def POST(self): if not logged(helper.PRIV_ADMIN): raise web.seeother('/') render = create_render() old_pwd = web.input().old_pwd.strip() new_pwd = web.input().new_pwd.strip() new_pwd2 = web.input().new_pwd2.strip() if old_pwd != '': if new_pwd == '': return render.info('新密码不能为空!请重新设置。') if new_pwd != new_pwd2: return render.info('两次输入的新密码不一致!请重新设置。') db_user = db.user.find_one({'_id': session.uid}, {'passwd': 1}) if app_helper.my_crypt(old_pwd) == db_user['passwd']: db.user.update_one( {'_id': session.uid}, {'$set': { 'passwd': app_helper.my_crypt(new_pwd) }}) return render.info('成功保存!', '/') else: return render.info('登录密码验证失败!请重新设置。') else: return render.info('未做任何修改。')
def POST(self): if not logged(helper.PRIV_USER | helper.PRIV_MCH): raise web.seeother('/') render = create_render() #full_name = web.input().full_name old_pwd = web.input().old_pwd.strip() new_pwd = web.input().new_pwd.strip() new_pwd2 = web.input().new_pwd2.strip() if old_pwd != '': if new_pwd == '': return render.info('新密码不能为空!请重新设置。') if new_pwd != new_pwd2: return render.info('两次输入的新密码不一致!请重新设置。') # 检查密码强度 _num = 0 _upper = 0 _misc = 0 for xx in new_pwd: if xx.isdigit(): _num = 1 elif xx.isupper(): _upper = 1 elif xx in '+-_/%$': _misc = 1 if _num + _upper + _misc < 3: return render.info('密码强度太低,容易被破解,请重新输入!') db_user = db.user.find_one({'_id': session.uid}, {'passwd': 1}) if app_helper.my_crypt(old_pwd) == db_user['passwd']: db.user.update_one( {'_id': session.uid}, { '$set': { 'passwd': app_helper.my_crypt(new_pwd), 'pwd_update': int(time.time()), #'full_name' : full_name } }) else: return render.info('登录密码验证失败!请重新设置。') #else: # db.user.update_one({'_id':session.uid}, {'$set':{'full_name':full_name}}) return render.info('成功保存!', '/')
def POST(self): if not logged(helper.PRIV_ADMIN): raise web.seeother('/') render = create_render() user_data = web.input(uid='', uname='', full_name='', passwd='', user_type='', mch_id='', priv=[]) if user_data['user_type'] == 'plat': privilege = helper.PRIV_USER else: privilege = helper.PRIV_MCH if user_data['mch_id'] == '': return render.info('商家用户需设置所属商家!') # 设置权限标记 menu_level = 60 * '-' for p in user_data.priv: pos = helper.MENU_LEVEL[p] menu_level = menu_level[:pos] + 'X' + menu_level[pos + 1:] # 更新数据 update_set = { 'login': int(user_data['login']), 'privilege': privilege, 'menu_level': menu_level, 'full_name': user_data['full_name'], 'user_type': user_data['user_type'], 'mch_id': user_data['mch_id'], } # 如需要,更新密码 if len(user_data['passwd']) > 0: update_set['passwd'] = app_helper.my_crypt(user_data['passwd']) update_set['pwd_update'] = 0 if user_data['uid'] == 'n/a': # 新增 update_set['uname'] = user_data['uname'].lower() r2 = db.user.find_one({'uname': update_set['uname']}) if r2: return render.info('用户名已存在!请修改后重新添加。') update_set['time'] = int(time.time()) db.user.insert(update_set) else: # 修改 db.user.update_one({'_id': ObjectId(user_data['uid'])}, {'$set': update_set}) return render.info('成功保存!', '/admin/user')
def check_rand(param, version='v1'): session = app_helper.get_session(param.session) if session == None: return json.dumps({'ret': -4, 'msg': '无效的session'}) if session.get('pwd_fail', 0) >= 5: print '========> 请重新获取验证码', session.get('pwd_fail', 0) return json.dumps({'ret': -5, 'msg': '请重新获取验证码'}) if param.rand.strip() != session['rand']: # #2015-12-22,gt if session['uname'] in app_helper.INNER_NUM.keys( ) and param.rand.strip() == app_helper.INNER_NUM[session['uname']]: pass else: db.app_sessions.update_one( {'session_id': session['session_id']}, {'$inc': { 'pwd_fail': 1 }}) return json.dumps({'ret': -5, 'msg': '短信验证码错误'}) db.app_sessions.update_one( {'session_id': session['session_id']}, {'$set': { 'login': 1, 'attime': time.time(), }}) # 更新登录时间 2016-12-28, gt db.app_user.update_one( {'uname': session['uname']}, { '$set': { 'last_time': app_helper.time_str(), 'passwd': app_helper.my_crypt(param.passwd), 'reg_ok': 1, # 标记已注册成功,reg_ok==0属于注册过程中的 2016-06-21 } }) ## 返回 return json.dumps({ 'ret': 0, 'data': { 'session': session['session_id'], 'login': True, 'uname': session['uname'], 'alert': True, # 'message': '测试弹窗', } })
def POST(self, version='v1'): web.header('Content-Type', 'application/json') param = web.input(type='', dev_id='', ver_code='', tick='', sign='') print web.data() if '' in (param.type, param.dev_id, param.ver_code, param.tick, param.sign): return json.dumps({'ret': -2, 'msg': '参数错误'}) if param.type not in ['IOS', 'ANDROID']: return json.dumps({'ret': -2, 'msg': '参数错误'}) #验证签名 sign_str = '%s%s%s%s%s' % (public_key, param.type, param.dev_id, param.ver_code, param.tick) md5_str = hashlib.md5(sign_str.encode('utf-8')).hexdigest().upper() if md5_str != param.sign: return json.dumps({'ret': -1, 'msg': '签名验证错误'}) # 注册新app app_id = my_rand().upper() if db.app_device.find({'app_id': app_id}).count() > 0: # 两次随机仍重复的可能性,很小吧 app_id = my_rand().upper() private_key = app_helper.my_crypt(app_id).upper() db.app_device.insert_one({ 'app_id': app_id, 'private_key': private_key, 'type': param.type, 'dev_id': param.dev_id, }) return json.dumps({ 'ret': 0, 'data': { 'app_id': app_id, 'private_key': private_key, } })
def POST(self): name0, passwd, rand = web.input().name, web.input().passwd, web.input( ).rand name = name0.lower() render = create_render() session.login = 0 session.privilege = 0 session.uname = '' db_user = db.user.find_one({'uname': name}) if db_user != None and db_user['login'] != 0: if session.menu_level >= 5: print '-----> 刷验证码!' return render.login_error('验证码错误,请重新登录!') if session.uid != rand.upper(): session.menu_level += 1 return render.login_error('验证码错误,请重新登录!') if db_user['passwd'] != app_helper.my_crypt(passwd): return render.login_error('密码错误,请重新登录!') session.login = 1 session.uname = name session.uid = db_user['_id'] session.privilege = int(db_user['privilege']) session.mch_id = db_user.get('mch_id', '') # 若是老用户则将session的权限位数增加至60 session.menu_level = db_user['menu_level'] if len( db_user['menu_level'] ) == 60 else db_user['menu_level'] + 30 * '-' raise web.seeother('/') else: return render.login_error()