def user_change_pwd(): """ 修改密码 """ user_info = request.json # 验证信息完整性 if user_info and set(user_info.keys()) == set(['old_pwd', 'new_pwd']): token_str = request.cookies.get("user_session") if token_str: token_str = urllib.parse.unquote(token_str) user_payload = util_tools.jwt_token_decode(token_str) username = '' if user_payload and 'username' in user_payload: username = user_payload['username'] # 加密 old_pwd = util_tools.encrypt_password(user_info['old_pwd']) new_pwd = util_tools.encrypt_password(user_info['new_pwd']) if db_mongo.get_collection('user').find_one({ 'username': username, 'password': old_pwd }): db_mongo.get_collection('user').update( { 'username': username, 'password': old_pwd }, {'$set': { 'password': new_pwd }}) return Response(json.dumps( { 'change_pwd_status': 'SUCCESS', 'message': '用户密码修改成功' }, ensure_ascii=False), mimetype='application/json') else: return Response(json.dumps( { 'change_pwd_status': 'ERROR', 'message': '用户信息验证失败,请检查输入的旧密码是否正确!' }, ensure_ascii=False), mimetype='application/json') else: return Response(json.dumps( { 'change_pwd_status': 'ERROR', 'message': '用户信息获取失败' }, ensure_ascii=False), mimetype='application/json') else: return Response(json.dumps( { 'change_pwd_status': 'ERROR', 'message': '信息填写不完善' }, ensure_ascii=False), mimetype='application/json')
def user_register(): """ 用户注册 """ user_info = request.json default_keys = set([ "username", "real_name", "password", "birthday", "sex", "addr_provence", "addr_zhou", "addr_county", "addr_township", "question", "answer", "email_code" ]) # 验证注册信息是否填写完善 if user_info and set(user_info.keys()) == default_keys: result = conn_redis.get(user_info['username']) # 验证 email_code 是否正确 if result and result.decode( encoding='utf-8') == user_info['email_code']: # 检查用户名是否已经存在 if db_mongo.get_collection('user').find_one( {'username': user_info['username']}): return Response(json.dumps( { 'register_status': 'ERROR', 'message': '此邮箱已经被注册,请跟换Email账号' }, ensure_ascii=False), mimetype='application/json') else: # 加密用户密码 user_info['password'] = util_tools.encrypt_password( user_info['password']) del user_info['email_code'] db_mongo.get_collection('user').insert(user_info) return Response(json.dumps( { 'register_status': 'SUCCESS', 'message': '注册成功' }, ensure_ascii=False), mimetype='application/json') else: return Response(json.dumps( { 'register_status': 'ERROR', 'message': '邮箱验证码不正确,请重新获取' }, ensure_ascii=False), mimetype='application/json') else: return Response(json.dumps( { 'register_status': 'ERROR', 'message': '注册信息填写不完善' }, ensure_ascii=False), mimetype='application/json')
def check_usr_mibao(): """ 验证用户密保 """ user_info = request.json default_keys = set(["username", "question", "answer"]) # 验证注册信息是否填写完善 if user_info and set(user_info.keys()) == default_keys: if db_mongo.get_collection('user').find_one(user_info): # 发送邮件 se = send_emails.SendEmail() email_code = util_tools.generate_random_str(randomlength=10) html_str = ''' <div> <h3>凉山气象预报预警系统</h3> <p>{email} 您好:</p> <p>欢迎使用凉山气象预报预警系统</p> 你的新密码为:<b style="color:red;">{email_code}</b> <p>请尽快尽快修改密码</p> </div> '''.format(email=user_info['username'], email_code=email_code) ret = se.send_eamil(user_info['username'], '用户找回密码', html_str) if ret: # 更新用户新密码 new_pwd = util_tools.encrypt_password(email_code) db_mongo.get_collection('user').update( user_info, {'$set': { 'password': new_pwd }}) return Response(json.dumps( { 'check_mibao_status': 'SUCCESS', 'message': '新密码已发送到用户邮箱请注意查收并尽快修改密码。' }, ensure_ascii=False), mimetype='application/json') else: return Response(json.dumps( { 'check_mibao_status': 'ERROR', 'message': '用户信息验证错误。' }, ensure_ascii=False), mimetype='application/json') else: return Response(json.dumps( { 'check_mibao_status': 'ERROR', 'message': '用户信息填写不完善。' }, ensure_ascii=False), mimetype='application/json')
def admin_login(): username = request.form['username'] password = request.form['password'] if username and password: new_password = util_tools.encrypt_password(password) collection = db_mongo.get_collection('user_admin') row = collection.find_one({"username": username}, { '_id': 0, "password": 1 }) if row: if 'password' in row and row['password'] == new_password: ip = request.headers.get('X-Real-IP') or '' token_str = util_tools.jwt_token(username, ip) conn_redis.set(username, token_str, ex=60 * 30, nx=True) # conn_redis.expire(token_str, 10) # 更新用户登录信息 resp = requests.get('http://ip.cz88.net/data.php?ip=' + ip) reg_exp = re.compile(r"ShowIPAddr\('(.*?)','(.*?),'(.*?)'\);") reg_rlt = reg_exp.match(resp.text) print(username + '' + reg_rlt.group(1) + '' + reg_rlt.group(2)) db_mongo.get_collection('admin_login_info').insert({ 'username': username, 'ip': ip, 'addr': reg_rlt.group(2), 'date': datetime.datetime.now().strftime('%Y-%m-%d %H:%M:%S') }) return Response(json.dumps( { 'login_stat': 'SUCCESS', 'session_id': token_str }, ensure_ascii=False), mimetype='application/json') return Response(json.dumps({'login_stat': 'ERROR'}, ensure_ascii=False), mimetype='application/json')
def user_login(): """ 用户登录 """ user_info = request.json # 验证信息完整性 if user_info and set(user_info.keys()) == set(['username', 'password']): user_info['password'] = util_tools.encrypt_password( user_info['password']) row = db_mongo.get_collection('user').find_one(user_info) if row: ip_addr = request.headers.get('X-Real-IP') or '' jwt_str = util_tools.jwt_token(user_info['username'], ip_addr) conn_redis.set(user_info['username'], jwt_str, ex=60 * 30, nx=True) return Response(json.dumps( { 'login_status': 'SUCCESS', 'user_session': jwt_str, 'real_name': row['real_name'] }, ensure_ascii=False), mimetype='application/json') else: return Response(json.dumps( { 'login_status': 'ERROR', 'message': '用户登录信息验证失败' }, ensure_ascii=False), mimetype='application/json') else: return Response(json.dumps( { 'login_status': 'ERROR', 'message': '登录信息填写不完善' }, ensure_ascii=False), mimetype='application/json')
def change_password(): old_pwd = request.form['old_pwd'] new_pwd = request.form['new_pwd'] token_str = request.cookies.get("session_id") if token_str: token_str = urllib.parse.unquote(token_str) user_payload = util_tools.jwt_token_decode(token_str) username = '' if user_payload and 'username' in user_payload: username = user_payload['username'] else: return Response(json.dumps( { 'stats': "NOLOGIN", 'msg': '用户登录信息监测失败,请重新登录!' }, ensure_ascii=False), mimetype='application/json') result = conn_redis.get(username) if result: ip = request.headers.get('X-Real-IP') or '' if 'ip' in user_payload and ip == user_payload['ip']: # check pwd old_pwd_new = util_tools.encrypt_password(old_pwd) new_pwd_new = util_tools.encrypt_password(new_pwd) if db_mongo.get_collection('user_admin').find_one({ "username": user_payload['username'], 'password': old_pwd_new }): # check ok db_mongo.get_collection('user_admin').update_one( { "username": user_payload['username'], 'password': old_pwd_new }, {'$set': { 'password': new_pwd_new }}) return Response(json.dumps({'stats': "SUCCESS"}, ensure_ascii=False), mimetype='application/json') else: # check error return Response(json.dumps( { 'stats': "ERROR", 'msg': '用户名或密码验证错误!' }, ensure_ascii=False), mimetype='application/json') else: return Response(json.dumps( { 'stats': "NOLOGIN", 'msg': '用户登录信息监测失败,请重新登录!' }, ensure_ascii=False), mimetype='application/json') else: return Response(json.dumps( { 'stats': "NOLOGIN", 'msg': '用户登录已过期,请重新登录!' }, ensure_ascii=False), mimetype='application/json') else: return Response(json.dumps( { 'stats': "NOLOGIN", 'msg': '用户登录已过期,请重新登录!' }, ensure_ascii=False), mimetype='application/json')