def clean_captcha(self):
captcha = Captcha(self.request)
data = self.cleaned_data["captcha"]
if not captcha.check(data):
msg = "验证码错误!"
self.errors['captcha'] = self.error_class([msg])
return data
def clean_captcha(self):
captcha = Captcha(self.request)
data = self.cleaned_data["captcha"]
if not captcha.check(data):
msg = "验证码错误!"
self.errors['captcha'] = self.error_class([msg])
return data
def post(self, *args, **kwargs):
captcha = self.get_body_argument("captcha")
if not Captcha.check(captcha, self):
self.custom_error("验证码错误")
content = self.get_body_argument("content")
postid = self.get_body_argument("postid")
_id = ObjectId()
post = yield self.db.article.find_and_modify({
"_id": ObjectId(postid)
},{
"$push": {
"comment": {
"_id": _id,
"content": content,
"user": {
"id": self.current_user["_id"],
"username": self.current_user["username"]
},
"time": time.time()
}
}
})
if post:
if self.current_user["username"] != post["user"]:
self.message(fromuser=None, touser=post["user"],
content=u"%s 评论了你的文章《%s》" % (self.current_user["username"], post["title"]),
jump="/post/%s" % postid)
self.at_user(content, post["title"], post["_id"], _id)
self.redirect("/post/%s#%s" % (postid, _id))
else:
self.custom_error("不存在这篇文章")
def post(self, *args, **kwargs):
captcha = self.get_body_argument("captcha")
if not Captcha.check(captcha, self):
self.custom_error("验证码错误")
content = self.get_body_argument("content")
postid = self.get_body_argument("postid")
_id = ObjectId()
post = yield self.db.article.find_and_modify(
{"_id": ObjectId(postid)}, {
"$push": {
"comment": {
"_id": _id,
"content": content,
"user": {
"id": self.current_user["_id"],
"username": self.current_user["username"]
},
"time": time.time()
}
}
})
if post:
if self.current_user["username"] != post["user"]:
self.message(fromuser=None,
touser=post["user"],
content=u"%s 评论了你的文章《%s》" %
(self.current_user["username"], post["title"]),
jump="/post/%s" % postid)
self.at_user(content, post["title"], post["_id"], _id)
self.redirect("/post/%s#%s" % (postid, _id))
else:
self.custom_error("不存在这篇文章")
def post(self):
try:
username = self.get_body_argument('username', default="")
password = self.get_body_argument('password', default="")
remember = self.get_body_argument('remember', default="off")
# check captcha
captcha = self.get_body_argument("captcha", default="")
if self.settings["captcha"]["login"] and not Captcha.check(captcha, self):
self.custom_error("验证码错误")
user = yield self.db.member.find_one({"username": username})
check = yield self.backend.submit(hash.verify, password, user.get("password"))
if check and user["power"] >= 0:
session = self.set_session(user)
if remember == "on":
cookie_json = json.dumps(session)
self.set_secure_cookie("user_info", cookie_json, expires_days=30, httponly=True)
yield self.db.member.find_and_modify({"username": username}, {
"$set": {
"logintime": time.time(),
"loginip": self.get_ipaddress()
}
})
self.redirect("/")
else:
assert False
except tornado.web.Finish:
pass
except:
import traceback
print traceback.print_exc()
self.custom_error("用户名或密码错误或账号被禁用", jump="/login")
def get_captcha(request):
"""获得验证码"""
captcha_text = get_captcha_text()
print(type(request.session))
request.session['captcha'] = captcha_text
image = Captcha.instance().generate(captcha_text)
return HttpResponse(image, content_type='image/png')
def post(self):
email = self.get_body_argument("email", default=None)
auth = self.get_body_argument("auth", default=None)
# after users submit their email
if email:
# check captcha
captcha = self.get_body_argument("captcha", default="")
if not Captcha.check(captcha, self):
self.custom_error("验证码错误")
user = yield self.db.member.find_one({"email": email})
if not user:
self.custom_error("不存在这个Email")
sign = "%s|%s|%s" % (user["username"], user["password"],
time.time())
svalue = xxtea.encrypt_hex(
utf8(sign),
self.get_byte_16(self.settings.get("cookie_secret")))
url = self.settings.get(
"base_url") + "/forgetpwd?auth=%s" % url_escape(svalue, False)
Sendemail(self.settings.get("email")).send(
to=user["email"],
orgin="*****@*****.**",
title=u"找回密码 - %s" % self.settings["site"]["webname"],
content=
u"点击链接找回你的密码:<br /><a href=\"%s\">%s</a><br />如果你没有找回密码,请忽视这封邮件"
% (url, url))
self.render("forgetpwd.htm", success=True)
# after users click url in their email, and submit a new password
elif auth:
newpwd = self.get_body_argument("password")
try:
svalue = xxtea.decrypt_hex(
utf8(auth),
self.get_byte_16(self.settings.get("cookie_secret")))
(username, password, t) = svalue.split("|")
except:
self.custom_error("参数错误,请重新找回密码", jump="/forgetpwd")
if time.time() - float(t) > 30 * 60:
self.custom_error("链接已过期,请在30分钟内点击链接找回密码", jump="/forgetpwd")
newpwd = yield self.backend.submit(hash.get, newpwd)
user = yield self.db.member.find_and_modify(
{
"username": username,
"password": password
}, {"$set": {
"password": newpwd
}})
if not user:
self.custom_error("参数错误,请重新找回密码", jump="/forgetpwd")
else:
self.custom_error("密码修改成功", jump="/login", status="success")
else:
self.custom_error("不存在这个Email")
def post(self):
email = self.get_body_argument("email", default=None)
auth = self.get_body_argument("auth", default=None)
# after users submit their email
if email:
# check captcha
captcha = self.get_body_argument("captcha", default="")
if not Captcha.check(captcha, self):
self.custom_error("验证码错误")
user = yield self.db.member.find_one({
"email": email
})
if not user:
self.custom_error("不存在这个Email")
sign = "%s|%s|%s" % (user["username"], user["password"], time.time())
svalue = xxtea.encrypt_hex(utf8(sign), self.get_byte_16(self.settings.get("cookie_secret")))
url = self.settings.get("base_url") + "/forgetpwd?auth=%s" % url_escape(svalue, False)
Sendemail(self.settings.get("email")).send(
to=user["email"],
orgin="*****@*****.**",
title=u"找回密码 - %s" % self.settings["site"]["webname"],
content=u"点击链接找回你的密码:<br /><a href=\"%s\">%s</a><br />如果你没有找回密码,请忽视这封邮件" % (url, url)
)
self.render("forgetpwd.htm", success=True)
# after users click url in their email, and submit a new password
elif auth:
newpwd = self.get_body_argument("password")
try:
svalue = xxtea.decrypt_hex(utf8(auth), self.get_byte_16(self.settings.get("cookie_secret")))
(username, password, t) = svalue.split("|")
except:
self.custom_error("参数错误,请重新找回密码", jump="/forgetpwd")
if time.time() - float(t) > 30 * 60:
self.custom_error("链接已过期,请在30分钟内点击链接找回密码", jump="/forgetpwd")
newpwd = yield self.backend.submit(hash.get, newpwd)
user = yield self.db.member.find_and_modify({
"username": username, "password": password
}, {
"$set": {"password": newpwd}
})
if not user:
self.custom_error("参数错误,请重新找回密码", jump="/forgetpwd")
else:
self.custom_error("密码修改成功", jump="/login", status="success")
else:
self.custom_error("不存在这个Email")
def get(self, *args, **kwargs):
self.set_header("Content-Type", "image/png")
img, chars = Captcha.get(self)
buf = StringIO()
img.save(buf, 'PNG', quality=70)
self.write(buf.getvalue())
def post(self):
username = self.get_body_argument("username", default="")
password = self.get_body_argument("password", default="")
repassword = self.get_body_argument("repassword", default="")
self.flash["user_reg"] = dict(username=username,
password=password,
repassword=repassword)
# check captcha
captcha = self.get_body_argument("captcha", default="")
if self.settings["captcha"]["register"] and not Captcha.check(
captcha, self):
self.redirect("/register?error=captcha")
# check register method
if self.settings["register"] == "close":
self.redirect("/register?error=closed")
elif self.settings["register"] == "invite":
code = self.get_argument("invitecode")
coderow = yield self.db.invite.find_one({
"code": {
"$eq": code
},
"used": {
"$eq": False
}
})
if not coderow:
self.redirect("/register?error=invitecode")
if time.time() - coderow["time"] > self.settings["invite_expire"]:
yield self.db.invite.remove({"code": code})
self.redirect("/register?error=invoteexpire")
# 两次输入的密码不匹配
if password != repassword:
self.redirect("/register?error=passworddiff")
# 密码长度太短
if len(password) < 5:
self.redirect("/register?error=shortpassword")
# 加密密码
password = yield self.backend.submit(hash.get, password)
member = yield self.db.member.find_one({'username': username})
# 用户名已存在
if member:
self.redirect("/register?error=usernameused")
#插入用户
user = {
"username": username,
"password": password,
"power": 0,
"money": self.settings["init_money"],
"time": time.time(),
"bookmark": [],
"email": "",
"qq": "",
"website": "",
"address": "",
"signal": u"太懒,没有留下任何个人说明",
"openwebsite": 1,
"openqq": 1,
"openemail": 1,
"allowemail": 1,
"logintime": None,
"loginip": self.get_ipaddress()
}
model = UserModel()
if not model(user):
self.custom_error(model.error_msg)
result = yield self.db.member.insert(user)
if self.settings["register"] == "invite":
coderow["used"] = True
coderow["user"] = username
yield self.db.invite.update({"code": code}, coderow)
self.flash["user_reg"] = None
self.redirect('/login')
def get(self, *args, **kwargs):
self.set_header("Content-Type", "image/png")
img, chars = Captcha.get(self)
buf = StringIO()
img.save(buf, 'PNG', quality=70)
self.write(buf.getvalue())
def post(self):
username = self.get_body_argument("username", default="")
password = self.get_body_argument("password", default="")
repassword = self.get_body_argument("repassword", default="")
self.flash["user_reg"] = dict(username=username, password=password, repassword=repassword)
# check captcha
captcha = self.get_body_argument("captcha", default="")
if self.settings["captcha"]["register"] and not Captcha.check(captcha, self):
self.redirect("/register?error=captcha")
# check register method
if self.settings["register"] == "close":
self.redirect("/register?error=closed")
elif self.settings["register"] == "invite":
code = self.get_argument("invitecode")
coderow = yield self.db.invite.find_one({
"code": {"$eq": code},
"used": {"$eq": False}
})
if not coderow:
self.redirect("/register?error=invitecode")
if time.time() - coderow["time"] > self.settings["invite_expire"]:
yield self.db.invite.remove({"code": code})
self.redirect("/register?error=invoteexpire")
# 两次输入的密码不匹配
if password != repassword:
self.redirect("/register?error=passworddiff")
# 密码长度太短
if len(password) < 5:
self.redirect("/register?error=shortpassword")
# 加密密码
password = yield self.backend.submit(hash.get, password)
member = yield self.db.member.find_one({'username': username})
# 用户名已存在
if member:
self.redirect("/register?error=usernameused")
# 插入用户
user = {
"username": username,
"password": password,
"power": 0,
"money": self.settings["init_money"],
"time": time.time(),
"bookmark": [],
"email": "",
"qq": "",
"website": "",
"address": "",
"signal": u"太懒,没有留下任何个人说明",
"openwebsite": 1,
"openqq": 1,
"openemail": 1,
"allowemail": 1,
"logintime": None,
"loginip": self.get_ipaddress()
}
model = UserModel()
if not model(user):
self.custom_error(model.error_msg)
result = yield self.db.member.insert(user)
if self.settings["register"] == "invite":
coderow["used"] = True
coderow["user"] = username
yield self.db.invite.update({"code": code}, coderow)
self.flash["user_reg"] = None
self.redirect('/login')
def show_captcha(request):
return HttpResponse(Captcha(request).display(), content_type="image/gif")
