def login(): form = MyForm.MyForm_login() form.name.label = '用户名:' form.password.label = '密码:' user = request.cookies.get('user') if user: Incr = Redis.incr('%s_Incr' % user) else: Incr = 0 if form.submit.data: if form.name.data and form.password.data: user = form.name.data pw = form.password.data Key_Incr = '%s_Incr' % user Key_Lock = '%s_lock' % user try: if Incr >= 30: raise flash('该帐号异常登陆,已被锁定3分钟!') if Incr >= 5: if form.code.data: if str(form.code.data) != str(session['verify_code']): raise flash('输入验证码错误!') else: raise flash('请输入验证码,看不清点击验证码刷新!') va_p = db_op.idc_users.query.filter( and_(db_op.idc_users.name == user, db_op.idc_users.passwd == Md5.Md5_make(pw))).first() produce.Async_log(user, request.url) if va_p: URL = url_for('index.index') if pw == app.config.get('INIT_OP_PASSWORD'): URL = url_for('pw.pw') flash('请修改初始密码!') timestamp = None if form.remember_me.data: timestamp = check.timestamp(7) ID = produce.Produce(length=24, chars=string.hexdigits) app_resp = make_response(redirect(URL)) app_resp.set_cookie('user', user, expires=timestamp) app_resp.set_cookie('ID', ID, expires=timestamp) Redis.set('OP_ID_%s' % user, ID) Redis.delete(Key_Lock) Redis.delete(Key_Incr) return app_resp else: Redis.incr(Key_Incr) if Incr >= 30: Redis.set(Key_Lock, 'True') Redis.expire(Key_Incr, 60) Redis.expire(Key_Lock, 180) flash('用户名或者密码错误!') URL = url_for('login.login') app_resp = make_response(redirect(URL)) app_resp.set_cookie('user', user) return app_resp except Exception as e: if 'old' not in str(e): flash(str(e)) return render_template('login.html', form=form, verify_incr=Incr)
def login(): form = MyForm.MyForm_login() form.name.label = '用户名:' form.password.label = '密码:' ym = time.strftime('%Y', time.localtime()) if form.submit.data: if form.name.data and form.password.data: user = form.name.data pw = form.password.data try: Key_Incr = '%s_Incr' % user Key_Lock = 'Lock_login_%s' % user if Redis.exists(Key_Incr): Incr = int(Redis.get(Key_Incr)) else: Incr = 1 if Redis.exists(Key_Lock): raise flash('该帐号异常登陆,已被锁定1分钟!') va_p = db_op.idc_users.query.filter( and_(db_op.idc_users.name == user, db_op.idc_users.passwd == Md5.Md5_make(pw))).first() produce.Async_log(user, request.url) if va_p: URL = url_for('index.index') if pw == app.config.get('INIT_OP_PASSWORD'): URL = url_for('pw.pw') flash('请修改初始密码!') timestamp = None if form.remember_me.data: timestamp = check.timestamp(7) ID = produce.Produce(length=24, chars=string.hexdigits) app_resp = make_response(redirect(URL)) app_resp.set_cookie('user', user, expires=timestamp) app_resp.set_cookie('ID', ID, expires=timestamp) Redis.set('OP_ID_%s' % user, ID) return app_resp else: Redis.set(Key_Incr, Incr + 1) if Incr >= 11: Redis.incr(Key_Lock, 'True') Redis.expire(Key_Lock, 60) flash('用户名或者密码错误,还有%s次机会重试!' % (10 - int(Incr))) URL = url_for('login.login') app_resp = make_response(redirect(URL)) app_resp.set_cookie('user', user) return app_resp except Exception as e: if 'old' not in str(e): flash(str(e)) return render_template('login.html', form=form, ym=ym)
def logout(): timestamp = check.timestamp(0) app_resp = make_response(redirect('/login')) for key in request.cookies: app_resp.set_cookie(key, expires=timestamp) return app_resp
def logout(): timestamp = check.timestamp(0) app_resp = make_response(redirect('/')) app_resp.set_cookie('user', expires=timestamp) app_resp.set_cookie('ID', expires=timestamp) return app_resp
def login(): try: try: token = tools.Produce(length=24, chars=string.hexdigits) except Exception as e: logging.error(e) ym = time.strftime('%Y', time.localtime()) session['Menu'] = {} #钉钉验证授权 if tools.http_args(request, 'code') and tools.http_args( request, 'state') == 'STATE': db_auth = db_op.user_auth code = tools.http_args(request, 'code') #获取token try: url = "https://oapi.dingtalk.com/sns/gettoken?appid=dingoadq3qon8zb34vzdff&appsecret=Tu6IlXjTn1m4vqrOA580xLOt2VbOK26bVu3sBOtvp0MnqIp2zpcwkL3qVpqAT7rG" if ENV == 'dev': url = "https://oapi.dingtalk.com/sns/gettoken?appid=dingoa7wymhx6dbeffjels&appsecret=I-v3OXL1hFKYZlJ3b6pqABmoNGYREXePpdzQ5JaSK8DqJdQyn_1J3wEUYBTpdiE_" r = requests.get(url) access_token = r.json()['access_token'] r = requests.post( "https://oapi.dingtalk.com/sns/get_persistent_code?access_token=%s" % access_token, data=json.dumps({"tmp_auth_code": code})) openid = r.json()['openid'] persistent_code = r.json()['persistent_code'] r = requests.post( "https://oapi.dingtalk.com/sns/get_sns_token?access_token=%s" % access_token, data=json.dumps({ "openid": openid, "persistent_code": persistent_code })) sns_token = r.json()['sns_token'] #获取用户信息 r = requests.get( 'https://oapi.dingtalk.com/sns/getuserinfo?sns_token=%s' % sns_token) user_info = r.json()['user_info'] nick = user_info['nick'] dingId = user_info['dingId'] except Exception as e: logging.error(e) #授权用户登陆 if nick and dingId: try: val = db_auth.query.filter( and_(db_auth.dingId == dingId, db_auth.openid == openid)).all() if val: db_auth.query.filter( and_(db_auth.dingId == dingId, db_auth.openid == openid)).update({ db_auth.token: token, db_auth.update_time: time.strftime('%Y-%m-%d %H:%M:%S', time.localtime()) }) db_op.DB.session.commit() URL = url_for('main') timestamp = check.timestamp(7) else: #跳转至权限申请页 URL = url_for('approval.apply') timestamp = check.timestamp(1) except Exception as e: logging.error(e) app_resp = make_response(redirect(URL)) try: app_resp.set_cookie('user', Md5.Md5_make(nick), expires=timestamp, path='/') app_resp.set_cookie('openid', Md5.Md5_make(openid), expires=timestamp, path='/') app_resp.set_cookie('dingId', Md5.Md5_make(dingId), expires=timestamp, path='/') app_resp.set_cookie('token', Md5.Md5_make(token), expires=timestamp, path='/') except Exception as e: logging.error(e) else: Redis.set('OP_verify_%s' % dingId, token) Redis.set('OP_token_%s' % Md5.Md5_make(token), token) Redis.set('OP_dingId_%s' % Md5.Md5_make(dingId), dingId) Redis.set('OP_user_%s' % Md5.Md5_make(nick), nick) Redis.set('OP_openid_%s' % Md5.Md5_make(openid), openid) return app_resp except Exception as e: flash('登录失败!') logging.error(e) finally: db_op.DB.session.remove() return render_template('login.html', ym=ym, ENV=ENV)
#-*- coding: utf-8 -*- from flask import Blueprint,redirect,url_for,render_template,flash,make_response,g,request from sqlalchemy import and_ from Modules import db_op,produce, MyForm, Md5,check page_pw = Blueprint('pw',__name__) timestamp = check.timestamp(7) @page_pw.route('/pw',methods = ['GET', 'POST']) def pw(): form = MyForm.MyForm_pw() if form.submit.data: pw = Md5.Md5_make(form.password.data) pw1 = form.new_password1.data pw2 = form.new_password2.data try: db = db_op.idc_users va = db.query.filter(and_(db.name == g.user, db.passwd == pw)).first() if pw1 == pw2: if va: va.passwd = Md5.Md5_make(pw1) db_op.DB.session.commit() db_op.DB.session.close() flash('密码修改成功,请重新登录!') app_resp = make_response( redirect(url_for('index.index'))) return app_resp else: flash('旧密码错误!') else: flash('新密码不一致!') except Exception as e: flash(e) return render_template('password.html',form=form)
def logout(): timestamp = check.timestamp(0) app_resp = make_response(redirect('/')) app_resp.set_cookie('user', expires=timestamp) app_resp.set_cookie('ID', expires=timestamp) return app_resp