def POST(self):
if not logged(helper.PRIV_ADMIN):
raise web.seeother('/')
render = create_render()
old_pwd = web.input().old_pwd.strip()
new_pwd = web.input().new_pwd.strip()
new_pwd2 = web.input().new_pwd2.strip()
if old_pwd != '':
if new_pwd == '':
return render.info('新密码不能为空!请重新设置。')
if new_pwd != new_pwd2:
return render.info('两次输入的新密码不一致!请重新设置。')
db_user = db.user.find_one({'_id': session.uid}, {'passwd': 1})
if app_helper.my_crypt(old_pwd) == db_user['passwd']:
db.user.update_one(
{'_id': session.uid},
{'$set': {
'passwd': app_helper.my_crypt(new_pwd)
}})
return render.info('成功保存!', '/')
else:
return render.info('登录密码验证失败!请重新设置。')
else:
return render.info('未做任何修改。')
def POST(self):
if not logged(helper.PRIV_USER | helper.PRIV_MCH):
raise web.seeother('/')
render = create_render()
#full_name = web.input().full_name
old_pwd = web.input().old_pwd.strip()
new_pwd = web.input().new_pwd.strip()
new_pwd2 = web.input().new_pwd2.strip()
if old_pwd != '':
if new_pwd == '':
return render.info('新密码不能为空!请重新设置。')
if new_pwd != new_pwd2:
return render.info('两次输入的新密码不一致!请重新设置。')
# 检查密码强度
_num = 0
_upper = 0
_misc = 0
for xx in new_pwd:
if xx.isdigit():
_num = 1
elif xx.isupper():
_upper = 1
elif xx in '+-_/%$':
_misc = 1
if _num + _upper + _misc < 3:
return render.info('密码强度太低,容易被破解,请重新输入!')
db_user = db.user.find_one({'_id': session.uid}, {'passwd': 1})
if app_helper.my_crypt(old_pwd) == db_user['passwd']:
db.user.update_one(
{'_id': session.uid},
{
'$set': {
'passwd': app_helper.my_crypt(new_pwd),
'pwd_update': int(time.time()),
#'full_name' : full_name
}
})
else:
return render.info('登录密码验证失败!请重新设置。')
#else:
# db.user.update_one({'_id':session.uid}, {'$set':{'full_name':full_name}})
return render.info('成功保存!', '/')
def POST(self):
if not logged(helper.PRIV_ADMIN):
raise web.seeother('/')
render = create_render()
user_data = web.input(uid='',
uname='',
full_name='',
passwd='',
user_type='',
mch_id='',
priv=[])
if user_data['user_type'] == 'plat':
privilege = helper.PRIV_USER
else:
privilege = helper.PRIV_MCH
if user_data['mch_id'] == '':
return render.info('商家用户需设置所属商家!')
# 设置权限标记
menu_level = 60 * '-'
for p in user_data.priv:
pos = helper.MENU_LEVEL[p]
menu_level = menu_level[:pos] + 'X' + menu_level[pos + 1:]
# 更新数据
update_set = {
'login': int(user_data['login']),
'privilege': privilege,
'menu_level': menu_level,
'full_name': user_data['full_name'],
'user_type': user_data['user_type'],
'mch_id': user_data['mch_id'],
}
# 如需要,更新密码
if len(user_data['passwd']) > 0:
update_set['passwd'] = app_helper.my_crypt(user_data['passwd'])
update_set['pwd_update'] = 0
if user_data['uid'] == 'n/a':
# 新增
update_set['uname'] = user_data['uname'].lower()
r2 = db.user.find_one({'uname': update_set['uname']})
if r2:
return render.info('用户名已存在!请修改后重新添加。')
update_set['time'] = int(time.time())
db.user.insert(update_set)
else:
# 修改
db.user.update_one({'_id': ObjectId(user_data['uid'])},
{'$set': update_set})
return render.info('成功保存!', '/admin/user')
def check_rand(param, version='v1'):
session = app_helper.get_session(param.session)
if session == None:
return json.dumps({'ret': -4, 'msg': '无效的session'})
if session.get('pwd_fail', 0) >= 5:
print '========> 请重新获取验证码', session.get('pwd_fail', 0)
return json.dumps({'ret': -5, 'msg': '请重新获取验证码'})
if param.rand.strip() != session['rand']: #
#2015-12-22,gt
if session['uname'] in app_helper.INNER_NUM.keys(
) and param.rand.strip() == app_helper.INNER_NUM[session['uname']]:
pass
else:
db.app_sessions.update_one(
{'session_id': session['session_id']},
{'$inc': {
'pwd_fail': 1
}})
return json.dumps({'ret': -5, 'msg': '短信验证码错误'})
db.app_sessions.update_one(
{'session_id': session['session_id']},
{'$set': {
'login': 1,
'attime': time.time(),
}})
# 更新登录时间 2016-12-28, gt
db.app_user.update_one(
{'uname': session['uname']},
{
'$set': {
'last_time': app_helper.time_str(),
'passwd': app_helper.my_crypt(param.passwd),
'reg_ok': 1, # 标记已注册成功,reg_ok==0属于注册过程中的 2016-06-21
}
})
## 返回
return json.dumps({
'ret': 0,
'data': {
'session': session['session_id'],
'login': True,
'uname': session['uname'],
'alert': True, #
'message': '测试弹窗',
}
})
def POST(self, version='v1'):
web.header('Content-Type', 'application/json')
param = web.input(type='', dev_id='', ver_code='', tick='', sign='')
print web.data()
if '' in (param.type, param.dev_id, param.ver_code, param.tick,
param.sign):
return json.dumps({'ret': -2, 'msg': '参数错误'})
if param.type not in ['IOS', 'ANDROID']:
return json.dumps({'ret': -2, 'msg': '参数错误'})
#验证签名
sign_str = '%s%s%s%s%s' % (public_key, param.type, param.dev_id,
param.ver_code, param.tick)
md5_str = hashlib.md5(sign_str.encode('utf-8')).hexdigest().upper()
if md5_str != param.sign:
return json.dumps({'ret': -1, 'msg': '签名验证错误'})
# 注册新app
app_id = my_rand().upper()
if db.app_device.find({'app_id': app_id}).count() > 0:
# 两次随机仍重复的可能性,很小吧
app_id = my_rand().upper()
private_key = app_helper.my_crypt(app_id).upper()
db.app_device.insert_one({
'app_id': app_id,
'private_key': private_key,
'type': param.type,
'dev_id': param.dev_id,
})
return json.dumps({
'ret': 0,
'data': {
'app_id': app_id,
'private_key': private_key,
}
})
def POST(self):
name0, passwd, rand = web.input().name, web.input().passwd, web.input(
).rand
name = name0.lower()
render = create_render()
session.login = 0
session.privilege = 0
session.uname = ''
db_user = db.user.find_one({'uname': name})
if db_user != None and db_user['login'] != 0:
if session.menu_level >= 5:
print '-----> 刷验证码!'
return render.login_error('验证码错误,请重新登录!')
if session.uid != rand.upper():
session.menu_level += 1
return render.login_error('验证码错误,请重新登录!')
if db_user['passwd'] != app_helper.my_crypt(passwd):
return render.login_error('密码错误,请重新登录!')
session.login = 1
session.uname = name
session.uid = db_user['_id']
session.privilege = int(db_user['privilege'])
session.mch_id = db_user.get('mch_id', '')
# 若是老用户则将session的权限位数增加至60
session.menu_level = db_user['menu_level'] if len(
db_user['menu_level']
) == 60 else db_user['menu_level'] + 30 * '-'
raise web.seeother('/')
else:
return render.login_error()
