def request_post(self,post):
if not hasattr(post, 'username') or not hasattr(post, 'password'):
return public.returnJson(False,'LOGIN_USER_EMPTY'),json_header
self.error_num(False)
if self.limit_address('?') < 1: return public.returnJson(False,'LOGIN_ERR_LIMIT'),json_header
post.username = post.username.strip();
password = public.md5(post.password.strip());
sql = db.Sql();
userInfo = sql.table('users').where("id=?",(1,)).field('id,username,password').find()
m_code = cache.get('codeStr')
if 'code' in session:
if session['code'] and not 'is_verify_password' in session:
if not hasattr(post, 'code'): return public.returnJson(False,'验证码不能为空!'),json_header
if not public.checkCode(post.code):
public.WriteLog('TYPE_LOGIN','LOGIN_ERR_CODE',('****','****',public.GetClientIp()));
return public.returnJson(False,'CODE_ERR'),json_header
try:
s_pass = public.md5(public.md5(userInfo['password'] + '_bt.cn'))
if userInfo['username'] != post.username or s_pass != password:
public.WriteLog('TYPE_LOGIN','LOGIN_ERR_PASS',('****','******',public.GetClientIp()));
num = self.limit_address('+');
return public.returnJson(False,'LOGIN_USER_ERR',(str(num),)),json_header
_key_file = "/www/server/panel/data/two_step_auth.txt"
if hasattr(post,'vcode'):
if self.limit_address('?',v="vcode") < 1: return public.returnJson(False,'您多次验证失败,禁止10分钟'),json_header
import pyotp
secret_key = public.readFile(_key_file)
if not secret_key:
return public.returnJson(False, "没有找到key,请尝试在命令行关闭谷歌验证后在开启"),json_header
t = pyotp.TOTP(secret_key)
result = t.verify(post.vcode)
if not result:
if public.sync_date(): result = t.verify(post.vcode)
if not result:
num = self.limit_address('++',v="vcode")
return public.returnJson(False, '验证失败,您还可以尝试[{}]次!'.format(num)), json_header
now = int(time.time())
public.writeFile("/www/server/panel/data/dont_vcode_ip.txt",json.dumps({"client_ip":public.GetClientIp(),"add_time":now}))
self.limit_address('--',v="vcode")
return self._set_login_session(userInfo)
acc_client_ip = self.check_two_step_auth()
if not os.path.exists(_key_file) or acc_client_ip:
return self._set_login_session(userInfo)
self.limit_address('-')
session['is_verify_password'] = True
return "1"
except Exception as ex:
stringEx = str(ex)
if stringEx.find('unsupported') != -1 or stringEx.find('-1') != -1:
os.system("rm -f /tmp/sess_*")
os.system("rm -f /www/wwwlogs/*log")
public.ServiceReload()
return public.returnJson(False,'USER_INODE_ERR'),json_header
public.WriteLog('TYPE_LOGIN','LOGIN_ERR_PASS',('****','******',public.GetClientIp()));
num = self.limit_address('+');
return public.returnJson(False,'LOGIN_USER_ERR',(str(num),)),json_header
def request_post(self,post):
if not hasattr(post, 'username') or not hasattr(post, 'password'):
return public.returnJson(False,'LOGIN_USER_EMPTY'),json_header
self.error_num(False)
if self.limit_address('?') < 1: return public.returnJson(False,'LOGIN_ERR_LIMIT'),json_header
post.username = post.username.strip()
password = public.md5(post.password.strip())
sql = db.Sql()
user_list = sql.table('users').field('id,username,password').select()
userInfo = None
for u_info in user_list:
if u_info['username'] == post.username:
userInfo = u_info
if 'code' in session:
if session['code'] and not 'is_verify_password' in session:
if not hasattr(post, 'code'): return public.returnMsg(False,'Verification code can not be empty!')
if not public.checkCode(post.code):
public.WriteLog('TYPE_LOGIN','LOGIN_ERR_CODE',('****','****',public.GetClientIp()))
return public.returnJson(False,'CODE_ERR'),json_header
try:
s_pass = public.md5(public.md5(userInfo['password'] + '_bt.cn'))
if userInfo['username'] != post.username or s_pass != password:
public.WriteLog('TYPE_LOGIN','LOGIN_ERR_PASS',('****','******',public.GetClientIp()))
num = self.limit_address('+')
return public.returnJson(False,'LOGIN_USER_ERR',(str(num),)),json_header
_key_file = "/www/server/panel/data/two_step_auth.txt"
if hasattr(post,'vcode'):
if self.limit_address('?',v="vcode") < 1: return public.returnJson(False,'您多次验证失败,禁止10分钟'),json_header
import pyotp
secret_key = public.readFile(_key_file)
if not secret_key:
return public.returnJson(False, "Did not find the key, please close Google verification on the command line and trun on again"),json_header
t = pyotp.TOTP(secret_key)
result = t.verify(post.vcode)
if not result:
if public.sync_date(): result = t.verify(post.vcode)
if not result:
num = self.limit_address('++',v="vcode")
return public.returnJson(False, 'Invalid Verification code. You have [{}] times left to try!'.format(num)), json_header
now = int(time.time())
public.writeFile("/www/server/panel/data/dont_vcode_ip.txt",json.dumps({"client_ip":public.GetClientIp(),"add_time":now}))
self.limit_address('--',v="vcode")
self.set_cdn_host(post)
return self._set_login_session(userInfo)
acc_client_ip = self.check_two_step_auth()
if not os.path.exists(_key_file) or acc_client_ip:
self.set_cdn_host(post)
return self._set_login_session(userInfo)
self.limit_address('-')
session['is_verify_password'] = True
return "1"
except Exception as ex:
stringEx = str(ex)
if stringEx.find('unsupported') != -1 or stringEx.find('-1') != -1:
os.system("rm -f /tmp/sess_*")
os.system("rm -f /www/wwwlogs/*log")
public.ServiceReload()
return public.returnJson(False,'USER_INODE_ERR'),json_header
public.WriteLog('TYPE_LOGIN','LOGIN_ERR_PASS',('****','******',public.GetClientIp()))
num = self.limit_address('+')
return public.returnJson(False,'LOGIN_USER_ERR',(str(num),)),json_header
