Exemplo n.º 1
0
def su_request(request):
    if request.method == "POST":
        signup = request.POST.get('signup_request')
        if signup == "true":
            if not os.path.exists(Config.key_url + "rsa_private.bin"):
                key = RSA.generate(1024)
                encrypted_key = key.exportKey(passphrase="981017",
                                              pkcs=8,
                                              protection="scryptAndAES128-CBC")
                with open(Config.key_url + "rsa_private.bin", "wb+") as f:
                    f.write(encrypted_key)
                with open(Config.key_url + "rsa_public.pem", "wb+") as f:
                    f.write(key.publickey().exportKey())
            return JsonResponse({"pub_key": get_rsa_pubkey()})
        else:
            name = request.POST.get('name')
            phone = request.POST.get('phone')
            card = request.POST.get('card')
            id_no = request.POST.get('id_no')
            passwd = request.POST.get('passwd')
            cipher_data = [name, id_no, phone, card, passwd]
            plaintext = rsa_decrypt(cipher_data)
            User.objects.get_or_create(name=plaintext[0],
                                       id_no=plaintext[1],
                                       phone=plaintext[2],
                                       card=plaintext[3],
                                       passwd=md5(plaintext[4]),
                                       pay_passwd='12345678')
            Account.objects.get_or_create(user=plaintext[2],
                                          avatar="avatar/48.jpg",
                                          balance="0",
                                          cost="0")
            return JsonResponse({"saved": True})
Exemplo n.º 2
0
def set_paypasswd(request, name):
    user = request.session.get(name, None)
    if not (user and user.get('is_login', None)):
        return render(request, "authenticate/signin.html")
    if request.method == 'POST':
        set_pay = request.POST.get('set')
        if set_pay == 'true':
            return JsonResponse({"pub_key": get_rsa_pubkey()})
        else:
            passwd = request.POST.get("passwd")
            if not passwd:
                return JsonResponse({"message": "password could not be empty"})
            pay_passwd = rsa_decrypt([passwd])[0]
            if pay_passwd == '12345678' or pay_passwd == '':
                return JsonResponse({
                    "message": "pay password to simple",
                    "url": ''
                })
            else:
                the_user = User.objects.get(name=name)
                the_user.pay_passwd = md5(pay_passwd)
                the_user.save()
                return JsonResponse({
                    "message":
                    "pay password has been saved",
                    "url":
                    reverse("manage", kwargs={"name": name})
                })
    return render(request, "authenticate/setpay.html")
Exemplo n.º 3
0
def transfer(request, name):
    if not if_login(request, name):
        return redirect(reverse('signin'))
    user = get_user(name)
    account = get_account(name)
    card = user.card
    image = get_account(name).avatar
    if request.method == "POST":
        amount = request.POST.get("amount")
        passwd = request.POST.get("passwd")
        b_phone = request.POST.get("b_phone")
        phone = request.POST.get("phone")
        salt = request.session[name]['salt']
        signature = request.POST.get("signature")
        ciphers = [amount, passwd, b_phone, phone]
        plaintext = rsa_decrypt(ciphers)
        success = ""
        try:
            beneficiary = Account.objects.get(user=plaintext[2])
        except:
            return JsonResponse({"message": "no such user"})
        if verify_sign(ciphers, signature, name):
            if md5(user.pay_passwd + salt) == plaintext[1]:
                money = float(plaintext[0])
                if money < 0:
                    return JsonResponse({"message": "wrong amount"})
                if account.balance < money:
                    return JsonResponse(
                        {"message": "Insufficient account balance"})
                if not creat_bill(name,
                                  get_userby_phone(beneficiary.user).card,
                                  money, "transfer"):
                    return JsonResponse({"message": "create bill wrong"})
                account.balance -= money
                account.cost += money
                account.save()
                beneficiary.balance += money
                beneficiary.save()
                logger.info(
                    'user:%s operation:%s amount:%s $ to beneficiary:%s' %
                    (name, 'transfer', str(money), beneficiary.name))
                message = "You have already transfer " + plaintext[
                    0] + " yuan, Coming back to the homepage"
                success = True
            else:
                message = "wrong password"
        else:
            message = "Signature verification failed"
        return JsonResponse({"message": message, "success": success})
    return render(request, "usersModule/Transfer.html", {
        "name": name,
        "card": card,
        "image": image
    })
Exemplo n.º 4
0
def signin(request):
    if request.method == "POST":
        signin = request.POST.get("si_request")
        if signin == "true":
            [salt_id, salt] = set_salt(request)
            return JsonResponse({
                "pub_key": get_rsa_pubkey(),
                "salt": salt,
                "salt_id": salt_id
            })
        else:
            name = request.POST.get("name")
            passwd = request.POST.get("passwd")
            salt_id = request.POST.get("salt_id")
            if not name or not passwd:
                return JsonResponse(
                    {"message": "name or password could not be empty"})
            plaintext = rsa_decrypt([name, passwd])
            passwd = plaintext[1]
            try:
                passwd_of_models = User.objects.values("passwd").get(
                    name=plaintext[0]).get("passwd")
                corr_pass = md5(passwd_of_models + request.session[salt_id])
                if passwd == corr_pass:
                    user = request.session.get(plaintext[0], None)
                    if user and user['is_login']:
                        message = "You are already logged in"
                        return JsonResponse({"message": message})
                    del request.session[salt_id]
                    request.session[plaintext[0]] = {
                        'is_login': True,
                        'user_name': plaintext[0]
                    }
                    request.session.set_expiry(0)
                    pay_passwd = User.objects.values("pay_passwd").get(
                        name=plaintext[0]).get("pay_passwd")
                    if not pay_passwd or pay_passwd == '12345678':
                        url = reverse("set_paypasswd",
                                      kwargs={"name": plaintext[0]})
                        return JsonResponse({"if_success": True, "url": url})
                    return JsonResponse({
                        "if_success":
                        True,
                        "url":
                        reverse("manage", kwargs={"name": plaintext[0]})
                    })
                else:
                    message = "wrong password"
            except User.DoesNotExist:
                message = " User does not exist"
        return JsonResponse({"message": message})
    else:
        return render(request, "authenticate/signin.html")
Exemplo n.º 5
0
def pay(request, pay_id):
    info_dict = get_paybill(pay_id)
    if request.method == "POST":
        flag = False
        phone = request.POST.get("phone")
        passwd = request.POST.get("passwd")
        pay_id = request.POST.get("pay_id")
        [phone, passwd, pay_id] = rsa_decrypt([phone, passwd, pay_id])
        try:
            user = User.objects.get(phone=phone)
        except:
            return JsonResponse({"message": "no such user"})
        if md5(passwd) == user.pay_passwd:
            pi = [user.name, user.phone, user.card]
            deal_identify = info_dict.deal_identify
            aes_key = base64.b64decode(info_dict.key.encode())
            hash_pi = sha256(pi)
            info_dict.payer_name = user.name
            info_dict.hash_pi = hash_pi
            info_dict.save()
            hash_pi_c = aes_encrypt(hash_pi, aes_key)
            deal_identify = aes_encrypt(deal_identify, aes_key)
            '''发送hash_pi和订单号'''
            data = post(Config.Plat_PayHost, {
                "hashPI": hash_pi_c,
                "deal_identify": deal_identify
            })
            data = json.loads(data)  # 不确定的类型,debug
            flag = data['flag']
            message = "succeed,Jumping to the CA Certification Center"
        else:
            message = "wrong password"
        return JsonResponse({
            "message": message + ",Transaction closed",
            "flag": flag
        })
    card = info_dict.card
    amount = info_dict.amount
    user = get_user_by_card(card)
    name = user.name
    account = get_account_by_card(card)
    avatar = account.avatar
    return render(request, "authenticate/pay.html", {
        "amount": amount,
        "name": name,
        "image": avatar,
        "id": pay_id
    })
Exemplo n.º 6
0
def withdraw(request, name):
    if not if_login(request, name):
        return redirect(reverse('signin'))
    user = get_user(name)
    account = get_account(name)
    card = user.card
    image = account.avatar
    if request.method == "POST":
        amount = request.POST.get("amount")
        passwd = request.POST.get("passwd")
        signature = request.POST.get("signature")
        salt = request.session[name]['salt']
        plaintext = rsa_decrypt([amount, passwd])
        success = ""
        money = float(plaintext[0])
        if money < 0:
            return JsonResponse({"message": "wrong amount"})
        if verify_sign([amount, passwd], signature, name):
            if md5(user.pay_passwd + salt) == plaintext[1]:
                if account.balance < money:
                    message = " Insufficient account balance"
                    return JsonResponse({"message": message})
                if not creat_bill(name, "", money, "withdraw"):
                    return JsonResponse({"message": "create bill wrong"})
                account.balance -= money
                account.cost += money
                account.save()
                logger.info('user:%s operation:%s amount:%s $' %
                            (name, 'withdraw', str(money)))
                message = "You have already withdraw " + plaintext[
                    0] + " yuan, Coming back to the homepage"
                success = True
            else:
                message = "wrong password"
        else:
            message = "Signature verification failed"
        return JsonResponse({"message": message, "success": success})
    return render(request, "usersModule/Withdraw.html", {
        "name": name,
        "card": card,
        "image": image
    })
Exemplo n.º 7
0
def recharge(request, name):
    if not if_login(request, name):
        return redirect(reverse('signin'))
    user = get_user(name)
    account = get_account(name)
    card = user.card
    image = account.avatar
    if request.method == "POST":
        amount = request.POST.get("amount")
        passwd = request.POST.get("passwd")
        signature = request.POST.get("signature")
        salt = request.session[name]['salt']
        plaintext = rsa_decrypt([amount, passwd])
        success = ""
        money = float(plaintext[0])
        if money < 0:
            return JsonResponse({"message": "wrong amount"})
        if verify_sign([amount, passwd], signature, name):
            if md5(user.pay_passwd + salt) == plaintext[1]:
                if not creat_bill(name, "", money, "recharge"):
                    return JsonResponse({"message": "create bill wrong"})
                account.balance += money
                account.save()
                logger.info('user: '******' operation: ' +
                            'recharge amount: ' + str(money) + '$')
                message = "Your account has been recharged " + plaintext[
                    0] + " yuan, Coming back to the homepage"
                success = True
            else:
                message = "wrong password"
        else:
            message = "Signature verification failed"
        return JsonResponse({"message": message, "success": success})
    return render(request, "usersModule/Recharge.html", {
        "name": name,
        "card": card,
        "image": image
    })
Exemplo n.º 8
0
def deal(request):
    if request.method == "POST":
        if request.POST.get("pay_request") != "true":
            amount_c = request.POST.get("amount")
            card_c = request.POST.get("card")
            cert = request.POST.get("certificate")
            sign = request.POST.get("signature")
            aes_key = request.POST.get("aes_key")
            deal_identify = request.POST.get("deal_identify")
            aes = rsa_decrypt([aes_key])
            [amount, card] = aes_decrypt([amount_c, card_c], aes)
            if not part_and_verify(cert) or not verify_sign(
                [amount_c, card_c], sign, Config.Plat_name):
                return HttpResponse("Verification Failed")

            pay_id = random.randint(Config.min_payId, Config.max_payId)

            PayBill.objects.create(amount=amount,
                                   card=card,
                                   key=base64.b64encode(aes).decode(),
                                   deal_identify=deal_identify,
                                   pay_id=pay_id)
            return JsonResponse({"pay_id": str(pay_id)})
    return HttpResponse('NULL')
Exemplo n.º 9
0
def edit(request, name):
    if not if_login(request, name):
        return redirect(reverse('signin'))
    user = get_user(name)
    account = get_account(name)
    image = account.avatar
    if request.method == "POST":
        name = request.POST.get("name", None)
        ppasswd = request.POST.get("ppasswd", None)
        card = request.POST.get("card", None)
        phone = request.POST.get("phone", None)
        passwd = request.POST.get("passwd", None)
        opasswd = request.POST.get("opasswd", None)
        success = False
        if opasswd:
            opasswd = rsa_decrypt([opasswd])[0]
            if user.passwd == md5(opasswd):
                if name:
                    user.name = rsa_decrypt([name])[0]
                if ppasswd:
                    user.pay_passwd = md5(rsa_decrypt([ppasswd])[0])
                if card:
                    user.card = rsa_decrypt([card])[0]
                if phone:
                    phone = rsa_decrypt([phone])[0]
                    user.phone = phone
                    account.user = phone
                if passwd:
                    user.passwd = md5(rsa_decrypt([passwd])[0])
                user.save()
                account.save()
                message = "success"
                success = True
            else:
                message = "wrong password"
        else:
            message = "old password could not be empty"
        return JsonResponse({"message": message, "success": success})
    return render(request, "usersModule/Edit.html", {
        "name": name,
        "image": image
    })