def POST(self, inputs=None):
if not inputs: inputs = sh.inputs()
assert (inputs.get('email', '').strip())
assert (inputs.get('password', ''))
uc = sh.ctrl('User')
model = sh.model('User')
action = sh.getEnv('REQUEST_URI').partition('?')[0].strip('/')
if action == 'login':
if not uc.validate(inputs.email, inputs.password):
return sh.page.user.Login('您输入的用户名或密码不对, 请重新输入', inputs.email)
user = model.getByEmail(inputs.email)
if user.dead == 'yes':
return sh.alert('登录失败,你已被列入黑名单,请联系管理员')
uc.login(user, inputs.get('remember_me', '') == 'on')
# 获得打开login页面时url中指定的referer
referer = sh.getUrlParams(sh.getEnv('HTTP_REFERER')).get(
'referer', None)
if referer:
return sh.redirect(referer)
elif sh.inputs().get('referer', None):
return sh.redirect(sh.inputs().get('referer', None))
else:
return sh.alert('登录成功. 欢迎回来!')
def POST(self, inputs=None):
if not inputs: inputs = sh.inputs()
assert(inputs.get('email', '').strip())
assert(inputs.get('password', ''))
uc = sh.ctrl('User')
model = sh.model('User')
action = sh.getEnv('REQUEST_URI').partition('?')[0].strip('/')
if action == 'login':
if not uc.validate(inputs.email, inputs.password):
return sh.page.user.Login('您输入的用户名或密码不对, 请重新输入', inputs.email)
user = model.getByEmail(inputs.email)
if user.dead == 'yes':
return sh.alert('登录失败,你已被列入黑名单,请联系管理员')
uc.login(user, inputs.get('remember_me', '') == 'on')
# 获得打开login页面时url中指定的referer
referer = sh.getUrlParams(sh.getEnv('HTTP_REFERER')).get('referer', None)
if referer:
return sh.redirect(referer)
elif sh.inputs().get('referer', None):
return sh.redirect(sh.inputs().get('referer', None))
else:
return sh.alert('登录成功. 欢迎回来!')
def POST(self, inputs=None):
if not inputs: inputs = sh.inputs()
uc = sh.ctrl('User')
error = uc.checkNewUser(inputs)
if error:
return sh.page.user.Register(error, inputs.get('email', ''))
new_id = uc.register(inputs)
uc.loginById(new_id, inputs.get('remember_me', 'no') == 'yes')
if sh.model('User').validation_request:
uc.sendValidationEmail(user)
return sh.alert('注册成功,请查收您的验证邮件')
else:
return sh.alert('注册成功')
def POST(self, inputs=None):
if not inputs: inputs = sh.inputs()
uc = sh.ctrl('User')
error = uc.checkNewUser(inputs)
if error:
return sh.page.user.Register(error, inputs.get('email', ''))
new_id = uc.register(inputs)
uc.loginById(new_id, inputs.get('remember_me', 'no') == 'yes')
if sh.model('User').validation_request:
uc.sendValidationEmail(user)
return sh.alert('注册成功,请查收您的验证邮件')
else:
return sh.alert('注册成功')
def __getSortedKeys(self, select):
form_key = ' from ' if ' from ' in select else ' FROM '
if '*' in select.partition(form_key)[0] and ',' not in select.partition(form_key)[0]:
return []
else:
keys= []
key = []
bracket_count = 0
for c in select.partition(form_key)[0] + ',':
if c == '(':
bracket_count += 1
key.append(c)
elif c == ')':
bracket_count -= 1
key.append(c)
elif bracket_count == 0 and c == ',':
key = ''.join(key).strip().rpartition(' ')[2]
keys.append(key)
key = []
else:
key.append(c)
if bracket_count != 0:
return sh.alert('select语句有语法错误', stay=10)
return keys
def __getSortedKeys(self, select):
form_key = " from " if " from " in select else " FROM "
if "*" in select.partition(form_key)[0] and "," not in select.partition(form_key)[0]:
return []
else:
keys = []
key = []
bracket_count = 0
for c in select.partition(form_key)[0] + ",":
if c == "(":
bracket_count += 1
key.append(c)
elif c == ")":
bracket_count -= 1
key.append(c)
elif bracket_count == 0 and c == ",":
key = "".join(key).strip().rpartition(" ")[2]
keys.append(key)
key = []
else:
key.append(c)
if bracket_count != 0:
return sh.alert("select语句有语法错误", stay=10)
return keys
def POST(self):
inputs = web.input()
if inputs.action == 'send_code':
user = sh.model('User').getByEmail(inputs.email.strip())
if user:
sh.ctrl('User').sendForgetPasswordEmail(user)
return sh.alert('发送成功,请查收您的邮件(可能在"垃圾邮件"中)。', '/')
elif inputs.action == 'reset_password':
assert(6 <= len(inputs.password) < 60)
user_model = sh.model('User')
code_model = sh.model('UserForgetPassword')
exists = code_model.getOneByWhere('Userid=%s and code=%s', inputs.Userid, inputs.code)
if not exists:
return sh.alert('链接无效,请重新申请')
if (datetime.now() - exists.created).seconds > code_model.expires:
return sh.alert('链接已过期,请重新申请')
user_model.update(inputs.Userid, dict(password=inputs.password))
code_model.delete(exists.id)
return sh.alert('重设密码成功,请登录', '/login')
def POST(self):
inputs = web.input()
if inputs.action == 'send_code':
user = sh.model('User').getByEmail(inputs.email.strip())
if user:
sh.ctrl('User').sendForgetPasswordEmail(user)
return sh.alert('发送成功,请查收您的邮件(可能在"垃圾邮件"中)。', '/')
elif inputs.action == 'reset_password':
assert (6 <= len(inputs.password) < 60)
user_model = sh.model('User')
code_model = sh.model('UserForgetPassword')
exists = code_model.getOneByWhere('Userid=%s and code=%s',
inputs.Userid, inputs.code)
if not exists:
return sh.alert('链接无效,请重新申请')
if (datetime.now() - exists.created).seconds > code_model.expires:
return sh.alert('链接已过期,请重新申请')
user_model.update(inputs.Userid, dict(password=inputs.password))
code_model.delete(exists.id)
return sh.alert('重设密码成功,请登录', '/login')
def GET(self, path):
mc = sh.ctrl("Editor").getMenuConfig()
# 禁止访问未公开的路径
if not mc:
return sh.redirectTo404()
inputs = sh.inputs()
select = mc.get("select", "").replace("%", "%%") # 因为MySQLdb会转义%
db = sh.getDBHelper()
if mc.get("paging", ""):
if " limit " in select.lower():
return sh.alert("使用paging选项时select中不能使用limit, 请检查后台配置", stay=10)
# 如果使用了paging, select中就不允许出现limit
if int(mc.get("paging")) <= 0:
return sh.alert("paging配置参数应为正整数", stay=10)
if " distinct " in select.lower():
return sh.alert("抱歉, 暂不支持paging与distinct一起使用", stay=10)
# 查询count(*)
form_key = " from " if " from " in select else " FROM "
total = self.__getTotal(select)
# 设置limit获得数据
select = select + " limit %d, %d" % self.__getLimit(inputs.get("page_num", 1), int(mc.paging))
items = db.fetchSome(select)
# 获得分页
pagination_html = (
'<div fx="paging[style=zarkpy;pageCount=%d;totalCount=%d;displayPages=10;firstText=第一页;lastText=末页;]"></div>'
% (int(mc.paging), total)
)
else:
items = db.fetchSome(select)
pagination_html = ""
keys = self.__getSortedKeys(select)
if len(keys) == 0 and len(items) > 0:
keys = items[0].keys()
return sh.editor.ReportForms(items, pagination_html, keys, mc)
def GET(self):
inputs = sh.inputs()
assert(inputs.has_key('Userid'))
assert(inputs.has_key('code'))
model = sh.model('UserValidation')
exists = model.getOneByWhere('Userid=%s and code=%s', inputs.Userid, inputs.code)
if exists:
sh.model('User').update(inputs.Userid, dict(activated='yes'))
model.delete(exists.id)
return sh.alert('验证邮箱成功')
else:
return sh.redirectTo404()
def GET(self, path):
mc = sh.ctrl('Editor').getMenuConfig()
# 禁止访问未公开的路径
if not mc: return sh.redirectTo404()
inputs = sh.inputs()
select = mc.get('select', '').replace('%', '%%') # 因为MySQLdb会转义%
db = sh.getDBHelper()
if mc.get('paging', ''):
if ' limit ' in select.lower():
return sh.alert('使用paging选项时select中不能使用limit, 请检查后台配置', stay=10)
# 如果使用了paging, select中就不允许出现limit
if int(mc.get('paging')) <= 0:
return sh.alert('paging配置参数应为正整数', stay=10)
if ' distinct ' in select.lower():
return sh.alert('抱歉, 暂不支持paging与distinct一起使用', stay=10)
# 查询count(*)
form_key = ' from ' if ' from ' in select else ' FROM '
total = self.__getTotal(select)
# 设置limit获得数据
select = select + ' limit %d, %d' % \
self.__getLimit(inputs.get('page_num', 1), int(mc.paging))
items = db.fetchSome(select)
# 获得分页
pagination_html = '<div fx="paging[style=zarkpy;pageCount=%d;totalCount=%d;displayPages=10;firstText=第一页;lastText=末页;]"></div>' % (int(mc.paging), total)
else:
items = db.fetchSome(select)
pagination_html = ''
keys = self.__getSortedKeys(select)
if len(keys) == 0 and len(items) > 0:
keys = items[0].keys()
return sh.editor.ReportForms(items, pagination_html, keys, mc)
def POST(self):
if not sh.session.is_login:
return sh.redirectToLogin()
user_model = sh.model('User')
user = user_model.get(sh.session.id)
inputs = sh.inputs()
assert inputs.get('action', '')
if inputs.action == 'upload':
if inputs.get('image_file', ''):
self.savePortrait(sh.session.id, inputs.image_file)
return sh.redirect('/accounts/portrait')
elif inputs.action == 'crop':
if not user.image:
return sh.alert('请先上传头像')
assert int(float(inputs.get('region_width', '0'))) > 0
assert int(float(inputs.get('region_height', '0'))) > 0
real_width, real_height = sh.imageSize(user.image.url) # 图片的真实宽高
crop = inputs.crop
region_width = int(float(inputs.region_width)) # 选择区域的宽度
region_height = int(float(inputs.region_height)) # 选择区域的高度
start_x = int(crop.split()[0]) # 选中的起始位置
start_y = int(crop.split()[1])
region_x = int(crop.split()[2]) # 选中的宽度
region_y = int(crop.split()[3]) # 选中的高度
# convert 裁剪区域
region = '%dx%d+%d+%d' % (region_x * real_width / region_width,
region_y * real_height / region_height,
real_width * start_x / region_width,
real_height * start_y / region_height)
path = sh.urlToPath(user.image.url)
os.system('convert %s -crop %s %s' %
(path, region, path + '.crop'))
user_model.update(sh.session.id, {'crop': crop})
# 删除以前裁剪图片的各种尺寸副本
os.system('rm %s.crop_*' % path)
return sh.redirect('/accounts')
def POST(self):
inputs = sh.inputs()
assert (6 <= len(inputs.new_password) < 60)
user_model = sh.model('User')
user_ctrl = sh.ctrl('User')
if not sh.session.is_login:
return sh.redirectToLogin()
Userid = sh.session.id
user = user_model.get(Userid)
assert (user is not None)
if not user_ctrl.validate(user.email, inputs.old_password):
return sh.page.user.ResetPassword('原密码输入错误, 请重新输入')
user_model.update(Userid, dict(password=inputs.new_password))
return sh.alert('重置密码成功', '/')
def POST(self):
inputs = sh.inputs()
assert(6 <= len(inputs.new_password) < 60)
user_model = sh.model('User')
user_ctrl = sh.ctrl('User')
if not sh.session.is_login:
return sh.redirectToLogin()
Userid = sh.session.id
user = user_model.get(Userid)
assert(user is not None)
if not user_ctrl.validate(user.email, inputs.old_password):
return sh.page.user.ResetPassword('原密码输入错误, 请重新输入')
user_model.update(Userid, dict(password=inputs.new_password))
return sh.alert('重置密码成功', '/')
def POST(self):
if not sh.session.is_login:
return sh.redirectToLogin()
user_model = sh.model('User')
user = user_model.get(sh.session.id)
inputs = sh.inputs()
assert inputs.get('action', '')
if inputs.action == 'upload':
if inputs.get('image_file', ''):
self.savePortrait(sh.session.id, inputs.image_file)
return sh.redirect('/accounts/portrait')
elif inputs.action == 'crop':
if not user.image:
return sh.alert('请先上传头像')
assert int(float(inputs.get('region_width', '0'))) > 0
assert int(float(inputs.get('region_height', '0'))) > 0
real_width, real_height = sh.imageSize(user.image.url) # 图片的真实宽高
crop = inputs.crop
region_width = int(float(inputs.region_width)) # 选择区域的宽度
region_height = int(float(inputs.region_height)) # 选择区域的高度
start_x = int(crop.split()[0]) # 选中的起始位置
start_y = int(crop.split()[1])
region_x = int(crop.split()[2])# 选中的宽度
region_y = int(crop.split()[3]) # 选中的高度
# convert 裁剪区域
region = '%dx%d+%d+%d' % (region_x * real_width / region_width,
region_y * real_height / region_height,
real_width * start_x / region_width,
real_height * start_y / region_height)
path = sh.urlToPath(user.image.url)
os.system('convert %s -crop %s %s' % (path, region, path+'.crop'))
user_model.update(sh.session.id, {'crop': crop})
# 删除以前裁剪图片的各种尺寸副本
os.system('rm %s.crop_*' % path)
return sh.redirect('/accounts')
def POST(self, inputs=None):
if not inputs: inputs = sh.inputs()
new_id = sh.model('Note').insert(inputs)
return sh.alert('注册成功')
