def request_post(self, post):
if not hasattr(post, 'username') or not hasattr(post, 'password'):
return public.returnJson(False, 'LOGIN_USER_EMPTY'), json_header
self.error_num(False)
if self.limit_address('?') < 1:
return public.returnJson(False, 'LOGIN_ERR_LIMIT'), json_header
post.username = post.username.strip()
public.chdck_salt()
sql = db.Sql()
user_list = sql.table('users').field(
'id,username,password,salt').select()
userInfo = None
for u_info in user_list:
if public.md5(u_info['username']) == post.username:
userInfo = u_info
if 'code' in session:
if session['code'] and not 'is_verify_password' in session:
if not hasattr(post, 'code'):
return public.returnJson(
False,
'Verification code can not be empty!'), json_header
if not public.checkCode(post.code):
public.WriteLog('TYPE_LOGIN', 'LOGIN_ERR_CODE',
('****', '****', public.GetClientIp()))
return public.returnJson(False, 'CODE_ERR'), json_header
try:
if not userInfo['salt']:
public.chdck_salt()
userInfo = sql.table('users').where(
'id=?', (userInfo['id'],
)).field('id,username,password,salt').find()
password = public.md5(post.password.strip() + userInfo['salt'])
if public.md5(
userInfo['username']
) != post.username or userInfo['password'] != password:
public.WriteLog('TYPE_LOGIN', 'LOGIN_ERR_PASS',
('****', '******', public.GetClientIp()))
num = self.limit_address('+')
return public.returnJson(False, 'LOGIN_USER_ERR',
(str(num), )), json_header
_key_file = "/www/server/panel/data/two_step_auth.txt"
#登陆告警
public.login_send_body("Userinfo", userInfo['username'],
public.GetClientIp(),
str(request.environ.get('REMOTE_PORT')))
if hasattr(post, 'vcode'):
if self.limit_address('?', v="vcode") < 1:
return public.returnJson(
False,
'You have failed verification many times, forbidden for 10 minutes'
), json_header
import pyotp
secret_key = public.readFile(_key_file)
if not secret_key:
return public.returnJson(
False,
"Did not find the key, please close Google verification on the command line and trun on again"
), json_header
t = pyotp.TOTP(secret_key)
result = t.verify(post.vcode)
if not result:
if public.sync_date(): result = t.verify(post.vcode)
if not result:
num = self.limit_address('++', v="vcode")
return public.returnJson(
False,
'Invalid Verification code. You have [{}] times left to try!'
.format(num)), json_header
now = int(time.time())
public.writeFile(
"/www/server/panel/data/dont_vcode_ip.txt",
json.dumps({
"client_ip": public.GetClientIp(),
"add_time": now
}))
self.limit_address('--', v="vcode")
self.set_cdn_host(post)
return self._set_login_session(userInfo)
acc_client_ip = self.check_two_step_auth()
if not os.path.exists(_key_file) or acc_client_ip:
self.set_cdn_host(post)
return self._set_login_session(userInfo)
self.limit_address('-')
session['is_verify_password'] = True
return "1"
except Exception as ex:
stringEx = str(ex)
if stringEx.find('unsupported') != -1 or stringEx.find('-1') != -1:
public.ExecShell("rm -f /tmp/sess_*")
public.ExecShell("rm -f /www/wwwlogs/*log")
public.ServiceReload()
return public.returnJson(False, 'USER_INODE_ERR'), json_header
public.WriteLog('TYPE_LOGIN', 'LOGIN_ERR_PASS',
('****', '******', public.GetClientIp()))
num = self.limit_address('+')
return public.returnJson(False, 'LOGIN_USER_ERR',
(str(num), )), json_header
def control_init():
time.sleep(1)
sql = db.Sql().dbfile('system')
if not sql.table('sqlite_master').where('type=? AND name=?',
('table', 'load_average')).count():
csql = '''CREATE TABLE IF NOT EXISTS `load_average` (
`id` INTEGER PRIMARY KEY AUTOINCREMENT,
`pro` REAL,
`one` REAL,
`five` REAL,
`fifteen` REAL,
`addtime` INTEGER
)'''
sql.execute(csql, ())
if not public.M('sqlite_master').where(
'type=? AND name=? AND sql LIKE ?',
('table', 'sites', '%type_id%')).count():
public.M('sites').execute(
"alter TABLE sites add edate integer DEFAULT '0000-00-00'", ())
public.M('sites').execute(
"alter TABLE sites add type_id integer DEFAULT 0", ())
sql = db.Sql()
if not sql.table('sqlite_master').where('type=? AND name=?',
('table', 'site_types')).count():
csql = '''CREATE TABLE IF NOT EXISTS `site_types` (
`id` INTEGER PRIMARY KEY AUTOINCREMENT,
`name` REAL,
`ps` REAL
)'''
sql.execute(csql, ())
if not sql.table('sqlite_master').where(
'type=? AND name=?', ('table', 'download_token')).count():
csql = '''CREATE TABLE IF NOT EXISTS `download_token` (
`id` INTEGER PRIMARY KEY AUTOINCREMENT,
`token` REAL,
`filename` REAL,
`total` INTEGER DEFAULT 0,
`expire` INTEGER,
`password` REAL,
`ps` REAL,
`addtime` INTEGER
)'''
sql.execute(csql, ())
if not sql.table('sqlite_master').where('type=? AND name=?',
('table', 'messages')).count():
csql = '''CREATE TABLE IF NOT EXISTS `messages` (
`id` INTEGER PRIMARY KEY AUTOINCREMENT,
`level` TEXT,
`msg` TEXT,
`state` INTEGER DEFAULT 0,
`expire` INTEGER,
`addtime` INTEGER
)'''
sql.execute(csql, ())
if not public.M('sqlite_master').where(
'type=? AND name=? AND sql LIKE ?',
('table', 'logs', '%username%')).count():
public.M('logs').execute(
"alter TABLE logs add uid integer DEFAULT '1'", ())
public.M('logs').execute(
"alter TABLE logs add username TEXT DEFAULT 'system'", ())
if not public.M('sqlite_master').where(
'type=? AND name=? AND sql LIKE ?',
('table', 'crontab', '%status%')).count():
public.M('crontab').execute(
"ALTER TABLE 'crontab' ADD 'status' INTEGER DEFAULT 1", ())
public.M('crontab').execute(
"ALTER TABLE 'crontab' ADD 'save' INTEGER DEFAULT 3", ())
public.M('crontab').execute(
"ALTER TABLE 'crontab' ADD 'backupTo' TEXT DEFAULT off", ())
public.M('crontab').execute("ALTER TABLE 'crontab' ADD 'sName' TEXT",
())
public.M('crontab').execute("ALTER TABLE 'crontab' ADD 'sBody' TEXT",
())
public.M('crontab').execute("ALTER TABLE 'crontab' ADD 'sType' TEXT",
())
public.M('crontab').execute(
"ALTER TABLE 'crontab' ADD 'urladdress' TEXT", ())
public.M('users').where(
'email=? or email=?',
('*****@*****.**', '*****@*****.**')).setField(
'email', '*****@*****.**')
if not public.M('sqlite_master').where(
'type=? AND name=? AND sql LIKE ?',
('table', 'users', '%salt%')).count():
public.M('users').execute("ALTER TABLE 'users' ADD 'salt' TEXT", ())
public.chdck_salt()
filename = '/www/server/nginx/off'
if os.path.exists(filename): os.remove(filename)
c = public.to_string([
99, 104, 97, 116, 116, 114, 32, 45, 105, 32, 47, 119, 119, 119, 47,
115, 101, 114, 118, 101, 114, 47, 112, 97, 110, 101, 108, 47, 99, 108,
97, 115, 115, 47, 42
])
try:
init_file = '/etc/init.d/bt'
src_file = '/www/server/panel/init.sh'
md51 = public.md5(init_file)
md52 = public.md5(src_file)
if md51 != md52:
import shutil
shutil.copyfile(src_file, init_file)
if os.path.getsize(init_file) < 10:
public.ExecShell("chattr -i " + init_file)
public.ExecShell("\cp -arf %s %s" % (src_file, init_file))
public.ExecShell("chmod +x %s" % init_file)
except:
pass
public.writeFile('/var/bt_setupPath.conf', '/www')
public.ExecShell(c)
p_file = 'class/plugin2.so'
if os.path.exists(p_file): public.ExecShell("rm -f class/*.so")
# public.ExecShell("chmod -R 600 /www/server/panel/data;chmod -R 600 /www/server/panel/config;chmod -R 700 /www/server/cron;chmod -R 600 /www/server/cron/*.log;chown -R root:root /www/server/panel/data;chown -R root:root /www/server/panel/config;chown -R www:www /www/server/phpmyadmin;chmod -R 700 /www/server/phpmyadmin")
if os.path.exists("/www/server/mysql"):
public.ExecShell("chown mysql:mysql /etc/my.cnf;chmod 600 /etc/my.cnf")
stop_path = '/www/server/stop'
if not os.path.exists(stop_path):
os.makedirs(stop_path)
public.ExecShell(
"chown -R root:root {path};chmod -R 755 {path}".format(path=stop_path))
public.ExecShell('chmod 755 /www;chmod 755 /www/server')
#disable_putenv('putenv')
clean_session()
#set_crond()
clean_max_log('/www/server/panel/plugin/rsync/lsyncd.log')
clean_max_log('/var/log/rsyncd.log', 1024 * 1024 * 10)
clean_max_log('/root/.pm2/pm2.log', 1024 * 1024 * 20)
remove_tty1()
clean_hook_log()
run_new()
clean_max_log('/www/server/cron', 1024 * 1024 * 5, 20)
#check_firewall()
check_dnsapi()
clean_php_log()
#update_py37()
files_set_mode()
def request_post(self,post):
if not hasattr(post, 'username') or not hasattr(post, 'password'):
return public.returnJson(False,'LOGIN_USER_EMPTY'),json_header
self.error_num(False)
if self.limit_address('?') < 1: return public.returnJson(False,'LOGIN_ERR_LIMIT'),json_header
post.username = post.username.strip()
sql = db.Sql()
user_list = sql.table('users').field('id,username,password,salt').select()
userInfo = None
for u_info in user_list:
if public.md5(u_info['username']) == post.username:
userInfo = u_info
if 'code' in session:
if session['code'] and not 'is_verify_password' in session:
if not hasattr(post, 'code'): return public.returnJson(False,'验证码不能为空!'),json_header
if not public.checkCode(post.code):
public.WriteLog('TYPE_LOGIN','LOGIN_ERR_CODE',('****','****',public.GetClientIp()))
return public.returnJson(False,'CODE_ERR'),json_header
try:
if not userInfo['salt']:
public.chdck_salt()
userInfo = sql.table('users').where('id=?',(userInfo['id'],)).field('id,username,password,salt').find()
password = public.md5(post.password.strip() + userInfo['salt'])
if public.md5(userInfo['username']) != post.username or userInfo['password'] != password:
public.WriteLog('TYPE_LOGIN','LOGIN_ERR_PASS',('****','******',public.GetClientIp()))
num = self.limit_address('+')
return public.returnJson(False,'LOGIN_USER_ERR',(str(num),)),json_header
_key_file = "/www/server/panel/data/two_step_auth.txt"
if hasattr(post,'vcode'):
if self.limit_address('?',v="vcode") < 1: return public.returnJson(False,'您多次验证失败,禁止10分钟'),json_header
import pyotp
secret_key = public.readFile(_key_file)
if not secret_key:
return public.returnJson(False, "没有找到key,请尝试在命令行关闭谷歌验证后在开启"),json_header
t = pyotp.TOTP(secret_key)
result = t.verify(post.vcode)
if not result:
if public.sync_date(): result = t.verify(post.vcode)
if not result:
num = self.limit_address('++',v="vcode")
return public.returnJson(False, '验证失败,您还可以尝试[{}]次!'.format(num)), json_header
now = int(time.time())
public.writeFile("/www/server/panel/data/dont_vcode_ip.txt",json.dumps({"client_ip":public.GetClientIp(),"add_time":now}))
self.limit_address('--',v="vcode")
self.set_cdn_host(post)
return self._set_login_session(userInfo)
acc_client_ip = self.check_two_step_auth()
if not os.path.exists(_key_file) or acc_client_ip:
self.set_cdn_host(post)
return self._set_login_session(userInfo)
self.limit_address('-')
session['is_verify_password'] = True
return "1"
except Exception as ex:
stringEx = str(ex)
if stringEx.find('unsupported') != -1 or stringEx.find('-1') != -1:
os.system("rm -f /tmp/sess_*")
os.system("rm -f /www/wwwlogs/*log")
public.ServiceReload()
return public.returnJson(False,'USER_INODE_ERR'),json_header
public.WriteLog('TYPE_LOGIN','LOGIN_ERR_PASS',('****','******',public.GetClientIp()))
num = self.limit_address('+')
return public.returnJson(False,'LOGIN_USER_ERR',(str(num),)),json_header
