def gen_passwd(self):
post_data = {}
for key in self.request.arguments:
post_data[key] = self.get_arguments(key)
userinfo = self.muser.get_by_id(post_data['u'][0])
sub_timestamp = int(post_data['t'][0])
cur_timestamp = tools.timestamp()
if cur_timestamp - sub_timestamp < 600 and cur_timestamp > sub_timestamp:
pass
else:
kwd = {
'info': '密码重置已超时!',
}
self.set_status(400)
self.render('html/404.html', kwd=kwd)
hash_str = tools.md5(userinfo.user_name + post_data['t'][0] + userinfo.user_pass)
if hash_str == post_data['p'][0]:
pass
else:
kwd = {
'info': '密码重置验证出错!',
}
self.set_status(400)
self.render('html/404.html', kwd=kwd)
new_passwd = tools.get_uu8d()
self.muser.update_pass(userinfo.user_name, new_passwd)
kwd = {
'user_name': userinfo.user_name,
'new_pass': new_passwd,
}
self.render('{0}/user/show_pass.html'.format(self.tmpl_name), kwd=kwd)
def insert_data(self, post_data):
if '/' in post_data['user_name'][0]:
return False
if ':' in post_data['user_name'][0]:
return False
if len(post_data['user_name'][0]) < 5 or len(post_data['user_name'][0]) > 20:
return False
if '\\' in post_data['user_name'][0]:
return False
if '#' in post_data['user_name'][0]:
return False
if '+' in post_data['user_name'][0]:
return False
if "'" in post_data['user_name'][0]:
return False
if '"' in post_data['user_name'][0]:
return False
if '(' in post_data['user_name'][0]:
return False
if ')' in post_data['user_name'][0]:
return False
if ' ' in post_data['user_name'][0]:
return False
try:
CabMember.create(uid=tools.get_uuid(),
user_name=post_data['user_name'][0],
user_pass=tools.md5(post_data['user_pass'][0]),
user_email=post_data['user_email'][0],
privilege='10000',
reset_passwd_timestamp=0, )
return True
except:
return False
def gen_passwd(self):
post_data = {}
for key in self.request.arguments:
post_data[key] = self.get_arguments(key)
userinfo = self.muser.get_by_id(post_data['u'][0])
sub_timestamp = int(post_data['t'][0])
cur_timestamp = tools.timestamp()
if cur_timestamp - sub_timestamp < 600 and cur_timestamp > sub_timestamp:
pass
else:
kwd = {
'info': '密码重置已超时!',
}
self.set_status(400)
self.render('html/404.html', kwd=kwd)
hash_str = tools.md5(userinfo.user_name + post_data['t'][0] + userinfo.user_pass)
if hash_str == post_data['p'][0]:
pass
else:
kwd = {
'info': '密码重置验证出错!',
}
self.set_status(400)
self.render('html/404.html', kwd=kwd)
new_passwd = tools.get_uu8d()
self.muser.update_pass(userinfo.user_name, new_passwd)
kwd = {
'user_name': userinfo.user_name,
'new_pass': new_passwd,
}
self.render('{0}/{1}/show_pass.html'.format(self.tmpl_name, self.tmpl_router), kwd=kwd)
def insert_data(self, post_data):
if '/' in post_data['user_name'][0]:
return False
if ':' in post_data['user_name'][0]:
return False
if len(post_data['user_name'][0]) < 5 or len(post_data['user_name'][0]) > 20:
return False
if '\\' in post_data['user_name'][0]:
return False
if '#' in post_data['user_name'][0]:
return False
if '+' in post_data['user_name'][0]:
return False
if "'" in post_data['user_name'][0]:
return False
if '"' in post_data['user_name'][0]:
return False
if '(' in post_data['user_name'][0]:
return False
if ')' in post_data['user_name'][0]:
return False
if ' ' in post_data['user_name'][0]:
return False
try:
CabMember.create(uid=tools.get_uuid(),
user_name=post_data['user_name'][0],
user_pass=tools.md5(post_data['user_pass'][0]),
user_email=post_data['user_email'][0],
privilege='10000',
reset_passwd_timestamp=0, )
return True
except:
return False
def check_user(self, u_name, u_pass):
tt = CabMember.select().where(CabMember.user_name == u_name).count()
if tt == 0:
return -1
a = CabMember.get(user_name=u_name)
if a.user_pass == tools.md5(u_pass):
return 1
return 0
def check_user(self, u_name, u_pass):
tt = CabMember.select().where(CabMember.user_name == u_name).count()
if tt == 0:
return -1
a = CabMember.get(user_name=u_name)
if a.user_pass == tools.md5(u_pass):
return 1
return 0
def insert_data(self, post_data):
try:
CabMember.create(uid=tools.get_uuid(),
user_name=post_data['user_name'][0],
user_pass=tools.md5(post_data['user_pass'][0]),
user_email=post_data['user_email'][0],
privilege='10000',
reset_passwd_timestamp=0, )
return True
except:
return False
def reset_password(self):
post_data = {}
for key in self.request.arguments:
post_data[key] = self.get_arguments(key)
if 'email' in post_data:
userinfo = self.muser.get_by_email(post_data['email'][0])
if tools.timestamp() - userinfo.reset_passwd_timestamp < 70:
self.set_status(400)
kwd = {
'info': '两次重置密码时间应该大于1分钟',
}
self.render('html/404.html', kwd=kwd, userinfo=self.userinfo)
return False
if userinfo:
timestamp = tools.timestamp()
passwd = userinfo.user_pass
username = userinfo.user_name
hash_str = tools.md5(username + str(timestamp) + passwd)
url_reset = '{0}/user/reset-passwd?u={1}&t={2}&p={3}'.format(
config.site_url, username, timestamp, hash_str)
email_cnt = '''
<div>请查看下面的信息,并<span style="color:red">谨慎操作</span>:</div>
<div>您在"{0}"网站({1})申请了密码重置,如果确定要进行密码重置,请打开下面链接:</div>
<div><a href={2}>{2}</a></div>
<div>如果无法确定本信息的有效性,请忽略本邮件。</div>
'''.format(config.site_name, config.site_url, url_reset)
if send_mail([userinfo.user_email],
"{0}|密码重置".format(config.site_name), email_cnt):
self.muser.update_reset_passwd_timestamp(
username, timestamp)
self.set_status(200)
return True
else:
self.set_status(400)
return False
else:
self.set_status(400)
return False
else:
self.set_status(400)
return False
def reset_password(self):
post_data = {}
for key in self.request.arguments:
post_data[key] = self.get_arguments(key)
if 'email' in post_data:
userinfo = self.muser.get_by_email(post_data['email'][0])
if tools.timestamp() - userinfo.reset_passwd_timestamp < 70:
self.set_status(400)
kwd = {
'info': '两次重置密码时间应该大于1分钟',
}
self.render('html/404.html', kwd=kwd)
return False
if userinfo:
timestamp = tools.timestamp()
passwd = userinfo.user_pass
username = userinfo.user_name
hash_str = tools.md5(username + str(timestamp) + passwd)
url_reset = '{0}/user/reset-passwd?u={1}&t={2}&p={3}'.format(config.site_url, username, timestamp,
hash_str)
email_cnt = '''
<div>请查看下面的信息,并<span style="color:red">谨慎操作</span>:</div>
<div>您在"{0}"网站({1})申请了密码重置,如果确定要进行密码重置,请打开下面链接:</div>
<div><a href={2}>{2}</a></div>
<div>如果无法确定本信息的有效性,请忽略本邮件。</div>
'''.format(config.site_name, config.site_url, url_reset)
if send_mail([userinfo.user_email], "{0}|密码重置".format(config.site_name), email_cnt):
self.muser.update_reset_passwd_timestamp(username, timestamp)
self.set_status(200)
return True
else:
self.set_status(400)
return False
else:
self.set_status(400)
return False
else:
self.set_status(400)
return False
def update_pass(self, u_name, newpass):
entry = CabMember.update(
user_pass=tools.md5(newpass),
).where(CabMember.user_name == u_name)
entry.execute()
return entry
def update_pass(self, u_name, newpass):
entry = CabMember.update(
user_pass=tools.md5(newpass),
).where(CabMember.user_name == u_name)
entry.execute()
return entry
