def post(self): if self.human_valid(): self.flash(0, {'msg': '验证码错误!'}) return try: username = self.get_argument('username') password = self.get_argument('password') remember = self.get_argument('remember', None) redirect = self.get_argument('redirect', '/shell') if remember: remember = int(remember) user = self.users_ins.get_user_by_name(username) if user and self.entry('login:user#' + str(user['user_id'])): self.flash(0, {'msg': '操作太频繁,请稍后再试', 'sta': 429}) return if user and Tools.generate_password(password, user['user_salt']) == user['user_pswd']: self.set_current_sess(user, days=remember) logging.info("Current Login: %s" % user['user_id']) self.flash(1, {'url': redirect}) return except: pass self.flash(0, {'msg': '用户名或者密码错误!'})
def post(self, *args): try: user = self.current_user if self.entry('panel:user#' + str(user['user_id'])): self.flash(0, {'msg': '操作太频繁,请稍后再试', 'sta': 429}) return user_mail = self.get_argument('mail') user_sign = self.get_argument('sign', '') user_meta = self.get_argument('meta', '') user_pswd = self.get_argument('pswd', None) user_npwd = self.get_argument('npwd', None) user_rpwd = self.get_argument('rpwd', None) if not user_mail: self.flash(0) return if not Tools.chk_is_user_mail(user_mail): self.flash(0, {'msg': '无效的用户邮箱'}) return if user_mail != user['user_mail'] and self.users_ins.get_user_by_mail(user_mail): self.flash(0, {'msg': '用户邮箱已存在'}) return user_logo = user['user_logo'] if 'logo' in self.request.files and len(self.request.files['logo']) > 0: res = self.request.files['logo'][0] if 'filename' not in res or res['filename'] == '': self.flash(0, {'msg': '无效的文件名称'}) return if 'body' not in res or not (0 < len(res['body']) < 1024 * 1024): self.flash(0, {'msg': '无效的文件长度'}) return if 'content_type' not in res or res['content_type'].find('/') < 1 or len(res['content_type']) > 128: self.flash(0, {'msg': '无效的文件类型'}) return ets = mimetypes.guess_all_extensions(res['content_type']) ext = os.path.splitext(res['filename'])[1].lower() if ets and ext not in ets: ext = ets[0] ets = [".jpg", ".jpeg", ".gif", ".png", ".bmp"] if ext not in ets: self.flash(0, {'msg': '文件类型不支持'}) return md5 = hashlib.md5() md5.update(res['body']) key = md5.hexdigest() dir = '/www' url = '/upload/' + time.strftime('%Y/%m/%d/') + key[0] + key[1] + key[30] + key[ 31] + '/' + key + ext uri = self.settings['root_path'] + dir + url url = '/static/img/www' + url if not os.path.exists(os.path.dirname(uri)): os.makedirs(os.path.dirname(uri), mode=0777) fin = open(uri, 'w') fin.write(res['body']) fin.close() # 对应信息存入数据库 self.files_ins.insert_user_logo_info([key, dir, url, res['content_type'], res['filename'], int(time.time())]) user_logo = url if user_npwd: if not len(user_npwd) >= 6 or user_npwd != user_rpwd or Tools.generate_password(user_pswd, user['user_salt']) != user['user_pswd']: self.flash(0, {'msg': '密码输入错误'}) return user_auid = Tools.generate_randauid() user_salt = Tools.generate_randsalt() self.users_ins.update_user_info_by_pwd([user_auid, user_mail, user_logo, user_sign, user_meta, Tools.generate_password(user_npwd, user_salt), user_salt, int(time.time()), int(time.time()), user['user_id']]) else: self.users_ins.update_user_info_by_other([user_mail, user_logo, user_sign, user_meta, int(time.time()), user['user_id']]) self.flash(1, {'msg': '更新成功'}) return except: pass self.flash(0)