예제 #1
0
    def post(self):

        email = self.get_request("email", "")
        user_url = self.get_request("personal_url", "")
        displayName = self.get_request("display_name", "")
        password = self.get_request("password", "")
        crsf = self.get_request("_xsrf","")
        user_crsf = self.get_cookie("_xsrf","unknown")
        self.clear_cookie("_xsrf")
        if crsf != user_crsf or user_crsf =="unknown":
            self.print_result(False, "Xsrf protected!")
            return
        if user_url != "":
            tmp = user_url.lower()
            if not tmp.startswith("http"):
                user_url = "http://"+user_url
            if not pyUtility.isURL(user_url):
                self.print_result(False, "The Format of URL is wrong!")
                return
        if email == "":
            self.print_result(False, "Email Cannot be blank!")
            return
        if not pyUtility.isEmail(email):
            self.print_result(False, "Email Format is incorrect!")
            return

        current = self.get_current_user()
        if current['user_email'] != email:
            """
                Check if email has been taken or not
            """
            if not User().isEmailUnique(email):

                self.print_result(False, "Email Has been used")
                return
        user = User().getByID(current['ID'], False)
        if user:
            if not password == "":
                newPwd = user.getEncodeStr(password)
                if newPwd != user.user_pass:
                    user.user_pass = newPwd
            user.user_email = email
            user.user_url = user_url
            user.display_name = displayName
            newUserData = user.row2dict()
            if user.update():
                self.set_current_user(newUserData)
                self.print_result(True, "Done")
            else :
                self.print_result(False, "Failed to Update DB")
        else:
            # find failed
            self.print_result(False, "Can not find any record")
예제 #2
0
    def post(self):
        username = self.get_request("Login[username]", None)
        nextmove = self.get_request("nextmove", "")
        pwd = self.get_request("Login[password]", None)
        remember = self.get_request("Login[remember]", None)
        validcode = self.get_request("Login[validcode]", "")

        if not pyUtility.isAccountLegal(username):
            self.print_result(False, "User Or Password is incorrect!!")
            return
        if "validcode" in self.session:
            if validcode != self.session['validcode']:
                self.print_result(False, "ValidCode is incorrect!!", True)
                return
        else:
            self.print_result(False, "ValidCode is incorrect!!", True)
            return

        if not remember is None and remember:
            self.set_cookie("login_name", url_escape(username))
        else:
            self.clear_cookie("login_name")
            # login process
        if not username or not pwd or username is None or pwd is None:
            self.print_result(False, "UserName Or Password Is Empty!")
            return
        user = User().Login(username, pwd)
        if user:
            # login success
            # save session
            if user.user_status==2:
                self.print_result(False,"Account has been locked")
                return
            self.set_current_user(user.row2dict())
            self.print_result(True, "Authorized", nextmove)
        else:
            # login failed
            self.print_result(False, "User Or Password Is Wrong", self.get_webroot_url()+"auth?next=" + url_escape(nextmove))