def request_post(self,post): if not hasattr(post, 'username') or not hasattr(post, 'password'): return public.returnJson(False,'LOGIN_USER_EMPTY'),json_header self.error_num(False) if self.limit_address('?') < 1: return public.returnJson(False,'LOGIN_ERR_LIMIT'),json_header post.username = post.username.strip(); password = public.md5(post.password.strip()); sql = db.Sql(); userInfo = sql.table('users').where("id=?",(1,)).field('id,username,password').find() m_code = cache.get('codeStr') if 'code' in session: if session['code'] and not 'is_verify_password' in session: if not hasattr(post, 'code'): return public.returnJson(False,'验证码不能为空!'),json_header if not public.checkCode(post.code): public.WriteLog('TYPE_LOGIN','LOGIN_ERR_CODE',('****','****',public.GetClientIp())); return public.returnJson(False,'CODE_ERR'),json_header try: s_pass = public.md5(public.md5(userInfo['password'] + '_bt.cn')) if userInfo['username'] != post.username or s_pass != password: public.WriteLog('TYPE_LOGIN','LOGIN_ERR_PASS',('****','******',public.GetClientIp())); num = self.limit_address('+'); return public.returnJson(False,'LOGIN_USER_ERR',(str(num),)),json_header _key_file = "/www/server/panel/data/two_step_auth.txt" if hasattr(post,'vcode'): if self.limit_address('?',v="vcode") < 1: return public.returnJson(False,'您多次验证失败,禁止10分钟'),json_header import pyotp secret_key = public.readFile(_key_file) if not secret_key: return public.returnJson(False, "没有找到key,请尝试在命令行关闭谷歌验证后在开启"),json_header t = pyotp.TOTP(secret_key) result = t.verify(post.vcode) if not result: if public.sync_date(): result = t.verify(post.vcode) if not result: num = self.limit_address('++',v="vcode") return public.returnJson(False, '验证失败,您还可以尝试[{}]次!'.format(num)), json_header now = int(time.time()) public.writeFile("/www/server/panel/data/dont_vcode_ip.txt",json.dumps({"client_ip":public.GetClientIp(),"add_time":now})) self.limit_address('--',v="vcode") return self._set_login_session(userInfo) acc_client_ip = self.check_two_step_auth() if not os.path.exists(_key_file) or acc_client_ip: return self._set_login_session(userInfo) self.limit_address('-') session['is_verify_password'] = True return "1" except Exception as ex: stringEx = str(ex) if stringEx.find('unsupported') != -1 or stringEx.find('-1') != -1: os.system("rm -f /tmp/sess_*") os.system("rm -f /www/wwwlogs/*log") public.ServiceReload() return public.returnJson(False,'USER_INODE_ERR'),json_header public.WriteLog('TYPE_LOGIN','LOGIN_ERR_PASS',('****','******',public.GetClientIp())); num = self.limit_address('+'); return public.returnJson(False,'LOGIN_USER_ERR',(str(num),)),json_header
def POST(self): post = web.input() web.ctx.session.lan = public.get_language() if not (hasattr(post, 'username') or hasattr(post, 'password') or hasattr(post, 'code')): return public.returnJson(False, 'LOGIN_USER_EMPTY') self.errorNum(False) if self.limitAddress('?') < 1: return public.returnJson(False, 'LOGIN_ERR_LIMIT') post.username = post.username.strip() password = public.md5(post.password.strip()) sql = db.Sql() userInfo = sql.table('users').where( "id=?", (1, )).field('id,username,password').find() if hasattr(web.ctx.session, 'code'): if web.ctx.session.code: if not public.checkCode(post.code): public.WriteLog('TYPE_LOGIN', 'LOGIN_ERR_CODE', ('****', web.ctx.session.code, web.ctx.ip)) return public.returnJson(False, 'CODE_ERR') try: if userInfo['username'] != post.username or userInfo[ 'password'] != password: public.WriteLog('TYPE_LOGIN', 'LOGIN_ERR_PASS', ('****', '******', web.ctx.ip)) num = self.limitAddress('+') return public.returnJson(False, 'LOGIN_USER_ERR', (str(num), )) import time login_temp = 'data/login.temp' if not os.path.exists(login_temp): public.writeFile( login_temp, '') login_logs = public.readFile(login_temp) public.writeFile( login_temp, login_logs + web.ctx.ip + '|' + str(int(time.time())) + ',') web.ctx.session.login = True web.ctx.session.username = userInfo['username'] public.WriteLog('TYPE_LOGIN', 'LOGIN_SUCCESS', (userInfo['username'], web.ctx.ip)) self.limitAddress('-') numFile = '/tmp/panelNum.pl' timeFile = '/tmp/panelNime.pl' if os.path.exists(numFile): os.remove(numFile) if os.path.exists(timeFile): os.remove(timeFile) return public.returnJson(True, 'LOGIN_SUCCESS') except Exception, ex: stringEx = str(ex) if stringEx.find('unsupported') != -1 or stringEx.find('-1') != -1: btClear() return public.returnJson(False, '磁盘Inode已用完,面板已尝试释放Inode,请重试...') public.WriteLog('TYPE_LOGIN', 'LOGIN_ERR_PASS', ('****', '******', web.ctx.ip)) num = self.limitAddress('+') return public.returnJson(False, 'LOGIN_USER_ERR', (str(num), ))
def request_post(self, post): if not (hasattr(post, 'username') or hasattr(post, 'password') or hasattr(post, 'code')): return public.returnJson(False, 'LOGIN_USER_EMPTY'), json_header self.error_num(False) if self.limit_address('?') < 1: return public.returnJson(False, 'LOGIN_ERR_LIMIT'), json_header post.username = post.username.strip() password = public.md5(post.password.strip()) sql = db.Sql() userInfo = sql.table('users').where( "id=?", (1, )).field('id,username,password').find() m_code = cache.get('codeStr') if 'code' in session: if session['code']: if not public.checkCode(post.code): public.WriteLog('TYPE_LOGIN', 'LOGIN_ERR_CODE', ('****', '****', public.GetClientIp())) return public.returnJson(False, 'CODE_ERR'), json_header try: s_pass = public.md5(public.md5(userInfo['password'] + '_bt.cn')) if userInfo['username'] != post.username or s_pass != password: public.WriteLog('TYPE_LOGIN', 'LOGIN_ERR_PASS', ('****', '******', public.GetClientIp())) num = self.limit_address('+') return public.returnJson(False, 'LOGIN_USER_ERR', (str(num), )), json_header session['login'] = True session['username'] = userInfo['username'] public.WriteLog('TYPE_LOGIN', 'LOGIN_SUCCESS', (userInfo['username'], public.GetClientIp())) self.limit_address('-') cache.delete('panelNum') cache.delete('dologin') sess_input_path = 'data/session_last.pl' public.writeFile(sess_input_path, str(int(time.time()))) self.set_request_token() self.login_token() return public.returnJson(True, 'LOGIN_SUCCESS'), json_header except Exception as ex: stringEx = str(ex) if stringEx.find('unsupported') != -1 or stringEx.find('-1') != -1: os.system("rm -f /tmp/sess_*") os.system("rm -f /www/wwwlogs/*log") public.ServiceReload() return public.returnJson(False, 'USER_INODE_ERR'), json_header public.WriteLog('TYPE_LOGIN', 'LOGIN_ERR_PASS', ('****', '******', public.GetClientIp())) num = self.limit_address('+') return public.returnJson(False, 'LOGIN_USER_ERR', (str(num), )), json_header
def POST(self): post = web.input() web.ctx.session.lan = public.get_language() if not (hasattr(post, 'username') or hasattr(post, 'password') or hasattr(post, 'code')): return public.returnJson(False, 'LOGIN_USER_EMPTY') if self.limitAddress('?') < 1: return public.returnJson(False, 'LOGIN_ERR_LIMIT') post.username = post.username.strip() password = public.md5(post.password.strip()) if hasattr(web.ctx.session, 'code'): if web.ctx.session.code: if not public.checkCode(post.code): public.WriteLog('TYPE_LOGIN', 'LOGIN_ERR_CODE', (post.username, post.code, web.ctx.ip)) return public.returnJson(False, 'CODE_ERR') sql = db.Sql() userInfo = sql.table('users').where( "username=? AND password=?", (post.username, password)).field('id,username,password').find() try: if userInfo['username'] != post.username or userInfo[ 'password'] != password: public.WriteLog('TYPE_LOGIN', 'LOGIN_ERR_PASS', (post.username, '******', web.ctx.ip)) num = self.limitAddress('+') return public.returnJson(False, 'LOGIN_USER_ERR', (str(num), )) import time login_temp = 'data/login.temp' if not os.path.exists(login_temp): public.writeFile( login_temp, '') login_logs = public.readFile(login_temp) public.writeFile( login_temp, login_logs + web.ctx.ip + '|' + str(int(time.time())) + ',') web.ctx.session.login = True web.ctx.session.username = post.username public.WriteLog('TYPE_LOGIN', 'LOGIN_SUCCESS', (post.username, web.ctx.ip)) self.limitAddress('-') return public.returnJson(True, 'LOGIN_SUCCESS') except: public.WriteLog('TYPE_LOGIN', 'LOGIN_ERR_PASS', (post.username, '******', web.ctx.ip)) num = self.limitAddress('+') return public.returnJson(False, 'LOGIN_USER_ERR', (str(num), ))
def POST(self): post = web.input() web.ctx.session.lan = public.get_language(); if not (hasattr(post, 'username') or hasattr(post, 'password') or hasattr(post, 'code')): return public.returnJson(False,'LOGIN_USER_EMPTY'); if not self.errorNum(False): return public.returnJson(False,'防暴破机制已被启动,解除命令: rm -f /tmp/panelN*.pl'); if self.limitAddress('?') < 1: return public.returnJson(False,'LOGIN_ERR_LIMIT'); post.username = post.username.strip(); password = public.md5(post.password.strip()); sql = db.Sql(); userInfo = sql.table('users').where("id=?",(1,)).field('id,username,password').find() if hasattr(web.ctx.session,'code'): if web.ctx.session.code: if not public.checkCode(post.code): public.WriteLog('TYPE_LOGIN','LOGIN_ERR_CODE',(userInfo['username'],web.ctx.session.code,web.ctx.ip)); return public.returnJson(False,'CODE_ERR'); try: if userInfo['username'] != post.username or userInfo['password'] != password: public.WriteLog('TYPE_LOGIN','LOGIN_ERR_PASS',(userInfo['username'],'******',web.ctx.ip)); num = self.limitAddress('+'); return public.returnJson(False,'LOGIN_USER_ERR',(str(num),)); import time; login_temp = 'data/login.temp' if not os.path.exists(login_temp): public.writeFile(login_temp,''); login_logs = public.readFile(login_temp); public.writeFile(login_temp,login_logs + web.ctx.ip + '|' + str(int(time.time())) + ','); web.ctx.session.login = True; web.ctx.session.username = userInfo['username']; public.WriteLog('TYPE_LOGIN','LOGIN_SUCCESS',(userInfo['username'],web.ctx.ip)); self.limitAddress('-'); numFile = '/tmp/panelNum.pl'; timeFile = '/tmp/panelNime.pl'; if os.path.exists(numFile): os.remove(numFile); if os.path.exists(timeFile): os.remove(timeFile); return public.returnJson(True,'LOGIN_SUCCESS'); except: public.WriteLog('TYPE_LOGIN','LOGIN_ERR_PASS',(userInfo['username'],'******',web.ctx.ip)); num = self.limitAddress('+'); return public.returnJson(False,'LOGIN_USER_ERR',(str(num),));
def request_post(self,post): if not hasattr(post, 'username') or not hasattr(post, 'password'): return public.returnJson(False,'LOGIN_USER_EMPTY'),json_header self.error_num(False) if self.limit_address('?') < 1: return public.returnJson(False,'LOGIN_ERR_LIMIT'),json_header post.username = post.username.strip() password = public.md5(post.password.strip()) sql = db.Sql() user_list = sql.table('users').field('id,username,password').select() userInfo = None for u_info in user_list: if u_info['username'] == post.username: userInfo = u_info if 'code' in session: if session['code'] and not 'is_verify_password' in session: if not hasattr(post, 'code'): return public.returnMsg(False,'Verification code can not be empty!') if not public.checkCode(post.code): public.WriteLog('TYPE_LOGIN','LOGIN_ERR_CODE',('****','****',public.GetClientIp())) return public.returnJson(False,'CODE_ERR'),json_header try: s_pass = public.md5(public.md5(userInfo['password'] + '_bt.cn')) if userInfo['username'] != post.username or s_pass != password: public.WriteLog('TYPE_LOGIN','LOGIN_ERR_PASS',('****','******',public.GetClientIp())) num = self.limit_address('+') return public.returnJson(False,'LOGIN_USER_ERR',(str(num),)),json_header _key_file = "/www/server/panel/data/two_step_auth.txt" if hasattr(post,'vcode'): if self.limit_address('?',v="vcode") < 1: return public.returnJson(False,'您多次验证失败,禁止10分钟'),json_header import pyotp secret_key = public.readFile(_key_file) if not secret_key: return public.returnJson(False, "Did not find the key, please close Google verification on the command line and trun on again"),json_header t = pyotp.TOTP(secret_key) result = t.verify(post.vcode) if not result: if public.sync_date(): result = t.verify(post.vcode) if not result: num = self.limit_address('++',v="vcode") return public.returnJson(False, 'Invalid Verification code. You have [{}] times left to try!'.format(num)), json_header now = int(time.time()) public.writeFile("/www/server/panel/data/dont_vcode_ip.txt",json.dumps({"client_ip":public.GetClientIp(),"add_time":now})) self.limit_address('--',v="vcode") self.set_cdn_host(post) return self._set_login_session(userInfo) acc_client_ip = self.check_two_step_auth() if not os.path.exists(_key_file) or acc_client_ip: self.set_cdn_host(post) return self._set_login_session(userInfo) self.limit_address('-') session['is_verify_password'] = True return "1" except Exception as ex: stringEx = str(ex) if stringEx.find('unsupported') != -1 or stringEx.find('-1') != -1: os.system("rm -f /tmp/sess_*") os.system("rm -f /www/wwwlogs/*log") public.ServiceReload() return public.returnJson(False,'USER_INODE_ERR'),json_header public.WriteLog('TYPE_LOGIN','LOGIN_ERR_PASS',('****','******',public.GetClientIp())) num = self.limit_address('+') return public.returnJson(False,'LOGIN_USER_ERR',(str(num),)),json_header