def user_change_pwd():
"""
修改密码
"""
user_info = request.json
# 验证信息完整性
if user_info and set(user_info.keys()) == set(['old_pwd', 'new_pwd']):
token_str = request.cookies.get("user_session")
if token_str:
token_str = urllib.parse.unquote(token_str)
user_payload = util_tools.jwt_token_decode(token_str)
username = ''
if user_payload and 'username' in user_payload:
username = user_payload['username']
# 加密
old_pwd = util_tools.encrypt_password(user_info['old_pwd'])
new_pwd = util_tools.encrypt_password(user_info['new_pwd'])
if db_mongo.get_collection('user').find_one({
'username': username,
'password': old_pwd
}):
db_mongo.get_collection('user').update(
{
'username': username,
'password': old_pwd
}, {'$set': {
'password': new_pwd
}})
return Response(json.dumps(
{
'change_pwd_status': 'SUCCESS',
'message': '用户密码修改成功'
},
ensure_ascii=False),
mimetype='application/json')
else:
return Response(json.dumps(
{
'change_pwd_status': 'ERROR',
'message': '用户信息验证失败,请检查输入的旧密码是否正确!'
},
ensure_ascii=False),
mimetype='application/json')
else:
return Response(json.dumps(
{
'change_pwd_status': 'ERROR',
'message': '用户信息获取失败'
},
ensure_ascii=False),
mimetype='application/json')
else:
return Response(json.dumps(
{
'change_pwd_status': 'ERROR',
'message': '信息填写不完善'
},
ensure_ascii=False),
mimetype='application/json')
def user_register():
"""
用户注册
"""
user_info = request.json
default_keys = set([
"username", "real_name", "password", "birthday", "sex",
"addr_provence", "addr_zhou", "addr_county", "addr_township",
"question", "answer", "email_code"
])
# 验证注册信息是否填写完善
if user_info and set(user_info.keys()) == default_keys:
result = conn_redis.get(user_info['username'])
# 验证 email_code 是否正确
if result and result.decode(
encoding='utf-8') == user_info['email_code']:
# 检查用户名是否已经存在
if db_mongo.get_collection('user').find_one(
{'username': user_info['username']}):
return Response(json.dumps(
{
'register_status': 'ERROR',
'message': '此邮箱已经被注册,请跟换Email账号'
},
ensure_ascii=False),
mimetype='application/json')
else:
# 加密用户密码
user_info['password'] = util_tools.encrypt_password(
user_info['password'])
del user_info['email_code']
db_mongo.get_collection('user').insert(user_info)
return Response(json.dumps(
{
'register_status': 'SUCCESS',
'message': '注册成功'
},
ensure_ascii=False),
mimetype='application/json')
else:
return Response(json.dumps(
{
'register_status': 'ERROR',
'message': '邮箱验证码不正确,请重新获取'
},
ensure_ascii=False),
mimetype='application/json')
else:
return Response(json.dumps(
{
'register_status': 'ERROR',
'message': '注册信息填写不完善'
},
ensure_ascii=False),
mimetype='application/json')
def check_usr_mibao():
"""
验证用户密保
"""
user_info = request.json
default_keys = set(["username", "question", "answer"])
# 验证注册信息是否填写完善
if user_info and set(user_info.keys()) == default_keys:
if db_mongo.get_collection('user').find_one(user_info):
# 发送邮件
se = send_emails.SendEmail()
email_code = util_tools.generate_random_str(randomlength=10)
html_str = '''
<div>
<h3>凉山气象预报预警系统</h3>
<p>{email} 您好:</p>
<p>欢迎使用凉山气象预报预警系统</p>
你的新密码为:<b style="color:red;">{email_code}</b>
<p>请尽快尽快修改密码</p>
</div>
'''.format(email=user_info['username'], email_code=email_code)
ret = se.send_eamil(user_info['username'], '用户找回密码', html_str)
if ret:
# 更新用户新密码
new_pwd = util_tools.encrypt_password(email_code)
db_mongo.get_collection('user').update(
user_info, {'$set': {
'password': new_pwd
}})
return Response(json.dumps(
{
'check_mibao_status': 'SUCCESS',
'message': '新密码已发送到用户邮箱请注意查收并尽快修改密码。'
},
ensure_ascii=False),
mimetype='application/json')
else:
return Response(json.dumps(
{
'check_mibao_status': 'ERROR',
'message': '用户信息验证错误。'
},
ensure_ascii=False),
mimetype='application/json')
else:
return Response(json.dumps(
{
'check_mibao_status': 'ERROR',
'message': '用户信息填写不完善。'
},
ensure_ascii=False),
mimetype='application/json')
def admin_login():
username = request.form['username']
password = request.form['password']
if username and password:
new_password = util_tools.encrypt_password(password)
collection = db_mongo.get_collection('user_admin')
row = collection.find_one({"username": username}, {
'_id': 0,
"password": 1
})
if row:
if 'password' in row and row['password'] == new_password:
ip = request.headers.get('X-Real-IP') or ''
token_str = util_tools.jwt_token(username, ip)
conn_redis.set(username, token_str, ex=60 * 30, nx=True)
# conn_redis.expire(token_str, 10)
# 更新用户登录信息
resp = requests.get('http://ip.cz88.net/data.php?ip=' + ip)
reg_exp = re.compile(r"ShowIPAddr\('(.*?)','(.*?),'(.*?)'\);")
reg_rlt = reg_exp.match(resp.text)
print(username + '' + reg_rlt.group(1) + '' + reg_rlt.group(2))
db_mongo.get_collection('admin_login_info').insert({
'username':
username,
'ip':
ip,
'addr':
reg_rlt.group(2),
'date':
datetime.datetime.now().strftime('%Y-%m-%d %H:%M:%S')
})
return Response(json.dumps(
{
'login_stat': 'SUCCESS',
'session_id': token_str
},
ensure_ascii=False),
mimetype='application/json')
return Response(json.dumps({'login_stat': 'ERROR'}, ensure_ascii=False),
mimetype='application/json')
def user_login():
"""
用户登录
"""
user_info = request.json
# 验证信息完整性
if user_info and set(user_info.keys()) == set(['username', 'password']):
user_info['password'] = util_tools.encrypt_password(
user_info['password'])
row = db_mongo.get_collection('user').find_one(user_info)
if row:
ip_addr = request.headers.get('X-Real-IP') or ''
jwt_str = util_tools.jwt_token(user_info['username'], ip_addr)
conn_redis.set(user_info['username'], jwt_str, ex=60 * 30, nx=True)
return Response(json.dumps(
{
'login_status': 'SUCCESS',
'user_session': jwt_str,
'real_name': row['real_name']
},
ensure_ascii=False),
mimetype='application/json')
else:
return Response(json.dumps(
{
'login_status': 'ERROR',
'message': '用户登录信息验证失败'
},
ensure_ascii=False),
mimetype='application/json')
else:
return Response(json.dumps(
{
'login_status': 'ERROR',
'message': '登录信息填写不完善'
},
ensure_ascii=False),
mimetype='application/json')
def change_password():
old_pwd = request.form['old_pwd']
new_pwd = request.form['new_pwd']
token_str = request.cookies.get("session_id")
if token_str:
token_str = urllib.parse.unquote(token_str)
user_payload = util_tools.jwt_token_decode(token_str)
username = ''
if user_payload and 'username' in user_payload:
username = user_payload['username']
else:
return Response(json.dumps(
{
'stats': "NOLOGIN",
'msg': '用户登录信息监测失败,请重新登录!'
},
ensure_ascii=False),
mimetype='application/json')
result = conn_redis.get(username)
if result:
ip = request.headers.get('X-Real-IP') or ''
if 'ip' in user_payload and ip == user_payload['ip']:
# check pwd
old_pwd_new = util_tools.encrypt_password(old_pwd)
new_pwd_new = util_tools.encrypt_password(new_pwd)
if db_mongo.get_collection('user_admin').find_one({
"username":
user_payload['username'],
'password':
old_pwd_new
}):
# check ok
db_mongo.get_collection('user_admin').update_one(
{
"username": user_payload['username'],
'password': old_pwd_new
}, {'$set': {
'password': new_pwd_new
}})
return Response(json.dumps({'stats': "SUCCESS"},
ensure_ascii=False),
mimetype='application/json')
else: # check error
return Response(json.dumps(
{
'stats': "ERROR",
'msg': '用户名或密码验证错误!'
},
ensure_ascii=False),
mimetype='application/json')
else:
return Response(json.dumps(
{
'stats': "NOLOGIN",
'msg': '用户登录信息监测失败,请重新登录!'
},
ensure_ascii=False),
mimetype='application/json')
else:
return Response(json.dumps(
{
'stats': "NOLOGIN",
'msg': '用户登录已过期,请重新登录!'
},
ensure_ascii=False),
mimetype='application/json')
else:
return Response(json.dumps(
{
'stats': "NOLOGIN",
'msg': '用户登录已过期,请重新登录!'
}, ensure_ascii=False),
mimetype='application/json')