def check_user():
username = request.form['username']
u_pattern = "^[a-zA-Z0-9_-]{2,16}$"
if not mod_safety.check_pattern(u_pattern, username):
return {'code': 403, 'msg': '用户名请求不合法!'}
password = request.form['password']
password = mod_safety.pass_hash(password)
v_token = request.form['token']
remember_me = request.form['remember_me']
ip = request.form['ip']
v_data = {
'id': '5f11cf308d41fe366eb1e82a',
'secretkey': f'{mod_settings.get_value("secret_key")}',
'scene': 1,
'token': v_token,
'ip': ip
}
print(
f'[登录尝试] {datetime.now().strftime("%Y-%m-%d %H:%M:%S")} 来自ip:{ip} 的用户尝试以用户名 {username} 登录 记住我选项:'
f'{remember_me}。')
v_response = requests.post("http://0.vaptcha.com/verify", v_data).json()
if v_response['success'] != 1:
return {
'code':
403,
'msg':
'服务器端二次验证失败,这可能是ADBlock或uBlock等去广告插件屏蔽IP检测插件导致的。建议:请在添加该网站为白名单后重试。'
}
result = mod_mysql.check_user(username, password, ip)
if result['code'] != 0:
return {'code': result['code'], 'msg': result['msg']}
else:
token = "Login:"******"PPpp" + password
token = mod_safety.pass_hash(token)
# 跨站处理尚未完成
result = Response(json.dumps({
"code": 200,
}),
content_type='application/json')
if remember_me == "true":
result.set_cookie('user',
username,
domain=".vvbbnn00.cn",
max_age=604800)
result.set_cookie('token',
token,
domain=".vvbbnn00.cn",
max_age=604800)
else:
result.set_cookie('user', username, domain=".vvbbnn00.cn")
result.set_cookie('token', token, domain=".vvbbnn00.cn")
return result
def check_user(username, password, ip):
# 判断用户名密码是否正确
try:
r = redis.Redis(connection_pool=pool)
r_p = r.get("passwd_" + username)
uid = r.get("uid_" + username)
if (r_p is not None) and (uid is not None):
passwd = r_p
else:
db = MySQLdb.connect(Mysql_host, Mysql_user, Mysql_pass, charset='utf8')
cursor = db.cursor()
sql = "SELECT * FROM db_user.user_up WHERE USERNAME = '******'" % username
cursor.execute(sql)
result = cursor.fetchone()
uid = result[0]
passwd = result[2]
r.set('passwd_' + username, passwd, ex=3600)
r.set('uid_' + username, uid, ex=3600)
db.close()
if password == passwd:
v_token = "Login:"******"PPpp" + passwd
v_token = mod_safety.pass_hash(v_token)
r.set('token_' + username, v_token, ex=3600)
db = MySQLdb.connect(Mysql_host, Mysql_user, Mysql_pass, charset='utf8')
cursor = db.cursor()
sql = f"SELECT * FROM db_user.user_detail WHERE UID = '{uid}'"
cursor.execute(sql)
result = cursor.fetchone()
if result is None or result[5] == -1:
return {
'code': 2,
'msg': "您被禁止登录本网站,请联系网站管理员!"
}
if result[5] == 2:
return {
'code': 2,
'msg': "请先在邮件中激活该账户!"
}
login_dt = datetime.datetime.now().strftime("%Y-%m-%d %H:%M:%S")
sql = f"REPLACE INTO db_user.user_detail (`uid`, `Last_Login`, `Login_IP`) VALUES ('{uid}', " \
f"'{login_dt}', '{ip}')"
cursor.execute(sql)
return {
'code': 0,
'UID': uid
}
else:
return {
'code': 1,
'msg': '用户名或密码错误!'
}
except Exception as e:
print('发生错误的文件:', e.__traceback__.tb_frame.f_globals['__file__'])
print('错误所在的行号:', e.__traceback__.tb_lineno)
print('错误信息', e)
return {
'code': -1,
'msg': '未知错误,请联系网站管理员!'
}
def check_token(username, token):
try:
r = redis.Redis(connection_pool=pool)
r_p = r.get("token_" + username)
if r_p is not None:
v_token = r_p
else:
db = MySQLdb.connect(Mysql_host, Mysql_user, Mysql_pass, charset='utf8')
cursor = db.cursor()
sql = "SELECT * FROM db_user.user_up WHERE USERNAME = '******'" % username
cursor.execute(sql)
result = cursor.fetchone()
passwd = result[2]
db.close()
v_token = "Login:"******"PPpp" + passwd
v_token = mod_safety.pass_hash(v_token)
r.set('token_' + username, v_token, ex=3600)
if token == v_token:
return 0
else:
return -1
except Exception as e:
print('发生错误的文件:', e.__traceback__.tb_frame.f_globals['__file__'])
print('错误所在的行号:', e.__traceback__.tb_lineno)
print('错误信息', e)
return -1
def do_reg():
username = request.form['username']
ori_passwd = request.form['password']
passwd = mod_safety.pass_hash(ori_passwd)
email = request.form['email']
v_token = request.form['token']
ip = request.form['ip']
u_pattern = "^[a-zA-Z0-9_-]{2,16}$"
p_pattern = "^(?![0-9]+$)(?![a-z]+$)(?![A-Z]+$)(?!([^(0-9a-zA-Z)])+$).{6,20}$"
e_pattern = "^[A-Za-z0-9\u4e00-\u9fa5]+@[a-zA-Z0-9_-]+(\.[a-zA-Z0-9_-]+)+$"
if not mod_safety.check_pattern(u_pattern, username) or not mod_safety.check_pattern(p_pattern, ori_passwd) or not \
mod_safety.check_pattern(e_pattern, email):
return {'code': 403, 'msg': "请求不合法!"}
v_data = {
'id': '5f11cf308d41fe366eb1e82a',
'secretkey': f'{mod_settings.get_value("secret_key")}',
'scene': 2,
'token': v_token,
'ip': ip
}
print(
f'[注册尝试] {datetime.now().strftime("%Y-%m-%d %H:%M:%S")} 来自ip:{ip} 的用户尝试以用户名 {username} 注册 密码hash:'
f'{passwd} 电子邮箱 {email}。')
v_response = requests.post("http://0.vaptcha.com/verify", v_data).json()
if v_response['success'] != 1:
return {
'code':
403,
'msg':
'服务器端二次验证失败,这可能是ADBlock或uBlock等去广告插件屏蔽IP检测插件导致的。建议:请在添加该网站为白名单后重试。'
}
result = mod_mysql.create_user(username=username,
pass_hash=passwd,
email=email)
if result['code'] == 0:
return {'code': 200, 'msg': "success."}
else:
return {'code': 403, 'msg': result['msg']}
def create_verify_link(username, uid, email):
try:
db = MySQLdb.connect(Mysql_host, Mysql_user, Mysql_pass, charset='utf8')
cursor = db.cursor()
sql = f"SELECT * FROM db_user.user_detail WHERE UID = '{uid}'"
cursor.execute(sql)
result = cursor.fetchone()
if result is None:
return {
'code': 1,
'msg': "非法请求!"
}
if result[5] != 2:
return {
'code': 1,
'msg': "非法请求!"
}
token_id = datetime.datetime.now().strftime("%Y%m%d%H%M%S_" + str(uid) + str(mod_safety.random_number_code(10)))
token = mod_safety.pass_hash(mod_safety.random_secret_key(32))
r = redis.Redis(connection_pool=pool)
r.set("v_code_" + token_id, token, ex=3600)
r.set("v_uid_" + token_id, uid, ex=3600)
r.set("is_activating_" + username, "true", ex=3600)
mod_email.send_verify_message(username, email, token_id, token)
return {
'code': 0,
'msg': '注册成功,一封激活邮件已发送至您的邮箱,为避免重复注册,请在一小时内激活!'
}
except Exception as e:
print('发生错误的文件:', e.__traceback__.tb_frame.f_globals['__file__'])
print('错误所在的行号:', e.__traceback__.tb_lineno)
print('错误信息', e)
return {
'code': -1,
'msg': "未知错误,请联系管理员!"
}