def POST(self): post = web.input() web.ctx.session.lan = public.get_language() if not (hasattr(post, 'username') or hasattr(post, 'password') or hasattr(post, 'code')): return public.returnJson(False, 'LOGIN_USER_EMPTY') self.errorNum(False) if self.limitAddress('?') < 1: return public.returnJson(False, 'LOGIN_ERR_LIMIT') post.username = post.username.strip() password = public.md5(post.password.strip()) sql = db.Sql() userInfo = sql.table('users').where( "id=?", (1, )).field('id,username,password').find() if hasattr(web.ctx.session, 'code'): if web.ctx.session.code: if not public.checkCode(post.code): public.WriteLog('TYPE_LOGIN', 'LOGIN_ERR_CODE', ('****', web.ctx.session.code, web.ctx.ip)) return public.returnJson(False, 'CODE_ERR') try: if userInfo['username'] != post.username or userInfo[ 'password'] != password: public.WriteLog('TYPE_LOGIN', 'LOGIN_ERR_PASS', ('****', '******', web.ctx.ip)) num = self.limitAddress('+') return public.returnJson(False, 'LOGIN_USER_ERR', (str(num), )) import time login_temp = 'data/login.temp' if not os.path.exists(login_temp): public.writeFile( login_temp, '') login_logs = public.readFile(login_temp) public.writeFile( login_temp, login_logs + web.ctx.ip + '|' + str(int(time.time())) + ',') web.ctx.session.login = True web.ctx.session.username = userInfo['username'] public.WriteLog('TYPE_LOGIN', 'LOGIN_SUCCESS', (userInfo['username'], web.ctx.ip)) self.limitAddress('-') numFile = '/tmp/panelNum.pl' timeFile = '/tmp/panelNime.pl' if os.path.exists(numFile): os.remove(numFile) if os.path.exists(timeFile): os.remove(timeFile) return public.returnJson(True, 'LOGIN_SUCCESS') except Exception, ex: stringEx = str(ex) if stringEx.find('unsupported') != -1 or stringEx.find('-1') != -1: btClear() return public.returnJson(False, '磁盘Inode已用完,面板已尝试释放Inode,请重试...') public.WriteLog('TYPE_LOGIN', 'LOGIN_ERR_PASS', ('****', '******', web.ctx.ip)) num = self.limitAddress('+') return public.returnJson(False, 'LOGIN_USER_ERR', (str(num), ))
def POST(self): post = web.input() web.ctx.session.lan = public.get_language() if not (hasattr(post, 'username') or hasattr(post, 'password') or hasattr(post, 'code')): return public.returnJson(False, 'LOGIN_USER_EMPTY') if self.limitAddress('?') < 1: return public.returnJson(False, 'LOGIN_ERR_LIMIT') post.username = post.username.strip() password = public.md5(post.password.strip()) if hasattr(web.ctx.session, 'code'): if web.ctx.session.code: if not public.checkCode(post.code): public.WriteLog('TYPE_LOGIN', 'LOGIN_ERR_CODE', (post.username, post.code, web.ctx.ip)) return public.returnJson(False, 'CODE_ERR') sql = db.Sql() userInfo = sql.table('users').where( "username=? AND password=?", (post.username, password)).field('id,username,password').find() try: if userInfo['username'] != post.username or userInfo[ 'password'] != password: public.WriteLog('TYPE_LOGIN', 'LOGIN_ERR_PASS', (post.username, '******', web.ctx.ip)) num = self.limitAddress('+') return public.returnJson(False, 'LOGIN_USER_ERR', (str(num), )) import time login_temp = 'data/login.temp' if not os.path.exists(login_temp): public.writeFile( login_temp, '') login_logs = public.readFile(login_temp) public.writeFile( login_temp, login_logs + web.ctx.ip + '|' + str(int(time.time())) + ',') web.ctx.session.login = True web.ctx.session.username = post.username public.WriteLog('TYPE_LOGIN', 'LOGIN_SUCCESS', (post.username, web.ctx.ip)) self.limitAddress('-') return public.returnJson(True, 'LOGIN_SUCCESS') except: public.WriteLog('TYPE_LOGIN', 'LOGIN_ERR_PASS', (post.username, '******', web.ctx.ip)) num = self.limitAddress('+') return public.returnJson(False, 'LOGIN_USER_ERR', (str(num), ))
def setSession(self): if not hasattr(web.ctx.session, 'brand'): web.ctx.session.brand = public.getMsg('BRAND') web.ctx.session.product = public.getMsg('PRODUCT') web.ctx.session.rootPath = '/www' web.ctx.session.webname = public.getMsg('NAME') web.ctx.session.downloadUrl = 'http://download.bt.cn' if os.path.exists('data/title.pl'): web.ctx.session.webname = public.readFile('data/title.pl') web.ctx.session.setupPath = self.setupPath web.ctx.session.logsPath = '/www/wwwlogs' if not hasattr(web.ctx.session, 'menu'): web.ctx.session.menu = public.getLan('menu') if not hasattr(web.ctx.session, 'lan'): web.ctx.session.lan = public.get_language() if not hasattr(web.ctx.session, 'home'): web.ctx.session.home = 'https://www.bt.cn'
def setSession(self): if not hasattr(web.ctx.session,'brand'): web.ctx.session.brand = public.getMsg('BRAND'); web.ctx.session.product = public.getMsg('PRODUCT'); web.ctx.session.rootPath = '/www' web.ctx.session.webname = public.getMsg('NAME'); web.ctx.session.downloadUrl = 'http://download.bt.cn'; if os.path.exists('data/title.pl'): web.ctx.session.webname = public.readFile('data/title.pl'); web.ctx.session.setupPath = self.setupPath; web.ctx.session.logsPath = '/www/wwwlogs'; if not hasattr(web.ctx.session,'menu'): web.ctx.session.menu = public.getLan('menu'); if not hasattr(web.ctx.session,'lan'): web.ctx.session.lan = public.get_language(); if not hasattr(web.ctx.session,'home'): web.ctx.session.home = 'https://www.bt.cn';
def SetSession(self): if not hasattr(web.ctx.session, 'brand'): web.ctx.session.brand = public.getMsg('BRAND') web.ctx.session.product = public.getMsg('PRODUCT') web.ctx.session.rootPath = '/www' web.ctx.session.webname = public.getMsg('NAME') web.ctx.session.downloadUrl = 'http://download.bt.cn' if os.path.exists('data/title.pl'): web.ctx.session.webname = public.readFile('data/title.pl') web.ctx.session.setupPath = '/www/server' web.ctx.session.logsPath = '/www/wwwlogs' if not hasattr(web.ctx.session, 'menu'): web.ctx.session.menu = public.getLan('menu') if not hasattr(web.ctx.session, 'lan'): web.ctx.session.lan = public.get_language() if not hasattr(web.ctx.session, 'home'): web.ctx.session.home = 'https://www.bt.cn' if not hasattr(web.ctx.session, 'webserver'): if os.path.exists('/www/server/nginx'): web.ctx.session.webserver = 'nginx' else: web.ctx.session.webserver = 'apache' if os.path.exists('/www/server/' + web.ctx.session.webserver + '/version.pl'): web.ctx.session.webversion = public.readFile( '/www/server/' + web.ctx.session.webserver + '/version.pl').strip() if not hasattr(web.ctx.session, 'phpmyadminDir'): filename = '/www/server/data/phpmyadminDirName.pl' if os.path.exists(filename): web.ctx.session.phpmyadminDir = public.readFile( filename).strip() if not hasattr(web.ctx.session, 'server_os'): tmp = {} if os.path.exists('/etc/redhat-release'): tmp['x'] = 'RHEL' tmp['osname'] = public.readFile( '/etc/redhat-release').split()[0] elif os.path.exists('/usr/bin/yum'): tmp['x'] = 'RHEL' tmp['osname'] = public.readFile('/etc/issue').split()[0] elif os.path.exists('/etc/issue'): tmp['x'] = 'Debian' tmp['osname'] = public.readFile('/etc/issue').split()[0] web.ctx.session.server_os = tmp
def POST(self): post = web.input() web.ctx.session.lan = public.get_language(); if not (hasattr(post, 'username') or hasattr(post, 'password') or hasattr(post, 'code')): return public.returnJson(False,'LOGIN_USER_EMPTY'); if not self.errorNum(False): return public.returnJson(False,'防暴破机制已被启动,解除命令: rm -f /tmp/panelN*.pl'); if self.limitAddress('?') < 1: return public.returnJson(False,'LOGIN_ERR_LIMIT'); post.username = post.username.strip(); password = public.md5(post.password.strip()); sql = db.Sql(); userInfo = sql.table('users').where("id=?",(1,)).field('id,username,password').find() if hasattr(web.ctx.session,'code'): if web.ctx.session.code: if not public.checkCode(post.code): public.WriteLog('TYPE_LOGIN','LOGIN_ERR_CODE',(userInfo['username'],web.ctx.session.code,web.ctx.ip)); return public.returnJson(False,'CODE_ERR'); try: if userInfo['username'] != post.username or userInfo['password'] != password: public.WriteLog('TYPE_LOGIN','LOGIN_ERR_PASS',(userInfo['username'],'******',web.ctx.ip)); num = self.limitAddress('+'); return public.returnJson(False,'LOGIN_USER_ERR',(str(num),)); import time; login_temp = 'data/login.temp' if not os.path.exists(login_temp): public.writeFile(login_temp,''); login_logs = public.readFile(login_temp); public.writeFile(login_temp,login_logs + web.ctx.ip + '|' + str(int(time.time())) + ','); web.ctx.session.login = True; web.ctx.session.username = userInfo['username']; public.WriteLog('TYPE_LOGIN','LOGIN_SUCCESS',(userInfo['username'],web.ctx.ip)); self.limitAddress('-'); numFile = '/tmp/panelNum.pl'; timeFile = '/tmp/panelNime.pl'; if os.path.exists(numFile): os.remove(numFile); if os.path.exists(timeFile): os.remove(timeFile); return public.returnJson(True,'LOGIN_SUCCESS'); except: public.WriteLog('TYPE_LOGIN','LOGIN_ERR_PASS',(userInfo['username'],'******',web.ctx.ip)); num = self.limitAddress('+'); return public.returnJson(False,'LOGIN_USER_ERR',(str(num),));
def GET(self): if os.path.exists('/www/server/panel/install.pl'): raise web.seeother('/install') web.ctx.session.lan = public.get_language() if not hasattr(session, 'webname'): session.webname = public.getMsg('NAME') tmp = web.ctx.host.split(':') domain = public.readFile('data/domain.conf') if domain: if (tmp[0].strip() != domain.strip()): errorStr = ''' <meta charset="utf-8"> <title>%s</title> </head><body> <h1>%s</h1> <p>%s</p> <p>%s</p> <p>%s</p> <hr> <address>%s 5.x <a href="http://www.bt.cn/bbs" target="_blank">%s</a></address> </body></html> ''' % (public.getMsg('PAGE_ERR_TITLE'), public.getMsg('PAGE_ERR_DOMAIN_H1'), public.getMsg('PAGE_ERR_DOMAIN_P1'), public.getMsg('PAGE_ERR_DOMAIN_P2'), public.getMsg('PAGE_ERR_DOMAIN_P3'), public.getMsg('NAME'), public.getMsg('PAGE_ERR_HELP')) web.header('Content-Type', 'text/html; charset=utf-8', unique=True) return errorStr if os.path.exists('data/limitip.conf'): iplist = public.readFile('data/limitip.conf') if iplist: iplist = iplist.strip() if not web.ctx.ip in iplist.split(','): errorStr = ''' <meta charset="utf-8"> <title>%s</title> </head><body> <h1>%s</h1> <p>%s</p> <p>%s</p> <p>%s</p> <hr> <address>%s 5.x <a href="http://www.bt.cn/bbs" target="_blank">%s</a></address> </body></html> ''' % (public.getMsg('PAGE_ERR_TITLE'), public.getMsg('PAGE_ERR_IP_H1'), public.getMsg('PAGE_ERR_IP_P1', (web.ctx.ip, )), public.getMsg('PAGE_ERR_IP_P2'), public.getMsg('PAGE_ERR_IP_P3'), public.getMsg('NAME'), public.getMsg('PAGE_ERR_HELP')) web.header('Content-Type', 'text/html; charset=utf-8', unique=True) return errorStr get = web.input() sql = db.Sql() if hasattr(get, 'dologin'): if web.ctx.session.login != False: web.ctx.session.login = False web.ctx.session.kill() import time time.sleep(0.2) raise web.seeother('/login') if hasattr(web.ctx.session, 'login'): if web.ctx.session.login == True: raise web.seeother('/') if not hasattr(web.ctx.session, 'code'): web.ctx.session.code = False data = {} data['lan'] = public.getLan('login') render = web.template.render('templates/' + templateName + '/', globals={ 'session': session, 'web': web }) return render.login(data)
def GET(self): if os.path.exists('/www/server/panel/install.pl'): raise web.seeother('/install'); web.ctx.session.lan = public.get_language(); if not hasattr(session,'webname'): session.webname = public.getMsg('NAME'); tmp = web.ctx.host.split(':') domain = public.readFile('data/domain.conf') if domain: if(tmp[0].strip() != domain.strip()): errorStr = ''' <meta charset="utf-8"> <title>%s</title> </head><body> <h1>%s</h1> <p>%s</p> <p>%s</p> <p>%s</p> <hr> <address>%s 5.x <a href="http://www.bt.cn/bbs" target="_blank">%s</a></address> </body></html> ''' % (public.getMsg('PAGE_ERR_TITLE'),public.getMsg('PAGE_ERR_DOMAIN_H1'),public.getMsg('PAGE_ERR_DOMAIN_P1'),public.getMsg('PAGE_ERR_DOMAIN_P2'),public.getMsg('PAGE_ERR_DOMAIN_P3'),public.getMsg('NAME'),public.getMsg('PAGE_ERR_HELP')) web.header('Content-Type','text/html; charset=utf-8', unique=True) return errorStr if os.path.exists('data/limitip.conf'): iplist = public.readFile('data/limitip.conf') if iplist: iplist = iplist.strip(); if not web.ctx.ip in iplist.split(','): errorStr = ''' <meta charset="utf-8"> <title>%s</title> </head><body> <h1>%s</h1> <p>%s</p> <p>%s</p> <p>%s</p> <hr> <address>%s 5.x <a href="http://www.bt.cn/bbs" target="_blank">%s</a></address> </body></html> ''' % (public.getMsg('PAGE_ERR_TITLE'),public.getMsg('PAGE_ERR_IP_H1'),public.getMsg('PAGE_ERR_IP_P1',(web.ctx.ip,)),public.getMsg('PAGE_ERR_IP_P2'),public.getMsg('PAGE_ERR_IP_P3'),public.getMsg('NAME'),public.getMsg('PAGE_ERR_HELP')) web.header('Content-Type','text/html; charset=utf-8', unique=True) return errorStr; get = web.input() sql = db.Sql() if hasattr(get,'dologin'): if web.ctx.session.login != False: web.ctx.session.login = False; web.ctx.session.kill(); import time time.sleep(0.2); raise web.seeother('/login') if hasattr(web.ctx.session,'login'): if web.ctx.session.login == True: raise web.seeother('/') if not hasattr(web.ctx.session,'code'): web.ctx.session.code = False data = {} data['lan'] = public.getLan('login') render = web.template.render('templates/' + templateName + '/',globals={'session': session,'web':web}) return render.login(data)