def POST(self, inputs=None):
if not inputs: inputs = sh.inputs()
assert(inputs.get('email', '').strip())
assert(inputs.get('password', ''))
uc = sh.ctrl('User')
model = sh.model('User')
action = sh.getEnv('REQUEST_URI').partition('?')[0].strip('/')
if action == 'login':
if not uc.validate(inputs.email, inputs.password):
return sh.page.user.Login('您输入的用户名或密码不对, 请重新输入', inputs.email)
user = model.getByEmail(inputs.email)
if user.dead == 'yes':
return sh.alert('登录失败,你已被列入黑名单,请联系管理员')
uc.login(user, inputs.get('remember_me', '') == 'on')
# 获得打开login页面时url中指定的referer
referer = sh.getUrlParams(sh.getEnv('HTTP_REFERER')).get('referer', None)
if referer:
return sh.redirect(referer)
elif sh.inputs().get('referer', None):
return sh.redirect(sh.inputs().get('referer', None))
else:
return sh.redirect('/')
def POST(self, inputs=None):
if not inputs: inputs = sh.inputs()
assert(inputs.get('email', '').strip())
assert(inputs.get('password', ''))
uc = sh.ctrl('User')
model = sh.model('User')
action = sh.getEnv('REQUEST_URI').partition('?')[0].strip('/')
if action == 'login':
if not uc.validate(inputs.email, inputs.password):
return sh.page.user.Login('您输入的用户名或密码不对, 请重新输入', inputs.email)
user = model.getByEmail(inputs.email)
if user.dead == 'yes':
return sh.alert('登录失败,你已被列入黑名单,请联系管理员')
uc.login(user, inputs.get('remember_me', '') == 'on')
# 获得打开login页面时url中指定的referer
referer = sh.getUrlParams(sh.getEnv('HTTP_REFERER')).get('referer', None)
if referer:
return sh.redirect(referer)
elif sh.inputs().get('referer', None):
return sh.redirect(sh.inputs().get('referer', None))
else:
return sh.alert('登录成功. 欢迎回来!')
def POST(self):
inputs = sh.inputs()
if inputs['action'] == 'isLogin':
if sh.session.is_login:
return sh.toJsonp({'is_login': True, 'name': sh.session.name, 'id': sh.session.id})
else:
return sh.toJsonp({'is_login': False, 'name': '', 'id': 0})
if inputs['action'] == 'login':
assert(inputs.get('email', '').strip())
assert(inputs.get('password', ''))
model = sh.model('User')
uc = sh.ctrl('User')
if not uc.validate(inputs.email, inputs.password):
return sh.toJsonp({'is_login':False, 'error':'邮箱或密码不对'})
user = model.getByEmail(inputs.email)
if user.dead == 'yes':
return sh.toJsonp({'is_login':False, 'error':'你已被列入黑名单'})
uc.login(user, inputs.get('remember_me', '') == 'on')
return sh.toJsonp({'is_login':True, 'name': user.name, 'id': user.id})
if inputs['action'] == 'logout':
sh.ctrl('User').logout()
return 'bye'
def GET(self):
inputs = sh.inputs()
assert inputs.has_key('model_name'), u'请指定需要裁剪的数据类型'
assert inputs.has_key('model_id'), u'请指定需要裁剪的数据ID'
assert inputs.has_key('crop'), u'请设置裁剪配置'
item = sh.model(inputs.model_name).get(inputs.model_id)
if not item or not item.has_key('Imageid'): return sh.redirectTo404()
column_name, settings = sh.unquote(inputs.crop).partition(' ')[::2]
inputs.crop_width, settings = settings.strip().partition(' ')[::2]
preview_size, settings = settings.strip().partition(' ')[::2]
inputs.preview_width, inputs.preview_height = preview_size.split(':')
inputs.column_name = column_name
inputs.crop_settings = settings
inputs.image = item.image
if item.get(column_name):
inputs.crop = item.get(column_name)
else:
inputs.crop = '0 0 %s %s' % tuple(preview_size.split(':'))
if len(inputs.crop.split()) == 4:
x1, y1, x2, y2 = map(int, inputs.crop.split(' '))
inputs.fx_crop = 'x1=%s;y1=%s;x2=%s;y2=%s;' % (x1,y1,x1+x2,y1+y2)
else:
inputs.fx_crop = ''
return sh.editor.CropImage(inputs)
def POST(self, inputs=None):
if not inputs:
inputs = sh.inputs()
assert inputs.has_key("action")
if inputs.action == "postImage":
assert inputs.get("Userid", 0)
assert sh.model("User").get(inputs.Userid)
assert inputs.get("data_name", None)
assert inputs.get("data_id", None)
img_model = sh.model("UserImage")
image_data = sh.getSwfUploadImageFile()
new_id = img_model.insert(
sh.storage(
dict(
image_file=image_data,
Userid=inputs.Userid,
file_name=image_data.filename,
data_name=inputs.data_name,
data_id=inputs.data_id,
)
)
)
return "success;%d;%s;%s" % (new_id, img_model.getUrlByPrivate(inputs.Userid, new_id), image_data.filename)
def GET(self):
inputs = sh.inputs()
assert inputs.has_key('model_name'), u'请指定需要裁剪的数据类型'
assert inputs.has_key('model_id'), u'请指定需要裁剪的数据ID'
assert inputs.has_key('crop'), u'请设置裁剪配置'
item = sh.model(inputs.model_name).get(inputs.model_id)
if not item or not item.has_key('Imageid'): return sh.redirectTo404()
column_name, settings = sh.unquote(inputs.crop).partition(' ')[::2]
inputs.crop_width, settings = settings.strip().partition(' ')[::2]
preview_size, settings = settings.strip().partition(' ')[::2]
inputs.preview_width, inputs.preview_height = preview_size.split(':')
inputs.column_name = column_name
inputs.crop_settings = settings
inputs.image = item.image
if item.get(column_name):
inputs.crop = item.get(column_name)
else:
inputs.crop = '0 0 %s %s' % tuple(preview_size.split(':'))
if len(inputs.crop.split()) == 4:
x1, y1, x2, y2 = map(int, inputs.crop.split(' '))
inputs.fx_crop = 'x1=%s;y1=%s;x2=%s;y2=%s;' % (x1, y1, x1 + x2,
y1 + y2)
else:
inputs.fx_crop = ''
return sh.editor.CropImage(inputs)
def GET(self):
inputs = sh.inputs()
assert (inputs.has_key('code'))
assert (inputs.has_key('state'))
site_name = inputs.state.partition('_')[0]
authorization_code = inputs.code.strip()
oauth_ctrl = sh.ctrl('oauth.%s' % site_name)
oauth_model = sh.model('oauth.%sOAuth2' % site_name)
user_ctrl = sh.ctrl('User')
user_model = sh.model('User')
token_url = oauth_ctrl.createAccessTokenUrl(authorization_code)
content = sh.requestHtmlContent(token_url, None,
oauth_ctrl.ACCESS_TOKEN_METHOD)
assert content, u'第三方返回的数据有误'
access_token, access_expires = oauth_ctrl.pickAccessTokenAndExpires(
content)
requested_uid = oauth_ctrl.requestUidWithAccessToken(access_token)
assert requested_uid, u'第三方返回的数据有误'
if self.TEST_API_LOGIN:
login_url = '%s/api/oauth/login?access_token=%s&access_expires=%s&uid=%s&state=%s' % (
sh.config.HOST_NAME, access_token, access_expires,
requested_uid, inputs.state)
return '<a href="%s" >%s</a>' % (login_url, login_url)
# 因为access_token是动态变化的,所以要用requested_uid来判断是否登录过
# 这也避免了access_token变化时插入重复的uid
exists = oauth_model.getByUid(requested_uid)
# 如果当前uid还没有插入数据库,则先插入再考虑绑定Userid
if not exists:
new_oauth_id = oauth_model.insert(
dict(uid=requested_uid,
access_token=access_token,
access_expires=access_expires))
exists = oauth_model.get(new_oauth_id)
# 如果已绑定Userid则登录
if exists.Userid:
return self.login(exists.Userid)
# 如果希望自动注册,则注册并绑定后登录
if self.NO_REGISTER_ACTION == 'auto_register':
data = oauth_ctrl.assignUserInfo(sh.storage(), access_token)
self.assignRandomPassword(data)
self.assignRegisterIP(data)
conflict = user_ctrl.checkNewUser(data)
if conflict:
return self.redirectToRegister(access_token,
inputs.state,
error=conflict)
new_user_id = user_model.insert(data)
oauth_model.update(exists.id, dict(Userid=new_user_id))
return self.login(new_user_id)
# 否则希望用户自己注册
elif self.NO_REGISTER_ACTION == 'to_register':
return self.redirectToRegister(access_token, inputs.state)
def POST(self):
inputs = sh.inputs()
assert inputs.has_key('model_name'), u'请指定需要裁剪的数据类型'
assert inputs.has_key('model_id'), u'请指定需要裁剪的数据ID'
assert inputs.has_key('column_name'), u'请指定裁剪的列名'
assert int(float(inputs.get('region_width', '0'))) > 0
assert int(float(inputs.get('region_height', '0'))) > 0
model = sh.model(inputs.model_name)
item = model.get(inputs.model_id)
image = item.image
real_width, real_height = sh.imageSize(image.url) # 图片的真实宽高
crop = inputs.crop
region_width = int(float(inputs.region_width)) # 选择区域的宽度
region_height = int(float(inputs.region_height)) # 选择区域的高度
start_x = int(crop.split()[0]) # 选中的起始位置
start_y = int(crop.split()[1])
region_x = int(crop.split()[2])# 选中的宽度
region_y = int(crop.split()[3]) # 选中的高度
# convert 裁剪区域
region = '%dx%d+%d+%d' % (region_x * real_width / region_width,
region_y * real_height / region_height,
real_width * start_x / region_width,
real_height * start_y / region_height)
path = sh.urlToPath(image.url)
os.system('convert %s -crop %s %s' % (path, region, path+'.crop'))
model.update(inputs.model_id, {inputs.column_name: crop})
return sh.refresh()
def GET(self):
inputs = sh.inputs()
assert inputs.has_key("code")
assert inputs.has_key("state")
site_name = inputs.state.partition("_")[0]
authorization_code = inputs.code.strip()
oauth_ctrl = sh.ctrl("oauth.%s" % site_name)
oauth_model = sh.model("oauth.%sOAuth2" % site_name)
user_ctrl = sh.ctrl("User")
user_model = sh.model("User")
token_url = oauth_ctrl.createAccessTokenUrl(authorization_code)
content = sh.requestHtmlContent(token_url, None, oauth_ctrl.ACCESS_TOKEN_METHOD)
assert content, u"第三方返回的数据有误"
access_token, access_expires = oauth_ctrl.pickAccessTokenAndExpires(content)
requested_uid = oauth_ctrl.requestUidWithAccessToken(access_token)
assert requested_uid, u"第三方返回的数据有误"
if self.TEST_API_LOGIN:
login_url = "%s/api/oauth/login?access_token=%s&access_expires=%s&uid=%s&state=%s" % (
sh.config.HOST_NAME,
access_token,
access_expires,
requested_uid,
inputs.state,
)
return '<a href="%s" >%s</a>' % (login_url, login_url)
# 因为access_token是动态变化的,所以要用requested_uid来判断是否登录过
# 这也避免了access_token变化时插入重复的uid
exists = oauth_model.getByUid(requested_uid)
# 如果当前uid还没有插入数据库,则先插入再考虑绑定Userid
if not exists:
new_oauth_id = oauth_model.insert(
dict(uid=requested_uid, access_token=access_token, access_expires=access_expires)
)
exists = oauth_model.get(new_oauth_id)
# 如果已绑定Userid则登录
if exists.Userid:
return self.login(exists.Userid)
# 如果希望自动注册,则注册并绑定后登录
if self.NO_REGISTER_ACTION == "auto_register":
data = oauth_ctrl.assignUserInfo(sh.storage(), access_token)
self.assignRandomPassword(data)
self.assignRegisterIP(data)
conflict = user_ctrl.checkNewUser(data)
if conflict:
return self.redirectToRegister(access_token, inputs.state, error=conflict)
new_user_id = user_model.insert(data)
oauth_model.update(exists.id, dict(Userid=new_user_id))
return self.login(new_user_id)
# 否则希望用户自己注册
elif self.NO_REGISTER_ACTION == "to_register":
return self.redirectToRegister(access_token, inputs.state)
def POST(self,inputs=None):
if inputs is None: inputs = sh.inputs()
assert(inputs.has_key('model_name'))
assert(inputs.has_key('model_id'))
assert(sh.session.is_admin)
model = sh.model(inputs.model_name)
model.delete(int(inputs.model_id))
return sh.refresh()
def _delete(self, inputs=None):
assert(sh.session.is_admin)
if inputs is None: inputs = sh.inputs()
assert(inputs.has_key('model_name'))
assert(inputs.has_key('model_id'))
model = sh.model(inputs.model_name)
model.delete(int(inputs.model_id))
return sh.model(inputs.model_name).update(int(inputs.model_id),inputs)
def POST(self, inputs=None):
if inputs is None: inputs = sh.inputs()
assert (inputs.has_key('model_name'))
assert (inputs.has_key('model_id'))
assert (sh.session.is_admin)
model = sh.model(inputs.model_name)
model.delete(int(inputs.model_id))
return sh.refresh()
def POST(self):
inputs = sh.inputs()
if not inputs.has_key('image_file'):
return '<script>window.close();</script>'
model = sh.model('EditorImage')
inputs.title = inputs.image_file.filename
new_id = model.insert(inputs)
return self.insert_image_callback % model.get(new_id).image.url
def POST(self):
inputs = sh.inputs()
if not inputs.has_key('image_file'):
return '<script>window.close();</script>'
model = sh.model('EditorImage')
inputs.title = inputs.image_file.filename
new_id = model.insert(inputs)
return self.insert_image_callback % model.get(new_id).image.url
def GET(self, inputs=None):
if not inputs: inputs = sh.inputs()
assert inputs.has_key('model_name'), u'请指明需要查询的数据类型'
assert inputs.has_key('model_id'), u'请指明需要查询的数据id'
item = sh.model(inputs.model_name).get(inputs.model_id)
if item:
item = dict(item)
item['id'] = int(inputs.model_id)
return sh.toJsonp(item)
def pagingDatas(self, datas, page_num=None, volume=None):
if page_num is None:
page_num = sh.inputs().get(self.arguments.paging_key, 1)
if volume is None:
volume = self.arguments.paging_volume
if page_num and volume:
start, length = self.__getLimit(page_num, volume)
return datas[start:start+length]
else:
return datas
def pagingDatas(self, datas, page_num=None, volume=None):
if page_num is None:
page_num = sh.inputs().get(self.arguments.paging_key, 1)
if volume is None:
volume = self.arguments.paging_volume
if page_num and volume:
start, length = self.__getLimit(page_num, volume)
return datas[start:start+length]
else:
return datas
def GET(self):
inputs = sh.inputs()
assert(inputs.has_key('Userid'))
assert(inputs.has_key('code'))
model = sh.model('UserValidation')
exists = model.getOneByWhere('Userid=%s and code=%s', inputs.Userid, inputs.code)
if exists:
sh.model('User').update(inputs.Userid, dict(activated='yes'))
model.delete(exists.id)
return sh.alert('验证邮箱成功')
else:
return sh.redirectTo404()
def POST(self, inputs=None):
if not inputs: inputs = sh.inputs()
uc = sh.ctrl('User')
error = uc.checkNewUser(inputs)
if error:
return sh.toJsonp({'is_login': False, 'error': error})
new_id = uc.register(inputs)
uc.loginById(new_id, inputs.get('remember_me', 'off') == 'on')
if sh.model('User').validation_request:
uc.sendValidationEmail(user)
return sh.toJsonp({'is_login': True, 'id': new_id, 'msg': '注册成功,请查收您的验证邮件'})
else:
return sh.toJsonp({'is_login': True, 'id': new_id, 'msg': '注册成功'})
def POST(self, inputs=None):
if not inputs: inputs = sh.inputs()
uc = sh.ctrl('User')
error = uc.checkNewUser(inputs)
if error:
return sh.page.user.Register(error, inputs.get('email', ''))
new_id = uc.register(inputs)
uc.loginById(new_id, inputs.get('remember_me', 'no') == 'yes')
if sh.model('User').validation_request:
uc.sendValidationEmail(user)
return sh.alert('注册成功,请查收您的验证邮件')
else:
return sh.alert('注册成功')
def POST(self, inputs=None):
if not inputs: inputs = sh.inputs()
uc = sh.ctrl('User')
error = uc.checkNewUser(inputs)
if error:
return sh.page.user.Register(error, inputs.get('email', ''))
new_id = uc.register(inputs)
uc.loginById(new_id, inputs.get('remember_me', 'no') == 'yes')
if sh.model('User').validation_request:
uc.sendValidationEmail(user)
return sh.alert('注册成功,请查收您的验证邮件')
else:
return sh.alert('注册成功')
def POST(self,inputs=None):
if not inputs: inputs = sh.inputs()
assert inputs.has_key('model_name'), u'请指明需要修改的数据类型'
assert inputs.has_key('model_id'), u'请指明需要修改的数据id'
model = sh.model(inputs.model_name)
# 只允许删除自己的东西
exists = model.get(inputs.model_id)
if not exists:
return sh.toJsonp({'success':True, 'affected': 0})
if sh.session.is_login and exists.get('Userid', None) == int(sh.session.id):
return sh.toJsonp({'success':True, 'affected': model.delete(inputs.model_id)})
else:
return sh.toJsonp({'success':False, 'msg':'不能删除不属于你的东西.'})
def POST(self, inputs=None):
if not inputs: inputs = sh.inputs()
uc = sh.ctrl('User')
error = uc.checkNewUser(inputs)
if error:
return sh.toJsonp({'is_login': False, 'error': error})
new_id = uc.register(inputs)
uc.loginById(new_id, inputs.get('remember_me', 'no') == 'yes')
if sh.model('User').validation_request:
uc.sendValidationEmail(user)
return sh.toJsonp({'is_login': True, 'id': new_id, 'msg': '注册成功,请查收您的验证邮件'})
else:
return sh.toJsonp({'is_login': True, 'id': new_id, 'msg': '注册成功'})
def _getEnv(self, model, menu_config):
inputs = sh.inputs()
env = sh.storage(dict(paging=True))
env.orderby = model.replaceAttr(menu_config.orderby \
if menu_config.orderby else '{$primary_key} desc')
if inputs.get('action', '') == 'search':
where = []
argvs = []
for query in sh.splitAndStrip(inputs.query):
where.append('('+ ' or '.join([c+' like %s' for c in menu_config.search]) +')')
argvs += ['%'+query+'%'] * len(menu_config.search)
env.where = [' and '.join(where)] + argvs
return env
def POST(self):
inputs = sh.inputs()
assert inputs.get('access_token', '')
assert inputs.get('access_expires', '')
assert inputs.get('uid', '')
assert inputs.get('state', '')
site_name = inputs.state.partition('_')[0]
oauth_ctrl = sh.ctrl('oauth.%s' % site_name)
oauth_model = sh.model('oauth.%sOAuth2' % site_name)
user_ctrl = sh.ctrl('User')
user_model = sh.model('User')
requested_uid = oauth_ctrl.requestUidWithAccessToken(
inputs.access_token)
# 如果access_token和uid验证不对,则不让登录
if not requested_uid or requested_uid != inputs.uid:
return sh.toJsonp(dict(error="该第三方帐号未绑定任何站内帐号", is_login=False))
exists = oauth_model.getByUid(requested_uid)
# 如果当前uid还没有插入数据库,则先插入再考虑绑定Userid
if not exists:
new_id = oauth_model.insert(
dict(uid=requested_uid,
access_token=inputs.access_token,
access_expires=inputs.access_expires))
exists = oauth_model.get(new_id)
if exists.Userid: # 如果已绑定本站帐号
return self.login(exists.Userid)
inputs = oauth_ctrl.assignUserInfo(inputs, inputs.access_token)
self.assignRandomPassword(inputs)
self.assignRegisterIP(inputs)
conflict = user_ctrl.checkNewUser(inputs)
if conflict:
return sh.toJsonp(
dict(is_login=False,
error=conflict,
name=inputs.get('name', ''),
sex=inputs.get('sex', '')))
new_id = user_model.insert(inputs)
oauth_model.update(exists.id, dict(Userid=new_id))
return self.login(new_id)
def POST(self):
inputs = sh.inputs()
assert (6 <= len(inputs.new_password) < 60)
user_model = sh.model('User')
user_ctrl = sh.ctrl('User')
if not sh.session.is_login:
return sh.redirectToLogin()
Userid = sh.session.id
user = user_model.get(Userid)
assert (user is not None)
if not user_ctrl.validate(user.email, inputs.old_password):
return sh.page.user.ResetPassword('原密码输入错误, 请重新输入')
user_model.update(Userid, dict(password=inputs.new_password))
return sh.alert('重置密码成功', '/')
def GET(self, inputs=None):
if not inputs: inputs = sh.inputs()
assert inputs.has_key('action')
model = sh.model('UserImage')
if inputs.action in ['delete', 'recover']:
assert sh.session.is_login
assert inputs.get('UserImageid', None)
exists = model.get(inputs.UserImageid)
assert exists and exists.Userid == sh.session.id
if inputs.action == 'delete':
if sh.inModifyTime(exists.created):
model.delete(inputs.UserImageid)
return sh.toJsonp({'success': True})
else:
return sh.toJsonp({'success': False, 'error': '超过了修改时限'})
def POST(self):
inputs = sh.inputs()
assert(6 <= len(inputs.new_password) < 60)
user_model = sh.model('User')
user_ctrl = sh.ctrl('User')
if not sh.session.is_login:
return sh.redirectToLogin()
Userid = sh.session.id
user = user_model.get(Userid)
assert(user is not None)
if not user_ctrl.validate(user.email, inputs.old_password):
return sh.page.user.ResetPassword('原密码输入错误, 请重新输入')
user_model.update(Userid, dict(password=inputs.new_password))
return sh.alert('重置密码成功', '/')
def POST(self):
if not sh.session.is_login:
return sh.redirectToLogin()
user_model = sh.model('User')
user = user_model.get(sh.session.id)
inputs = sh.inputs()
assert inputs.get('action', '')
if inputs.action == 'upload':
if inputs.get('image_file', ''):
self.savePortrait(sh.session.id, inputs.image_file)
return sh.redirect('/accounts/portrait')
elif inputs.action == 'crop':
if not user.image:
return sh.alert('请先上传头像')
assert int(float(inputs.get('region_width', '0'))) > 0
assert int(float(inputs.get('region_height', '0'))) > 0
real_width, real_height = sh.imageSize(user.image.url) # 图片的真实宽高
crop = inputs.crop
region_width = int(float(inputs.region_width)) # 选择区域的宽度
region_height = int(float(inputs.region_height)) # 选择区域的高度
start_x = int(crop.split()[0]) # 选中的起始位置
start_y = int(crop.split()[1])
region_x = int(crop.split()[2]) # 选中的宽度
region_y = int(crop.split()[3]) # 选中的高度
# convert 裁剪区域
region = '%dx%d+%d+%d' % (region_x * real_width / region_width,
region_y * real_height / region_height,
real_width * start_x / region_width,
real_height * start_y / region_height)
path = sh.urlToPath(user.image.url)
os.system('convert %s -crop %s %s' %
(path, region, path + '.crop'))
user_model.update(sh.session.id, {'crop': crop})
# 删除以前裁剪图片的各种尺寸副本
os.system('rm %s.crop_*' % path)
return sh.redirect('/accounts')
def POST(self):
inputs = sh.inputs()
assert inputs.get('access_token', '')
assert inputs.get('state', '')
assert inputs.get(self.PRIMARY_KEY, '')
assert inputs.get('password', '')
site_name = inputs.state.partition('_')[0]
user_model = sh.model('User')
user_ctrl = sh.ctrl('User')
oauth_model = sh.model('oauth.%sOAuth2' % site_name)
oauth_ctrl = sh.ctrl('oauth.%s' % site_name)
cn_site_name = self._getCNSiteName()
if self.PRIMARY_KEY == 'email':
exists_user = user_model.getByEmail(inputs.email)
elif self.PRIMARY_KEY == 'name':
exists_user = user_model.getByName(inputs.name)
# 如果primary_value没有注册过, 那么新建用户并绑定第三方帐号
if not exists_user:
inputs = oauth_ctrl.assignUserInfo(inputs, inputs.access_token)
self.assignRegisterIP(inputs)
conflict = user_ctrl.checkNewUser(inputs)
if conflict:
return self._render(conflict)
new_id = user_model.insert(inputs)
oauth_model.bindUseridByAccessToken(inputs.access_token, new_id)
return self.login(new_id)
# 否则已经注册过,检查密码是否正确
else:
if self.PRIMARY_KEY == 'email':
check_password = user_ctrl.validate(inputs.email,
inputs.password)
elif self.PRIMARY_KEY == 'name':
check_password = user_ctrl.validateByName(
inputs.name, inputs.password)
if not check_password:
error = '您已经注册过, 但您输入的密码不正确, 请重新输入'
return self._render(error)
oauth_model.bindUseridByAccessToken(inputs.access_token,
exists_user.Userid)
return self.login(exists_user.Userid)
def POST(self):
if not sh.session.is_login:
return sh.redirectToLogin()
user_model = sh.model('User')
user = user_model.get(sh.session.id)
inputs = sh.inputs()
assert inputs.get('action', '')
if inputs.action == 'upload':
if inputs.get('image_file', ''):
self.savePortrait(sh.session.id, inputs.image_file)
return sh.redirect('/accounts/portrait')
elif inputs.action == 'crop':
if not user.image:
return sh.alert('请先上传头像')
assert int(float(inputs.get('region_width', '0'))) > 0
assert int(float(inputs.get('region_height', '0'))) > 0
real_width, real_height = sh.imageSize(user.image.url) # 图片的真实宽高
crop = inputs.crop
region_width = int(float(inputs.region_width)) # 选择区域的宽度
region_height = int(float(inputs.region_height)) # 选择区域的高度
start_x = int(crop.split()[0]) # 选中的起始位置
start_y = int(crop.split()[1])
region_x = int(crop.split()[2])# 选中的宽度
region_y = int(crop.split()[3]) # 选中的高度
# convert 裁剪区域
region = '%dx%d+%d+%d' % (region_x * real_width / region_width,
region_y * real_height / region_height,
real_width * start_x / region_width,
real_height * start_y / region_height)
path = sh.urlToPath(user.image.url)
os.system('convert %s -crop %s %s' % (path, region, path+'.crop'))
user_model.update(sh.session.id, {'crop': crop})
# 删除以前裁剪图片的各种尺寸副本
os.system('rm %s.crop_*' % path)
return sh.redirect('/accounts')
def GET(self, inputs=None):
if not inputs:
inputs = sh.inputs()
assert inputs.has_key("action")
model = sh.model("UserImage")
if inputs.action in ["delete", "recover"]:
assert sh.session.is_login
assert inputs.get("UserImageid", None)
exists = model.get(inputs.UserImageid)
assert exists and exists.Userid == sh.session.id
if inputs.action == "delete":
if sh.inModifyTime(exists.created):
model.delete(inputs.UserImageid)
return sh.toJsonp({"success": True})
else:
return sh.toJsonp({"success": False, "error": "超过了修改时限"})
def POST(self):
inputs = sh.inputs()
assert inputs.get('access_token', '')
assert inputs.get('state', '')
assert inputs.get(self.PRIMARY_KEY, '')
assert inputs.get('password', '')
site_name = inputs.state.partition('_')[0]
user_model = sh.model('User')
user_ctrl = sh.ctrl('User')
oauth_model = sh.model('oauth.%sOAuth2' % site_name)
oauth_ctrl = sh.ctrl('oauth.%s' % site_name)
cn_site_name = self._getCNSiteName()
if self.PRIMARY_KEY == 'email':
exists_user = user_model.getByEmail(inputs.email)
elif self.PRIMARY_KEY == 'name':
exists_user = user_model.getByName(inputs.name)
# 如果primary_value没有注册过, 那么新建用户并绑定第三方帐号
if not exists_user:
inputs = oauth_ctrl.assignUserInfo(inputs, inputs.access_token)
self.assignRegisterIP(inputs)
conflict = user_ctrl.checkNewUser(inputs)
if conflict:
return self._render(conflict)
new_id = user_model.insert(inputs)
oauth_model.bindUseridByAccessToken(inputs.access_token, new_id)
return self.login(new_id)
# 否则已经注册过,检查密码是否正确
else:
if self.PRIMARY_KEY == 'email':
check_password = user_ctrl.validate(inputs.email, inputs.password)
elif self.PRIMARY_KEY == 'name':
check_password = user_ctrl.validateByName(inputs.name, inputs.password)
if not check_password:
error = '您已经注册过, 但您输入的密码不正确, 请重新输入'
return self._render(error)
oauth_model.bindUseridByAccessToken(inputs.access_token, exists_user.Userid)
return self.login(exists_user.Userid)
def POST(self):
inputs = sh.inputs()
assert inputs.get("access_token", "")
assert inputs.get("access_expires", "")
assert inputs.get("uid", "")
assert inputs.get("state", "")
site_name = inputs.state.partition("_")[0]
oauth_ctrl = sh.ctrl("oauth.%s" % site_name)
oauth_model = sh.model("oauth.%sOAuth2" % site_name)
user_ctrl = sh.ctrl("User")
user_model = sh.model("User")
requested_uid = oauth_ctrl.requestUidWithAccessToken(inputs.access_token)
# 如果access_token和uid验证不对,则不让登录
if not requested_uid or requested_uid != inputs.uid:
return sh.toJsonp(dict(error="该第三方帐号未绑定任何站内帐号", is_login=False))
exists = oauth_model.getByUid(requested_uid)
# 如果当前uid还没有插入数据库,则先插入再考虑绑定Userid
if not exists:
new_id = oauth_model.insert(
dict(uid=requested_uid, access_token=inputs.access_token, access_expires=inputs.access_expires)
)
exists = oauth_model.get(new_id)
if exists.Userid: # 如果已绑定本站帐号
return self.login(exists.Userid)
inputs = oauth_ctrl.assignUserInfo(inputs, inputs.access_token)
self.assignRandomPassword(inputs)
self.assignRegisterIP(inputs)
conflict = user_ctrl.checkNewUser(inputs)
if conflict:
return sh.toJsonp(
dict(is_login=False, error=conflict, name=inputs.get("name", ""), sex=inputs.get("sex", ""))
)
new_id = user_model.insert(inputs)
oauth_model.update(exists.id, dict(Userid=new_id))
return self.login(new_id)
def POST(self, inputs=None):
if not inputs: inputs = sh.inputs()
assert inputs.has_key('model_name'), u'请指明需要修改的数据类型'
assert inputs.has_key('model_id'), u'请指明需要修改的数据id'
model = sh.model(inputs.model_name)
# 只允许删除自己的东西
exists = model.get(inputs.model_id)
if not exists:
return sh.toJsonp({'success': True, 'affected': 0})
if sh.session.is_login and exists.get('Userid', None) == int(
sh.session.id):
return sh.toJsonp({
'success': True,
'affected': model.delete(inputs.model_id)
})
else:
return sh.toJsonp({'success': False, 'msg': '不能删除不属于你的东西.'})
def _getEnv(self, model, menu_config):
inputs = sh.inputs()
env = sh.storage(dict(paging=True))
env.orderby = model.replaceAttr(menu_config.orderby \
if menu_config.orderby else '{$primary_key} desc')
if inputs.get('where', ''):
env.where = [sh.unquote(inputs.where)]
if inputs.get('action', '') == 'search':
where = []
argvs = []
for query in sh.splitAndStrip(inputs.query):
where.append(
'(' +
' or '.join([c + ' like %s'
for c in menu_config.search]) + ')')
argvs += ['%' + query + '%'] * len(menu_config.search)
env.where = [' and '.join(where)] + argvs
return env
def POST(self):
inputs = sh.inputs()
if inputs['action'] == 'isLogin':
if sh.session.is_login:
return sh.toJsonp({
'is_login': True,
'name': sh.session.name,
'id': sh.session.id
})
else:
return sh.toJsonp({'is_login': False, 'name': '', 'id': 0})
if inputs['action'] == 'login':
assert (inputs.get('email', '').strip())
assert (inputs.get('password', ''))
model = sh.model('User')
uc = sh.ctrl('User')
if not uc.validate(inputs.email, inputs.password):
return sh.toJsonp({'is_login': False, 'error': '邮箱或密码不对'})
user = model.getByEmail(inputs.email)
if user.dead == 'yes':
return sh.toJsonp({'is_login': False, 'error': '你已被列入黑名单'})
uc.login(user, inputs.get('remember_me', '') == 'on')
return sh.toJsonp({
'is_login': True,
'name': user.name,
'id': user.id
})
if inputs['action'] == 'logout':
sh.ctrl('User').logout()
return 'bye'
def GET(self, name):
inputs = sh.inputs()
menu_config = sh.ctrl('Editor').getMenuConfig()
# 禁止访问未公开的路径
if not menu_config: return sh.redirectTo404()
model = sh.model('SiteConfig')
env = sh.storage()
if menu_config.get('filter', None):
env['where'] = ['name like %s', menu_config['filter']]
if menu_config.get('orderby', None):
env.orderby = model.replaceAttr(menu_config.orderby)
if inputs.get('where', ''):
env.where = [inputs.where]
items = model.all(env)
pagination_html = model.getPaginationHtml(env)
return sh.editor.SiteConfig(items, pagination_html, menu_config)
def GET(self, name):
inputs = sh.inputs()
menu_config = sh.ctrl('Editor').getMenuConfig()
# 禁止访问未公开的路径
if not menu_config: return sh.redirectTo404()
model = sh.model('SiteConfig')
env = sh.storage()
if menu_config.get('filter', None):
env['where'] = ['name like %s', menu_config['filter']]
if menu_config.get('orderby', None):
env.orderby = model.replaceAttr(menu_config.orderby)
if inputs.get('where', ''):
env.where = [inputs.where]
items = model.all(env)
pagination_html = model.getPaginationHtml(env)
return sh.editor.SiteConfig(items, pagination_html, menu_config)
def GET(self, path):
mc = sh.ctrl("Editor").getMenuConfig()
# 禁止访问未公开的路径
if not mc:
return sh.redirectTo404()
inputs = sh.inputs()
select = mc.get("select", "").replace("%", "%%") # 因为MySQLdb会转义%
db = sh.getDBHelper()
if mc.get("paging", ""):
if " limit " in select.lower():
return sh.alert("使用paging选项时select中不能使用limit, 请检查后台配置", stay=10)
# 如果使用了paging, select中就不允许出现limit
if int(mc.get("paging")) <= 0:
return sh.alert("paging配置参数应为正整数", stay=10)
if " distinct " in select.lower():
return sh.alert("抱歉, 暂不支持paging与distinct一起使用", stay=10)
# 查询count(*)
form_key = " from " if " from " in select else " FROM "
total = self.__getTotal(select)
# 设置limit获得数据
select = select + " limit %d, %d" % self.__getLimit(inputs.get("page_num", 1), int(mc.paging))
items = db.fetchSome(select)
# 获得分页
pagination_html = (
'<div fx="paging[style=zarkpy;pageCount=%d;totalCount=%d;displayPages=10;firstText=第一页;lastText=末页;]"></div>'
% (int(mc.paging), total)
)
else:
items = db.fetchSome(select)
pagination_html = ""
keys = self.__getSortedKeys(select)
if len(keys) == 0 and len(items) > 0:
keys = items[0].keys()
return sh.editor.ReportForms(items, pagination_html, keys, mc)
def GET(self, path):
mc = sh.ctrl('Editor').getMenuConfig()
# 禁止访问未公开的路径
if not mc: return sh.redirectTo404()
inputs = sh.inputs()
select = mc.get('select', '').replace('%', '%%') # 因为MySQLdb会转义%
db = sh.getDBHelper()
if mc.get('paging', ''):
if ' limit ' in select.lower():
return sh.alert('使用paging选项时select中不能使用limit, 请检查后台配置', stay=10)
# 如果使用了paging, select中就不允许出现limit
if int(mc.get('paging')) <= 0:
return sh.alert('paging配置参数应为正整数', stay=10)
if ' distinct ' in select.lower():
return sh.alert('抱歉, 暂不支持paging与distinct一起使用', stay=10)
# 查询count(*)
form_key = ' from ' if ' from ' in select else ' FROM '
total = self.__getTotal(select)
# 设置limit获得数据
select = select + ' limit %d, %d' % \
self.__getLimit(inputs.get('page_num', 1), int(mc.paging))
items = db.fetchSome(select)
# 获得分页
pagination_html = '<div fx="paging[style=zarkpy;pageCount=%d;totalCount=%d;displayPages=10;firstText=第一页;lastText=末页;]"></div>' % (int(mc.paging), total)
else:
items = db.fetchSome(select)
pagination_html = ''
keys = self.__getSortedKeys(select)
if len(keys) == 0 and len(items) > 0:
keys = items[0].keys()
return sh.editor.ReportForms(items, pagination_html, keys, mc)
def POST(self, inputs=None):
if not inputs: inputs = sh.inputs()
assert inputs.has_key('action')
if inputs.action == 'postImage':
assert inputs.get('Userid', 0)
assert sh.model('User').get(inputs.Userid)
assert inputs.get('data_name', None)
assert inputs.get('data_id', None)
img_model = sh.model('UserImage')
image_data = sh.getSwfUploadImageFile()
new_id = img_model.insert(
sh.storage(
dict(image_file=image_data,
Userid=inputs.Userid,
file_name=image_data.filename,
data_name=inputs.data_name,
data_id=inputs.data_id)))
return 'success;%d;%s;%s' % (
new_id, img_model.getUrlByPrivate(inputs.Userid,
new_id), image_data.filename)
def POST(self):
inputs = sh.inputs()
assert inputs.has_key('model_name'), u'请指定需要裁剪的数据类型'
assert inputs.has_key('model_id'), u'请指定需要裁剪的数据ID'
assert inputs.has_key('column_name'), u'请指定裁剪的列名'
assert int(float(inputs.get('region_width', '0'))) > 0
assert int(float(inputs.get('region_height', '0'))) > 0
model = sh.model(inputs.model_name)
item = model.get(inputs.model_id)
image = item.image
real_width, real_height = sh.imageSize(image.url) # 图片的真实宽高
crop = inputs.crop
region_width = int(float(inputs.region_width)) # 选择区域的宽度
region_height = int(float(inputs.region_height)) # 选择区域的高度
start_x = int(crop.split()[0]) # 选中的起始位置
start_y = int(crop.split()[1])
region_x = int(crop.split()[2]) # 选中的宽度
region_y = int(crop.split()[3]) # 选中的高度
# convert 裁剪区域
region = '%dx%d+%d+%d' % (region_x * real_width / region_width,
region_y * real_height / region_height,
real_width * start_x / region_width,
real_height * start_y / region_height)
path = sh.urlToPath(image.url)
os.system('convert %s -crop %s %s' % (path, region, path + '.crop'))
model.update(inputs.model_id, {inputs.column_name: crop})
# 删除以前裁剪图片的各种尺寸副本
os.system('rm %s.crop_*' % path)
return sh.refresh()
def GET(self):
inputs = sh.inputs()
assert inputs.get('access_token', '')
assert inputs.get('state', '')
return self._render(inputs.get('error', ''))
def __getPageNum(self, env):
key = self.arguments.paging_key
return int(env[key] if env.has_key(key) else sh.inputs().get(key, 1))
def POST(self, inputs=None):
if not inputs: inputs = sh.inputs()
return self._update(inputs)
return sh.toJsonp({'success':True, 'affected': self._update(inputs)})
def GET(self):
inputs = sh.inputs()
assert inputs.get('access_token', '')
assert inputs.get('state', '')
return self._render(inputs.get('error', ''))
def POST(self, inputs=None):
if not inputs: inputs = sh.inputs()
self._update(inputs)
return sh.refresh()
def _getCNSiteName(self):
site_name = sh.inputs().state.partition('_')[0]
return sh.ctrl('oauth.' + site_name).CN_SITE_NAME
def GET(self):
inputs = sh.inputs()
if sh.session.is_login:
return sh.page.user.ResetPassword()
else:
return sh.redirectToLogin()
def POST(self, inputs=None):
if not inputs: inputs = sh.inputs()
self._update(inputs)
return sh.refresh()
def POST(self, name):
inputs = sh.inputs()
assert inputs.has_key('value')
key = self.prefix_key + name
sh.setSiteConfig(key, inputs.value)
return sh.refresh()
def _update(self, inputs=None):
assert(sh.session.is_admin)
if inputs is None: inputs = sh.inputs()
assert(inputs.has_key('model_name'))
assert(inputs.has_key('model_id'))
return sh.model(inputs.model_name).update(int(inputs.model_id),inputs)
def POST(self, name):
inputs = sh.inputs()
assert inputs.has_key('value')
key = self.prefix_key + name
sh.setSiteConfig(key, inputs.value)
return sh.refresh()
def _getCNSiteName(self):
site_name = sh.inputs().state.partition('_')[0]
return sh.ctrl('oauth.' + site_name).CN_SITE_NAME
def _render(self, error_msg=''):
inputs = sh.inputs()
return sh.page.oauth.Register(inputs.access_token, inputs.state,
self._getCNSiteName(), error_msg,
inputs.get(self.PRIMARY_KEY))
def _render(self, error_msg=''):
inputs = sh.inputs()
return sh.page.oauth.Register(inputs.access_token, inputs.state,
self._getCNSiteName(), error_msg, inputs.get(self.PRIMARY_KEY))
def __getPageNum(self, env):
key = self.arguments.paging_key
return int(env[key] if env.has_key(key) else sh.inputs().get(key, 1))