def login():
user = Users()
username = request.form.get('username').strip()
password = request.form.get('password').strip()
vcode = request.form.get('vcode').lower().strip()
if vcode != session.get('vcode'): #check verification code
return 'vcode-error'
else:
password = hashlib.md5(password.encode()).hexdigest()
result = user.find_by_username(username)
if len(result) == 1 and result[0].password == password:
session['islogin'] = '******'
session['userid'] = result[0].userid
session['username'] = username
session['nickname'] = result[0].nickname
session['role'] = result[0].role
Credit().insert_detail(type='Normal login', target='0', credit=1)
user.update_credit(1)
response = make_response('login-pass')
response.set_cookie('username', username, max_age=30 * 24 * 3600)
response.set_cookie('password', password, max_age=30 * 24 * 3600)
return response
else:
return 'login-fail'
def cban_user():
userid = request.form.get('userid')
user = Users()
try:
user.cban_user(userid)
return 'cban-success'
except:
return 'cban-fail'
def user_manage():
user = Users()
result = user.find_all_users(0, 10)
total = math.ceil(user.get_count() / 10)
return render_template('admin-users.html',
result=result,
page=1,
total=total,
type='no')
def changedata():
user = Users()
username = request.form.get('username').strip()
nickname = request.form.get('nickname').strip()
usernamenow = user.find_by_username(username)
if usernamenow is not None and usernamenow[0].userid != session.get(
"userid"):
return "error"
user.update_data(session.get("userid"), nickname, username)
return 'reg-pass'
def user_cl(page):
start = (page - 1) * 10
user = Users()
result = user.find_all_users(start, 10)
total = math.ceil(user.get_count() / 10)
return render_template('admin-users.html',
result=result,
page=page,
total=total,
type='no')
def changepassword():
user = Users()
password = request.form.get('password').strip()
oldpassword = request.form.get('oldpassword').strip()
nowuser = user.find_by_userid(session.get("userid"))
password = hashlib.md5(password.encode()).hexdigest()
oldpassword = hashlib.md5(oldpassword.encode()).hexdigest()
if oldpassword != nowuser.password:
return "error"
user.update_password(session.get("userid"), password)
return 'reg-pass'
def reply():
commentid = request.form.get('commentid')
blogid = request.form.get('blogid')
content = request.form.get('content')
if len(content) > 530:
return 'len-error'
comment = Comment()
blog = Blog()
credit = Credit()
if session.get('ban') == 1:
return 'comment-banned'
if not comment.check_limit_comment():
try:
comment.insert_reply(blogid=blogid,
commentid=commentid,
content=content)
blog.update_blog(blogid)
credit.insert_exp(type='评论', exp=2)
Users().update_exp(2)
return 'add-success'
except:
return 'add-fail'
else:
comment.insert_reply(blogid=blogid,
commentid=commentid,
content=content)
blog.update_blog(blogid)
return 'add-success'
def addc():
blogid = request.form.get('blogid')
content = request.form.get('content')
content = content.replace('\n', '<br/>')
print(content)
if len(content) > 530:
return 'len-error'
blog = Blog()
comment = Comment()
credit = Credit()
if session.get('ban') == '1':
return 'comment-banned'
if not comment.check_limit_comment():
try:
comment.insert_comment(blogid, content)
blog.update_blog(blogid)
credit.insert_exp(type='评论', exp=2)
Users().update_exp(2)
return 'add-success'
except:
return 'add-fail'
else:
comment.insert_comment(blogid, content)
blog.update_blog(blogid)
return 'add-success'
def read_all():
position = int(request.form.get('position'))
articleid = request.form.get('articleid')
article = Article()
result = article.find_by_id(articleid)
content = result[0].content[position:]
user = Users().find_by_userid(session.get("userid"))
if user.credit < result[0].credit:
return "not credit"
payed = Credit().check_payed_article(articleid)
if not payed:
Credit().insert_detail(type='阅读文章',
target=articleid,
credit=-1 * result[0].credit)
Users().update_credit(credit=-1 * result[0].credit)
return content
def login():
user = Users()
if request.method == 'GET':
return render_template('login.html')
if request.method == 'POST':
data = json.loads(request.get_data(as_text=True))
username = data.get('username')
password = data.get('password')
try:
name = user.find_by_username(username)[0].username
pwd = user.find_by_username(username)[0].password
except Exception as e:
return jsonify({'code': 40001, 'message': '查询用户信息失败'})
if name is None and password == pwd:
return jsonify({'code': 40002, 'message': '用户名不能为空'})
if name is not None and password != pwd:
return jsonify({'code': 40003, 'message': '用户名或密码错误'})
# 获取用户id,传入生成token的方法,并接收返回的token
if name is not None and password == pwd:
token = create_token(name)
return jsonify({'code': 20000, 'message': '登录成功', 'token': token})
def register():
user = Users()
username = request.form.get('username').strip()
password = request.form.get('password').strip()
ecode = request.form.get('ecode').strip()
print(ecode, session.get("ecode"))
if ecode != session.get('ecode'):
return 'ecode-error'
elif not re.match('.+@.+\..+', username) or len(password) < 5:
return 'up-invalid'
elif len(user.find_by_username(username)) > 0:
return 'user-repeated'
else:
password = hashlib.md5(password.encode()).hexdigest()
result = user.do_register(username, password)
session['userid'] = result.userid
session['username'] = username
session['nickname'] = result.nickname
session['role'] = result.role
Credit().insert_detail(type='User registration', target='0', credit=50)
return 'reg-pass'
def addlike():
commentid = request.form.get('commentid')
like = Likes()
credit = Credit()
if like.find_like(commentid=commentid):
return 'have-liked'
if not like.check_limit_like():
comment = Comment().find_by_commentid(commentid)
like.insert_like(commentid=commentid)
credit.insert_exp_user(type='点赞', exp=1, userid=comment.userid)
Users().update_like_exp(exp=1, userid=comment.userid)
return 'like-success'
else:
like.insert_like(commentid=commentid)
return 'like-success'
def verify_token(token):
"""
校验token
:param token:
:return:用户信息 or None
"""
# 参数为私有秘钥,跟上面方法的秘钥保持一致
SECRET_KEY = 'abcdefghijklmm'
s = Serializer(SECRET_KEY)
try:
# 转为字典
data = s.loads(token)
except Exception:
return None
# 拿到转换后的数据,根据模型类去数据库查询用户信息
user = Users.find_by_username(data.get('name'))[0]
return user
def user_person():
result = Users().find_by_userid(session["userid"])
return render_template('user-person.html', user=result)
def admin_user_list():
userlist = Users().find_all()
print(userlist)
return render_template('system-user.html', userlist=userlist)
import argparse
import logging
import time
import asyncio
import service
from module.users import Users
from module.error import SpierEnd
allUsers = Users([])
getting = True
def addArg():
parser = argparse.ArgumentParser(description='Block users on twitter')
groupAuth = parser.add_argument_group('auth')
groupAuth.add_argument('--authorization')
groupAuth.add_argument('--cookie')
parser.add_argument('--url')
parser.add_argument('--proxy')
args = parser.parse_args()
return args
async def asyncGetUser(classSpier):
global allUsers, getting
while True:
await asyncio.sleep(20)
try:
def admin_user_del(userid):
Users().delete(userid)
return redirect("/admin/user/")