Exemplo n.º 1
0
 def adduser(self): #对应POST方法,添加用户
     user_name=request.json.get('user_name')
     #redis判断用户是否存在
     user=myredis.rs.hget("user_map",user_name)
     if user is not None:
         return jsonify(success=False,message='用户名/邮箱/手机号 已存在')
     #检查用户名的是否符合要求                
     reg_type=check_username(user_name)
     if reg_type is False:
         return jsonify(success=False,message='用户名不符合要求') 
     
     user_pass=request.json.get('user_pass')
     user_pass=desEncrypt(bytes(user_pass)) #入库前加密密码
     
     #_user_validate用户验证 默认0 未验证 1 已验证  学生角色的不需要验证
     #_user_role 角色 1 学生 2 老师 3……待扩展
     user_role=request.json.get('user_role','1') 
     user_validate=1 if user_role=="1" else 0 
     user_email=user_name if reg_type==2 else ""
     user_phone=user_name if reg_type==3 else ""
     
     #注册成功的时候会直接生成一个token给新用户
     access_token=generate_access_token()
     #使用ORM的情况
     if is_use_orm:
         USER_MAP=self.dh.load("UserMapper","USER_MAP")
         USER_SYS=self.dh.load("UserMapper", "USER_SYS") #加载user_sys类
         new_user=USER_SYS(user_name=user_name,
                           user_email=user_email,
                           user_phone=user_phone,
                           user_pass=user_pass,
                           user_role=user_role,
                           user_validate=user_validate,
                           user_access_token=access_token)
         self.dh.save(new_user)
         user_id=new_user.user_id
         if user_id:
             new_user_map=USER_MAP(user_name=user_name,user_id=user_id)
             self.dh.save(new_user_map)
             USER_LOG=self.dh.load("UserMapper", "USER_LOG")
             new_log=USER_LOG(user_id=user_id,
                              login_ip=request.remote_addr,
                              login_status=1)
             self.dh.save(new_log)
     #使用存储过程
     else:
         cursor=self.dh.dbconn.cursor(cursorclass = MySQLdb.cursors.DictCursor)
         cursor.callproc('sp_user_reg',(user_name,
                                        user_email,
                                        user_phone,
                                        user_pass,
                                        user_role,
                                        request.remote_addr,
                                        access_token))
         new_user=cursor.fetchone()
         cursor.close()
         self.dh.dbconn.commit()
         self.dh.dbconn.close() 
         user_id=new_user['user_id']
     #更新redis上的用户信息     
     myredis.rs.hset("user_map",user_name,user_id)
     myredis.rs.hmset("user:{user_id}".format(user_id=user_id),{"user_id":user_id,
                                       "user_name":str(user_name),
                                       "user_email":user_email,
                                       "user_phone":user_phone,
                                       "user_pass":user_pass,
                                       "user_role":user_role,
                                       "user_validate":user_validate,
                                       "user_last_login_ip":request.remote_addr,
                                       "user_last_login_time":time.time(),
                                       "user_error_times":0
                                       })
     myredis.rs.hset("userid_token",user_id,access_token)
     myredis.rs.hset("token_userid",access_token,user_id)
     return jsonify(success=True,user_id=user_id,user_name=user_name,access_token=access_token,message="注册成功")
Exemplo n.º 2
0
 def userlogin(self):
     user_name=request.json.get("user_name")
     user_pass=request.json.get("user_pass")
     user_pass=desEncrypt(bytes(user_pass))
     success=False
     message='登录成功'
     
     access_token=generate_access_token()
     
     #先从redis获取用户信息判断用户是否存在
     user_id=myredis.rs.hget("user_map",user_name)
     if user_id is not None:
         user=myredis.rs.hgetall("user:{user_id}".format(user_id=user_id))
         user_error_times=int(user['user_error_times'])
         user_last_login_time=float(user['user_last_login_time'])
         if user_error_times==5 :
             if (time.time()-user_last_login_time)>=86400:
                 user_error_times=0
             else:
                 return jsonify(success=False,message="您已经连续登录失败5次,请24小时之后再来")
     else:
         return jsonify(success=False,message='用户不存在') 
            
     if is_use_orm:
         USER_SYS=self.dh.load("UserMapper", "USER_SYS")
         USER_LOG=self.dh.load("UserMapper", "USER_LOG")
         user=self.dh.do("query",USER_SYS).filter_by(user_id=user_id).first()
         if user_pass==user.user_pass:
             if user.user_validate is True:
                 #登录成功,将登录失败次数归0,同时记录用户登录日志
                 success=True
                 user_error_times=0
                 user=self.dh.do("query",USER_SYS).filter_by(user_id=user_id).update({'user_access_token':access_token,'user_error_times':user_error_times})
                 self.dh.dbsession.commit()
                 new_log=USER_LOG(user_id=user_id,
                                  login_ip=request.remote_addr,
                                  login_status=1)
                 self.dh.save(new_log)
             else:
                 new_log=USER_LOG(user_id=user_id,
                                  login_ip=request.remote_addr,
                                  login_status=0)
                 self.dh.save(new_log)
                 message="用户未验证"
         else:
             #登录失败,将登录失败次数加1,同时记录用户登录日志
             user_error_times+=1
             self.dh.do("query",USER_SYS).filter_by(user_id=user_id).update({'user_error_times':user_error_times})
             self.dh.dbsession.commit()
             new_log=USER_LOG(user_id=user_id,
                              login_ip=request.remote_addr,
                              login_status=0)
             self.dh.save(new_log)
             message="密码错误"                
     else:
         cursor=self.dh.dbconn.cursor(cursorclass = MySQLdb.cursors.DictCursor)
         cursor.callproc('sp_user_login',(user_name,user_pass,request.remote_addr,access_token))
         #登录成功返回一行用户信息,错误返回相关错误信息
         user=cursor.fetchone()
         cursor.close()
         self.dh.dbconn.commit()
         self.dh.dbconn.close()
         message=user['message']
         #登录成功
         if user['result']=='success':
             user_error_times=0
             success=True
         else:
             user_error_times+=1
     
     #更新redis上的用户信息
     myredis.rs.hmset('user:{user_id}'.format(user_id=user_id),{"user_last_login_ip":request.remote_addr,
                                                                "user_last_login_time":time.time(),
                                                                "user_error_times":user_error_times
                                                                })
     if success:
         #删除旧的token
         old_token=myredis.rs.hget("userid_token",user_id)
         if old_token:
             myredis.rs.hdel("token_userid",old_token)
         #更新token
         myredis.rs.hset("userid_token",user_id,access_token)
         myredis.rs.hset("token_userid",access_token,user_id)
         return jsonify(success=True,user_id=user_id,user_name=user_name,access_token=access_token,message=message)
     else:
         return jsonify(success=False,message=message)