def set_paypasswd(request, name):
user = request.session.get(name, None)
if not (user and user.get('is_login', None)):
return render(request, "authenticate/signin.html")
if request.method == 'POST':
set_pay = request.POST.get('set')
if set_pay == 'true':
return JsonResponse({"pub_key": get_rsa_pubkey()})
else:
passwd = request.POST.get("passwd")
if not passwd:
return JsonResponse({"message": "password could not be empty"})
pay_passwd = rsa_decrypt([passwd])[0]
if pay_passwd == '12345678' or pay_passwd == '':
return JsonResponse({
"message": "pay password to simple",
"url": ''
})
else:
the_user = User.objects.get(name=name)
the_user.pay_passwd = md5(pay_passwd)
the_user.save()
return JsonResponse({
"message":
"pay password has been saved",
"url":
reverse("manage", kwargs={"name": name})
})
return render(request, "authenticate/setpay.html")
def su_request(request):
if request.method == "POST":
signup = request.POST.get('signup_request')
if signup == "true":
if not os.path.exists(Config.key_url + "rsa_private.bin"):
key = RSA.generate(1024)
encrypted_key = key.exportKey(passphrase="981017",
pkcs=8,
protection="scryptAndAES128-CBC")
with open(Config.key_url + "rsa_private.bin", "wb+") as f:
f.write(encrypted_key)
with open(Config.key_url + "rsa_public.pem", "wb+") as f:
f.write(key.publickey().exportKey())
return JsonResponse({"pub_key": get_rsa_pubkey()})
else:
name = request.POST.get('name')
phone = request.POST.get('phone')
card = request.POST.get('card')
id_no = request.POST.get('id_no')
passwd = request.POST.get('passwd')
cipher_data = [name, id_no, phone, card, passwd]
plaintext = rsa_decrypt(cipher_data)
User.objects.get_or_create(name=plaintext[0],
id_no=plaintext[1],
phone=plaintext[2],
card=plaintext[3],
passwd=md5(plaintext[4]),
pay_passwd='12345678')
Account.objects.get_or_create(user=plaintext[2],
avatar="avatar/48.jpg",
balance="0",
cost="0")
return JsonResponse({"saved": True})
def edit(request, name):
if not if_login(request, name):
return redirect(reverse('signin'))
user = get_user(name)
account = get_account(name)
image = account.avatar
if request.method == "POST":
name = request.POST.get("name", None)
ppasswd = request.POST.get("ppasswd", None)
card = request.POST.get("card", None)
phone = request.POST.get("phone", None)
passwd = request.POST.get("passwd", None)
opasswd = request.POST.get("opasswd", None)
success = False
if opasswd:
opasswd = rsa_decrypt([opasswd])[0]
if user.passwd == md5(opasswd):
if name:
user.name = rsa_decrypt([name])[0]
if ppasswd:
user.pay_passwd = md5(rsa_decrypt([ppasswd])[0])
if card:
user.card = rsa_decrypt([card])[0]
if phone:
phone = rsa_decrypt([phone])[0]
user.phone = phone
account.user = phone
if passwd:
user.passwd = md5(rsa_decrypt([passwd])[0])
user.save()
account.save()
message = "success"
success = True
else:
message = "wrong password"
else:
message = "old password could not be empty"
return JsonResponse({"message": message, "success": success})
return render(request, "usersModule/Edit.html", {
"name": name,
"image": image
})
def transfer(request, name):
if not if_login(request, name):
return redirect(reverse('signin'))
user = get_user(name)
account = get_account(name)
card = user.card
image = get_account(name).avatar
if request.method == "POST":
amount = request.POST.get("amount")
passwd = request.POST.get("passwd")
b_phone = request.POST.get("b_phone")
phone = request.POST.get("phone")
salt = request.session[name]['salt']
signature = request.POST.get("signature")
ciphers = [amount, passwd, b_phone, phone]
plaintext = rsa_decrypt(ciphers)
success = ""
try:
beneficiary = Account.objects.get(user=plaintext[2])
except:
return JsonResponse({"message": "no such user"})
if verify_sign(ciphers, signature, name):
if md5(user.pay_passwd + salt) == plaintext[1]:
money = float(plaintext[0])
if money < 0:
return JsonResponse({"message": "wrong amount"})
if account.balance < money:
return JsonResponse(
{"message": "Insufficient account balance"})
if not creat_bill(name,
get_userby_phone(beneficiary.user).card,
money, "transfer"):
return JsonResponse({"message": "create bill wrong"})
account.balance -= money
account.cost += money
account.save()
beneficiary.balance += money
beneficiary.save()
logger.info(
'user:%s operation:%s amount:%s $ to beneficiary:%s' %
(name, 'transfer', str(money), beneficiary.name))
message = "You have already transfer " + plaintext[
0] + " yuan, Coming back to the homepage"
success = True
else:
message = "wrong password"
else:
message = "Signature verification failed"
return JsonResponse({"message": message, "success": success})
return render(request, "usersModule/Transfer.html", {
"name": name,
"card": card,
"image": image
})
def signin(request):
if request.method == "POST":
signin = request.POST.get("si_request")
if signin == "true":
[salt_id, salt] = set_salt(request)
return JsonResponse({
"pub_key": get_rsa_pubkey(),
"salt": salt,
"salt_id": salt_id
})
else:
name = request.POST.get("name")
passwd = request.POST.get("passwd")
salt_id = request.POST.get("salt_id")
if not name or not passwd:
return JsonResponse(
{"message": "name or password could not be empty"})
plaintext = rsa_decrypt([name, passwd])
passwd = plaintext[1]
try:
passwd_of_models = User.objects.values("passwd").get(
name=plaintext[0]).get("passwd")
corr_pass = md5(passwd_of_models + request.session[salt_id])
if passwd == corr_pass:
user = request.session.get(plaintext[0], None)
if user and user['is_login']:
message = "You are already logged in"
return JsonResponse({"message": message})
del request.session[salt_id]
request.session[plaintext[0]] = {
'is_login': True,
'user_name': plaintext[0]
}
request.session.set_expiry(0)
pay_passwd = User.objects.values("pay_passwd").get(
name=plaintext[0]).get("pay_passwd")
if not pay_passwd or pay_passwd == '12345678':
url = reverse("set_paypasswd",
kwargs={"name": plaintext[0]})
return JsonResponse({"if_success": True, "url": url})
return JsonResponse({
"if_success":
True,
"url":
reverse("manage", kwargs={"name": plaintext[0]})
})
else:
message = "wrong password"
except User.DoesNotExist:
message = " User does not exist"
return JsonResponse({"message": message})
else:
return render(request, "authenticate/signin.html")
def pay(request, pay_id):
info_dict = get_paybill(pay_id)
if request.method == "POST":
flag = False
phone = request.POST.get("phone")
passwd = request.POST.get("passwd")
pay_id = request.POST.get("pay_id")
[phone, passwd, pay_id] = rsa_decrypt([phone, passwd, pay_id])
try:
user = User.objects.get(phone=phone)
except:
return JsonResponse({"message": "no such user"})
if md5(passwd) == user.pay_passwd:
pi = [user.name, user.phone, user.card]
deal_identify = info_dict.deal_identify
aes_key = base64.b64decode(info_dict.key.encode())
hash_pi = sha256(pi)
info_dict.payer_name = user.name
info_dict.hash_pi = hash_pi
info_dict.save()
hash_pi_c = aes_encrypt(hash_pi, aes_key)
deal_identify = aes_encrypt(deal_identify, aes_key)
'''发送hash_pi和订单号'''
data = post(Config.Plat_PayHost, {
"hashPI": hash_pi_c,
"deal_identify": deal_identify
})
data = json.loads(data) # 不确定的类型,debug
flag = data['flag']
message = "succeed,Jumping to the CA Certification Center"
else:
message = "wrong password"
return JsonResponse({
"message": message + ",Transaction closed",
"flag": flag
})
card = info_dict.card
amount = info_dict.amount
user = get_user_by_card(card)
name = user.name
account = get_account_by_card(card)
avatar = account.avatar
return render(request, "authenticate/pay.html", {
"amount": amount,
"name": name,
"image": avatar,
"id": pay_id
})
def withdraw(request, name):
if not if_login(request, name):
return redirect(reverse('signin'))
user = get_user(name)
account = get_account(name)
card = user.card
image = account.avatar
if request.method == "POST":
amount = request.POST.get("amount")
passwd = request.POST.get("passwd")
signature = request.POST.get("signature")
salt = request.session[name]['salt']
plaintext = rsa_decrypt([amount, passwd])
success = ""
money = float(plaintext[0])
if money < 0:
return JsonResponse({"message": "wrong amount"})
if verify_sign([amount, passwd], signature, name):
if md5(user.pay_passwd + salt) == plaintext[1]:
if account.balance < money:
message = " Insufficient account balance"
return JsonResponse({"message": message})
if not creat_bill(name, "", money, "withdraw"):
return JsonResponse({"message": "create bill wrong"})
account.balance -= money
account.cost += money
account.save()
logger.info('user:%s operation:%s amount:%s $' %
(name, 'withdraw', str(money)))
message = "You have already withdraw " + plaintext[
0] + " yuan, Coming back to the homepage"
success = True
else:
message = "wrong password"
else:
message = "Signature verification failed"
return JsonResponse({"message": message, "success": success})
return render(request, "usersModule/Withdraw.html", {
"name": name,
"card": card,
"image": image
})
def recharge(request, name):
if not if_login(request, name):
return redirect(reverse('signin'))
user = get_user(name)
account = get_account(name)
card = user.card
image = account.avatar
if request.method == "POST":
amount = request.POST.get("amount")
passwd = request.POST.get("passwd")
signature = request.POST.get("signature")
salt = request.session[name]['salt']
plaintext = rsa_decrypt([amount, passwd])
success = ""
money = float(plaintext[0])
if money < 0:
return JsonResponse({"message": "wrong amount"})
if verify_sign([amount, passwd], signature, name):
if md5(user.pay_passwd + salt) == plaintext[1]:
if not creat_bill(name, "", money, "recharge"):
return JsonResponse({"message": "create bill wrong"})
account.balance += money
account.save()
logger.info('user: '******' operation: ' +
'recharge amount: ' + str(money) + '$')
message = "Your account has been recharged " + plaintext[
0] + " yuan, Coming back to the homepage"
success = True
else:
message = "wrong password"
else:
message = "Signature verification failed"
return JsonResponse({"message": message, "success": success})
return render(request, "usersModule/Recharge.html", {
"name": name,
"card": card,
"image": image
})