From 18362bbeecc75242e697941415d522e7ab9652df Mon Sep 17 00:00:00 2001 From: caoqianming Date: Tue, 19 Nov 2019 21:02:18 +0800 Subject: [PATCH] password encrapt --- .../migrations/0292_auto_20191119_1805.py | 22 ++++ .../migrations/0293_auto_20191119_1811.py | 27 +++++ safesite/models.py | 2 +- safesite/views.py | 107 ++++++++++-------- 4 files changed, 108 insertions(+), 50 deletions(-) create mode 100644 safesite/migrations/0292_auto_20191119_1805.py create mode 100644 safesite/migrations/0293_auto_20191119_1811.py diff --git a/safesite/migrations/0292_auto_20191119_1805.py b/safesite/migrations/0292_auto_20191119_1805.py new file mode 100644 index 00000000..d1195178 --- /dev/null +++ b/safesite/migrations/0292_auto_20191119_1805.py @@ -0,0 +1,22 @@ +# Generated by Django 2.1.5 on 2019-11-19 18:05 + +from django.db import migrations, models + + +class Migration(migrations.Migration): + + dependencies = [ + ('safesite', '0291_auto_20191118_2309'), + ] + + operations = [ + # migrations.RemoveField( + # model_name='companyinfo', + # name='liaison_fax', + # ), + migrations.AlterField( + model_name='user', + name='password', + field=models.CharField(max_length=100), + ), + ] diff --git a/safesite/migrations/0293_auto_20191119_1811.py b/safesite/migrations/0293_auto_20191119_1811.py new file mode 100644 index 00000000..c1957d93 --- /dev/null +++ b/safesite/migrations/0293_auto_20191119_1811.py @@ -0,0 +1,27 @@ +# Generated by Django 2.1.5 on 2019-11-19 18:11 + +from django.db import migrations, models + + +class Migration(migrations.Migration): + + dependencies = [ + ('safesite', '0292_auto_20191119_1805'), + ] + + operations = [ + # migrations.RemoveField( + # model_name='companyinfo', + # name='liaison_fax', + # ), + migrations.AlterField( + model_name='user', + name='epassword', + field=models.CharField(blank=True, max_length=200, null=True), + ), + migrations.AlterField( + model_name='user', + name='password', + field=models.CharField(max_length=30), + ), + ] diff --git a/safesite/models.py b/safesite/models.py index eff996c9..a5843109 100644 --- a/safesite/models.py +++ b/safesite/models.py @@ -51,7 +51,7 @@ class User(models.Model): username = models.CharField(max_length=30,unique=True)#账号 name = models.CharField(max_length=20) password = models.CharField(max_length=30) - epassword = models.CharField(max_length=60,blank=True,null=True) + epassword = models.CharField(max_length=200,blank=True,null=True) ubelongpart = models.ForeignKey(Partment,related_name='upart', on_delete=models.CASCADE) openid=models.CharField(max_length=200,null=True,blank=True)#公众号openid nickname=models.CharField(max_length=200,null=True,blank=True)#昵称 diff --git a/safesite/views.py b/safesite/views.py index 9e847f40..19268943 100644 --- a/safesite/views.py +++ b/safesite/views.py @@ -311,21 +311,23 @@ def login(req): if req.method == 'POST': user_form = UserForm(req.POST) - username = req.POST.get('username') - password = req.POST.get('password') - user = User.objects.filter(username__exact = username, password__exact = password,deletemark=1) - if user: - if user_form.is_valid(): - # 比较成功,跳转index - req.session['userid'] = user[0].userid - # req.session.set_expiry(60*30) - return redirect('index') + if user_form.is_valid(): + username = req.POST.get('username') + password = req.POST.get('password') + user = User.objects.filter(username = username,deletemark=1) + if user.exists(): + if check_password(password,user[0].epassword): + req.session['userid'] = user[0].userid + return redirect('index') + else: + msg = '密码错误' + return render(req, 'login.html', locals()) else: - msg = '验证码错误' - return render(req, 'login.html', locals()) + msg = '用户不存在或被禁用' + return render(req,'login.html', locals()) else: - msg = '用户名或密码错误' - return render(req,'login.html', locals()) + msg = '验证码错误' + return render(req, 'login.html', locals()) else: user_form = UserForm() return render(req,'login.html', locals()) @@ -363,8 +365,9 @@ def changepwd(req): oldpassword = req.POST.get('oldpassword') newpassword = req.POST.get('newpassword') a = User.objects.get(userid=userid) - if a.password == oldpassword: + if check_password(oldpassword,a.epassword): a.password = newpassword + a.epassword = make_password(newpassword) a.save() del req.session['userid'] return JsonResponse({"code":1}) @@ -2195,6 +2198,7 @@ def userhandle(req): a.empid = req.POST.get('empid') a.username=req.POST.get('username') a.password=req.POST.get('password') + a.epassword = make_password(password) a.ubelongpart=Partment.objects.get(partid=req.POST.get('ubelongpart')) a.save() companyid = getcompany(a.userid) @@ -2978,22 +2982,25 @@ def bwlogin2(req): openid = req.POST.get('openid') nickname = req.POST.get('nickname') headimgurl = req.POST.get('headimgurl') - user = User.objects.filter(username__exact = username, password__exact = password) - if user: - mpuser = User.objects.filter(openid=openid).exclude(username = username) - if mpuser.exists(): - return render(req,'bindwechat.html',{'msg':'您的微信已绑定平台下'+mpuser[0].username+'账号,不可重复绑定,请先至pc端解绑!','code':0}) #已绑定其他账号 - else: - if user[0].openid == '0' or user[0].openid == None or user[0].openid == '': - user.update(openid=openid,headimgurl=headimgurl,nickname=nickname) - return render(req,'bindwechat.html',{'msg':'绑定成功,请刷新电脑端浏览器!','code':1}) + user = User.objects.filter(username= username,deletemark=1) + if user.exists(): + if check_password(password,user[0].epassword): + mpuser = User.objects.filter(openid=openid).exclude(username = username) + if mpuser.exists(): + return render(req,'bindwechat.html',{'msg':'您的微信已绑定平台下'+mpuser[0].username+'账号,不可重复绑定,请先至pc端解绑!','code':0}) #已绑定其他账号 else: - if user[0].openid == openid: + if user[0].openid == '0' or user[0].openid == None or user[0].openid == '': + user.update(openid=openid,headimgurl=headimgurl,nickname=nickname) return render(req,'bindwechat.html',{'msg':'绑定成功,请刷新电脑端浏览器!','code':1}) else: - return render(req,'bindwechat.html',{'msg':'该平台账号已绑定昵称为'+user[0].nickname+'的微信,不可重复绑定,请先至pc端解绑!','code':0}) #已绑定其他账号 + if user[0].openid == openid: + return render(req,'bindwechat.html',{'msg':'绑定成功,请刷新电脑端浏览器!','code':1}) + else: + return render(req,'bindwechat.html',{'msg':'该平台账号已绑定昵称为'+user[0].nickname+'的微信,不可重复绑定,请先至pc端解绑!','code':0}) #已绑定其他账号 + else: + return render(req,'bwlogin.html',{'msg':'密码错误'}) else: - return render(req,'bwlogin.html',{'msg':'用户名或密码错误!'}) + return render(req,'bwlogin.html',{'msg':'用户不存在或已禁用'}) def bwlogin(req): if req.method == 'GET': @@ -3019,25 +3026,17 @@ def bwlogin(req): openid = req.POST.get('openid') nickname = req.POST.get('nickname') headimgurl = req.POST.get('headimgurl') - user = User.objects.filter(username__exact = username, password__exact = password) - if user: - # mpuser = User.objects.filter(openid=openid).exclude(username = username) - # if mpuser.exists(): - # return render(req,'bindwechat.html',{'msg':'您的微信已绑定平台下'+mpuser[0].username+'账号,不可重复绑定,请先至pc端解绑!','code':0}) #已绑定其他账号 - # else: - # if user[0].openid == '0' or user[0].openid == None or user[0].openid == '': - # user.update(openid=openid,headimgurl=headimgurl,nickname=nickname) - # return render(req,'bindwechat.html',{'msg':'绑定成功,请刷新电脑端浏览器!','code':1}) - # else: - User.objects.filter(openid=openid).update(openid=None,headimgurl=None,nickname=None) - user.update(openid=openid,headimgurl=headimgurl,nickname=nickname) - return render(req,'bindwechat.html',{'msg':'绑定成功,请刷新电脑端浏览器!','code':1}) - # if user[0].openid == openid: - # return render(req,'bindwechat.html',{'msg':'绑定成功,请刷新电脑端浏览器!','code':1}) - # else: - # return render(req,'bindwechat.html',{'msg':'该平台账号已绑定昵称为'+user[0].nickname+'的微信,不可重复绑定,请先至pc端解绑!','code':0}) #已绑定其他账号 + user = User.objects.filter(username = username,deletemark=1) + if user.exists(): + if check_password(password,user[0].epassword): + User.objects.filter(openid=openid).update(openid=None,headimgurl=None,nickname=None) + user.update(openid=openid,headimgurl=headimgurl,nickname=nickname) + return render(req,'bindwechat.html',{'msg':'绑定成功,请刷新电脑端浏览器!','code':1}) + else: + return render(req,'bwlogin.html',{'msg':'密码错误'}) else: - return render(req,'bwlogin.html',{'msg':'用户名或密码错误!'}) + return render(req,'bwlogin.html',{'msg':'用户不存在或已禁用'}) + def unbindwechat(req): @@ -3086,12 +3085,16 @@ def bindmp(req): password = req.POST.get('password') mpopenid = req.POST.get('mpopenid') #print(username,password,mpopenid) - user = User.objects.filter(username__exact = username, password__exact = password) - if user: - user.update(mpopenid=mpopenid) - return JsonResponse({"code":1}) + user = User.objects.filter(username = username,deletemark=1) + if user.exists(): + if check_password(password,user[0].epassword): + user.update(mpopenid=mpopenid) + return JsonResponse({"code":1}) + else: + return JsonResponse({"code":0}) else: return JsonResponse({"code":0}) + def setup(req): if req.GET.get('a') == 'setuph': userid = req.session['userid'] @@ -3153,6 +3156,7 @@ def apicompany(req): x.username = admin x.name = '超级管理员' x.password = 'Aq123456' + x.epassword = make_password('Aq123456') x.issuper = 1 x.ubelongpart = y x.usecomp = y @@ -3706,7 +3710,7 @@ def apiuser(req): nowuserid = req.GET.get('userid') a = User.objects.get(userid=userid) if a.issuper==1: - User.objects.filter(userid=nowuserid).update(password='0000') + User.objects.filter(userid=nowuserid).update(password='0000',epassword=make_password('0000')) return JsonResponse({"code":1}) else: return JsonResponse({"code":0}) @@ -4091,6 +4095,11 @@ def apitool(req): if create: print(i.partname+'---加入supergroup') return JsonResponse({"code":1}) + elif a == 'correct_password': + for i in User.objects.all(): + i.epassword = make_password(i.password) + i.save() + return JsonResponse({"code":1})