Пример #1
0
    def set_login(self, get):
        session_id = public.get_session_id()
        if cache.get(session_id) == 'True':
            return self.check_app_login(get)

        if os.path.exists(self.app_path + "login.pl"):
            data = public.readFile(self.app_path + 'login.pl')
            public.ExecShell('rm ' + self.app_path + "login.pl")
            secret_key, init_time = data.split(':')
            if time.time() - float(init_time) < 60 and get[
                    'secret_key'] == secret_key:
                sql = db.Sql()
                userInfo = sql.table('users').where(
                    "id=?", (1, )).field('id,username,password').find()
                session['login'] = True
                session['username'] = userInfo['username']
                cache.delete('panelNum')
                cache.delete('dologin')
                public.WriteLog(
                    'TYPE_LOGIN', 'LOGIN_SUCCESS',
                    ('WeChat scan code login', public.GetClientIp() + ":" +
                     str(request.environ.get('REMOTE_PORT'))))
                login_type = 'data/app_login.pl'
                self.set_request_token()
                import config
                config.config().reload_session()
                public.writeFile(login_type, 'True')
                public.login_send_body("Wechat program", userInfo['username'],
                                       public.GetClientIp(),
                                       str(request.environ.get('REMOTE_PORT')))
                return public.returnMsg(True, 'login successful')
        return public.returnMsg(False, 'Login failed')
Пример #2
0
 def check_app_login(self, get):
     #判断是否存在绑定
     btapp_info = json.loads(
         public.readFile('/www/server/panel/config/api.json'))
     if not btapp_info: return public.returnMsg(False, 'Unbound')
     if not btapp_info['open']:
         return public.returnMsg(False, 'API is not turned on')
     if not 'apps' in btapp_info:
         return public.returnMsg(False, 'Unbound phone')
     if not btapp_info['apps']:
         return public.returnMsg(False, 'Unbound phone')
     try:
         session_id = public.get_session_id()
         if not os.path.exists(self.app_path + 'app_login_check.pl'):
             return public.returnMsg(False,
                                     'Waiting for APP scan code login 1')
         data = public.readFile(self.app_path + 'app_login_check.pl')
         public.ExecShell('rm ' + self.app_path + "app_login_check.pl")
         secret_key, init_time = data.split(':')
         if len(session_id) != 64:
             return public.returnMsg(False,
                                     'Waiting for APP scan code login 2')
         if len(secret_key) != 64:
             return public.returnMsg(False,
                                     'Waiting for APP scan code login 2')
         if time.time() - float(init_time) > 60:
             return public.returnMsg(False,
                                     'Waiting for APP scan code login')
         if session_id != secret_key:
             return public.returnMsg(False,
                                     'Waiting for APP scan code login')
         cache.delete(session_id)
         userInfo = public.M('users').where(
             "id=?", (1, )).field('id,username').find()
         session['login'] = True
         session['username'] = userInfo['username']
         session['tmp_login'] = True
         public.WriteLog(
             'TYPE_LOGIN',
             'APP scan code login, account: {}, login IP: {}'.format(
                 userInfo['username'],
                 public.GetClientIp() + ":" +
                 str(request.environ.get('REMOTE_PORT'))))
         cache.delete('panelNum')
         cache.delete('dologin')
         session['session_timeout'] = time.time(
         ) + public.get_session_timeout()
         login_type = 'data/app_login.pl'
         self.set_request_token()
         import config
         config.config().reload_session()
         public.writeFile(login_type, 'True')
         public.login_send_body("aaPanel Mobile", userInfo['username'],
                                public.GetClientIp(),
                                str(request.environ.get('REMOTE_PORT')))
         return public.returnMsg(True, 'login successful!')
     except:
         return public.returnMsg(False, 'Login failed 2')
Пример #3
0
 def request_temp(self,get):
     try:
         if len(get.__dict__.keys()) > 2: return public.getMsg('INIT_ARGS_ERR')
         if not hasattr(get,'tmp_token'): return public.getMsg('INIT_ARGS_ERR')
         if len(get.tmp_token) != 48: return public.getMsg('INIT_ARGS_ERR')
         if not re.match(r"^\w+$",get.tmp_token):return public.getMsg('INIT_ARGS_ERR')
         skey = public.GetClientIp() + '_temp_login'
         if not public.get_error_num(skey,10): return public.getMsg('AUTH_FAILED')
         s_time = int(time.time())
         data = public.M('temp_login').where('state=? and expire>?',(0,s_time)).field('id,token,salt,expire').find()
         if not data:
             public.set_error_num(skey)
             return public.getMsg('VERIFICATION_FAILED')
         if not isinstance(data,dict):
             public.set_error_num(skey)
             return public.getMsg('VERIFICATION_FAILED')
         r_token = public.md5(get.tmp_token + data['salt'])
         if r_token != data['token']:
             public.set_error_num(skey)
             return public.getMsg('VERIFICATION_FAILED')
         public.set_error_num(skey,True)
         userInfo = public.M('users').where("id=?",(1,)).field('id,username').find()
         session['login'] = True
         session['username'] = public.getMsg('TEMPORARY_ID',(data['id'],))
         session['tmp_login'] = True
         session['tmp_login_id'] = str(data['id'])
         session['tmp_login_expire'] = time.time() + 3600
         session['uid'] = data['id']
         sess_path = 'data/session'
         if not os.path.exists(sess_path):
             os.makedirs(sess_path,384)
         public.writeFile(sess_path + '/' + str(data['id']),'')
         login_addr = public.GetClientIp()+ ":" + str(request.environ.get('REMOTE_PORT'))
         public.WriteLog('TYPE_LOGIN','LOGIN_SUCCESS',(userInfo['username'],login_addr))
         public.M('temp_login').where('id=?',(data['id'],)).update({"login_time":s_time,'state':1,'login_addr':login_addr})
         self.limit_address('-')
         cache.delete('panelNum')
         cache.delete('dologin')
         sess_input_path = 'data/session_last.pl'
         public.writeFile(sess_input_path,str(int(time.time())))
         self.set_request_token()
         self.login_token()
         self.set_cdn_host(get)
         public.login_send_body("Temporary authorization",userInfo['username'],public.GetClientIp(),str(request.environ.get('REMOTE_PORT')))
         return redirect('/')
     except:
         return public.getMsg('LOGIN_FAIL')
Пример #4
0
    def request_post(self, post):
        if not hasattr(post, 'username') or not hasattr(post, 'password'):
            return public.returnJson(False, 'LOGIN_USER_EMPTY'), json_header

        self.error_num(False)
        if self.limit_address('?') < 1:
            return public.returnJson(False, 'LOGIN_ERR_LIMIT'), json_header
        post.username = post.username.strip()

        public.chdck_salt()
        sql = db.Sql()
        user_list = sql.table('users').field(
            'id,username,password,salt').select()
        userInfo = None
        for u_info in user_list:
            if public.md5(u_info['username']) == post.username:
                userInfo = u_info
        if 'code' in session:
            if session['code'] and not 'is_verify_password' in session:
                if not hasattr(post, 'code'):
                    return public.returnJson(
                        False,
                        'Verification code can not be empty!'), json_header
                if not public.checkCode(post.code):
                    public.WriteLog('TYPE_LOGIN', 'LOGIN_ERR_CODE',
                                    ('****', '****', public.GetClientIp()))
                    return public.returnJson(False, 'CODE_ERR'), json_header
        try:
            if not userInfo['salt']:
                public.chdck_salt()
                userInfo = sql.table('users').where(
                    'id=?', (userInfo['id'],
                             )).field('id,username,password,salt').find()

            password = public.md5(post.password.strip() + userInfo['salt'])
            if public.md5(
                    userInfo['username']
            ) != post.username or userInfo['password'] != password:
                public.WriteLog('TYPE_LOGIN', 'LOGIN_ERR_PASS',
                                ('****', '******', public.GetClientIp()))
                num = self.limit_address('+')
                return public.returnJson(False, 'LOGIN_USER_ERR',
                                         (str(num), )), json_header
            _key_file = "/www/server/panel/data/two_step_auth.txt"
            #登陆告警
            public.login_send_body("Userinfo", userInfo['username'],
                                   public.GetClientIp(),
                                   str(request.environ.get('REMOTE_PORT')))
            if hasattr(post, 'vcode'):
                if self.limit_address('?', v="vcode") < 1:
                    return public.returnJson(
                        False,
                        'You have failed verification many times, forbidden for 10 minutes'
                    ), json_header
                import pyotp
                secret_key = public.readFile(_key_file)
                if not secret_key:
                    return public.returnJson(
                        False,
                        "Did not find the key, please close Google verification on the command line and trun on again"
                    ), json_header
                t = pyotp.TOTP(secret_key)
                result = t.verify(post.vcode)
                if not result:
                    if public.sync_date(): result = t.verify(post.vcode)
                    if not result:
                        num = self.limit_address('++', v="vcode")
                        return public.returnJson(
                            False,
                            'Invalid Verification code. You have [{}] times left to try!'
                            .format(num)), json_header
                now = int(time.time())
                public.writeFile(
                    "/www/server/panel/data/dont_vcode_ip.txt",
                    json.dumps({
                        "client_ip": public.GetClientIp(),
                        "add_time": now
                    }))
                self.limit_address('--', v="vcode")
                self.set_cdn_host(post)
                return self._set_login_session(userInfo)

            acc_client_ip = self.check_two_step_auth()

            if not os.path.exists(_key_file) or acc_client_ip:
                self.set_cdn_host(post)
                return self._set_login_session(userInfo)
            self.limit_address('-')
            session['is_verify_password'] = True
            return "1"
        except Exception as ex:
            stringEx = str(ex)
            if stringEx.find('unsupported') != -1 or stringEx.find('-1') != -1:
                public.ExecShell("rm -f /tmp/sess_*")
                public.ExecShell("rm -f /www/wwwlogs/*log")
                public.ServiceReload()
                return public.returnJson(False, 'USER_INODE_ERR'), json_header
            public.WriteLog('TYPE_LOGIN', 'LOGIN_ERR_PASS',
                            ('****', '******', public.GetClientIp()))
            num = self.limit_address('+')
            return public.returnJson(False, 'LOGIN_USER_ERR',
                                     (str(num), )), json_header