1 #!/usr/bin/env python
2 #-*- coding:utf-8 -*-
3
4 importtornado.web5 importlogging6 importdatetime7 importbase648
9 from base importBaseHandler10
11
12 classRegisterHandler(BaseHandler):13
14 '''
15 注册处理类16 '''
17
18 def get(self, *args, **kwargs):19 self.error = {"exists": "用户名或者邮箱已被使用!"}20 user =None21 error = self.get_argument("error", default="")22 input_user = self.get_argument("user", default="")23 input_email = self.get_argument("email", default="")24 self.render("auth/register.htm",25 user=user,26 error=self.error.get(error, ""),27 input_user=input_user,28 input_email=input_email,29 admin=0)30
31 defpost(self):32 username = self.get_body_argument("input_user", default="")33 email = self.get_body_argument("input_email", default="")34 password = self.get_body_argument("input_passwd", default="")35 passwd =base64.b64encode(password)36
37 #判断用户名或者邮箱是否已被使用
38 if notself._checkusername_action(username, email):39 self.db.execute('''insert into users40 (41 name,42 email,43 password,44 image,45 admin,46 created_at47 )48 values49 (50 %s,51 %s,52 %s,53 'none',54 '0',55 %s56 )''',57 username,58 email,59 passwd,60 datetime.datetime.now())61 self.redirect("/login")62 else:63 self.redirect(64 "/register?error=exists&user={0}&email={1}".format(username, email))65
66 def_checkusername_action(self, username, email):67 '''
68 检查是否有该用户69 '''
70 user =self.db.query(71 "select id from users where (name=%s or email=%s)", username, email)72 if len(user) ==0:73 returnFalse74 else:75 returnTrue76
77
78 classLoginHandler(BaseHandler):79
80 '''
81 登录处理类82 '''
83
84 def get(self, *args, **kwargs):85 self.error ={86 "not_exists": "用户名或者邮箱不存在!",87 "disable": "该用户名已经停用,若有疑问请联系管理员!",88 "passwd_error": "密码错误!"
89 }90 user =None91 error = self.get_argument("error", default="")92 input_user = self.get_argument("user", default="")93 self.render("auth/login.htm",94 user=user,95 input_user=input_user,96 error=self.error.get(error, ""),97 admin=0)98
99 defpost(self):100 username = self.get_body_argument("input_user")101 password = self.get_body_argument("input_passwd")102 cbox_remember = self.get_body_argument("cbox_remember", default="off")103 passwd =base64.b64encode(password)104
105 if notself._checkusername_action(username):106 if notself._has_cn(username):107 self.redirect(108 "/login?error=not_exists&user={0}".format(username))109 else:110 self.redirect("/login?error=not_exists")111
112 if notself._checkpasswd_action(username, passwd):113 if notself._has_cn(username):114 self.redirect(115 "/login?error=passwd_error&user={0}".format(username))116 else:117 self.redirect("/login?error=passwd_error")118 else:119 if self.user[0].status ==0:120 if notself._has_cn(username):121 self.redirect(122 "/login?error=disable&user={0}".format(username))123 else:124 self.redirect("/login?error=disable")125 else:126 if cbox_remember == "on":127 self.set_secure_cookie(128 "user", self.user[0].name, expires_days=30)129 else:130 self.set_secure_cookie(131 "user", self.user[0].name, expires_days=1)132 self.redirect("/")133
134 def_checkusername_action(self, username):135 '''
136 检查是否有该用户137 '''
138 user =self.db.query(139 "select id from users where (name=%s or email=%s)", username, username)140 if len(user) ==0:141 returnFalse142 else:143 returnTrue144
145 def_checkpasswd_action(self, username, password):146 '''
147 检查用户密码是否正确148 '''
149 user =self.db.query(150 "select id,name,status from users where (name=%s and password=%s)", username, password)151 if len(user) ==0:152 returnFalse153 else:154 self.user =user155 returnTrue156
157 def_has_cn(self, text):158 '''
159 万恶的中文160 '''
161 importre162 zhPattern = pile(u'[u4e00-u9fa5]+')163 returnzhPattern.search(text)164
165
166 classLogoutHandler(BaseHandler):167
168 '''
169 退出登录,清除cookie170 '''
171
172 defget(self):173 self.clear_cookie('user')174 self.redirect("/")175
176
177 classChangePasswdHandler(BaseHandler):178
179 '''
180 修改用户密码181 '''
182
183 @tornado.web.authenticated184 def get(self, *args, **kwargs):185 self.error = {"passwd_error": "密码错误!"}186 error = self.get_argument("error", default="")187
188 self.render("auth/changepasswd.htm",189 user=self.current_user,190 error=self.error.get(error, ""),191 admin=self.get_current_permission())192
193 @tornado.web.authenticated194 defpost(self):195 username = self.get_body_argument("input_user")196 old_password = self.get_body_argument("input_old_passwd")197 new_password = self.get_body_argument("input_new_passwd")198 old_passwd =base64.b64encode(old_password)199 new_passwd =base64.b64encode(new_password)200
201 if notself._checkpasswd_action(username, old_passwd):202 self.redirect("/changepasswd?error=passwd_error")203 else:204 self.db.execute('''update205 users206 set207 password = %s208 where209 name = %s''', new_passwd, username)210 self.clear_cookie("user")211 self.redirect("/login")212
213 def_checkpasswd_action(self, username, password):214 user =self.db.query(215 "select id,name from users where (name=%s and password=%s)", username, password)216 if len(user) ==0:217 returnFalse218 else:219 returnTrue220
221
222 classAccountHandler(BaseHandler):223
224 '''
225 用户管理(新增用户,权限更改)226 '''
227
228 @tornado.web.authenticated229 def get(self, *args, **kwargs):230 self.render("auth/account.htm",231 user=self.current_user,232 admin=self.get_current_permission())233
234 @tornado.web.authenticated235 def post(self, *args, **kwargs):236 action = "_%s_action" %args[0]237 ifhasattr(self, action):238 getattr(self, action)()239 else:240 self.json("fail", "no action!")241
242 def_query_all_action(self):243 '''
244 查询用户表245 '''
246 page_record = 10
247 current_page = self.get_body_argument("current_page", default="1")248 page_dict =dict()249
250 try:251 ret = self.db.query('''select count(id) as count from users''')252 if ret[0].count%page_record ==0:253 total_pages = ret[0].count//page_record254 else:255 total_pages = ret[0].count//page_record + 1
256 page_dict["total_pages"] =str(total_pages)257 page_dict["total_count"] =str(ret[0].count)258 ret = self.db.query('''select259 id,260 name,261 email,262 admin,263 status264 from265 users266 order by admin desc limit %s, %s''',267 (int(current_page)-1)*page_record, page_record)268 page_dict["current_page"] =current_page269 page_dict["current_data"] =ret270 self.json("success", page_dict)271 exceptException as e:272 self.json("error", str(e))273
274 def_add_user_action(self):275 '''
276 新增用户277 '''
278 username = self.get_body_argument("username", default="")279 email = self.get_body_argument("email", default="")280 password = self.get_body_argument("password", default="")281 admin = self.get_body_argument("permission_id", default="2")282 passwd =base64.b64encode(password)283
284 #判断用户名或者邮箱是否已被使用
285 if notself._checkusername_action(username, email):286 self.db.execute('''insert into users287 (288 name,289 email,290 password,291 admin,292 status,293 image,294 created_at295 )296 values297 (298 %s,299 %s,300 %s,301 %s,302 1,303 'none',304 %s305 )''',306 username,307 email,308 passwd,309 admin,310 datetime.datetime.now())311 ret = self.db.execute('''SELECT LAST_INSERT_ID()''');312 user_dict =dict()313 user_dict["id"] =str(ret)314 user_dict["admin"] =admin315 user_dict["email"] =email316 user_dict["status"] = "1"
317 user_dict["name"] =username318
319 self.json("success", user_dict)320 else:321 self.json("fail", "exists")322
323 def_update_user_action(self):324 user_id = self.get_body_argument("user_id", default="")325 admin = self.get_body_argument("permission_id", default="")326 status_id = self.get_body_argument("status_id", default="")327
328 try:329 self.db.execute('''update330 users331 set332 admin = %s,333 status = %s334 where335 id = %s''',336 admin,337 status_id,338 user_id)339 self.json("success", "success")340 exceptException as e:341 self.json("error", str(e))342
343 def_delete_user_action(self):344 user_id = self.get_body_argument("user_id", default="")345 try:346 record = self.db.query('''select id from blogs347 where user_id = %s limit 0,1''', user_id)348 if len(record) ==0:349 self.db.execute('''delete from users where id = %s''', user_id)350 self.json("success", "success")351 else:352 self.json("disable", "disable")353 exceptException as e:354 self.json("error", str(e))355
356 def_checkusername_action(self, username, email):357 '''
358 检查是否有该用户359 '''
360 user =self.db.query(361 "select id from users where (name=%s or email=%s)", username, email)362 if len(user) ==0:363 returnFalse364 else:365 return True