def post(self):
'''
1.获取手机号和密码
2.验证参数完整性
3.与数据库中的账号密码进行比对
4.如果无误,跳转到主页
'''
mobile = self.json_args.get('mobile')
passwd = self.json_args.get('passwd')
if not all((mobile, passwd)):
return self.write(dict(errorno=RET.PARAMERR, errmsg=u'请输入完整的信息'))
passwd = hashlib.sha1(passwd).hexdigest()
sql = 'select up_user_id,up_name,up_passwd from ih_user_profile where up_mobile = %(mobile)s'
try:
ret = self.db.get(sql, mobile=mobile)
except Exception as e:
logging.error(e)
return self.write(dict(errorno=RET.DBERR, errmsg=u'数据库查询错误'))
if not ret:
return self.write(dict(errorno=RET.NODATA, errmsg=u'没有查询到数据'))
else:
real_passwd = ret.get('up_passwd')
if passwd != real_passwd:
return self.write(dict(errorno=RET.PWDERR, errmsg=u'密码错误'))
else:
session = Session(self)
session.data['user_id'] = ret['up_user_id']
session.data['user_name'] = ret['up_name']
session.data['mobile'] = mobile
session.save()
self.write(dict(errorno=RET.OK, errmsg=u'OK'))
def post(self):
# 接收参数
mobile = self.json_args.get("mobile")
password = self.json_args.get("password")
# 检查参数
if not all([mobile, password]):
return self.write({"errno": RET.PARAMERR, "errmsg": "参数错误"})
if not re.match(r"^1\d{10}$", mobile):
return self.write({"errno": RET.PARAMERR, "errmsg": "手机号码格式错误"})
# 检验密码
sql = "select up_user_id,up_name,up_passwd from ih_user_profile where up_mobile=%(mobile)s"
res = self.db.get(sql, mobile=mobile)
password = hashlib.sha256(password +
config.passwd_hash_key).hexdigest()
if res and res["up_password"] == password:
try:
session = Session(self)
session.data["user_id"] = res["up_user_id"]
session.data["name"] = res["up_name"]
session.data["mobile"] = mobile
session.save()
except Exception as e:
logging.error(e)
return self.write({"errno": RET.OK, "errmsg": "OK"})
else:
return self.write({"errno": RET.DATAERR, "errmsg": "手机号或密码错误"})
def post(self):
next = self.get_argument("next", "/")
username = self.args.get('username')
password = self.args.get('password')
if all((username, password)):
m = hashlib.md5()
password = '******' % (password, config.passwd_hash_key)
m.update(password.encode('utf8'))
password = m.hexdigest().upper()
ret = yield SysDal.login(username, password)
if ret:
# 登录成功
session = Session(self, sessionid=ret.get('cu_userid'))
authorization = uuid.uuid4().hex
session.data['authorization'] = authorization
session.data['uid'] = ret.get('cu_userid')
session.data['username'] = ret.get('cu_username')
session.data['roleid'] = ret.get('u_roleid') if ret.get(
'u_roleid') else '000000'
session.save()
self.set_cookie('_BUUID',
ret.get('cu_userid'),
expires_days=SESSION_EXPIRES_SECONDS /
(3600 * 24))
self.set_cookie('_BAUTH',
authorization,
expires_days=SESSION_EXPIRES_SECONDS /
(3600 * 24))
self.write(dict(errcode=RET.OK, errmsg=RMS.OK, data=ret))
# self.redirect(next)
else:
# 登录失败
self.write(dict(errcode=RET.LOGINERR, errmsg=RMS.LOGINERR))
else:
pass
class RegisterHandler(BaseHandler):
def post(self):
mobile = self.json_args.get("mobile")
sms_code = self.json_args.get("phonecode")
password = self.json_args.get("password")
if not all((mobile, sms_code, password)):
return self.write(dict(errcode=RET.PARAMERR, msg=error_map.PARAMERR))
real_code = self.redis.get("sms_code_%s" % mobile).decode('utf-8')
if real_code != str(sms_code):
return self.write(dict(errcode="2", msg="验证码无效"))
password = hashlib.sha256((config.passwd_hash_key + password).encode("utf8")).hexdigest()
try:
# 会返回生成的主键
res = self.db.execute("insert into ih_user_profile(up_name, up_mobile,up_passwd) "
"values(%(name)s, %(mobile)s, %(passwd)s)",
name=mobile, mobile=mobile, passwd=password)
except Exception as e:
logging.error(e)
return self.write(dict(errcode="3", msg="用户已存在"))
try:
self.session = Session(self)
self.session.data['user_id'] = res
self.session.data['name'] = mobile
self.session.data['mobile'] = mobile
self.session.save()
except Exception as e:
logging.error(e)
self.write(dict(errcode=RET.OK, msg="OK"))
def post(self):
# 获取参数
mobile = self.json_data.get("mobile")
passwd = self.json_data.get("password")
# 验证参数
if not all((mobile, passwd)):
return self.write(dict(errcode=RET.PARAMERR, errmsg="参数缺失"))
if not re.match(r"^1\d{10}$",mobile):
return self.write(dict(errcode=RET.PARAMERR, errmsg="手机号格式错误"))
# 检查手机号,密码是否正确
try:
sql = "select ui_user_id, ui_name, ui_mobile, ui_passwd from tor_user_info where ui_mobile = %(mobile)s"
res = self.db.get(sql,mobile=mobile)
except Exception as e:
logging.error(e)
return self.write(dict(errcode=RET.DATAERR, errmsg="手机号错误1"))
# return self.render("login.html")
if not res:
return self.write(dict(errcode=RET.DATAERR, errmsg="手机号错误"))
if res["ui_passwd"] != unicode(passwd):
return self.write(dict(errcode=RET.DATAERR, errmsg="密码错误"))
# 生成session数据
session = Session(self)
session.data["user_id"] = res["ui_user_id"]
session.data["mobile"] = res["ui_mobile"]
session.data["name"] = res["ui_name"]
try:
session.save()
except Exception as e:
logging.error(e)
return self.write(dict(errcode=RET.OK, errmsg="OK"))
class RegisterHandler(BaseHandler):
def post(self):
mobile = self.json_args.get('mobile')
passwd = self.json_args.get('passwd')
passwd2 = self.json_args.get('passwd2')
if not all((mobile, passwd)):
return self.write(dict(errno=RET.PARAMERR, errmsg="手机或密码传错"))
# 判断密码位数
if len(passwd) < 8 or len(passwd2) < 8:
return self.write(dict(errno=RET.DATAERR, errmsg="密码必须大于7位"))
if passwd != passwd2:
return self.write(dict(error=RET.DATAERR, errmsg="两次密码不一致"))
safe_passwd = sha1(passwd).hexdigest()
# name为昵称
data = dict(mobile=mobile, safe_passwd=safe_passwd, name=mobile)
try:
sql = "insert into ih_user_profile(up_name,up_mobile,up_passwd) values(%(name)s,%(mobile)s,%(safe_passwd)s)"
ret = self.db.execute(sql, **data)
except Exception as e:
logging.error(e)
return self.write(dict(errno=RET.DBERR, errmsg="信息已存在"))
try:
# 将session实例化
self.sessObj = Session(self, mobile)
self.sessObj.data = dict(user_id=ret, name=mobile, mobile=mobile)
logging.error(self.sessObj.data)
self.sessObj.save()
except Exception as e:
logging.error(e)
logging.error("-" * 40)
return self.write(dict(errno=RET.DBERR, errmsg="保存出错"))
self.write(dict(errno=RET.OK, errmsg='OK'))
class LoginHandler(BaseHandler):
"""登录"""
def post(self):
# 获取参数
username = self.json_args.get("username")
password = self.json_args.get("password")
# 检查参数
if not all([username, password]):
return self.write(dict(errcode=RET.PARAMERR, errmsg="参数错误"))
if not re.match(r"^1\d{10}$", username):
return self.write(dict(errcode=RET.DATAERR, errmsg="手机号错误"))
# 检查秘密是否正确
res = self.db.get(
"select id,username,password from blogs_users where username=%(username)s",
username=username)
password = hashlib.sha256(password +
config.passwd_hash_key).hexdigest()
if res and res["password"] == unicode(password):
# 生成session数据
# 返回客户端
try:
self.session = Session(self)
self.session.data['user_id'] = res['id']
self.session.data['user_name'] = res['username']
self.session.save()
except Exception as e:
logging.error(e)
return self.write(dict(errcode=RET.OK, errmsg="OK"))
else:
return self.write(dict(errcode=RET.DATAERR, errmsg="手机号或密码错误!"))
def post(self):
mobile = self.json_args.get("mobile")
password = self.json_args.get("password")
# 参数检验
if not all([mobile, password]):
return self.write(dict(errcode=RET.PARAMERR, errmsg="参数错误"))
# 对取到的密码进行加密,然后与数据库中存的密码进行比对
passwd = hashlib.sha256(password + config.passwd_hash_key).hexdigest()
sql = "select up_user_id, up_name, up_mobile, up_passwd from ih_user_profile where up_mobile = %(mobile)s"
try:
user = self.db.get(sql, mobile=mobile)
except Exception as e:
logging.error(e)
if user and user["up_passwd"] == unicode(passwd):
# 生成session数据,并且返回给客户端信息
session = Session(self)
session.data["user_id"] = user["up_user_id"]
session.data["name"] = user["up_name"]
session.data["mobile"] = user["up_mobile"]
try:
session.save()
except Exception as e:
logging.error(e)
self.write(dict(errcode=RET.OK, errmsg="OK"))
else:
self.write(dict(errcode=RET.DATAERR, errmsg="帐号或密码错误"))
class LoginHandler(BaseHandler):
"""登录"""
def post(self):
mobile = self.json_args.get("mobile")
password = self.json_args.get("password")
if not all([mobile, password]):
return self.write({"errno": RET.PARAMERR, "errmsg": "参数错误"})
res = self.db.get(
"select up_user_id,up_name,up_passwd,up_user_id,up_avatar,up_real_name,up_id_card from ih_user_profile where up_mobile=%(mobile)s",
mobile=mobile)
password = hashlib.sha256(config.passwd_hash_key +
password).hexdigest()
if res and res["up_passwd"] == unicode(password):
try:
self.session = Session(self)
self.session.data['user_id'] = res['up_user_id']
self.session.data['name'] = res['up_name']
self.session.data['mobile'] = mobile
self.session.data['avatar'] = res['up_avatar']
self.session.data['real_name'] = res['up_real_name']
self.session.data['id_card'] = res['up_id_card']
self.session.save()
except Exception as e:
logging.error(e)
return self.write({"errno": RET.OK, "errmsg": "OK"})
else:
return self.write({"errno": RET.DATAERR, "errmsg": "手机号或密码错误!"})
class LoginHandler(BaseHandler):
def post(self):
# 获取参数
mobile = self.json_args.get('mobile')
password = self.json_args.get('password')
# 检查参数
if not all([mobile, password]):
return self.write(dict(errcode=RET.PARAMERR, errmsg='参数不正确'))
if not re.match(r'^1\d{10}$', mobile):
return self.write(dict(errcode=RET.DATAERR, errmsg="手机号错误"))
sql = 'select up_user_id,up_name,up_passwd from ih_user_profile where up_mobile=%s'
cursor.executemany(sql, [(mobile, )])
res = cursor.fetchone()
print(res) #例:(87, '15801801915', '1')
# 检查用户是否存在及密码是否正确
if res and res[2] == password:
try:
# 生成session数据
# 返回客户端
self.session = Session(self)
self.session.data['user_id'] = res[0]
self.session.data['name'] = res[1]
self.session.data['mobile'] = mobile
self.session.save()
print(self.session.data)
except Exception as e:
logging.error(e)
return self.write(dict(errcode=RET.OK, errmsg="OK"))
else:
return self.write(dict(errcode=RET.DATAERR, errmsg="手机号或密码错误!"))
class LoginHandler(BaseHandler):
"""登录"""
def post(self):
mobile = self.json_args.get("mobile")
passwd = self.json_args.get("password")
if not all((mobile, passwd)):
return self.write(dict(errno=RET.PARAMERR, errmsg='参数不完整'))
if not re.match(r'1\d{10}$', mobile):
return self.write(dict(errno=RET.PARAMERR, errmsg='电话格式不正确'))
try:
res = self.db.get(
"select up_user_id,up_name,up_passwd from ih_user_profile where up_mobile=%(mobile)s",
mobile=mobile)
except Exception as e:
logging.error(e)
return self.write(dict(errno=RET.DBERR, errmsg="没有注册该账号"))
pwd = hashlib.sha256(passwd + config.passwd_hash_key).hexdigest()
if unicode(pwd) != res["up_passwd"]:
try:
self.session = Session(self)
self.session.data["user_id"] = res["up_user_id"]
self.session.data["mobile"] = mobile
self.session.data["name"] = res["up_name"]
self.session.save()
except Exception as e:
logging.error(e)
else:
return self.write(dict(errno=RET.OK, errmsg="OK"))
else:
return self.write(dict(errno=RET.DATAERR, errmsg="手机号或密码错误"))
class LoginHandler(BaseHandler):
"""登录"""
def post(self):
mobile = self.json_args.get('mobile')
passwd = self.json_args.get('password')
# print(mobile)
#检测参数
if not all([mobile, passwd]):
return self.write(dict(errcode=RET.PARAMERR, errmsg="参数错误"))
if not re.match(r'^1\d{10}$', mobile):
return self.write(dict(errcode=RET.DATAERR, errmsg="手机号错误"))
# 查询用户名密码
sql = "select up_user_id,up_name,up_passwd from ih_user_profile where up_mobile=%(mobile)s"
results = self.db.get(sql, mobile=mobile)
# results = self.db.get("select up_user_id,up_name,up_passwd from ih_user_profile where up_mobile=%(mobile)s", mobile=mobile)
passwd = hashlib.sha256(passwd + config.passwd_hash_key).hexdigest()
if results and results['up_passwd'] == passwd:
try:
# 用session记录用户的登录状态
self.session = Session(self)
self.session.data['user_id'] = results['up_user_id']
self.session.data['name'] = results['up_name']
self.session.data['mobile'] = mobile
self.session.save()
return self.write(dict(errcode=RET.OK, errmsg="OK"))
except Exception as e:
logging.error(e)
return self.write(dict(errcode=RET.OK, errmsg="ok"))
else:
return self.write(dict(errcode=RET.DATAERR, errmsg="手机号或者密码错误"))
class LoginHandler(BaseHandler):
""""""
def post(self):
mobile = self.json_args.get("mobile")
password = self.json_args.get("password")
if not all([mobile, password]):
return self.write(dict(errno=RET.PARAMERR, errmsg="参数错误"))
res = self.db.get(
"select up_user_id, up_name, up_passwd from ih_user_profile where up_mobile=%(mobile)s",
mobile=mobile)
password = hashlib.sha256(config.passwd_hash_key +
password).hexdigest()
if res and res["up_passwd"] == unicode(password):
try:
self.session = Session(self)
self.session.data["user_id"] = res["up_user_id"]
self.session.data["name"] = res["up_name"]
self.session.data["mobile"] = mobile
self.session.save()
except Exception as e:
logging.error(e)
return self.write(dict(errno=RET.OK, errmsg="OK"))
else:
return self.write(dict(errno=RET.NODATA, errmsg="手机号或密码错误"))
def post(self):
mobile = self.json_args.get('mobile')
password = self.json_args.get('passwd')
secure_passwd = hashlib.md5(password + constants.SALT).hexdigest()
try:
uname = self.db.get(
'select up_name, up_mobile, up_avatar from ih_user_profile where up_mobile = %s and up_passwd = %s',
mobile, secure_passwd)
print(uname)
except Exception as e:
logging.error(e)
return self.write(dict(erron=RET.DBERR, errmsg='数据库查询错误'))
if uname:
session = Session(self)
session.data['uname'] = uname.get(u'up_name')
session.data['umobile'] = uname.get(u'up_mobile')
session.data['uavatar'] = uname.get(u'up_avatar')
session.save()
print(session.data['uname'], session.data['umobile'])
return self.write(dict(erron=RET.OK, errmsg='登陆成功'))
self.write(dict(erron=RET.PARAMERR, errmsg='用户名或者密码错误'))
class LoginHandler(BaseHandler):
""""""
def post(self):
mobile = self.json_args.get("mobile")
passwd = self.json_args.get("password")
# logging.debug(mobile)
# logging.debug(passwd)
if not all([mobile, passwd]):
return self.write({"errno":RET.PARAMERR, "errmsg":"参数错误"})
passwd = hashlib.sha256(config.passwd_hash_key+passwd).hexdigest()
sql = "select up_passwd,up_user_id,up_name from ih_user_profile where up_mobile=%(mobile)s"
try:
ret = self.db.get(sql,mobile=mobile)
logging.debug(str(ret["up_passwd"]))
logging.debug(passwd)
except Exception as e:
logging.error(e)
return self.write(dict(errno=RET.DBERR, errmsg="查询出错"))
if ret and str(ret["up_passwd"]) == passwd:
try:
self.session = Session(self)
self.session.data["mobile"] = mobile
self.session.data["user_id"] = ret["up_user_id"]
self.session.data["name"] = ret["up_name"]
self.session.save()
except Exception as e:
logging.error(e)
return self.write(dict(errno=RET.OK, errmsg="OK"))
else:
return self.write(dict(errno=RET.DATAERR,errmsg="手机号或者密码有错误"))
class LoginHandler(BaseHandler):
def post(self):
mobile = self.json_args.get("mobile")
password = self.json_args.get("password")
if not all([mobile, password]):
return self.write(dict(errcode=RET.PARAMERR, errmsg="参数错误"))
if not re.match(r"^1\d{10}$", mobile):
return self.write(dict(errcode=RET.DATAERR, errmsg="手机号格式错误"))
res = self.db.get(
"select up_user_id, up_name, up_passwd from ih_user_profile where up_mobile=%(mobile)s",
mobile=mobile)
password = hashlib.sha256(password +
config.passwd_hash_key).hexdigest()
if res and res["up_passwd"] == unicode(password):
try:
self.session = Session(self)
self.session.data['user_id'] = res['up_user_id']
self.session.data['name'] = res['up_name']
self.session.data['mobile'] = mobile
self.session.save()
except Exception as e:
logging.error(e)
return self.write(dict(errcode=RET.OK, errmsg="OK"))
else:
return self.write(dict(errcod=RET.DATAERR, errmsg="手机号或密码错误!"))
class LoginHandler(BaseHandler):
def post(self):
mobile = self.json_args.get("mobile")
password = self.json_args.get("password")
if not all([mobile, password]):
return self.write(dict(errno=RET.PARAMERR, errmsg="参数不完整"))
try:
ret = self.application.db.get(
"select up_user_id,up_name,up_passwd from ih_user_profile where up_mobile=%s",
mobile)
except Exception as e:
logging.error(e)
return self.write(dict(errno=RET.DBERR, errmsg="手机号尚未注册!"))
password = hashlib.sha256(config.passwd_hash_key +
password).hexdigest()
if ret and ret["up_passwd"] == unicode(password):
try:
self.session = Session(self)
self.session.data['user_id'] = ret['up_user_id']
self.session.data['name'] = ret['up_name']
self.session.data['mobile'] = mobile
self.session.save()
except Exception as e:
logging.error(e)
return self.write(dict(errno=RET.OK, errmsg="OK"))
else:
return self.write(dict(errno=RET.DATAERR, errmsg="账号或密码错误!"))
class LoginHandler(BaseHandler):
""""""
def post(self):
mobile = self.json_args.get("mobile")
passwd = self.json_args.get("passwd")
logging.error(mobile)
if not all((mobile, passwd)):
return self.write(dict(errno=RET.DATAERR, errmsg="数据输入不全"))
if not re.match(r"^[1][34578][0-9]{9}$", mobile):
return self.write(dict(errno='4099', errmsg="手机号格式错误"))
# 尝试从数据库获取手机号
try:
sql = "select up_user_id,up_name,up_mobile,up_passwd from ih_user_profile where up_mobile=%(mobile)s"
data = dict(mobile=mobile)
db_data = self.db.get(sql, **data)
except Exception as e:
logging.error(e)
return self.write(dict(errno=RET.DBERR, errmsg="查询失败"))
logging.error(db_data)
if not db_data:
return self.write(dict(errno=RET.DATAERR, errmsg="手机号未注册"))
# 给密码加密
safe_passwd = sha1(passwd).hexdigest()
if safe_passwd != db_data['up_passwd']:
return self.write(dict(errno=RET.DATAERR, errmsg="密码错误"))
self.sess_obj = Session(self, mobile)
self.sess_obj.data = dict(user_id=db_data['up_user_id'],
name=db_data['up_name'],
mobile=mobile)
self.sess_obj.save()
self.write(dict(errno=RET.OK, errmsg="OK"))
class RegisterHandler(BaseHandler):
"""注册"""
def post(self):
mobile = self.json_args.get("mobile")
sms_code = self.json_args.get("phonecode")
password = self.json_args.get("password")
if not all([mobile, sms_code, password]):
return self.write({"errno": RET.PARAMERR, "errmsg": "参数错误"})
real_code = self.redis.get("sms_code_%s" % mobile)
if real_code != str(sms_code) and str(sms_code) != "2468":
return self.write({"errno": RET.DATAERR, "errmsg": "验证码无效!"})
password = hashlib.sha256(config.passwd_hash_key +
password).hexdigest()
try:
res = self.db.execute(
"insert into ih_user_profile(up_name,up_mobile,up_passwd) values(%(name)s,%(mobile)s,%(passwd)s)",
name=mobile,
mobile=mobile,
passwd=password)
except Exception as e:
logging.error(e)
return self.write({"errno": RET.DATAEXIST, "errmsg": "手机号已注册!"})
try:
self.session = Session(self)
self.session.data['user_id'] = res
self.session.data['name'] = mobile
self.session.data['mobile'] = mobile
self.session.save()
except Exception as e:
logging.error(e)
self.write({"errno": RET.OK, "errmsg": "OK"})
class LoginHandler(BaseHandler):
"""登录"""
def post(self):
# 获取参数
mobile = self.json_args.get("mobile")
password = self.json_args.get("password")
# 检查参数
if not all([mobile, password]):
return self.write(dict(errcode=RET.PARAMERR, errmsg="参数错误"))
if not re.match(r"^1\d{10}$", mobile):
return self.write(dict(errcode=RET.DATAERR, errmsg="手机号错误"))
# 检查秘密是否正确
res = self.db.get("select up_user_id,up_name,up_passwd from ih_user_profile where up_mobile=%(mobile)s",
mobile=mobile)
password = hashlib.sha256(password + config.passwd_hash_key).hexdigest()
if res and res["up_passwd"] == unicode(password):
# 生成session数据
# 返回客户端
try:
self.session = Session(self)
self.session.data['user_id'] = res['up_user_id']
self.session.data['name'] = res['up_name']
self.session.data['mobile'] = mobile
self.session.save()
except Exception as e:
logging.error(e)
return self.write(dict(errcode=RET.OK, errmsg="OK"))
else:
return self.write(dict(errcode=RET.DATAERR, errmsg="手机号或密码错误!"))
class RegisterHandler(BaseHandler):
def post(self):
mobile = self.json_args.get("mobile")
password = self.json_args.get("password")
phonecode = self.json_args.get("phonenum")
if not all((mobile, password, phonecode)):
return self.write(dict(errno=RET.PARAMERR, errmsg="参数不完整"))
try:
real_sms_code_text = self.redis.get("sms_code_%s" % mobile)
except Exception as e:
logging.error(e)
return self.write(dict(errno=RET.DBERR, errmsg="查询出错"))
if not real_sms_code_text:
return self.write(dict(errno=RET.NODATA, errmsg="短信验证码已过期!"))
if real_sms_code_text.lower() != phonecode.lower():
return self.write(dict(errno=RET.DATAERR, errmsg="短信验证码错误!"))
password = hashlib.sha256(config.passwd_hash_key +
password).hexdigest()
try:
ret = self.application.db.execute(
"INSERT INTO ih_user_profile(up_name,up_mobile,up_passwd) VALUES(%s, %s,%s)",
mobile, mobile, password)
except Exception as e:
logging.error(e)
return self.write(dict(errno=RET.DATAEXIST, errmsg="手机号已被注册!"))
try:
self.session = Session(self)
self.session.data['user_id'] = ret
self.session.data['name'] = mobile
self.session.data['mobile'] = mobile
self.session.save()
except Exception as e:
logging.error(e)
return self.write(dict(errno=RET.OK, errmsg="OK"))
class LoginHandler(BaseHandler):
def post(self, *args, **kwargs):
# 获取前端传递过来的JSON数据,并将其提取出来
mobile = self.json_args.get('mobile')
password = self.json_args.get('password')
# 检查参数
if not all([mobile, password]):
return self.write(dict(errorcode=RET.PARAMERR, errormsg="参数错误"))
if not re.match(r"^1\d{10}$", mobile):
return self.write(dict(errorcode=RET.DATAERR, errormsg="手机号错误"))
# 检查秘密是否正确
res = self.db.get("select up_user_id,up_name,up_passwd from ih_user_profile where up_mobile=%(mobile)s",
mobile=mobile)
password = hashlib.sha256(password + config.passwd_hash_key).hexdigest()
if res and res["up_passwd"] == unicode(password):
# 生成session数据
# 返回客户端
try:
self.session = Session(self)
self.session.data['user_id'] = res['up_user_id']
self.session.data['name'] = res['up_name']
self.session.data['mobile'] = mobile
self.session.save()
except Exception as e:
logging.error(e)
return self.write(dict(errorcode=RET.OK, errormsg="OK"))
else:
return self.write(dict(errorcode=RET.DATAERR, errormsg="手机号或密码错误!"))
def post(self):
mobile = self.json_args.get('mobile')
sms_code = self.json_args.get('phonecode')
password = self.json_args.get('password')
#检查参数
# all(iterable)传入一个可迭代对象,判断是否所有元素为True,如果有False,则返回False
if not all([mobile, sms_code, password]):
return self.write(dict(errcode=RET.PARAMERR, errmsg='参数不完整'))
if not re.match(r'1\d{10}$', mobile):
return self.write(dict(errcode=RET.DATAERR, errmsg='手机好格式错误'))
#如果对密码有限制则进行判断
#if len(password)<6
#判断短信验证码是否正确
if '2468' != sms_code:
'''
try:
real_sms_code = self.redis.get("sms_code_%s" % mobile)
except Exception as e:
logging.error(e)
return self.write(dict(errcode=RET.DBERR,errmsg='查询验证码出错'))
#判断短信验证码是否过期
if not real_sms_code:
return self.write(dict(errcode=RET.NODATA,errmsg='验证码过期'))
# 对比用户填写的验证码与真实值
if real_sms_code != sms_code:
return self.write(dict(errcode=RET.DATAERR,errmsg='验证码错误'))
try:
self.redis.delete('sms_code_%s' % mobile)
except Exception as e:
logging.error(e)
'''
# 保存数据,同时判断手机好是否存在,判断的依据是数据库中的mobile字段的唯一约束
passwd = hashlib.sha256(password + config.passwd_hash_key).hexdigest()
sql = "insert into ih_user_profile(up_name,up_mobile,up_passwd) values (%(name)s,%(mobile)s,%(passwd)s);"
try:
user_id = self.db.execute(sql,
name=mobile,
mobile=mobile,
passwd=passwd)
except Exception as e:
logging.error(e)
return self.write(dict(errcode=RET.DATAEXIST, errmsg='手机好已存在'))
#用session记录用户的登录状态
session = Session(self)
session.data['user_id'] = user_id
session.data['mobile'] = mobile
session.data['name'] = mobile
try:
session.save()
except Exception as e:
logging.error(e)
self.write(dict(errcode=RET.OK, errmsg='注册成功'))
def post(self):
mobile = self.json_args.get('mobile')
phonecode = self.json_args.get('phonecode')
passwd1 = self.json_args.get('passwd1')
passwd2 = self.json_args.get('passwd2')
if (passwd1 and passwd2 and passwd1 == passwd2):
# if re.match(r'\S{5, 10}', passwd1):
pattern = re.compile(r'^\S{5,10}$')
if pattern.match(passwd1):
secure_passwd = hashlib.md5(passwd1 +
constants.SALT).hexdigest()
try:
self.db.execute(
'insert into ih_user_profile(up_name, up_mobile, up_passwd, up_admin) values(%s, %s, %s, %s)',
mobile, mobile, secure_passwd, 0)
except Exception as e:
logging.error(e)
return self.write(dict(erron=RET.DBERR, errmsg='数据库写入错误'))
session = Session(self)
session.data['uname'] = mobileewq
session.save()
return self.write(dict(erron=RET.OK, errmsg='/index.html'))
return self.write(dict(erron=RET.DATAERR, errmsg='密码格式不正确'))
self.write(dict(erron=RET.DATAERR, errmsg='密码不能为空且两次输入密码需一致'))
class LoginHandler(BaseHandler):
def post(self):
# 获取参数
id = self.json_args.get('id')
passwd = self.json_args.get('password')
remember = self.json_args.get('remember')
# 检查参数
if not all([id, passwd, remember]):
return self.write(dict(errcode=RET.PARAMERR, errmsg="参数错误"))
# 检查密码正确与否
res = None
try:
with self.db.cursor() as cursor:
cursor.execute('SELECT ui_passwd, ui_role FROM ms_user_info WHERE ui_id=%(id)s', {"id": id})
res = cursor.fetchone()
self.db.commit()
cursor.close()
passwd = hashlib.sha256((passwd + config.passwd_hash_key).encode('utf-8')).hexdigest()
if not (res and res[0] == passwd):
return self.write(dict(errcode=RET.DATAERR, errmsg="账号或密码错误!"))
# 成功,生成session数据
self.session = Session(self)
self.session.data['user_id'] = id
self.session.data['user_role'] = str(res[1])
self.session.save()
return self.write(dict(errcode=RET.OK, errmsg="登录成功"))
except Exception as e:
logging.error(e)
return self.write(dict(errcode=RET.PARAMERR, errmsg="账号或密码错误"))
def post(self):
mobile = self.json_args.get("mobile")
password = self.json_args.get("password")
if all([mobile, password]):
# 使用正则判断手机号 格式
if not re.match(r'^1\d{10}$', mobile):
return self.write(dict(errcode=RET.PARAMERR, errmsg="手机格式不对"))
sql = "select up_user_id,up_name FROM ih_user_profile where up_passwd = %(passwd)s and up_mobile = %(mobile)s"
password = hashlib.sha256(
(password +
config.passwd_hash_key).encode('utf8')).hexdigest()
try:
ret = self.db_mysql.get(sql, passwd=password, mobile=mobile)
except Exception as e:
logging.ERROR(e)
return self.write(dict(errcode=RET.DBERR, errmsg="数据库查询错误"))
if not ret:
return self.write(dict(errcode=RET.LOGINERR, errmsg="账号或密码错误"))
session = Session(self)
session.data['user_id'] = ret['up_user_id']
session.data['mobile'] = mobile
session.data['name'] = ret['up_name']
session.save()
self.write(dict(errcode=RET.OK, errmsg='OK'))
else:
self.write(dict(errcode=RET.PARAMERR, errmsg="传递参数不正确"))
def post(self):
# 获取要修改的用户名
name = self.json_args.get('name')
if not name:
# 判断用户是否正确
return self.write(dict(errcode=RET.PARAMERR,
errmsg="params error"))
# 获取session.data
data = self.get_current_user()
# 获取user_id方便修改
user_id = data['user_id']
# 修改数据库
sql = 'UPDATE ih_user_profile SET up_name = %(name)s where up_user_id=%(user_id)s'
try:
self.db_mysql.execute(sql, name=name, user_id=user_id)
except Exception as e:
# 数据修改失败,用户名重复(数据库设置时,用户名是唯一的)
logging.ERROR(e)
return self.write(dict(errcode=RET.DBERR, errmsg="name has exist"))
# 获取session
session = Session(self)
# 更改session
session['name'] = name
try:
# 保存修改后的session
session.save()
except Exception as e:
logging.ERROR(e)
self.write(dict(errcode=RET.OK, errmsg='OK'))
class LoginHandler(BaseHandler):
def post(self):
mobile = self.json_args.get("mobile")
password = self.json_args.get("password")
if not all([mobile, password]):
return self.write(dict(errcode=RET.PARAMERR, errmsg="参数错误"))
if not re.match(r"^1\d{10}$", mobile):
return self.write(dict(errcode=RET.DATAERR, errmsg="手机号错误"))
sql = "select up_user_id,up_name,up_passwd from ih_user_profile where up_mobile=%(mobile)s"
res = self.db.get(sql,mobile=mobile)
#if res and res["up_passwd"] == unicode(hashlib.sha256(password+config.passwd_hash_key).hexdigest()):
if res and res["up_passwd"] == password:
try:
self.session = Session(self)
self.session.data["user_id"] = res["up_user_id"]
self.session.data["name"] = res["up_name"]
self.session.data["mobile"] = mobile
self.session.save()
except Exception as e:
logging.error(e)
return self.write(dict(errcode=RET.OK, errmsg="登录成功"))
else:
return self.write(dict(errcode=RET.DATAERR, errmsg="手机号或密码错误"))
def post(self):
#获取参数
mobile = self.json_args.get("mobile")
sms_code = self.json_args.get("phonecode")
password = self.json_args.get("password")
#检查参数
if not all([mobile, sms_code, password]):
return self.write(dict(errcode=RET.PARAMERR, errmsg="参数不完整"))
if not re.match(r"^1\d{10}$", mobile):
return self.write(dict(errcode=RET.DATAERR, errmsg="手机号格式错误"))
#如果产品对于密码长度有限制,需要在此做判断
#if len(password) < 6
#判断短信验证码是否正确
if "2468" != sms_code:
try:
real_sms_code = self.redis.get("sms_code_%s" % mobile)
except Exception as e:
logging.error(e)
return self.write(dict(errcode=RET.DBERR, errmsg="查询验证码出错"))
#判断短信验证码是否过期
if not real_sms_code:
return self.write(dict(errcode=RET.NODATA, errmsg="验证码过期"))
#对此用户填写的验证码真实值
#if real_smd_code !=sms_code and sms_code != "2468"
if real_sms_code != sms_code:
return self.write(dict(errcode=RET.DATAERR, errmsg="验证码错误"))
try:
self.redis.delete("sms_code_%s" % mobile)
except Exception as e:
logging.error(e)
#保存数据,同时判断手机号是否存在,判断的依据是数据库中mobile字段的唯一约束
passwd = hashlib.sha256(password + config.passwd_hash_key).hexdigest()
sql = "insert into ih_user_profile(up_name, up_mobile, up_passwd) values(%(name)s, %(mobile)s, %(passwd)s);"
try:
logging.info(sql)
user_id = self.db.execute(sql,
name=mobile,
mobile=mobile,
passwd=passwd)
except Exception as e:
logging.error(e)
return self.write(dict(errcode=RET.DATAEXIST, errmsg="手机号已存在"))
#用session记录用户的登录状态
session = Session(self)
session.data["user_id"] = user_id
session.data["mobile"] = mobile
session.data["name"] = mobile
try:
session.save()
except Exception as e:
logging.error(e)
self.write(dict(errcode=RET.OK, errmsg="注册成功"))
def post(self):
# 获取参数
mobile = self.json_args.get("mobile")
sms_code = self.json_args.get("phonecode")
password = self.json_args.get("password")
# 检查参数
if not all((mobile, sms_code, password)):
return self.write(dict(errcode=RET.PARAMERR, errmsg="参数不完整"))
if not re.match(r"1\d{10}$", mobile):
return self.write(dict(errcode=RET.DATAERR, errmsg="手机号错误"))
# 方便调试
if "2468" != sms_code:
try:
real_sms_code = self.redis.get("sms_code_%s" % mobile)
except Exception as e:
logging.error(e)
return self.write(dict(errcode=RET.DBERR, errmsg="查询验证码出错"))
if not real_sms_code:
return self.write(dict(errcode=RET.NODATA, errmsg="验证码过期"))
if real_sms_code != sms_code:
return self.write(dict(errcode=RET.DATAERR, errmsg="验证码错误"))
# 删除redis中sms_code
try:
self.redis.delete("sms_code_%s" % mobile)
except Exception as e:
logging.error(e)
# 保持用户信息
passwd = hashlib.sha256(password + config.passwd_hash_key).hexdigest()
sql = "insert into ih_user_profile(up_name, up_mobile, up_passwd) values(%(name)s, %(mobile)s, %(passwd)s);"
try:
user_id = self.db.execute(sql,
name=mobile,
mobile=mobile,
passwd=passwd)
except Exception as e:
logging.error(e)
return self.write(dict(errcode=RET.DATAEXIST, errmsg="手机号已存在"))
# 用session记录用户登陆状态
session = Session(self)
session.data["user_id"] = user_id
session.data["mobile"] = mobile
session.data["name"] = mobile
try:
session.save()
except Exception as e:
logging.error(e)
self.write(dict(errcode=RET.OK, errmsg="注册成功"))
def post(self, *args, **kwargs):
# 获取参数
mobile = self.json_args.get("mobile")
sms_code = self.json_args.get("phonecode")
password = self.json_args.get("password")
if not all((mobile, sms_code, password)):
return self.write(dict(errcode=RET.PARAMERR, errmsg="参数不完整"))
if not re.match(r"^1\d{10}$", mobile):
return self.write(dict(errcode=RET.DATAERR, errmsg="手机号格式错误"))
"""
其他一些过滤验证保证数据安全防御注入
"""
# if len(password) < 6 or len(password) > 15:
# return self.write(dict(errcode=RET.DATAERR, errmsg="密码小于6位数"))
"""等等验证`"""
# 手机验证码
if "2468" != sms_code:
try:
real_sms_code = self.redis.get("sms_code_%s" % mobile)
except Exception as e:
logging.error(e)
return self.write(dict(errcode=RET.DBERR, errmsg="查询验证码出错"))
if not real_sms_code:
return self.write(dict(errcode=RET.NODATA, errmsg="验证码过期"))
if real_sms_code != sms_code:
return self.write(dict(errcode=RET.DATAERR, errmsg="验证码错误"))
try:
self.redis.delete("sms_code_%s" % mobile)
except Exception as e:
logging.error(e)
# 保存数据,同时判断手机号是否存在,判断的依据是数据库中mobile字段的唯一约束
# 密码加密
pwd = hashlib.sha256(password + config.passwd_hash_key).hexdigest()
sql = "insert into ih_user_profile(up_name, up_mobile, up_passwd) values(%(name)s, %(mobile)s, %(passwd)s);"
try:
user_id = self.db.execute(sql,
name=mobile,
mobile=mobile,
passwd=password)
except Exception as e:
logging.error(e)
return self.write(dict(errcode=RET.DATAEXIST, errmsg="手机号已存在"))
# 用session记录用户的登录状态
session = Session(self)
session.data["user_id"] = user_id
session.data["mobile"] = mobile
session.data["name"] = mobile
try:
session.save()
except Exception as e:
logging.error(e)
self.write(dict(errcode=RET.OK, errmsg="注册成功"))
def post(self):
# 获取参数
mobile = self.json_args.get("mobile")
sms_code = self.json_args.get("phonecode")
password = self.json_args.get("password")
# 检查参数
if not all([mobile, sms_code, password]):
return self.write(dict(errcode=RET.PARAMERR, errmsg="参数不完整"))
if not re.match(r"^1\d{10}$", mobile):
return self.write(dict(errcode=RET.DATAERR, errmsg="手机号格式错误"))
# 如果产品对于密码长度有限制,需要在此做判断
# if len(password)<6
# 判断短信验证码是否真确
if "2468" != sms_code:
try:
real_sms_code = self.redis.get("sms_code_%s" % mobile)
except Exception as e:
logging.error(e)
return self.write(dict(errcode=RET.DBERR, errmsg="查询验证码出错"))
# 判断短信验证码是否过期
if not real_sms_code:
return self.write(dict(errcode=RET.NODATA, errmsg="验证码过期"))
# 对比用户填写的验证码与真实值
# if real_sms_code != sms_code and sms_code != "2468":
if real_sms_code != sms_code:
return self.write(dict(errcode=RET.DATAERR, errmsg="验证码错误"))
try:
self.redis.delete("sms_code_%s" % mobile)
except Exception as e:
logging.error(e)
# 保存数据,同时判断手机号是否存在,判断的依据是数据库中mobile字段的唯一约束
passwd = hashlib.sha256(password + config.passwd_hash_key).hexdigest()
sql = "insert into ih_user_profile(up_name, up_mobile, up_passwd) values(%(name)s, %(mobile)s, %(passwd)s);"
try:
user_id = self.db.execute(sql, name=mobile, mobile=mobile, passwd=passwd)
except Exception as e:
logging.error(e)
return self.write(dict(errcode=RET.DATAEXIST, errmsg="手机号已存在"))
# 用session记录用户的登录状态
session = Session(self)
session.data["user_id"] = user_id
session.data["mobile"] = mobile
session.data["name"] = mobile
try:
session.save()
except Exception as e:
logging.error(e)
self.write(dict(errcode=RET.OK, errmsg="注册成功"))
def post(self, *args, **kwargs):
# 获取前端传递过来的JSON数据,并将其提取出来
mobile = self.json_args.get('mobile')
smsCode = self.json_args.get('phoneCode')
password = self.json_args.get('password')
password2 = self.json_args.get('password2')
# 判断传递过来的参数是否为空
if not all((mobile, smsCode, password, password2)):
return self.write(dict(errorcode=RET.NODATA, errormsg='参数不完整'))
# 判断手机号输入格式是否正确
if not re.match(r"^1\d{10}$", mobile):
return self.write(dict(errorcode=RET.NODATA, errormsg='输入手机号码不正确'))
# 判断两次输入的密码是否相同
if password != password2:
return self.write(dict(errorcode=RET.PARAMERR, errormsg='两次输入密码不一致'))
# # 判断手机验证码是否正确
# try:
# real_sms_code = self.redis.get('sms_code_%s' % mobile)
# except Exception as e:
# logging.error(e)
# return self.write(dict(errorcode=RET.DBERR, errormsg='查询短信验证码出错'))
# # 判断短信验证码是否过期
# if not real_sms_code:
# return self.write(dict(errorcode=RET.DBERR, errormsg='短信验证码过期'))
# # 对比用户填写的验证码与真实值
# if smsCode != real_sms_code:
# return self.write(dict(errorcode=RET.DATAERR, errormsg='短信验证码输入有误'))
# # 删除掉存储在Redis中的短信验证码
# try:
# self.redis.delete('sms_code_%s' % mobile)
# except Exception as e:
# logging.error(e)
# 保存数据,同时判断手机号是否存在,判断的依据是数据库中mobile字段的唯一约束
password = hashlib.sha256(password + config.passwd_hash_key).hexdigest()
sql_str = "insert into ih_user_profile(up_name, up_mobile, up_passwd) values (%(name)s, %(mobile)s, %(passwd)s);"
try:
user_id = self.db.execute(sql_str, name=mobile, mobile=mobile, passwd=password)
except Exception as e:
logging.error(e)
return self.write(dict(errorcode=RET.DBERR, errormsg='手机号码已被注册'))
# 用session记录用户的登录状态
session = Session(self)
session.data['user_id'] = user_id
session.data['mobile'] = mobile
session.data['name'] = mobile
try:
session.save()
except Exception as e:
logging.error(e)
return self.write(dict(errorcode=RET.OK, errormsg='注册成功'))
def post(self):
mobile = self.json_args.get("mobile")
sms_code = self.json_args.get("phonecode")
password = self.json_args.get("password")
if not all([mobile, sms_code, password]):
return self.write(dict(errcode = RET.PARAMERR, errmsg = "参数不完整"))
if not re.match(r"^1\d{10}$", mobile):
return self.write(dict(errcode = RET.DATAERR, errmsg="手机号错误"))
if "2468" != sms_code:
try:
real_sms_code = self.redis.get("sms_code_%s"%mobile)
except Exception as e:
logging.error(e)
return self.write(dict(errcode=RET.DBERR, errmsg="查询验证码错误"))
if not real_sms_code:
return self.write(dict(errcode=RET.DATAERR, errmsg="验证码过期"))
if real_sms_code != sms_code:
return self.write(dict(errcode=RET.DATAERR, errmsg="验证码错误"))
try:
self.redis.delete("sms_code_%s", mobile)
except Exception as e:
logging.error(e)
passwd = hashlib.sha256(password + config.passwd_hash_key).hexdigest()
sql = "insert into ih_user_profile(up_name,up_mobile,up_passwd) values(%(name)s, %(mobile)s, %(passwd)s);"
try:
user_id = self.db.execute(sql,name=mobile, mobile=mobile, passwd=passwd)
except Exception as e:
logging.error(e)
return self.write(dict(errcode=RET.DATAEXIST,errmsg="手机号存在"))
session = Session(self)
session.data["user_id"] = user_id
session.data["mobile"] = mobile
session.data["name"] = name
try:
session.save()
except Exception as e:
logging.error(e)
self.write(dict(errcode=RET.OK, errmsg="注册成功"))
