '{0}/user/reset-passwd?u={1}&t={2}&p={3}'.format(config.site_url, username, timestamp, hash_str) email_cnt = ''' <div>请查看下面的信息,并<span style="color:red">谨慎操作</span>:</div> <div>您在"{0}"网站({1})申请了密码重置,如果确定要进行密码重置,请打开下面链接:</div> <div><a href={2}>{2}</a></div> <div>如果无法确定本信息的有效性,请忽略本邮件。</div> '''.format(config.site_name, config.site_url, url_reset) if send_mail([userinfo.user_email], "{0}|密码重置".format(config.site_name), email_cnt): self.muser.update_reset_passwd_timestamp(username, timestamp) self.set_status(200) return True else: self.set_status(400) return False else: self.set_status(400) return False else: self.set_status(400) return False
def update_pass(self, u_name, newpass): entry = CabMember.update( user_pass=tools.md5(newpass), ).where(CabMember.user_name == u_name) entry.execute() return entry