Exemplo n.º 1
0
    def POST(self, inputs=None):
        if not inputs: inputs = sh.inputs()
        assert(inputs.get('email', '').strip())
        assert(inputs.get('password', ''))

        uc = sh.ctrl('User')
        model = sh.model('User')
        action = sh.getEnv('REQUEST_URI').partition('?')[0].strip('/')

        if action == 'login':
            if not uc.validate(inputs.email, inputs.password):
                return sh.page.user.Login('您输入的用户名或密码不对, 请重新输入', inputs.email)

            user = model.getByEmail(inputs.email)

            if user.dead == 'yes':
                return sh.alert('登录失败,你已被列入黑名单,请联系管理员')

            uc.login(user, inputs.get('remember_me', '') == 'on')

            # 获得打开login页面时url中指定的referer
            referer = sh.getUrlParams(sh.getEnv('HTTP_REFERER')).get('referer', None)
            if referer:
                return sh.redirect(referer)
            elif sh.inputs().get('referer', None):
                return sh.redirect(sh.inputs().get('referer', None))
            else:
                return sh.redirect('/')
Exemplo n.º 2
0
Arquivo: Login.py Projeto: ajiexw/note
    def POST(self, inputs=None):
        if not inputs: inputs = sh.inputs()
        assert(inputs.get('email', '').strip())
        assert(inputs.get('password', ''))

        uc = sh.ctrl('User')
        model = sh.model('User')
        action = sh.getEnv('REQUEST_URI').partition('?')[0].strip('/')

        if action == 'login':
            if not uc.validate(inputs.email, inputs.password):
                return sh.page.user.Login('您输入的用户名或密码不对, 请重新输入', inputs.email)

            user = model.getByEmail(inputs.email)

            if user.dead == 'yes':
                return sh.alert('登录失败,你已被列入黑名单,请联系管理员')

            uc.login(user, inputs.get('remember_me', '') == 'on')

            # 获得打开login页面时url中指定的referer
            referer = sh.getUrlParams(sh.getEnv('HTTP_REFERER')).get('referer', None)
            if referer:
                return sh.redirect(referer)
            elif sh.inputs().get('referer', None):
                return sh.redirect(sh.inputs().get('referer', None))
            else:
                return sh.alert('登录成功. 欢迎回来!')
Exemplo n.º 3
0
    def POST(self):
        inputs = sh.inputs()

        if inputs['action'] == 'isLogin':
            if sh.session.is_login:
                return sh.toJsonp({'is_login': True, 'name': sh.session.name, 'id': sh.session.id})
            else:
                return sh.toJsonp({'is_login': False, 'name': '', 'id': 0})

        if inputs['action'] == 'login':
            assert(inputs.get('email', '').strip())
            assert(inputs.get('password', ''))

            model = sh.model('User')
            uc = sh.ctrl('User')

            if not uc.validate(inputs.email, inputs.password):
                return sh.toJsonp({'is_login':False, 'error':'邮箱或密码不对'})

            user = model.getByEmail(inputs.email)

            if user.dead == 'yes':
                return sh.toJsonp({'is_login':False, 'error':'你已被列入黑名单'})

            uc.login(user, inputs.get('remember_me', '') == 'on')

            return sh.toJsonp({'is_login':True, 'name': user.name, 'id': user.id})

        if inputs['action'] == 'logout':
            sh.ctrl('User').logout()
            return 'bye'
Exemplo n.º 4
0
    def GET(self):
        inputs = sh.inputs()
        assert inputs.has_key('model_name'), u'请指定需要裁剪的数据类型'
        assert inputs.has_key('model_id'), u'请指定需要裁剪的数据ID'
        assert inputs.has_key('crop'), u'请设置裁剪配置'
        item = sh.model(inputs.model_name).get(inputs.model_id)
        if not item or not item.has_key('Imageid'): return sh.redirectTo404()

        column_name, settings = sh.unquote(inputs.crop).partition(' ')[::2]
        inputs.crop_width, settings = settings.strip().partition(' ')[::2]

        preview_size, settings = settings.strip().partition(' ')[::2]
        inputs.preview_width, inputs.preview_height = preview_size.split(':')

        inputs.column_name = column_name
        inputs.crop_settings = settings
        inputs.image = item.image

        if item.get(column_name):
            inputs.crop = item.get(column_name)
        else:
            inputs.crop = '0 0 %s %s' % tuple(preview_size.split(':'))

        if len(inputs.crop.split()) == 4:
            x1, y1, x2, y2 = map(int, inputs.crop.split(' '))
            inputs.fx_crop = 'x1=%s;y1=%s;x2=%s;y2=%s;' % (x1,y1,x1+x2,y1+y2)
        else:
            inputs.fx_crop = ''

        return sh.editor.CropImage(inputs)
Exemplo n.º 5
0
    def POST(self, inputs=None):
        if not inputs:
            inputs = sh.inputs()
        assert inputs.has_key("action")

        if inputs.action == "postImage":
            assert inputs.get("Userid", 0)
            assert sh.model("User").get(inputs.Userid)
            assert inputs.get("data_name", None)
            assert inputs.get("data_id", None)
            img_model = sh.model("UserImage")

            image_data = sh.getSwfUploadImageFile()

            new_id = img_model.insert(
                sh.storage(
                    dict(
                        image_file=image_data,
                        Userid=inputs.Userid,
                        file_name=image_data.filename,
                        data_name=inputs.data_name,
                        data_id=inputs.data_id,
                    )
                )
            )

            return "success;%d;%s;%s" % (new_id, img_model.getUrlByPrivate(inputs.Userid, new_id), image_data.filename)
Exemplo n.º 6
0
    def GET(self):
        inputs = sh.inputs()
        assert inputs.has_key('model_name'), u'请指定需要裁剪的数据类型'
        assert inputs.has_key('model_id'), u'请指定需要裁剪的数据ID'
        assert inputs.has_key('crop'), u'请设置裁剪配置'
        item = sh.model(inputs.model_name).get(inputs.model_id)
        if not item or not item.has_key('Imageid'): return sh.redirectTo404()

        column_name, settings = sh.unquote(inputs.crop).partition(' ')[::2]
        inputs.crop_width, settings = settings.strip().partition(' ')[::2]

        preview_size, settings = settings.strip().partition(' ')[::2]
        inputs.preview_width, inputs.preview_height = preview_size.split(':')

        inputs.column_name = column_name
        inputs.crop_settings = settings
        inputs.image = item.image

        if item.get(column_name):
            inputs.crop = item.get(column_name)
        else:
            inputs.crop = '0 0 %s %s' % tuple(preview_size.split(':'))

        if len(inputs.crop.split()) == 4:
            x1, y1, x2, y2 = map(int, inputs.crop.split(' '))
            inputs.fx_crop = 'x1=%s;y1=%s;x2=%s;y2=%s;' % (x1, y1, x1 + x2,
                                                           y1 + y2)
        else:
            inputs.fx_crop = ''

        return sh.editor.CropImage(inputs)
Exemplo n.º 7
0
    def GET(self):
        inputs = sh.inputs()
        assert (inputs.has_key('code'))
        assert (inputs.has_key('state'))

        site_name = inputs.state.partition('_')[0]
        authorization_code = inputs.code.strip()
        oauth_ctrl = sh.ctrl('oauth.%s' % site_name)
        oauth_model = sh.model('oauth.%sOAuth2' % site_name)
        user_ctrl = sh.ctrl('User')
        user_model = sh.model('User')

        token_url = oauth_ctrl.createAccessTokenUrl(authorization_code)
        content = sh.requestHtmlContent(token_url, None,
                                        oauth_ctrl.ACCESS_TOKEN_METHOD)
        assert content, u'第三方返回的数据有误'

        access_token, access_expires = oauth_ctrl.pickAccessTokenAndExpires(
            content)
        requested_uid = oauth_ctrl.requestUidWithAccessToken(access_token)
        assert requested_uid, u'第三方返回的数据有误'
        if self.TEST_API_LOGIN:
            login_url = '%s/api/oauth/login?access_token=%s&access_expires=%s&uid=%s&state=%s' % (
                sh.config.HOST_NAME, access_token, access_expires,
                requested_uid, inputs.state)
            return '<a href="%s" >%s</a>' % (login_url, login_url)

        # 因为access_token是动态变化的,所以要用requested_uid来判断是否登录过
        # 这也避免了access_token变化时插入重复的uid
        exists = oauth_model.getByUid(requested_uid)

        # 如果当前uid还没有插入数据库,则先插入再考虑绑定Userid
        if not exists:
            new_oauth_id = oauth_model.insert(
                dict(uid=requested_uid,
                     access_token=access_token,
                     access_expires=access_expires))
            exists = oauth_model.get(new_oauth_id)

        # 如果已绑定Userid则登录
        if exists.Userid:
            return self.login(exists.Userid)

        # 如果希望自动注册,则注册并绑定后登录
        if self.NO_REGISTER_ACTION == 'auto_register':
            data = oauth_ctrl.assignUserInfo(sh.storage(), access_token)
            self.assignRandomPassword(data)
            self.assignRegisterIP(data)
            conflict = user_ctrl.checkNewUser(data)
            if conflict:
                return self.redirectToRegister(access_token,
                                               inputs.state,
                                               error=conflict)

            new_user_id = user_model.insert(data)
            oauth_model.update(exists.id, dict(Userid=new_user_id))
            return self.login(new_user_id)
        # 否则希望用户自己注册
        elif self.NO_REGISTER_ACTION == 'to_register':
            return self.redirectToRegister(access_token, inputs.state)
Exemplo n.º 8
0
    def POST(self):
        inputs = sh.inputs()
        assert inputs.has_key('model_name'), u'请指定需要裁剪的数据类型'
        assert inputs.has_key('model_id'), u'请指定需要裁剪的数据ID'
        assert inputs.has_key('column_name'), u'请指定裁剪的列名'
        assert int(float(inputs.get('region_width', '0'))) > 0
        assert int(float(inputs.get('region_height', '0'))) > 0

        model = sh.model(inputs.model_name)
        item = model.get(inputs.model_id)
        image = item.image

        real_width, real_height = sh.imageSize(image.url) # 图片的真实宽高
        crop = inputs.crop
        region_width = int(float(inputs.region_width)) # 选择区域的宽度
        region_height = int(float(inputs.region_height)) # 选择区域的高度

        start_x  = int(crop.split()[0]) # 选中的起始位置
        start_y  = int(crop.split()[1])
        region_x  = int(crop.split()[2])# 选中的宽度
        region_y = int(crop.split()[3]) # 选中的高度
        
        # convert 裁剪区域
        region = '%dx%d+%d+%d' % (region_x * real_width / region_width, 
                                region_y * real_height / region_height,
                                real_width * start_x / region_width, 
                                real_height * start_y / region_height)

        path = sh.urlToPath(image.url)
        os.system('convert %s -crop %s %s' % (path, region, path+'.crop'))
        model.update(inputs.model_id, {inputs.column_name: crop})
        return sh.refresh()
Exemplo n.º 9
0
    def GET(self):
        inputs = sh.inputs()
        assert inputs.has_key("code")
        assert inputs.has_key("state")

        site_name = inputs.state.partition("_")[0]
        authorization_code = inputs.code.strip()
        oauth_ctrl = sh.ctrl("oauth.%s" % site_name)
        oauth_model = sh.model("oauth.%sOAuth2" % site_name)
        user_ctrl = sh.ctrl("User")
        user_model = sh.model("User")

        token_url = oauth_ctrl.createAccessTokenUrl(authorization_code)
        content = sh.requestHtmlContent(token_url, None, oauth_ctrl.ACCESS_TOKEN_METHOD)
        assert content, u"第三方返回的数据有误"

        access_token, access_expires = oauth_ctrl.pickAccessTokenAndExpires(content)
        requested_uid = oauth_ctrl.requestUidWithAccessToken(access_token)
        assert requested_uid, u"第三方返回的数据有误"
        if self.TEST_API_LOGIN:
            login_url = "%s/api/oauth/login?access_token=%s&access_expires=%s&uid=%s&state=%s" % (
                sh.config.HOST_NAME,
                access_token,
                access_expires,
                requested_uid,
                inputs.state,
            )
            return '<a href="%s" >%s</a>' % (login_url, login_url)

        # 因为access_token是动态变化的,所以要用requested_uid来判断是否登录过
        # 这也避免了access_token变化时插入重复的uid
        exists = oauth_model.getByUid(requested_uid)

        # 如果当前uid还没有插入数据库,则先插入再考虑绑定Userid
        if not exists:
            new_oauth_id = oauth_model.insert(
                dict(uid=requested_uid, access_token=access_token, access_expires=access_expires)
            )
            exists = oauth_model.get(new_oauth_id)

        # 如果已绑定Userid则登录
        if exists.Userid:
            return self.login(exists.Userid)

        # 如果希望自动注册,则注册并绑定后登录
        if self.NO_REGISTER_ACTION == "auto_register":
            data = oauth_ctrl.assignUserInfo(sh.storage(), access_token)
            self.assignRandomPassword(data)
            self.assignRegisterIP(data)
            conflict = user_ctrl.checkNewUser(data)
            if conflict:
                return self.redirectToRegister(access_token, inputs.state, error=conflict)

            new_user_id = user_model.insert(data)
            oauth_model.update(exists.id, dict(Userid=new_user_id))
            return self.login(new_user_id)
        # 否则希望用户自己注册
        elif self.NO_REGISTER_ACTION == "to_register":
            return self.redirectToRegister(access_token, inputs.state)
Exemplo n.º 10
0
 def POST(self,inputs=None):
     if inputs is None: inputs = sh.inputs()
     assert(inputs.has_key('model_name'))
     assert(inputs.has_key('model_id'))
     assert(sh.session.is_admin)
     model = sh.model(inputs.model_name)
     model.delete(int(inputs.model_id))
     return sh.refresh()
Exemplo n.º 11
0
 def _delete(self, inputs=None):
     assert(sh.session.is_admin)
     if inputs is None: inputs = sh.inputs()
     assert(inputs.has_key('model_name'))
     assert(inputs.has_key('model_id'))
     model = sh.model(inputs.model_name)
     model.delete(int(inputs.model_id))
     return sh.model(inputs.model_name).update(int(inputs.model_id),inputs)
Exemplo n.º 12
0
 def POST(self, inputs=None):
     if inputs is None: inputs = sh.inputs()
     assert (inputs.has_key('model_name'))
     assert (inputs.has_key('model_id'))
     assert (sh.session.is_admin)
     model = sh.model(inputs.model_name)
     model.delete(int(inputs.model_id))
     return sh.refresh()
Exemplo n.º 13
0
    def POST(self):
        inputs = sh.inputs()
        if not inputs.has_key('image_file'):
            return '<script>window.close();</script>'

        model = sh.model('EditorImage')
        inputs.title = inputs.image_file.filename
        new_id = model.insert(inputs)
        return self.insert_image_callback % model.get(new_id).image.url
Exemplo n.º 14
0
    def POST(self):
        inputs = sh.inputs()
        if not inputs.has_key('image_file'):
            return '<script>window.close();</script>'

        model = sh.model('EditorImage')
        inputs.title = inputs.image_file.filename
        new_id = model.insert(inputs)
        return self.insert_image_callback % model.get(new_id).image.url
Exemplo n.º 15
0
 def GET(self, inputs=None):
     if not inputs: inputs = sh.inputs()
     assert inputs.has_key('model_name'), u'请指明需要查询的数据类型'
     assert inputs.has_key('model_id'), u'请指明需要查询的数据id'
     item = sh.model(inputs.model_name).get(inputs.model_id)
     if item:
         item = dict(item)
         item['id'] = int(inputs.model_id)
     return sh.toJsonp(item)
Exemplo n.º 16
0
 def pagingDatas(self, datas, page_num=None, volume=None):
     if page_num is None:
         page_num = sh.inputs().get(self.arguments.paging_key, 1)
     if volume is None:
         volume = self.arguments.paging_volume
     if page_num and volume:
         start, length = self.__getLimit(page_num, volume)
         return datas[start:start+length]
     else:
         return datas
Exemplo n.º 17
0
 def pagingDatas(self, datas, page_num=None, volume=None):
     if page_num is None:
         page_num = sh.inputs().get(self.arguments.paging_key, 1)
     if volume is None:
         volume = self.arguments.paging_volume
     if page_num and volume:
         start, length = self.__getLimit(page_num, volume)
         return datas[start:start+length]
     else:
         return datas
Exemplo n.º 18
0
    def GET(self):
        inputs = sh.inputs()
        assert(inputs.has_key('Userid'))
        assert(inputs.has_key('code'))

        model = sh.model('UserValidation')
        exists = model.getOneByWhere('Userid=%s and code=%s', inputs.Userid, inputs.code)

        if exists:
            sh.model('User').update(inputs.Userid, dict(activated='yes'))
            model.delete(exists.id)
            return sh.alert('验证邮箱成功')
        else:
            return sh.redirectTo404()
Exemplo n.º 19
0
    def POST(self, inputs=None):
        if not inputs: inputs = sh.inputs()
        uc = sh.ctrl('User')
        error = uc.checkNewUser(inputs)
        if error:
            return sh.toJsonp({'is_login': False, 'error': error})

        new_id = uc.register(inputs)
        uc.loginById(new_id, inputs.get('remember_me', 'off') == 'on')

        if sh.model('User').validation_request:
            uc.sendValidationEmail(user)
            return sh.toJsonp({'is_login': True, 'id': new_id, 'msg': '注册成功,请查收您的验证邮件'})
        else:
            return sh.toJsonp({'is_login': True, 'id': new_id, 'msg': '注册成功'})
Exemplo n.º 20
0
    def POST(self, inputs=None):
        if not inputs: inputs = sh.inputs()
        uc = sh.ctrl('User')
        error = uc.checkNewUser(inputs)
        if error:
            return sh.page.user.Register(error, inputs.get('email', ''))

        new_id = uc.register(inputs)
        uc.loginById(new_id, inputs.get('remember_me', 'no') == 'yes')

        if sh.model('User').validation_request:
            uc.sendValidationEmail(user)
            return sh.alert('注册成功,请查收您的验证邮件')
        else:
            return sh.alert('注册成功')
Exemplo n.º 21
0
    def POST(self, inputs=None):
        if not inputs: inputs = sh.inputs()
        uc = sh.ctrl('User')
        error = uc.checkNewUser(inputs)
        if error:
            return sh.page.user.Register(error, inputs.get('email', ''))

        new_id = uc.register(inputs)
        uc.loginById(new_id, inputs.get('remember_me', 'no') == 'yes')

        if sh.model('User').validation_request:
            uc.sendValidationEmail(user)
            return sh.alert('注册成功,请查收您的验证邮件')
        else:
            return sh.alert('注册成功')
Exemplo n.º 22
0
    def POST(self,inputs=None):
        if not inputs: inputs = sh.inputs()
        assert inputs.has_key('model_name'), u'请指明需要修改的数据类型'
        assert inputs.has_key('model_id'),   u'请指明需要修改的数据id'

        model = sh.model(inputs.model_name)
        # 只允许删除自己的东西
        exists = model.get(inputs.model_id)
        if not exists:
            return sh.toJsonp({'success':True, 'affected': 0})

        if sh.session.is_login and exists.get('Userid', None) == int(sh.session.id):
            return sh.toJsonp({'success':True, 'affected': model.delete(inputs.model_id)})
        else:
            return sh.toJsonp({'success':False, 'msg':'不能删除不属于你的东西.'})
Exemplo n.º 23
0
    def POST(self, inputs=None):
        if not inputs: inputs = sh.inputs()
        uc = sh.ctrl('User')
        error = uc.checkNewUser(inputs)
        if error:
            return sh.toJsonp({'is_login': False, 'error': error})

        new_id = uc.register(inputs)
        uc.loginById(new_id, inputs.get('remember_me', 'no') == 'yes')

        if sh.model('User').validation_request:
            uc.sendValidationEmail(user)
            return sh.toJsonp({'is_login': True, 'id': new_id, 'msg': '注册成功,请查收您的验证邮件'})
        else:
            return sh.toJsonp({'is_login': True, 'id': new_id, 'msg': '注册成功'})
Exemplo n.º 24
0
    def _getEnv(self, model, menu_config):
        inputs = sh.inputs()
        env = sh.storage(dict(paging=True))
        env.orderby = model.replaceAttr(menu_config.orderby  \
                if menu_config.orderby else '{$primary_key} desc')

        if inputs.get('action', '') == 'search':
            where = []
            argvs = []
            for query in sh.splitAndStrip(inputs.query):
                where.append('('+ ' or '.join([c+' like %s' for c in menu_config.search]) +')')
                argvs += ['%'+query+'%'] * len(menu_config.search)
            env.where = [' and '.join(where)] + argvs

        return env
Exemplo n.º 25
0
    def POST(self):
        inputs = sh.inputs()
        assert inputs.get('access_token', '')
        assert inputs.get('access_expires', '')
        assert inputs.get('uid', '')
        assert inputs.get('state', '')

        site_name = inputs.state.partition('_')[0]
        oauth_ctrl = sh.ctrl('oauth.%s' % site_name)
        oauth_model = sh.model('oauth.%sOAuth2' % site_name)
        user_ctrl = sh.ctrl('User')
        user_model = sh.model('User')

        requested_uid = oauth_ctrl.requestUidWithAccessToken(
            inputs.access_token)
        # 如果access_token和uid验证不对,则不让登录
        if not requested_uid or requested_uid != inputs.uid:
            return sh.toJsonp(dict(error="该第三方帐号未绑定任何站内帐号", is_login=False))

        exists = oauth_model.getByUid(requested_uid)

        # 如果当前uid还没有插入数据库,则先插入再考虑绑定Userid
        if not exists:
            new_id = oauth_model.insert(
                dict(uid=requested_uid,
                     access_token=inputs.access_token,
                     access_expires=inputs.access_expires))
            exists = oauth_model.get(new_id)

        if exists.Userid:  # 如果已绑定本站帐号
            return self.login(exists.Userid)

        inputs = oauth_ctrl.assignUserInfo(inputs, inputs.access_token)
        self.assignRandomPassword(inputs)
        self.assignRegisterIP(inputs)
        conflict = user_ctrl.checkNewUser(inputs)
        if conflict:
            return sh.toJsonp(
                dict(is_login=False,
                     error=conflict,
                     name=inputs.get('name', ''),
                     sex=inputs.get('sex', '')))

        new_id = user_model.insert(inputs)
        oauth_model.update(exists.id, dict(Userid=new_id))

        return self.login(new_id)
Exemplo n.º 26
0
    def POST(self):
        inputs = sh.inputs()
        assert (6 <= len(inputs.new_password) < 60)
        user_model = sh.model('User')
        user_ctrl = sh.ctrl('User')
        if not sh.session.is_login:
            return sh.redirectToLogin()

        Userid = sh.session.id
        user = user_model.get(Userid)
        assert (user is not None)

        if not user_ctrl.validate(user.email, inputs.old_password):
            return sh.page.user.ResetPassword('原密码输入错误, 请重新输入')

        user_model.update(Userid, dict(password=inputs.new_password))
        return sh.alert('重置密码成功', '/')
Exemplo n.º 27
0
    def GET(self, inputs=None):
        if not inputs: inputs = sh.inputs()
        assert inputs.has_key('action')
        model = sh.model('UserImage')

        if inputs.action in ['delete', 'recover']:
            assert sh.session.is_login
            assert inputs.get('UserImageid', None)
            exists = model.get(inputs.UserImageid)
            assert exists and exists.Userid == sh.session.id

            if inputs.action == 'delete':
                if sh.inModifyTime(exists.created):
                    model.delete(inputs.UserImageid)
                    return sh.toJsonp({'success': True})
                else:
                    return sh.toJsonp({'success': False, 'error': '超过了修改时限'})
Exemplo n.º 28
0
    def POST(self):
        inputs = sh.inputs()
        assert(6 <= len(inputs.new_password) < 60)
        user_model = sh.model('User')
        user_ctrl  = sh.ctrl('User')
        if not sh.session.is_login:
            return sh.redirectToLogin()

        Userid = sh.session.id
        user = user_model.get(Userid)
        assert(user is not None)

        if not user_ctrl.validate(user.email, inputs.old_password):
            return sh.page.user.ResetPassword('原密码输入错误, 请重新输入')

        user_model.update(Userid, dict(password=inputs.new_password))
        return sh.alert('重置密码成功', '/')
Exemplo n.º 29
0
    def POST(self):
        if not sh.session.is_login:
            return sh.redirectToLogin()
        user_model = sh.model('User')
        user = user_model.get(sh.session.id)

        inputs = sh.inputs()
        assert inputs.get('action', '')

        if inputs.action == 'upload':
            if inputs.get('image_file', ''):
                self.savePortrait(sh.session.id, inputs.image_file)
            return sh.redirect('/accounts/portrait')

        elif inputs.action == 'crop':

            if not user.image:
                return sh.alert('请先上传头像')

            assert int(float(inputs.get('region_width', '0'))) > 0
            assert int(float(inputs.get('region_height', '0'))) > 0
            real_width, real_height = sh.imageSize(user.image.url)  # 图片的真实宽高
            crop = inputs.crop
            region_width = int(float(inputs.region_width))  # 选择区域的宽度
            region_height = int(float(inputs.region_height))  # 选择区域的高度

            start_x = int(crop.split()[0])  # 选中的起始位置
            start_y = int(crop.split()[1])
            region_x = int(crop.split()[2])  # 选中的宽度
            region_y = int(crop.split()[3])  # 选中的高度

            # convert 裁剪区域
            region = '%dx%d+%d+%d' % (region_x * real_width / region_width,
                                      region_y * real_height / region_height,
                                      real_width * start_x / region_width,
                                      real_height * start_y / region_height)

            path = sh.urlToPath(user.image.url)
            os.system('convert %s -crop %s %s' %
                      (path, region, path + '.crop'))
            user_model.update(sh.session.id, {'crop': crop})

            # 删除以前裁剪图片的各种尺寸副本
            os.system('rm %s.crop_*' % path)

            return sh.redirect('/accounts')
Exemplo n.º 30
0
    def POST(self):
        inputs = sh.inputs()
        assert inputs.get('access_token', '')
        assert inputs.get('state', '')
        assert inputs.get(self.PRIMARY_KEY, '')
        assert inputs.get('password', '')
        site_name = inputs.state.partition('_')[0]
        user_model = sh.model('User')
        user_ctrl = sh.ctrl('User')
        oauth_model = sh.model('oauth.%sOAuth2' % site_name)
        oauth_ctrl = sh.ctrl('oauth.%s' % site_name)
        cn_site_name = self._getCNSiteName()

        if self.PRIMARY_KEY == 'email':
            exists_user = user_model.getByEmail(inputs.email)
        elif self.PRIMARY_KEY == 'name':
            exists_user = user_model.getByName(inputs.name)

        # 如果primary_value没有注册过, 那么新建用户并绑定第三方帐号
        if not exists_user:
            inputs = oauth_ctrl.assignUserInfo(inputs, inputs.access_token)
            self.assignRegisterIP(inputs)
            conflict = user_ctrl.checkNewUser(inputs)
            if conflict:
                return self._render(conflict)

            new_id = user_model.insert(inputs)
            oauth_model.bindUseridByAccessToken(inputs.access_token, new_id)
            return self.login(new_id)

        # 否则已经注册过,检查密码是否正确
        else:
            if self.PRIMARY_KEY == 'email':
                check_password = user_ctrl.validate(inputs.email,
                                                    inputs.password)
            elif self.PRIMARY_KEY == 'name':
                check_password = user_ctrl.validateByName(
                    inputs.name, inputs.password)

            if not check_password:
                error = '您已经注册过, 但您输入的密码不正确, 请重新输入'
                return self._render(error)

            oauth_model.bindUseridByAccessToken(inputs.access_token,
                                                exists_user.Userid)
            return self.login(exists_user.Userid)
Exemplo n.º 31
0
    def POST(self):
        if not sh.session.is_login:
            return sh.redirectToLogin()
        user_model = sh.model('User')
        user = user_model.get(sh.session.id)

        inputs = sh.inputs()
        assert inputs.get('action', '')

        if inputs.action == 'upload':
            if inputs.get('image_file', ''):
                self.savePortrait(sh.session.id, inputs.image_file)
            return sh.redirect('/accounts/portrait')

        elif inputs.action == 'crop':

            if not user.image:
                return sh.alert('请先上传头像')

            assert int(float(inputs.get('region_width', '0'))) > 0
            assert int(float(inputs.get('region_height', '0'))) > 0
            real_width, real_height = sh.imageSize(user.image.url) # 图片的真实宽高
            crop = inputs.crop
            region_width = int(float(inputs.region_width)) # 选择区域的宽度
            region_height = int(float(inputs.region_height)) # 选择区域的高度

            start_x  = int(crop.split()[0]) # 选中的起始位置
            start_y  = int(crop.split()[1])
            region_x  = int(crop.split()[2])# 选中的宽度
            region_y = int(crop.split()[3]) # 选中的高度
            
            # convert 裁剪区域
            region = '%dx%d+%d+%d' % (region_x * real_width / region_width, 
                                    region_y * real_height / region_height,
                                    real_width * start_x / region_width, 
                                    real_height * start_y / region_height)

            path = sh.urlToPath(user.image.url)
            os.system('convert %s -crop %s %s' % (path, region, path+'.crop'))
            user_model.update(sh.session.id, {'crop': crop})

            # 删除以前裁剪图片的各种尺寸副本
            os.system('rm %s.crop_*' % path)

            return sh.redirect('/accounts')
Exemplo n.º 32
0
    def GET(self, inputs=None):
        if not inputs:
            inputs = sh.inputs()
        assert inputs.has_key("action")
        model = sh.model("UserImage")

        if inputs.action in ["delete", "recover"]:
            assert sh.session.is_login
            assert inputs.get("UserImageid", None)
            exists = model.get(inputs.UserImageid)
            assert exists and exists.Userid == sh.session.id

            if inputs.action == "delete":
                if sh.inModifyTime(exists.created):
                    model.delete(inputs.UserImageid)
                    return sh.toJsonp({"success": True})
                else:
                    return sh.toJsonp({"success": False, "error": "超过了修改时限"})
Exemplo n.º 33
0
    def POST(self):
        inputs = sh.inputs()
        assert inputs.get('access_token', '')
        assert inputs.get('state', '')
        assert inputs.get(self.PRIMARY_KEY, '')
        assert inputs.get('password', '')
        site_name = inputs.state.partition('_')[0]
        user_model = sh.model('User')
        user_ctrl = sh.ctrl('User')
        oauth_model = sh.model('oauth.%sOAuth2' % site_name)
        oauth_ctrl  = sh.ctrl('oauth.%s' % site_name)
        cn_site_name = self._getCNSiteName()

        if self.PRIMARY_KEY == 'email':
            exists_user = user_model.getByEmail(inputs.email)
        elif self.PRIMARY_KEY == 'name':
            exists_user = user_model.getByName(inputs.name)

        # 如果primary_value没有注册过, 那么新建用户并绑定第三方帐号
        if not exists_user:
            inputs = oauth_ctrl.assignUserInfo(inputs, inputs.access_token)
            self.assignRegisterIP(inputs)
            conflict = user_ctrl.checkNewUser(inputs)
            if conflict:
                return self._render(conflict)

            new_id = user_model.insert(inputs)
            oauth_model.bindUseridByAccessToken(inputs.access_token, new_id)
            return self.login(new_id)

        # 否则已经注册过,检查密码是否正确
        else: 
            if self.PRIMARY_KEY == 'email':
                check_password = user_ctrl.validate(inputs.email, inputs.password)
            elif self.PRIMARY_KEY == 'name':
                check_password = user_ctrl.validateByName(inputs.name, inputs.password)

            if not check_password:
                error = '您已经注册过, 但您输入的密码不正确, 请重新输入'
                return self._render(error)

            oauth_model.bindUseridByAccessToken(inputs.access_token, exists_user.Userid)
            return self.login(exists_user.Userid)
Exemplo n.º 34
0
    def POST(self):
        inputs = sh.inputs()
        assert inputs.get("access_token", "")
        assert inputs.get("access_expires", "")
        assert inputs.get("uid", "")
        assert inputs.get("state", "")

        site_name = inputs.state.partition("_")[0]
        oauth_ctrl = sh.ctrl("oauth.%s" % site_name)
        oauth_model = sh.model("oauth.%sOAuth2" % site_name)
        user_ctrl = sh.ctrl("User")
        user_model = sh.model("User")

        requested_uid = oauth_ctrl.requestUidWithAccessToken(inputs.access_token)
        # 如果access_token和uid验证不对,则不让登录
        if not requested_uid or requested_uid != inputs.uid:
            return sh.toJsonp(dict(error="该第三方帐号未绑定任何站内帐号", is_login=False))

        exists = oauth_model.getByUid(requested_uid)

        # 如果当前uid还没有插入数据库,则先插入再考虑绑定Userid
        if not exists:
            new_id = oauth_model.insert(
                dict(uid=requested_uid, access_token=inputs.access_token, access_expires=inputs.access_expires)
            )
            exists = oauth_model.get(new_id)

        if exists.Userid:  # 如果已绑定本站帐号
            return self.login(exists.Userid)

        inputs = oauth_ctrl.assignUserInfo(inputs, inputs.access_token)
        self.assignRandomPassword(inputs)
        self.assignRegisterIP(inputs)
        conflict = user_ctrl.checkNewUser(inputs)
        if conflict:
            return sh.toJsonp(
                dict(is_login=False, error=conflict, name=inputs.get("name", ""), sex=inputs.get("sex", ""))
            )

        new_id = user_model.insert(inputs)
        oauth_model.update(exists.id, dict(Userid=new_id))

        return self.login(new_id)
Exemplo n.º 35
0
    def POST(self, inputs=None):
        if not inputs: inputs = sh.inputs()
        assert inputs.has_key('model_name'), u'请指明需要修改的数据类型'
        assert inputs.has_key('model_id'), u'请指明需要修改的数据id'

        model = sh.model(inputs.model_name)
        # 只允许删除自己的东西
        exists = model.get(inputs.model_id)
        if not exists:
            return sh.toJsonp({'success': True, 'affected': 0})

        if sh.session.is_login and exists.get('Userid', None) == int(
                sh.session.id):
            return sh.toJsonp({
                'success': True,
                'affected': model.delete(inputs.model_id)
            })
        else:
            return sh.toJsonp({'success': False, 'msg': '不能删除不属于你的东西.'})
Exemplo n.º 36
0
    def _getEnv(self, model, menu_config):
        inputs = sh.inputs()
        env = sh.storage(dict(paging=True))
        env.orderby = model.replaceAttr(menu_config.orderby  \
                if menu_config.orderby else '{$primary_key} desc')

        if inputs.get('where', ''):
            env.where = [sh.unquote(inputs.where)]

        if inputs.get('action', '') == 'search':
            where = []
            argvs = []
            for query in sh.splitAndStrip(inputs.query):
                where.append(
                    '(' +
                    ' or '.join([c + ' like %s'
                                 for c in menu_config.search]) + ')')
                argvs += ['%' + query + '%'] * len(menu_config.search)
            env.where = [' and '.join(where)] + argvs

        return env
Exemplo n.º 37
0
    def POST(self):
        inputs = sh.inputs()

        if inputs['action'] == 'isLogin':
            if sh.session.is_login:
                return sh.toJsonp({
                    'is_login': True,
                    'name': sh.session.name,
                    'id': sh.session.id
                })
            else:
                return sh.toJsonp({'is_login': False, 'name': '', 'id': 0})

        if inputs['action'] == 'login':
            assert (inputs.get('email', '').strip())
            assert (inputs.get('password', ''))

            model = sh.model('User')
            uc = sh.ctrl('User')

            if not uc.validate(inputs.email, inputs.password):
                return sh.toJsonp({'is_login': False, 'error': '邮箱或密码不对'})

            user = model.getByEmail(inputs.email)

            if user.dead == 'yes':
                return sh.toJsonp({'is_login': False, 'error': '你已被列入黑名单'})

            uc.login(user, inputs.get('remember_me', '') == 'on')

            return sh.toJsonp({
                'is_login': True,
                'name': user.name,
                'id': user.id
            })

        if inputs['action'] == 'logout':
            sh.ctrl('User').logout()
            return 'bye'
Exemplo n.º 38
0
    def GET(self, name):
        inputs = sh.inputs()
        menu_config = sh.ctrl('Editor').getMenuConfig()
        # 禁止访问未公开的路径
        if not menu_config: return sh.redirectTo404()

        model = sh.model('SiteConfig')
        env = sh.storage()

        if menu_config.get('filter', None):
            env['where'] = ['name like %s', menu_config['filter']]

        if menu_config.get('orderby', None):
            env.orderby = model.replaceAttr(menu_config.orderby)

        if inputs.get('where', ''):
            env.where = [inputs.where]

        items = model.all(env)
        pagination_html = model.getPaginationHtml(env)

        return sh.editor.SiteConfig(items, pagination_html, menu_config)
Exemplo n.º 39
0
    def GET(self, name):
        inputs = sh.inputs()
        menu_config = sh.ctrl('Editor').getMenuConfig()
        # 禁止访问未公开的路径
        if not menu_config: return sh.redirectTo404()

        model = sh.model('SiteConfig')
        env = sh.storage()

        if menu_config.get('filter', None):
            env['where'] = ['name like %s', menu_config['filter']]

        if menu_config.get('orderby', None):
            env.orderby = model.replaceAttr(menu_config.orderby)

        if inputs.get('where', ''):
            env.where = [inputs.where]

        items = model.all(env)
        pagination_html = model.getPaginationHtml(env)

        return sh.editor.SiteConfig(items, pagination_html, menu_config)
Exemplo n.º 40
0
    def GET(self, path):
        mc = sh.ctrl("Editor").getMenuConfig()
        # 禁止访问未公开的路径
        if not mc:
            return sh.redirectTo404()

        inputs = sh.inputs()
        select = mc.get("select", "").replace("%", "%%")  # 因为MySQLdb会转义%
        db = sh.getDBHelper()

        if mc.get("paging", ""):
            if " limit " in select.lower():
                return sh.alert("使用paging选项时select中不能使用limit, 请检查后台配置", stay=10)
            # 如果使用了paging, select中就不允许出现limit
            if int(mc.get("paging")) <= 0:
                return sh.alert("paging配置参数应为正整数", stay=10)
            if " distinct " in select.lower():
                return sh.alert("抱歉, 暂不支持paging与distinct一起使用", stay=10)
            # 查询count(*)
            form_key = " from " if " from " in select else " FROM "
            total = self.__getTotal(select)
            # 设置limit获得数据
            select = select + " limit %d, %d" % self.__getLimit(inputs.get("page_num", 1), int(mc.paging))
            items = db.fetchSome(select)
            # 获得分页
            pagination_html = (
                '<div fx="paging[style=zarkpy;pageCount=%d;totalCount=%d;displayPages=10;firstText=第一页;lastText=末页;]"></div>'
                % (int(mc.paging), total)
            )

        else:
            items = db.fetchSome(select)
            pagination_html = ""

        keys = self.__getSortedKeys(select)
        if len(keys) == 0 and len(items) > 0:
            keys = items[0].keys()

        return sh.editor.ReportForms(items, pagination_html, keys, mc)
Exemplo n.º 41
0
    def GET(self, path):
        mc = sh.ctrl('Editor').getMenuConfig()
        # 禁止访问未公开的路径
        if not mc: return sh.redirectTo404()

        inputs = sh.inputs()
        select = mc.get('select', '').replace('%', '%%') # 因为MySQLdb会转义%
        db = sh.getDBHelper()

        if mc.get('paging', ''):
            if ' limit ' in select.lower():
                return sh.alert('使用paging选项时select中不能使用limit, 请检查后台配置', stay=10)
            # 如果使用了paging, select中就不允许出现limit
            if int(mc.get('paging')) <= 0:
                return sh.alert('paging配置参数应为正整数', stay=10)
            if ' distinct ' in select.lower():
                return sh.alert('抱歉, 暂不支持paging与distinct一起使用', stay=10)
            # 查询count(*)
            form_key = ' from ' if ' from ' in select else ' FROM '
            total = self.__getTotal(select)
            # 设置limit获得数据
            select = select + ' limit %d, %d' % \
                self.__getLimit(inputs.get('page_num', 1), int(mc.paging))
            items = db.fetchSome(select)
            # 获得分页
            pagination_html = '<div fx="paging[style=zarkpy;pageCount=%d;totalCount=%d;displayPages=10;firstText=第一页;lastText=末页;]"></div>' % (int(mc.paging), total)

        else:
            items = db.fetchSome(select)
            pagination_html = ''

        keys = self.__getSortedKeys(select)
        if len(keys) == 0 and len(items) > 0:
            keys = items[0].keys()

        return sh.editor.ReportForms(items, pagination_html, keys, mc)
Exemplo n.º 42
0
    def POST(self, inputs=None):
        if not inputs: inputs = sh.inputs()
        assert inputs.has_key('action')

        if inputs.action == 'postImage':
            assert inputs.get('Userid', 0)
            assert sh.model('User').get(inputs.Userid)
            assert inputs.get('data_name', None)
            assert inputs.get('data_id', None)
            img_model = sh.model('UserImage')

            image_data = sh.getSwfUploadImageFile()

            new_id = img_model.insert(
                sh.storage(
                    dict(image_file=image_data,
                         Userid=inputs.Userid,
                         file_name=image_data.filename,
                         data_name=inputs.data_name,
                         data_id=inputs.data_id)))

            return 'success;%d;%s;%s' % (
                new_id, img_model.getUrlByPrivate(inputs.Userid,
                                                  new_id), image_data.filename)
Exemplo n.º 43
0
    def POST(self):
        inputs = sh.inputs()
        assert inputs.has_key('model_name'), u'请指定需要裁剪的数据类型'
        assert inputs.has_key('model_id'), u'请指定需要裁剪的数据ID'
        assert inputs.has_key('column_name'), u'请指定裁剪的列名'
        assert int(float(inputs.get('region_width', '0'))) > 0
        assert int(float(inputs.get('region_height', '0'))) > 0

        model = sh.model(inputs.model_name)
        item = model.get(inputs.model_id)
        image = item.image

        real_width, real_height = sh.imageSize(image.url)  # 图片的真实宽高
        crop = inputs.crop
        region_width = int(float(inputs.region_width))  # 选择区域的宽度
        region_height = int(float(inputs.region_height))  # 选择区域的高度

        start_x = int(crop.split()[0])  # 选中的起始位置
        start_y = int(crop.split()[1])
        region_x = int(crop.split()[2])  # 选中的宽度
        region_y = int(crop.split()[3])  # 选中的高度

        # convert 裁剪区域
        region = '%dx%d+%d+%d' % (region_x * real_width / region_width,
                                  region_y * real_height / region_height,
                                  real_width * start_x / region_width,
                                  real_height * start_y / region_height)

        path = sh.urlToPath(image.url)
        os.system('convert %s -crop %s %s' % (path, region, path + '.crop'))
        model.update(inputs.model_id, {inputs.column_name: crop})

        # 删除以前裁剪图片的各种尺寸副本
        os.system('rm %s.crop_*' % path)

        return sh.refresh()
Exemplo n.º 44
0
 def GET(self):
     inputs = sh.inputs()
     assert inputs.get('access_token', '')
     assert inputs.get('state', '')
     return self._render(inputs.get('error', ''))
Exemplo n.º 45
0
 def __getPageNum(self, env):
     key = self.arguments.paging_key
     return int(env[key] if env.has_key(key) else sh.inputs().get(key, 1))
Exemplo n.º 46
0
 def POST(self, inputs=None):
     if not inputs: inputs = sh.inputs()
     return self._update(inputs)
     return sh.toJsonp({'success':True, 'affected': self._update(inputs)})
Exemplo n.º 47
0
 def GET(self):
     inputs = sh.inputs()
     assert inputs.get('access_token', '')
     assert inputs.get('state', '')
     return self._render(inputs.get('error', ''))
Exemplo n.º 48
0
 def POST(self, inputs=None):
     if not inputs: inputs = sh.inputs()
     self._update(inputs)
     return sh.refresh()
Exemplo n.º 49
0
 def _getCNSiteName(self):
     site_name = sh.inputs().state.partition('_')[0]
     return sh.ctrl('oauth.' + site_name).CN_SITE_NAME
Exemplo n.º 50
0
 def GET(self):
     inputs = sh.inputs()
     if sh.session.is_login:
         return sh.page.user.ResetPassword()
     else:
         return sh.redirectToLogin()
Exemplo n.º 51
0
 def POST(self, inputs=None):
     if not inputs: inputs = sh.inputs()
     self._update(inputs)
     return sh.refresh()
Exemplo n.º 52
0
 def POST(self, name):
     inputs = sh.inputs()
     assert inputs.has_key('value')
     key = self.prefix_key + name
     sh.setSiteConfig(key, inputs.value)
     return sh.refresh()
Exemplo n.º 53
0
 def _update(self, inputs=None):
     assert(sh.session.is_admin)
     if inputs is None: inputs = sh.inputs()
     assert(inputs.has_key('model_name'))
     assert(inputs.has_key('model_id'))
     return sh.model(inputs.model_name).update(int(inputs.model_id),inputs)
Exemplo n.º 54
0
 def POST(self, name):
     inputs = sh.inputs()
     assert inputs.has_key('value')
     key = self.prefix_key + name
     sh.setSiteConfig(key, inputs.value)
     return sh.refresh()
Exemplo n.º 55
0
 def _getCNSiteName(self):
     site_name = sh.inputs().state.partition('_')[0]
     return sh.ctrl('oauth.' + site_name).CN_SITE_NAME
Exemplo n.º 56
0
 def _render(self, error_msg=''):
     inputs = sh.inputs()
     return sh.page.oauth.Register(inputs.access_token, inputs.state,
                                   self._getCNSiteName(), error_msg,
                                   inputs.get(self.PRIMARY_KEY))
Exemplo n.º 57
0
 def _render(self, error_msg=''):
     inputs = sh.inputs()
     return sh.page.oauth.Register(inputs.access_token, inputs.state,
             self._getCNSiteName(), error_msg, inputs.get(self.PRIMARY_KEY))
Exemplo n.º 58
0
 def __getPageNum(self, env):
     key = self.arguments.paging_key
     return int(env[key] if env.has_key(key) else sh.inputs().get(key, 1))