def register(): if not request.json: abort(400) phone = request.json.get("phone", None) intro_token = request.json.get("intro_token", None) if phone is None: # or len(str(phone)) != 9: abort(400) if intro_token is None or intro_token != config.intro_token: abort(400) code = randomSmsCode() db = Database(config) user = db.getOneByParam( "SELECT id FROM `user_register` WHERE `phone` = %s", phone) if not user: sql = """INSERT INTO `user_register`( `phone`, `sms_code`, `password`, `token`, `send_count`, `fail_count`, `created_at`, `updated_at`) VALUES (%s, %s, %s, %s, %s, %s, %s, %s)""" db.executeByParams(sql, [ phone, code, randomString(), randomString(25), 0, 0, currentTime(), currentTime() ]) else: user = db.executeByParams( "UPDATE `user_register` SET `sms_code` = %s WHERE `phone` = %s", [code, phone]) user = db.getOneByParam( "SELECT sms_code, token FROM `user_register` WHERE `phone` = %s", phone) # send sms to phone number headers = {'User-Agent': 'Mozilla/5.0'} payload = { 'login': Config.sms_login, 'key': Config.sms_pass, 'text': code, 'phone': phone, 'sender': 'Bringo.uz' } requests.post(Config.sms_url, data=payload, headers=headers) return get_response( { "code": user.get("sms_code", code), "token": user.get("token", None) }, True)
def checkCode(): if not request.json: abort(400) phone = request.json.get("phone", None) code = request.json.get("code", None) token = request.json.get("token", None) if not code or not phone or not token: abort(400) db = Database(config) user = db.getOneByParam( "SELECT `id`, `sms_code`, `token` FROM `user_register` WHERE `phone` = %s", phone) if not user or user.get("token") != token: abort(403) if user.get("sms_code") != code: return get_response("Ваш код SMS неверен", False) id = user.get("id") new_token = randomString(25) user = db.executeByParams( "UPDATE `user_register` SET `token` = %s WHERE `id` = %s", [new_token, id]) return get_response({"new_token": new_token}, True)
def setPassword(): if not request.json: abort(400) token = request.json.get("token", None) password = request.json.get("password", None) if not password or not token: abort(400) db = Database(config) register = db.getOneByParam( "SELECT `id`, `phone`, `token` FROM `user_register` WHERE `token` = %s", token) if not register or register.get("token") != token: abort(403) phone = register.get("phone") user_profile = db.getOneByParam( "SELECT `user_id` FROM `user_profile` WHERE `phone` = %s", phone) if user_profile and user_profile.get("user_id"): user = db.getOneByParam("SELECT `id` FROM `user` WHERE `id` = %s", user_profile.get("user_id")) hash = encryptPassword(password) if user and user.get("id"): db.executeByParams( "UPDATE `user` SET `password` = %s, `active` = 1 WHERE `id` = %s", [hash, user.get("id")]) else: sql = """INSERT INTO `user` (`username`, `password`, `email`, `created_at`, `last_login`, `login_ip`, `recovery_key`, `recovery_password`, `discount`, `banned`, `service`, `social_id`, `active`, `secret_code`) VALUES (%s, %s, %s, %s, %s, %s, %s, %s, %s, %s, %s, %s, %s, %s)""" hash = encryptPassword(password) email = str(phone) + "*****@*****.**" db.executeByParams(sql, [ str(phone), hash, email, None, None, None, None, None, None, 0, None, None, 1, None ]) user = db.getOneByParam( "SELECT `id` FROM `user` WHERE `username` = %s", phone) if user and user.get("id"): sql = """INSERT INTO `user_profile` (`user_id`, `full_name`, `phone`, `delivery_address`, `new_phone`) VALUES (%s, %s, %s, %s, %s)""" db.executeByParams( sql, [user.get("id"), str(phone), phone, None, None]) # finally check if user was successfully registered user_profile = db.getOneByParam( "SELECT `user_id`, `phone` FROM `user_profile` WHERE `phone` = %s", phone) if user_profile and user_profile.get("user_id"): user = db.getOneByParam( "SELECT `id`, `username` FROM `user` WHERE `id` = %s", user_profile.get("user_id")) phone = None if user_profile and user_profile.get("phone") is not None: phone = user_profile.get("phone") user_id = None if user and user.get("id") is not None: user_id = user.get("id") if user_id is not None and phone is not None: db.executeByParams("DELETE FROM `user_register` WHERE `token` = %s", [token]) return get_response( { "phone": phone, "user_id": user_id, "password": password, "username": user.get("username", None) }, True)