def post(self): ''' 1.获取手机号和密码 2.验证参数完整性 3.与数据库中的账号密码进行比对 4.如果无误,跳转到主页 ''' mobile = self.json_args.get('mobile') passwd = self.json_args.get('passwd') if not all((mobile, passwd)): return self.write(dict(errorno=RET.PARAMERR, errmsg=u'请输入完整的信息')) passwd = hashlib.sha1(passwd).hexdigest() sql = 'select up_user_id,up_name,up_passwd from ih_user_profile where up_mobile = %(mobile)s' try: ret = self.db.get(sql, mobile=mobile) except Exception as e: logging.error(e) return self.write(dict(errorno=RET.DBERR, errmsg=u'数据库查询错误')) if not ret: return self.write(dict(errorno=RET.NODATA, errmsg=u'没有查询到数据')) else: real_passwd = ret.get('up_passwd') if passwd != real_passwd: return self.write(dict(errorno=RET.PWDERR, errmsg=u'密码错误')) else: session = Session(self) session.data['user_id'] = ret['up_user_id'] session.data['user_name'] = ret['up_name'] session.data['mobile'] = mobile session.save() self.write(dict(errorno=RET.OK, errmsg=u'OK'))
def post(self): # 接收参数 mobile = self.json_args.get("mobile") password = self.json_args.get("password") # 检查参数 if not all([mobile, password]): return self.write({"errno": RET.PARAMERR, "errmsg": "参数错误"}) if not re.match(r"^1\d{10}$", mobile): return self.write({"errno": RET.PARAMERR, "errmsg": "手机号码格式错误"}) # 检验密码 sql = "select up_user_id,up_name,up_passwd from ih_user_profile where up_mobile=%(mobile)s" res = self.db.get(sql, mobile=mobile) password = hashlib.sha256(password + config.passwd_hash_key).hexdigest() if res and res["up_password"] == password: try: session = Session(self) session.data["user_id"] = res["up_user_id"] session.data["name"] = res["up_name"] session.data["mobile"] = mobile session.save() except Exception as e: logging.error(e) return self.write({"errno": RET.OK, "errmsg": "OK"}) else: return self.write({"errno": RET.DATAERR, "errmsg": "手机号或密码错误"})
def post(self): next = self.get_argument("next", "/") username = self.args.get('username') password = self.args.get('password') if all((username, password)): m = hashlib.md5() password = '******' % (password, config.passwd_hash_key) m.update(password.encode('utf8')) password = m.hexdigest().upper() ret = yield SysDal.login(username, password) if ret: # 登录成功 session = Session(self, sessionid=ret.get('cu_userid')) authorization = uuid.uuid4().hex session.data['authorization'] = authorization session.data['uid'] = ret.get('cu_userid') session.data['username'] = ret.get('cu_username') session.data['roleid'] = ret.get('u_roleid') if ret.get( 'u_roleid') else '000000' session.save() self.set_cookie('_BUUID', ret.get('cu_userid'), expires_days=SESSION_EXPIRES_SECONDS / (3600 * 24)) self.set_cookie('_BAUTH', authorization, expires_days=SESSION_EXPIRES_SECONDS / (3600 * 24)) self.write(dict(errcode=RET.OK, errmsg=RMS.OK, data=ret)) # self.redirect(next) else: # 登录失败 self.write(dict(errcode=RET.LOGINERR, errmsg=RMS.LOGINERR)) else: pass
class RegisterHandler(BaseHandler): def post(self): mobile = self.json_args.get("mobile") sms_code = self.json_args.get("phonecode") password = self.json_args.get("password") if not all((mobile, sms_code, password)): return self.write(dict(errcode=RET.PARAMERR, msg=error_map.PARAMERR)) real_code = self.redis.get("sms_code_%s" % mobile).decode('utf-8') if real_code != str(sms_code): return self.write(dict(errcode="2", msg="验证码无效")) password = hashlib.sha256((config.passwd_hash_key + password).encode("utf8")).hexdigest() try: # 会返回生成的主键 res = self.db.execute("insert into ih_user_profile(up_name, up_mobile,up_passwd) " "values(%(name)s, %(mobile)s, %(passwd)s)", name=mobile, mobile=mobile, passwd=password) except Exception as e: logging.error(e) return self.write(dict(errcode="3", msg="用户已存在")) try: self.session = Session(self) self.session.data['user_id'] = res self.session.data['name'] = mobile self.session.data['mobile'] = mobile self.session.save() except Exception as e: logging.error(e) self.write(dict(errcode=RET.OK, msg="OK"))
def post(self): # 获取参数 mobile = self.json_data.get("mobile") passwd = self.json_data.get("password") # 验证参数 if not all((mobile, passwd)): return self.write(dict(errcode=RET.PARAMERR, errmsg="参数缺失")) if not re.match(r"^1\d{10}$",mobile): return self.write(dict(errcode=RET.PARAMERR, errmsg="手机号格式错误")) # 检查手机号,密码是否正确 try: sql = "select ui_user_id, ui_name, ui_mobile, ui_passwd from tor_user_info where ui_mobile = %(mobile)s" res = self.db.get(sql,mobile=mobile) except Exception as e: logging.error(e) return self.write(dict(errcode=RET.DATAERR, errmsg="手机号错误1")) # return self.render("login.html") if not res: return self.write(dict(errcode=RET.DATAERR, errmsg="手机号错误")) if res["ui_passwd"] != unicode(passwd): return self.write(dict(errcode=RET.DATAERR, errmsg="密码错误")) # 生成session数据 session = Session(self) session.data["user_id"] = res["ui_user_id"] session.data["mobile"] = res["ui_mobile"] session.data["name"] = res["ui_name"] try: session.save() except Exception as e: logging.error(e) return self.write(dict(errcode=RET.OK, errmsg="OK"))
class RegisterHandler(BaseHandler): def post(self): mobile = self.json_args.get('mobile') passwd = self.json_args.get('passwd') passwd2 = self.json_args.get('passwd2') if not all((mobile, passwd)): return self.write(dict(errno=RET.PARAMERR, errmsg="手机或密码传错")) # 判断密码位数 if len(passwd) < 8 or len(passwd2) < 8: return self.write(dict(errno=RET.DATAERR, errmsg="密码必须大于7位")) if passwd != passwd2: return self.write(dict(error=RET.DATAERR, errmsg="两次密码不一致")) safe_passwd = sha1(passwd).hexdigest() # name为昵称 data = dict(mobile=mobile, safe_passwd=safe_passwd, name=mobile) try: sql = "insert into ih_user_profile(up_name,up_mobile,up_passwd) values(%(name)s,%(mobile)s,%(safe_passwd)s)" ret = self.db.execute(sql, **data) except Exception as e: logging.error(e) return self.write(dict(errno=RET.DBERR, errmsg="信息已存在")) try: # 将session实例化 self.sessObj = Session(self, mobile) self.sessObj.data = dict(user_id=ret, name=mobile, mobile=mobile) logging.error(self.sessObj.data) self.sessObj.save() except Exception as e: logging.error(e) logging.error("-" * 40) return self.write(dict(errno=RET.DBERR, errmsg="保存出错")) self.write(dict(errno=RET.OK, errmsg='OK'))
class LoginHandler(BaseHandler): """登录""" def post(self): # 获取参数 username = self.json_args.get("username") password = self.json_args.get("password") # 检查参数 if not all([username, password]): return self.write(dict(errcode=RET.PARAMERR, errmsg="参数错误")) if not re.match(r"^1\d{10}$", username): return self.write(dict(errcode=RET.DATAERR, errmsg="手机号错误")) # 检查秘密是否正确 res = self.db.get( "select id,username,password from blogs_users where username=%(username)s", username=username) password = hashlib.sha256(password + config.passwd_hash_key).hexdigest() if res and res["password"] == unicode(password): # 生成session数据 # 返回客户端 try: self.session = Session(self) self.session.data['user_id'] = res['id'] self.session.data['user_name'] = res['username'] self.session.save() except Exception as e: logging.error(e) return self.write(dict(errcode=RET.OK, errmsg="OK")) else: return self.write(dict(errcode=RET.DATAERR, errmsg="手机号或密码错误!"))
def post(self): mobile = self.json_args.get("mobile") password = self.json_args.get("password") # 参数检验 if not all([mobile, password]): return self.write(dict(errcode=RET.PARAMERR, errmsg="参数错误")) # 对取到的密码进行加密,然后与数据库中存的密码进行比对 passwd = hashlib.sha256(password + config.passwd_hash_key).hexdigest() sql = "select up_user_id, up_name, up_mobile, up_passwd from ih_user_profile where up_mobile = %(mobile)s" try: user = self.db.get(sql, mobile=mobile) except Exception as e: logging.error(e) if user and user["up_passwd"] == unicode(passwd): # 生成session数据,并且返回给客户端信息 session = Session(self) session.data["user_id"] = user["up_user_id"] session.data["name"] = user["up_name"] session.data["mobile"] = user["up_mobile"] try: session.save() except Exception as e: logging.error(e) self.write(dict(errcode=RET.OK, errmsg="OK")) else: self.write(dict(errcode=RET.DATAERR, errmsg="帐号或密码错误"))
class LoginHandler(BaseHandler): """登录""" def post(self): mobile = self.json_args.get("mobile") password = self.json_args.get("password") if not all([mobile, password]): return self.write({"errno": RET.PARAMERR, "errmsg": "参数错误"}) res = self.db.get( "select up_user_id,up_name,up_passwd,up_user_id,up_avatar,up_real_name,up_id_card from ih_user_profile where up_mobile=%(mobile)s", mobile=mobile) password = hashlib.sha256(config.passwd_hash_key + password).hexdigest() if res and res["up_passwd"] == unicode(password): try: self.session = Session(self) self.session.data['user_id'] = res['up_user_id'] self.session.data['name'] = res['up_name'] self.session.data['mobile'] = mobile self.session.data['avatar'] = res['up_avatar'] self.session.data['real_name'] = res['up_real_name'] self.session.data['id_card'] = res['up_id_card'] self.session.save() except Exception as e: logging.error(e) return self.write({"errno": RET.OK, "errmsg": "OK"}) else: return self.write({"errno": RET.DATAERR, "errmsg": "手机号或密码错误!"})
class LoginHandler(BaseHandler): def post(self): # 获取参数 mobile = self.json_args.get('mobile') password = self.json_args.get('password') # 检查参数 if not all([mobile, password]): return self.write(dict(errcode=RET.PARAMERR, errmsg='参数不正确')) if not re.match(r'^1\d{10}$', mobile): return self.write(dict(errcode=RET.DATAERR, errmsg="手机号错误")) sql = 'select up_user_id,up_name,up_passwd from ih_user_profile where up_mobile=%s' cursor.executemany(sql, [(mobile, )]) res = cursor.fetchone() print(res) #例:(87, '15801801915', '1') # 检查用户是否存在及密码是否正确 if res and res[2] == password: try: # 生成session数据 # 返回客户端 self.session = Session(self) self.session.data['user_id'] = res[0] self.session.data['name'] = res[1] self.session.data['mobile'] = mobile self.session.save() print(self.session.data) except Exception as e: logging.error(e) return self.write(dict(errcode=RET.OK, errmsg="OK")) else: return self.write(dict(errcode=RET.DATAERR, errmsg="手机号或密码错误!"))
class LoginHandler(BaseHandler): """登录""" def post(self): mobile = self.json_args.get("mobile") passwd = self.json_args.get("password") if not all((mobile, passwd)): return self.write(dict(errno=RET.PARAMERR, errmsg='参数不完整')) if not re.match(r'1\d{10}$', mobile): return self.write(dict(errno=RET.PARAMERR, errmsg='电话格式不正确')) try: res = self.db.get( "select up_user_id,up_name,up_passwd from ih_user_profile where up_mobile=%(mobile)s", mobile=mobile) except Exception as e: logging.error(e) return self.write(dict(errno=RET.DBERR, errmsg="没有注册该账号")) pwd = hashlib.sha256(passwd + config.passwd_hash_key).hexdigest() if unicode(pwd) != res["up_passwd"]: try: self.session = Session(self) self.session.data["user_id"] = res["up_user_id"] self.session.data["mobile"] = mobile self.session.data["name"] = res["up_name"] self.session.save() except Exception as e: logging.error(e) else: return self.write(dict(errno=RET.OK, errmsg="OK")) else: return self.write(dict(errno=RET.DATAERR, errmsg="手机号或密码错误"))
class LoginHandler(BaseHandler): """登录""" def post(self): mobile = self.json_args.get('mobile') passwd = self.json_args.get('password') # print(mobile) #检测参数 if not all([mobile, passwd]): return self.write(dict(errcode=RET.PARAMERR, errmsg="参数错误")) if not re.match(r'^1\d{10}$', mobile): return self.write(dict(errcode=RET.DATAERR, errmsg="手机号错误")) # 查询用户名密码 sql = "select up_user_id,up_name,up_passwd from ih_user_profile where up_mobile=%(mobile)s" results = self.db.get(sql, mobile=mobile) # results = self.db.get("select up_user_id,up_name,up_passwd from ih_user_profile where up_mobile=%(mobile)s", mobile=mobile) passwd = hashlib.sha256(passwd + config.passwd_hash_key).hexdigest() if results and results['up_passwd'] == passwd: try: # 用session记录用户的登录状态 self.session = Session(self) self.session.data['user_id'] = results['up_user_id'] self.session.data['name'] = results['up_name'] self.session.data['mobile'] = mobile self.session.save() return self.write(dict(errcode=RET.OK, errmsg="OK")) except Exception as e: logging.error(e) return self.write(dict(errcode=RET.OK, errmsg="ok")) else: return self.write(dict(errcode=RET.DATAERR, errmsg="手机号或者密码错误"))
class LoginHandler(BaseHandler): """""" def post(self): mobile = self.json_args.get("mobile") password = self.json_args.get("password") if not all([mobile, password]): return self.write(dict(errno=RET.PARAMERR, errmsg="参数错误")) res = self.db.get( "select up_user_id, up_name, up_passwd from ih_user_profile where up_mobile=%(mobile)s", mobile=mobile) password = hashlib.sha256(config.passwd_hash_key + password).hexdigest() if res and res["up_passwd"] == unicode(password): try: self.session = Session(self) self.session.data["user_id"] = res["up_user_id"] self.session.data["name"] = res["up_name"] self.session.data["mobile"] = mobile self.session.save() except Exception as e: logging.error(e) return self.write(dict(errno=RET.OK, errmsg="OK")) else: return self.write(dict(errno=RET.NODATA, errmsg="手机号或密码错误"))
def post(self): mobile = self.json_args.get('mobile') password = self.json_args.get('passwd') secure_passwd = hashlib.md5(password + constants.SALT).hexdigest() try: uname = self.db.get( 'select up_name, up_mobile, up_avatar from ih_user_profile where up_mobile = %s and up_passwd = %s', mobile, secure_passwd) print(uname) except Exception as e: logging.error(e) return self.write(dict(erron=RET.DBERR, errmsg='数据库查询错误')) if uname: session = Session(self) session.data['uname'] = uname.get(u'up_name') session.data['umobile'] = uname.get(u'up_mobile') session.data['uavatar'] = uname.get(u'up_avatar') session.save() print(session.data['uname'], session.data['umobile']) return self.write(dict(erron=RET.OK, errmsg='登陆成功')) self.write(dict(erron=RET.PARAMERR, errmsg='用户名或者密码错误'))
class LoginHandler(BaseHandler): """""" def post(self): mobile = self.json_args.get("mobile") passwd = self.json_args.get("password") # logging.debug(mobile) # logging.debug(passwd) if not all([mobile, passwd]): return self.write({"errno":RET.PARAMERR, "errmsg":"参数错误"}) passwd = hashlib.sha256(config.passwd_hash_key+passwd).hexdigest() sql = "select up_passwd,up_user_id,up_name from ih_user_profile where up_mobile=%(mobile)s" try: ret = self.db.get(sql,mobile=mobile) logging.debug(str(ret["up_passwd"])) logging.debug(passwd) except Exception as e: logging.error(e) return self.write(dict(errno=RET.DBERR, errmsg="查询出错")) if ret and str(ret["up_passwd"]) == passwd: try: self.session = Session(self) self.session.data["mobile"] = mobile self.session.data["user_id"] = ret["up_user_id"] self.session.data["name"] = ret["up_name"] self.session.save() except Exception as e: logging.error(e) return self.write(dict(errno=RET.OK, errmsg="OK")) else: return self.write(dict(errno=RET.DATAERR,errmsg="手机号或者密码有错误"))
class LoginHandler(BaseHandler): def post(self): mobile = self.json_args.get("mobile") password = self.json_args.get("password") if not all([mobile, password]): return self.write(dict(errcode=RET.PARAMERR, errmsg="参数错误")) if not re.match(r"^1\d{10}$", mobile): return self.write(dict(errcode=RET.DATAERR, errmsg="手机号格式错误")) res = self.db.get( "select up_user_id, up_name, up_passwd from ih_user_profile where up_mobile=%(mobile)s", mobile=mobile) password = hashlib.sha256(password + config.passwd_hash_key).hexdigest() if res and res["up_passwd"] == unicode(password): try: self.session = Session(self) self.session.data['user_id'] = res['up_user_id'] self.session.data['name'] = res['up_name'] self.session.data['mobile'] = mobile self.session.save() except Exception as e: logging.error(e) return self.write(dict(errcode=RET.OK, errmsg="OK")) else: return self.write(dict(errcod=RET.DATAERR, errmsg="手机号或密码错误!"))
class LoginHandler(BaseHandler): def post(self): mobile = self.json_args.get("mobile") password = self.json_args.get("password") if not all([mobile, password]): return self.write(dict(errno=RET.PARAMERR, errmsg="参数不完整")) try: ret = self.application.db.get( "select up_user_id,up_name,up_passwd from ih_user_profile where up_mobile=%s", mobile) except Exception as e: logging.error(e) return self.write(dict(errno=RET.DBERR, errmsg="手机号尚未注册!")) password = hashlib.sha256(config.passwd_hash_key + password).hexdigest() if ret and ret["up_passwd"] == unicode(password): try: self.session = Session(self) self.session.data['user_id'] = ret['up_user_id'] self.session.data['name'] = ret['up_name'] self.session.data['mobile'] = mobile self.session.save() except Exception as e: logging.error(e) return self.write(dict(errno=RET.OK, errmsg="OK")) else: return self.write(dict(errno=RET.DATAERR, errmsg="账号或密码错误!"))
class LoginHandler(BaseHandler): """""" def post(self): mobile = self.json_args.get("mobile") passwd = self.json_args.get("passwd") logging.error(mobile) if not all((mobile, passwd)): return self.write(dict(errno=RET.DATAERR, errmsg="数据输入不全")) if not re.match(r"^[1][34578][0-9]{9}$", mobile): return self.write(dict(errno='4099', errmsg="手机号格式错误")) # 尝试从数据库获取手机号 try: sql = "select up_user_id,up_name,up_mobile,up_passwd from ih_user_profile where up_mobile=%(mobile)s" data = dict(mobile=mobile) db_data = self.db.get(sql, **data) except Exception as e: logging.error(e) return self.write(dict(errno=RET.DBERR, errmsg="查询失败")) logging.error(db_data) if not db_data: return self.write(dict(errno=RET.DATAERR, errmsg="手机号未注册")) # 给密码加密 safe_passwd = sha1(passwd).hexdigest() if safe_passwd != db_data['up_passwd']: return self.write(dict(errno=RET.DATAERR, errmsg="密码错误")) self.sess_obj = Session(self, mobile) self.sess_obj.data = dict(user_id=db_data['up_user_id'], name=db_data['up_name'], mobile=mobile) self.sess_obj.save() self.write(dict(errno=RET.OK, errmsg="OK"))
class RegisterHandler(BaseHandler): """注册""" def post(self): mobile = self.json_args.get("mobile") sms_code = self.json_args.get("phonecode") password = self.json_args.get("password") if not all([mobile, sms_code, password]): return self.write({"errno": RET.PARAMERR, "errmsg": "参数错误"}) real_code = self.redis.get("sms_code_%s" % mobile) if real_code != str(sms_code) and str(sms_code) != "2468": return self.write({"errno": RET.DATAERR, "errmsg": "验证码无效!"}) password = hashlib.sha256(config.passwd_hash_key + password).hexdigest() try: res = self.db.execute( "insert into ih_user_profile(up_name,up_mobile,up_passwd) values(%(name)s,%(mobile)s,%(passwd)s)", name=mobile, mobile=mobile, passwd=password) except Exception as e: logging.error(e) return self.write({"errno": RET.DATAEXIST, "errmsg": "手机号已注册!"}) try: self.session = Session(self) self.session.data['user_id'] = res self.session.data['name'] = mobile self.session.data['mobile'] = mobile self.session.save() except Exception as e: logging.error(e) self.write({"errno": RET.OK, "errmsg": "OK"})
class LoginHandler(BaseHandler): """登录""" def post(self): # 获取参数 mobile = self.json_args.get("mobile") password = self.json_args.get("password") # 检查参数 if not all([mobile, password]): return self.write(dict(errcode=RET.PARAMERR, errmsg="参数错误")) if not re.match(r"^1\d{10}$", mobile): return self.write(dict(errcode=RET.DATAERR, errmsg="手机号错误")) # 检查秘密是否正确 res = self.db.get("select up_user_id,up_name,up_passwd from ih_user_profile where up_mobile=%(mobile)s", mobile=mobile) password = hashlib.sha256(password + config.passwd_hash_key).hexdigest() if res and res["up_passwd"] == unicode(password): # 生成session数据 # 返回客户端 try: self.session = Session(self) self.session.data['user_id'] = res['up_user_id'] self.session.data['name'] = res['up_name'] self.session.data['mobile'] = mobile self.session.save() except Exception as e: logging.error(e) return self.write(dict(errcode=RET.OK, errmsg="OK")) else: return self.write(dict(errcode=RET.DATAERR, errmsg="手机号或密码错误!"))
class RegisterHandler(BaseHandler): def post(self): mobile = self.json_args.get("mobile") password = self.json_args.get("password") phonecode = self.json_args.get("phonenum") if not all((mobile, password, phonecode)): return self.write(dict(errno=RET.PARAMERR, errmsg="参数不完整")) try: real_sms_code_text = self.redis.get("sms_code_%s" % mobile) except Exception as e: logging.error(e) return self.write(dict(errno=RET.DBERR, errmsg="查询出错")) if not real_sms_code_text: return self.write(dict(errno=RET.NODATA, errmsg="短信验证码已过期!")) if real_sms_code_text.lower() != phonecode.lower(): return self.write(dict(errno=RET.DATAERR, errmsg="短信验证码错误!")) password = hashlib.sha256(config.passwd_hash_key + password).hexdigest() try: ret = self.application.db.execute( "INSERT INTO ih_user_profile(up_name,up_mobile,up_passwd) VALUES(%s, %s,%s)", mobile, mobile, password) except Exception as e: logging.error(e) return self.write(dict(errno=RET.DATAEXIST, errmsg="手机号已被注册!")) try: self.session = Session(self) self.session.data['user_id'] = ret self.session.data['name'] = mobile self.session.data['mobile'] = mobile self.session.save() except Exception as e: logging.error(e) return self.write(dict(errno=RET.OK, errmsg="OK"))
class LoginHandler(BaseHandler): def post(self, *args, **kwargs): # 获取前端传递过来的JSON数据,并将其提取出来 mobile = self.json_args.get('mobile') password = self.json_args.get('password') # 检查参数 if not all([mobile, password]): return self.write(dict(errorcode=RET.PARAMERR, errormsg="参数错误")) if not re.match(r"^1\d{10}$", mobile): return self.write(dict(errorcode=RET.DATAERR, errormsg="手机号错误")) # 检查秘密是否正确 res = self.db.get("select up_user_id,up_name,up_passwd from ih_user_profile where up_mobile=%(mobile)s", mobile=mobile) password = hashlib.sha256(password + config.passwd_hash_key).hexdigest() if res and res["up_passwd"] == unicode(password): # 生成session数据 # 返回客户端 try: self.session = Session(self) self.session.data['user_id'] = res['up_user_id'] self.session.data['name'] = res['up_name'] self.session.data['mobile'] = mobile self.session.save() except Exception as e: logging.error(e) return self.write(dict(errorcode=RET.OK, errormsg="OK")) else: return self.write(dict(errorcode=RET.DATAERR, errormsg="手机号或密码错误!"))
def post(self): mobile = self.json_args.get('mobile') sms_code = self.json_args.get('phonecode') password = self.json_args.get('password') #检查参数 # all(iterable)传入一个可迭代对象,判断是否所有元素为True,如果有False,则返回False if not all([mobile, sms_code, password]): return self.write(dict(errcode=RET.PARAMERR, errmsg='参数不完整')) if not re.match(r'1\d{10}$', mobile): return self.write(dict(errcode=RET.DATAERR, errmsg='手机好格式错误')) #如果对密码有限制则进行判断 #if len(password)<6 #判断短信验证码是否正确 if '2468' != sms_code: ''' try: real_sms_code = self.redis.get("sms_code_%s" % mobile) except Exception as e: logging.error(e) return self.write(dict(errcode=RET.DBERR,errmsg='查询验证码出错')) #判断短信验证码是否过期 if not real_sms_code: return self.write(dict(errcode=RET.NODATA,errmsg='验证码过期')) # 对比用户填写的验证码与真实值 if real_sms_code != sms_code: return self.write(dict(errcode=RET.DATAERR,errmsg='验证码错误')) try: self.redis.delete('sms_code_%s' % mobile) except Exception as e: logging.error(e) ''' # 保存数据,同时判断手机好是否存在,判断的依据是数据库中的mobile字段的唯一约束 passwd = hashlib.sha256(password + config.passwd_hash_key).hexdigest() sql = "insert into ih_user_profile(up_name,up_mobile,up_passwd) values (%(name)s,%(mobile)s,%(passwd)s);" try: user_id = self.db.execute(sql, name=mobile, mobile=mobile, passwd=passwd) except Exception as e: logging.error(e) return self.write(dict(errcode=RET.DATAEXIST, errmsg='手机好已存在')) #用session记录用户的登录状态 session = Session(self) session.data['user_id'] = user_id session.data['mobile'] = mobile session.data['name'] = mobile try: session.save() except Exception as e: logging.error(e) self.write(dict(errcode=RET.OK, errmsg='注册成功'))
def post(self): mobile = self.json_args.get('mobile') phonecode = self.json_args.get('phonecode') passwd1 = self.json_args.get('passwd1') passwd2 = self.json_args.get('passwd2') if (passwd1 and passwd2 and passwd1 == passwd2): # if re.match(r'\S{5, 10}', passwd1): pattern = re.compile(r'^\S{5,10}$') if pattern.match(passwd1): secure_passwd = hashlib.md5(passwd1 + constants.SALT).hexdigest() try: self.db.execute( 'insert into ih_user_profile(up_name, up_mobile, up_passwd, up_admin) values(%s, %s, %s, %s)', mobile, mobile, secure_passwd, 0) except Exception as e: logging.error(e) return self.write(dict(erron=RET.DBERR, errmsg='数据库写入错误')) session = Session(self) session.data['uname'] = mobileewq session.save() return self.write(dict(erron=RET.OK, errmsg='/index.html')) return self.write(dict(erron=RET.DATAERR, errmsg='密码格式不正确')) self.write(dict(erron=RET.DATAERR, errmsg='密码不能为空且两次输入密码需一致'))
class LoginHandler(BaseHandler): def post(self): # 获取参数 id = self.json_args.get('id') passwd = self.json_args.get('password') remember = self.json_args.get('remember') # 检查参数 if not all([id, passwd, remember]): return self.write(dict(errcode=RET.PARAMERR, errmsg="参数错误")) # 检查密码正确与否 res = None try: with self.db.cursor() as cursor: cursor.execute('SELECT ui_passwd, ui_role FROM ms_user_info WHERE ui_id=%(id)s', {"id": id}) res = cursor.fetchone() self.db.commit() cursor.close() passwd = hashlib.sha256((passwd + config.passwd_hash_key).encode('utf-8')).hexdigest() if not (res and res[0] == passwd): return self.write(dict(errcode=RET.DATAERR, errmsg="账号或密码错误!")) # 成功,生成session数据 self.session = Session(self) self.session.data['user_id'] = id self.session.data['user_role'] = str(res[1]) self.session.save() return self.write(dict(errcode=RET.OK, errmsg="登录成功")) except Exception as e: logging.error(e) return self.write(dict(errcode=RET.PARAMERR, errmsg="账号或密码错误"))
def post(self): mobile = self.json_args.get("mobile") password = self.json_args.get("password") if all([mobile, password]): # 使用正则判断手机号 格式 if not re.match(r'^1\d{10}$', mobile): return self.write(dict(errcode=RET.PARAMERR, errmsg="手机格式不对")) sql = "select up_user_id,up_name FROM ih_user_profile where up_passwd = %(passwd)s and up_mobile = %(mobile)s" password = hashlib.sha256( (password + config.passwd_hash_key).encode('utf8')).hexdigest() try: ret = self.db_mysql.get(sql, passwd=password, mobile=mobile) except Exception as e: logging.ERROR(e) return self.write(dict(errcode=RET.DBERR, errmsg="数据库查询错误")) if not ret: return self.write(dict(errcode=RET.LOGINERR, errmsg="账号或密码错误")) session = Session(self) session.data['user_id'] = ret['up_user_id'] session.data['mobile'] = mobile session.data['name'] = ret['up_name'] session.save() self.write(dict(errcode=RET.OK, errmsg='OK')) else: self.write(dict(errcode=RET.PARAMERR, errmsg="传递参数不正确"))
def post(self): # 获取要修改的用户名 name = self.json_args.get('name') if not name: # 判断用户是否正确 return self.write(dict(errcode=RET.PARAMERR, errmsg="params error")) # 获取session.data data = self.get_current_user() # 获取user_id方便修改 user_id = data['user_id'] # 修改数据库 sql = 'UPDATE ih_user_profile SET up_name = %(name)s where up_user_id=%(user_id)s' try: self.db_mysql.execute(sql, name=name, user_id=user_id) except Exception as e: # 数据修改失败,用户名重复(数据库设置时,用户名是唯一的) logging.ERROR(e) return self.write(dict(errcode=RET.DBERR, errmsg="name has exist")) # 获取session session = Session(self) # 更改session session['name'] = name try: # 保存修改后的session session.save() except Exception as e: logging.ERROR(e) self.write(dict(errcode=RET.OK, errmsg='OK'))
class LoginHandler(BaseHandler): def post(self): mobile = self.json_args.get("mobile") password = self.json_args.get("password") if not all([mobile, password]): return self.write(dict(errcode=RET.PARAMERR, errmsg="参数错误")) if not re.match(r"^1\d{10}$", mobile): return self.write(dict(errcode=RET.DATAERR, errmsg="手机号错误")) sql = "select up_user_id,up_name,up_passwd from ih_user_profile where up_mobile=%(mobile)s" res = self.db.get(sql,mobile=mobile) #if res and res["up_passwd"] == unicode(hashlib.sha256(password+config.passwd_hash_key).hexdigest()): if res and res["up_passwd"] == password: try: self.session = Session(self) self.session.data["user_id"] = res["up_user_id"] self.session.data["name"] = res["up_name"] self.session.data["mobile"] = mobile self.session.save() except Exception as e: logging.error(e) return self.write(dict(errcode=RET.OK, errmsg="登录成功")) else: return self.write(dict(errcode=RET.DATAERR, errmsg="手机号或密码错误"))
def post(self): #获取参数 mobile = self.json_args.get("mobile") sms_code = self.json_args.get("phonecode") password = self.json_args.get("password") #检查参数 if not all([mobile, sms_code, password]): return self.write(dict(errcode=RET.PARAMERR, errmsg="参数不完整")) if not re.match(r"^1\d{10}$", mobile): return self.write(dict(errcode=RET.DATAERR, errmsg="手机号格式错误")) #如果产品对于密码长度有限制,需要在此做判断 #if len(password) < 6 #判断短信验证码是否正确 if "2468" != sms_code: try: real_sms_code = self.redis.get("sms_code_%s" % mobile) except Exception as e: logging.error(e) return self.write(dict(errcode=RET.DBERR, errmsg="查询验证码出错")) #判断短信验证码是否过期 if not real_sms_code: return self.write(dict(errcode=RET.NODATA, errmsg="验证码过期")) #对此用户填写的验证码真实值 #if real_smd_code !=sms_code and sms_code != "2468" if real_sms_code != sms_code: return self.write(dict(errcode=RET.DATAERR, errmsg="验证码错误")) try: self.redis.delete("sms_code_%s" % mobile) except Exception as e: logging.error(e) #保存数据,同时判断手机号是否存在,判断的依据是数据库中mobile字段的唯一约束 passwd = hashlib.sha256(password + config.passwd_hash_key).hexdigest() sql = "insert into ih_user_profile(up_name, up_mobile, up_passwd) values(%(name)s, %(mobile)s, %(passwd)s);" try: logging.info(sql) user_id = self.db.execute(sql, name=mobile, mobile=mobile, passwd=passwd) except Exception as e: logging.error(e) return self.write(dict(errcode=RET.DATAEXIST, errmsg="手机号已存在")) #用session记录用户的登录状态 session = Session(self) session.data["user_id"] = user_id session.data["mobile"] = mobile session.data["name"] = mobile try: session.save() except Exception as e: logging.error(e) self.write(dict(errcode=RET.OK, errmsg="注册成功"))
def post(self): # 获取参数 mobile = self.json_args.get("mobile") sms_code = self.json_args.get("phonecode") password = self.json_args.get("password") # 检查参数 if not all((mobile, sms_code, password)): return self.write(dict(errcode=RET.PARAMERR, errmsg="参数不完整")) if not re.match(r"1\d{10}$", mobile): return self.write(dict(errcode=RET.DATAERR, errmsg="手机号错误")) # 方便调试 if "2468" != sms_code: try: real_sms_code = self.redis.get("sms_code_%s" % mobile) except Exception as e: logging.error(e) return self.write(dict(errcode=RET.DBERR, errmsg="查询验证码出错")) if not real_sms_code: return self.write(dict(errcode=RET.NODATA, errmsg="验证码过期")) if real_sms_code != sms_code: return self.write(dict(errcode=RET.DATAERR, errmsg="验证码错误")) # 删除redis中sms_code try: self.redis.delete("sms_code_%s" % mobile) except Exception as e: logging.error(e) # 保持用户信息 passwd = hashlib.sha256(password + config.passwd_hash_key).hexdigest() sql = "insert into ih_user_profile(up_name, up_mobile, up_passwd) values(%(name)s, %(mobile)s, %(passwd)s);" try: user_id = self.db.execute(sql, name=mobile, mobile=mobile, passwd=passwd) except Exception as e: logging.error(e) return self.write(dict(errcode=RET.DATAEXIST, errmsg="手机号已存在")) # 用session记录用户登陆状态 session = Session(self) session.data["user_id"] = user_id session.data["mobile"] = mobile session.data["name"] = mobile try: session.save() except Exception as e: logging.error(e) self.write(dict(errcode=RET.OK, errmsg="注册成功"))
def post(self, *args, **kwargs): # 获取参数 mobile = self.json_args.get("mobile") sms_code = self.json_args.get("phonecode") password = self.json_args.get("password") if not all((mobile, sms_code, password)): return self.write(dict(errcode=RET.PARAMERR, errmsg="参数不完整")) if not re.match(r"^1\d{10}$", mobile): return self.write(dict(errcode=RET.DATAERR, errmsg="手机号格式错误")) """ 其他一些过滤验证保证数据安全防御注入 """ # if len(password) < 6 or len(password) > 15: # return self.write(dict(errcode=RET.DATAERR, errmsg="密码小于6位数")) """等等验证`""" # 手机验证码 if "2468" != sms_code: try: real_sms_code = self.redis.get("sms_code_%s" % mobile) except Exception as e: logging.error(e) return self.write(dict(errcode=RET.DBERR, errmsg="查询验证码出错")) if not real_sms_code: return self.write(dict(errcode=RET.NODATA, errmsg="验证码过期")) if real_sms_code != sms_code: return self.write(dict(errcode=RET.DATAERR, errmsg="验证码错误")) try: self.redis.delete("sms_code_%s" % mobile) except Exception as e: logging.error(e) # 保存数据,同时判断手机号是否存在,判断的依据是数据库中mobile字段的唯一约束 # 密码加密 pwd = hashlib.sha256(password + config.passwd_hash_key).hexdigest() sql = "insert into ih_user_profile(up_name, up_mobile, up_passwd) values(%(name)s, %(mobile)s, %(passwd)s);" try: user_id = self.db.execute(sql, name=mobile, mobile=mobile, passwd=password) except Exception as e: logging.error(e) return self.write(dict(errcode=RET.DATAEXIST, errmsg="手机号已存在")) # 用session记录用户的登录状态 session = Session(self) session.data["user_id"] = user_id session.data["mobile"] = mobile session.data["name"] = mobile try: session.save() except Exception as e: logging.error(e) self.write(dict(errcode=RET.OK, errmsg="注册成功"))
def post(self): # 获取参数 mobile = self.json_args.get("mobile") sms_code = self.json_args.get("phonecode") password = self.json_args.get("password") # 检查参数 if not all([mobile, sms_code, password]): return self.write(dict(errcode=RET.PARAMERR, errmsg="参数不完整")) if not re.match(r"^1\d{10}$", mobile): return self.write(dict(errcode=RET.DATAERR, errmsg="手机号格式错误")) # 如果产品对于密码长度有限制,需要在此做判断 # if len(password)<6 # 判断短信验证码是否真确 if "2468" != sms_code: try: real_sms_code = self.redis.get("sms_code_%s" % mobile) except Exception as e: logging.error(e) return self.write(dict(errcode=RET.DBERR, errmsg="查询验证码出错")) # 判断短信验证码是否过期 if not real_sms_code: return self.write(dict(errcode=RET.NODATA, errmsg="验证码过期")) # 对比用户填写的验证码与真实值 # if real_sms_code != sms_code and sms_code != "2468": if real_sms_code != sms_code: return self.write(dict(errcode=RET.DATAERR, errmsg="验证码错误")) try: self.redis.delete("sms_code_%s" % mobile) except Exception as e: logging.error(e) # 保存数据,同时判断手机号是否存在,判断的依据是数据库中mobile字段的唯一约束 passwd = hashlib.sha256(password + config.passwd_hash_key).hexdigest() sql = "insert into ih_user_profile(up_name, up_mobile, up_passwd) values(%(name)s, %(mobile)s, %(passwd)s);" try: user_id = self.db.execute(sql, name=mobile, mobile=mobile, passwd=passwd) except Exception as e: logging.error(e) return self.write(dict(errcode=RET.DATAEXIST, errmsg="手机号已存在")) # 用session记录用户的登录状态 session = Session(self) session.data["user_id"] = user_id session.data["mobile"] = mobile session.data["name"] = mobile try: session.save() except Exception as e: logging.error(e) self.write(dict(errcode=RET.OK, errmsg="注册成功"))
def post(self, *args, **kwargs): # 获取前端传递过来的JSON数据,并将其提取出来 mobile = self.json_args.get('mobile') smsCode = self.json_args.get('phoneCode') password = self.json_args.get('password') password2 = self.json_args.get('password2') # 判断传递过来的参数是否为空 if not all((mobile, smsCode, password, password2)): return self.write(dict(errorcode=RET.NODATA, errormsg='参数不完整')) # 判断手机号输入格式是否正确 if not re.match(r"^1\d{10}$", mobile): return self.write(dict(errorcode=RET.NODATA, errormsg='输入手机号码不正确')) # 判断两次输入的密码是否相同 if password != password2: return self.write(dict(errorcode=RET.PARAMERR, errormsg='两次输入密码不一致')) # # 判断手机验证码是否正确 # try: # real_sms_code = self.redis.get('sms_code_%s' % mobile) # except Exception as e: # logging.error(e) # return self.write(dict(errorcode=RET.DBERR, errormsg='查询短信验证码出错')) # # 判断短信验证码是否过期 # if not real_sms_code: # return self.write(dict(errorcode=RET.DBERR, errormsg='短信验证码过期')) # # 对比用户填写的验证码与真实值 # if smsCode != real_sms_code: # return self.write(dict(errorcode=RET.DATAERR, errormsg='短信验证码输入有误')) # # 删除掉存储在Redis中的短信验证码 # try: # self.redis.delete('sms_code_%s' % mobile) # except Exception as e: # logging.error(e) # 保存数据,同时判断手机号是否存在,判断的依据是数据库中mobile字段的唯一约束 password = hashlib.sha256(password + config.passwd_hash_key).hexdigest() sql_str = "insert into ih_user_profile(up_name, up_mobile, up_passwd) values (%(name)s, %(mobile)s, %(passwd)s);" try: user_id = self.db.execute(sql_str, name=mobile, mobile=mobile, passwd=password) except Exception as e: logging.error(e) return self.write(dict(errorcode=RET.DBERR, errormsg='手机号码已被注册')) # 用session记录用户的登录状态 session = Session(self) session.data['user_id'] = user_id session.data['mobile'] = mobile session.data['name'] = mobile try: session.save() except Exception as e: logging.error(e) return self.write(dict(errorcode=RET.OK, errormsg='注册成功'))
def post(self): mobile = self.json_args.get("mobile") sms_code = self.json_args.get("phonecode") password = self.json_args.get("password") if not all([mobile, sms_code, password]): return self.write(dict(errcode = RET.PARAMERR, errmsg = "参数不完整")) if not re.match(r"^1\d{10}$", mobile): return self.write(dict(errcode = RET.DATAERR, errmsg="手机号错误")) if "2468" != sms_code: try: real_sms_code = self.redis.get("sms_code_%s"%mobile) except Exception as e: logging.error(e) return self.write(dict(errcode=RET.DBERR, errmsg="查询验证码错误")) if not real_sms_code: return self.write(dict(errcode=RET.DATAERR, errmsg="验证码过期")) if real_sms_code != sms_code: return self.write(dict(errcode=RET.DATAERR, errmsg="验证码错误")) try: self.redis.delete("sms_code_%s", mobile) except Exception as e: logging.error(e) passwd = hashlib.sha256(password + config.passwd_hash_key).hexdigest() sql = "insert into ih_user_profile(up_name,up_mobile,up_passwd) values(%(name)s, %(mobile)s, %(passwd)s);" try: user_id = self.db.execute(sql,name=mobile, mobile=mobile, passwd=passwd) except Exception as e: logging.error(e) return self.write(dict(errcode=RET.DATAEXIST,errmsg="手机号存在")) session = Session(self) session.data["user_id"] = user_id session.data["mobile"] = mobile session.data["name"] = name try: session.save() except Exception as e: logging.error(e) self.write(dict(errcode=RET.OK, errmsg="注册成功"))