def doLogin(): username = request.form.get('username', '').strip() password = request.form.get('password', '').strip() code = request.form.get('code', '').strip() # print(session) if 'code' in session: if session['code'] != mw.md5(code): return mw.returnJson(False, '验证码错误,请重新输入!') userInfo = mw.M('users').where("id=?", (1, )).field('id,username,password').find() # print(userInfo) # print(password) password = mw.md5(password) # print('md5-pass', password) login_cache_count = 5 login_cache_limit = cache.get('login_cache_limit') filename = 'data/close.pl' if os.path.exists(filename): return mw.returnJson(False, '面板已经关闭!') if userInfo['username'] != username or userInfo['password'] != password: msg = "<a style='color: red'>密码错误</a>,帐号:{1},密码:{2},登录IP:{3}", (( '****', '******', request.remote_addr)) if login_cache_limit == None: login_cache_limit = 1 else: login_cache_limit = int(login_cache_limit) + 1 if login_cache_limit >= login_cache_count: mw.writeFile(filename, 'True') return mw.returnJson(False, '面板已经关闭!') cache.set('login_cache_limit', login_cache_limit, timeout=10000) login_cache_limit = cache.get('login_cache_limit') mw.writeLog('用户登录', mw.getInfo(msg)) return mw.returnJson( False, mw.getInfo("用户名或密码错误,您还可以尝试[{1}]次!", (str(login_cache_count - login_cache_limit)))) cache.delete('login_cache_limit') session['login'] = True session['username'] = userInfo['username'] #print('do_login', session) # fix 跳转时,数据消失,可能是跨域问题 mw.writeFile('data/api_login.txt', userInfo['username']) return mw.returnJson(True, '登录成功,正在跳转...')
def initUserInfo(): data = mw.M('users').where('id=?', (1, )).getField('password') if data == '21232f297a57a5a743894a0e4a801fc3': pwd = mw.getRandomString(8).lower() file_pw = mw.getRunDir() + '/data/default.pl' mw.writeFile(file_pw, pwd) mw.M('users').where('id=?', (1, )).setField('password', mw.md5(pwd))
def setPasswordApi(self): password1 = request.form.get('password1', '') password2 = request.form.get('password2', '') if password1 != password2: return mw.returnJson(False, '两次输入的密码不一致,请重新输入!') if len(password1) < 5: return mw.returnJson(False, '用户密码不能小于5位!') mw.M('users').where("username=?", (session['username'],)).setField( 'password', mw.md5(password1.strip())) return mw.returnJson(True, '密码修改成功!')
def set_panel_pwd(password, ncli=False): # 设置面板密码 import db sql = db.Sql() result = sql.table('users').where('id=?', (1,)).setField( 'password', mw.md5(password)) username = sql.table('users').where('id=?', (1,)).getField('username') if ncli: print("|-用户名: " + username) print("|-新密码: " + password) else: print(username)
def code(): import vilidate vie = vilidate.vieCode() codeImage = vie.GetCodeImage(80, 4) try: from cStringIO import StringIO except: from StringIO import StringIO out = StringIO() codeImage[0].save(out, "png") session['code'] = mw.md5(''.join(codeImage[1]).lower()) img = Response(out.getvalue(), headers={'Content-Type': 'image/png'}) return make_response(img)
def toDbBase(find): pdb = pMysqlDb() psdb = pSqliteDb('databases') if len(find['password']) < 3: find['username'] = find['name'] find['password'] = mw.md5(str(time.time()) + find['name'])[0:10] psdb.where("id=?", (find['id'],)).save( 'password,username', (find['password'], find['username'])) result = pdb.execute("create database `" + find['name'] + "`") if "using password:"******"Connection refused" in str(result): return -1 password = find['password'] __createUser(find['name'], find['username'], password, find['accept']) return 1
def getCsvnPwd(user): if app_debug: return user + '123' pwd_file = 'data/csvn_sync.pl' if os.path.exists(pwd_file): return mw.readFile(pwd_file).strip() import time cur_time = time.time() rand_pwd = mw.md5(str(cur_time)) pwd = user + rand_pwd[:5] htpasswd = getServerDir() + "/bin/htpasswd" svn_auth_file = getServerDir() + "/data/conf/svn_auth_file" cmd = htpasswd + ' -b ' + svn_auth_file + ' ' + user + ' ' + pwd data = mw.execShell(cmd) mw.writeFile(pwd_file, pwd) return pwd
def addDb(): args = getArgs() data = checkArgs(args, ['password', 'name', 'codeing', 'db_user', 'dataAccess', 'ps']) if not data[0]: return data[1] if not 'address' in args: address = '' else: address = args['address'].strip() dbname = args['name'].strip() dbuser = args['db_user'].strip() codeing = args['codeing'].strip() password = args['password'].strip() dataAccess = args['dataAccess'].strip() ps = args['ps'].strip() reg = "^[\w\.-]+$" if not re.match(reg, args['name']): return mw.returnJson(False, '数据库名称不能带有特殊符号!') checks = ['root', 'mysql', 'test', 'sys', 'panel_logs'] if dbuser in checks or len(dbuser) < 1: return mw.returnJson(False, '数据库用户名不合法!') if dbname in checks or len(dbname) < 1: return mw.returnJson(False, '数据库名称不合法!') if len(password) < 1: password = mw.md5(time.time())[0:8] wheres = { 'utf8': 'utf8_general_ci', 'utf8mb4': 'utf8mb4_general_ci', 'gbk': 'gbk_chinese_ci', 'big5': 'big5_chinese_ci' } codeStr = wheres[codeing] pdb = pMysqlDb() psdb = pSqliteDb('databases') if psdb.where("name=? or username=?", (dbname, dbuser)).count(): return mw.returnJson(False, '数据库已存在!') result = pdb.execute("create database `" + dbname + "` DEFAULT CHARACTER SET " + codeing + " COLLATE " + codeStr) # print result isError = isSqlError(result) if isError != None: return isError pdb.execute("drop user '" + dbuser + "'@'localhost'") for a in address.split(','): pdb.execute("drop user '" + dbuser + "'@'" + a + "'") __createUser(dbname, dbuser, password, address) addTime = time.strftime('%Y-%m-%d %X', time.localtime()) psdb.add('pid,name,username,password,accept,ps,addtime', (0, dbname, dbuser, password, address, ps, addTime)) return mw.returnJson(True, '添加成功!')