def request_temp(self, get):
try:
if not hasattr(get, 'tmp_token'):
return public.getMsg('INIT_ARGS_ERR')
if len(get.tmp_token) != 48: return public.getMsg('INIT_ARGS_ERR')
if not re.match(r"^\w+$", get.tmp_token):
return public.getMsg('INIT_ARGS_ERR')
skey = public.GetClientIp() + '_temp_login'
if not public.get_error_num(skey, 10):
return public.getMsg('AUTH_FAILED')
s_time = int(time.time())
data = public.M('temp_login').where(
'state=? and expire>?',
(0, s_time)).field('id,token,salt,expire').find()
if not data:
public.set_error_num(skey)
return public.getMsg('VERIFICATION_FAILED')
if not isinstance(data, dict):
public.set_error_num(skey)
return public.getMsg('VERIFICATION_FAILED')
r_token = public.md5(get.tmp_token + data['salt'])
if r_token != data['token']:
public.set_error_num(skey)
return public.getMsg('VERIFICATION_FAILED')
public.set_error_num(skey, True)
userInfo = public.M('users').where(
"id=?", (1, )).field('id,username').find()
session['login'] = True
session['username'] = public.getMsg('TEMPORARY_ID', (data['id'], ))
session['tmp_login'] = True
session['tmp_login_id'] = str(data['id'])
session['tmp_login_expire'] = time.time() + 3600
session['uid'] = data['id']
sess_path = 'data/session'
if not os.path.exists(sess_path):
os.makedirs(sess_path, 384)
public.writeFile(sess_path + '/' + str(data['id']), '')
login_addr = public.GetClientIp() + ":" + str(
request.environ.get('REMOTE_PORT'))
public.WriteLog('TYPE_LOGIN', 'LOGIN_SUCCESS',
(userInfo['username'], login_addr))
public.M('temp_login').where('id=?', (data['id'], )).update({
"login_time":
s_time,
'state':
1,
'login_addr':
login_addr
})
self.limit_address('-')
cache.delete('panelNum')
cache.delete('dologin')
sess_input_path = 'data/session_last.pl'
public.writeFile(sess_input_path, str(int(time.time())))
self.set_request_token()
self.login_token()
self.set_cdn_host(get)
return redirect('/')
except:
return public.getMsg('LOGIN_FAIL')
def get_sk(self):
save_path = '/www/server/panel/config/api.json'
if not os.path.exists(save_path):
return redirect('/login')
try:
api_config = json.loads(public.ReadFile(save_path))
except:
os.remove(save_path)
return redirect('/login')
if not api_config['open']:
return redirect('/login')
from BTPanel import get_input
get = get_input()
client_ip = public.GetClientIp()
if not 'client_bind_token' in get:
if not 'request_token' in get or not 'request_time' in get:
return redirect('/login')
num_key = client_ip + '_api'
if not public.get_error_num(num_key, 20):
return public.returnJson(False, 'AUTH_FAILED1')
if not client_ip in api_config['limit_addr']:
public.set_error_num(num_key)
return public.returnJson(
False,
'%s[' % public.GetMsg("AUTH_FAILED1") + client_ip + ']')
else:
num_key = client_ip + '_app'
if not public.get_error_num(num_key, 20):
return public.returnJson(False, 'AUTH_FAILED1')
a_file = '/dev/shm/' + get.client_bind_token
if not os.path.exists(a_file):
import panelApi
if not panelApi.panelApi().get_app_find(get.client_bind_token):
public.set_error_num(num_key)
return public.returnJson(False, 'UNBOUND_DEVICE')
public.writeFile(a_file, '')
if not 'key' in api_config:
public.set_error_num(num_key)
return public.returnJson(False, 'KEY_ERR')
if not 'form_data' in get:
public.set_error_num(num_key)
return public.returnJson(False, 'FORM_DATA_ERR')
g.form_data = json.loads(
public.aes_decrypt(get.form_data, api_config['key']))
get = get_input()
if not 'request_token' in get or not 'request_time' in get:
return redirect('/login')
g.is_aes = True
g.aes_key = api_config['key']
request_token = public.md5(get.request_time + api_config['token'])
if get.request_token == request_token:
public.set_error_num(num_key, True)
return False
public.set_error_num(num_key)
return public.returnJson(False, 'SECRET_KEY_CHECK_FALSE')