zcdsj
/
safesite
5
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

password encrapt

This commit is contained in:
caoqianming 2019-11-19 21:02:18 +08:00
parent 7fb85edf6f
commit 18362bbeec
4 changed files with 108 additions and 50 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

22
safesite/migrations/0292_auto_20191119_1805.py Normal file
View File

@ -0,0 +1,22 @@
# Generated by Django 2.1.5 on 2019-11-19 18:05
from django.db import migrations, models
class Migration(migrations.Migration):
dependencies = [
('safesite', '0291_auto_20191118_2309'),
]
operations = [
# migrations.RemoveField(
# model_name='companyinfo',
# name='liaison_fax',
# ),
migrations.AlterField(
model_name='user',
name='password',
field=models.CharField(max_length=100),
),
]

27
safesite/migrations/0293_auto_20191119_1811.py Normal file
View File

@ -0,0 +1,27 @@
# Generated by Django 2.1.5 on 2019-11-19 18:11
from django.db import migrations, models
class Migration(migrations.Migration):
dependencies = [
('safesite', '0292_auto_20191119_1805'),
]
operations = [
# migrations.RemoveField(
# model_name='companyinfo',
# name='liaison_fax',
# ),
migrations.AlterField(
model_name='user',
name='epassword',
field=models.CharField(blank=True, max_length=200, null=True),
),
migrations.AlterField(
model_name='user',
name='password',
field=models.CharField(max_length=30),
),
]

2
safesite/models.py
View File

@ -51,7 +51,7 @@ class User(models.Model):
username = models.CharField(max_length=30,unique=True)#账号 username = models.CharField(max_length=30,unique=True)#账号
name = models.CharField(max_length=20) name = models.CharField(max_length=20)
password = models.CharField(max_length=30) password = models.CharField(max_length=30)
epassword = models.CharField(max_length=60,blank=True,null=True) epassword = models.CharField(max_length=200,blank=True,null=True)
ubelongpart = models.ForeignKey(Partment,related_name='upart', on_delete=models.CASCADE) ubelongpart = models.ForeignKey(Partment,related_name='upart', on_delete=models.CASCADE)
openid=models.CharField(max_length=200,null=True,blank=True)#公众号openid openid=models.CharField(max_length=200,null=True,blank=True)#公众号openid
nickname=models.CharField(max_length=200,null=True,blank=True)#昵称 nickname=models.CharField(max_length=200,null=True,blank=True)#昵称

69
safesite/views.py
View File

@ -311,21 +311,23 @@ def login(req):
if req.method == 'POST': if req.method == 'POST':
user_form = UserForm(req.POST) user_form = UserForm(req.POST)
if user_form.is_valid():
username = req.POST.get('username') username = req.POST.get('username')
password = req.POST.get('password') password = req.POST.get('password')
user = User.objects.filter(username__exact = username, password__exact = password,deletemark=1) user = User.objects.filter(username = username,deletemark=1)
if user: if user.exists():
if user_form.is_valid(): if check_password(password,user[0].epassword):
# 比较成功跳转index
req.session['userid'] = user[0].userid req.session['userid'] = user[0].userid
# req.session.set_expiry(60*30)
return redirect('index') return redirect('index')
else:
msg = '密码错误'
return render(req, 'login.html', locals())
else:
msg = '用户不存在或被禁用'
return render(req,'login.html', locals())
else: else:
msg = '验证码错误' msg = '验证码错误'
return render(req, 'login.html', locals()) return render(req, 'login.html', locals())
else:
msg = '用户名或密码错误'
return render(req,'login.html', locals())
else: else:
user_form = UserForm() user_form = UserForm()
return render(req,'login.html', locals()) return render(req,'login.html', locals())
@ -363,8 +365,9 @@ def changepwd(req):
oldpassword = req.POST.get('oldpassword') oldpassword = req.POST.get('oldpassword')
newpassword = req.POST.get('newpassword') newpassword = req.POST.get('newpassword')
a = User.objects.get(userid=userid) a = User.objects.get(userid=userid)
if a.password == oldpassword: if check_password(oldpassword,a.epassword):
a.password = newpassword a.password = newpassword
a.epassword = make_password(newpassword)
a.save() a.save()
del req.session['userid'] del req.session['userid']
return JsonResponse({"code":1}) return JsonResponse({"code":1})
@ -2195,6 +2198,7 @@ def userhandle(req):
a.empid = req.POST.get('empid') a.empid = req.POST.get('empid')
a.username=req.POST.get('username') a.username=req.POST.get('username')
a.password=req.POST.get('password') a.password=req.POST.get('password')
a.epassword = make_password(password)
a.ubelongpart=Partment.objects.get(partid=req.POST.get('ubelongpart')) a.ubelongpart=Partment.objects.get(partid=req.POST.get('ubelongpart'))
a.save() a.save()
companyid = getcompany(a.userid) companyid = getcompany(a.userid)
@ -2978,8 +2982,9 @@ def bwlogin2(req):
openid = req.POST.get('openid') openid = req.POST.get('openid')
nickname = req.POST.get('nickname') nickname = req.POST.get('nickname')
headimgurl = req.POST.get('headimgurl') headimgurl = req.POST.get('headimgurl')
user = User.objects.filter(username__exact = username, password__exact = password) user = User.objects.filter(username= username,deletemark=1)
if user: if user.exists():
if check_password(password,user[0].epassword):
mpuser = User.objects.filter(openid=openid).exclude(username = username) mpuser = User.objects.filter(openid=openid).exclude(username = username)
if mpuser.exists(): if mpuser.exists():
return render(req,'bindwechat.html',{'msg':'您的微信已绑定平台下'+mpuser[0].username+'账号,不可重复绑定请先至pc端解绑','code':0}) #已绑定其他账号 return render(req,'bindwechat.html',{'msg':'您的微信已绑定平台下'+mpuser[0].username+'账号,不可重复绑定请先至pc端解绑','code':0}) #已绑定其他账号
@ -2993,7 +2998,9 @@ def bwlogin2(req):
else: else:
return render(req,'bindwechat.html',{'msg':'该平台账号已绑定昵称为'+user[0].nickname+'的微信,不可重复绑定请先至pc端解绑','code':0}) #已绑定其他账号 return render(req,'bindwechat.html',{'msg':'该平台账号已绑定昵称为'+user[0].nickname+'的微信,不可重复绑定请先至pc端解绑','code':0}) #已绑定其他账号
else: else:
return render(req,'bwlogin.html',{'msg':'用户名或密码错误!'}) return render(req,'bwlogin.html',{'msg':'密码错误'})
else:
return render(req,'bwlogin.html',{'msg':'用户不存在或已禁用'})
def bwlogin(req): def bwlogin(req):
if req.method == 'GET': if req.method == 'GET':
@ -3019,25 +3026,17 @@ def bwlogin(req):
openid = req.POST.get('openid') openid = req.POST.get('openid')
nickname = req.POST.get('nickname') nickname = req.POST.get('nickname')
headimgurl = req.POST.get('headimgurl') headimgurl = req.POST.get('headimgurl')
user = User.objects.filter(username__exact = username, password__exact = password) user = User.objects.filter(username = username,deletemark=1)
if user: if user.exists():
# mpuser = User.objects.filter(openid=openid).exclude(username = username) if check_password(password,user[0].epassword):
# if mpuser.exists():
# return render(req,'bindwechat.html',{'msg':'您的微信已绑定平台下'+mpuser[0].username+'账号,不可重复绑定请先至pc端解绑','code':0}) #已绑定其他账号
# else:
# if user[0].openid == '0' or user[0].openid == None or user[0].openid == '':
# user.update(openid=openid,headimgurl=headimgurl,nickname=nickname)
# return render(req,'bindwechat.html',{'msg':'绑定成功,请刷新电脑端浏览器!','code':1})
# else:
User.objects.filter(openid=openid).update(openid=None,headimgurl=None,nickname=None) User.objects.filter(openid=openid).update(openid=None,headimgurl=None,nickname=None)
user.update(openid=openid,headimgurl=headimgurl,nickname=nickname) user.update(openid=openid,headimgurl=headimgurl,nickname=nickname)
return render(req,'bindwechat.html',{'msg':'绑定成功,请刷新电脑端浏览器!','code':1}) return render(req,'bindwechat.html',{'msg':'绑定成功,请刷新电脑端浏览器!','code':1})
# if user[0].openid == openid:
# return render(req,'bindwechat.html',{'msg':'绑定成功,请刷新电脑端浏览器!','code':1})
# else:
# return render(req,'bindwechat.html',{'msg':'该平台账号已绑定昵称为'+user[0].nickname+'的微信,不可重复绑定请先至pc端解绑','code':0}) #已绑定其他账号
else: else:
return render(req,'bwlogin.html',{'msg':'用户名或密码错误!'}) return render(req,'bwlogin.html',{'msg':'密码错误'})
else:
return render(req,'bwlogin.html',{'msg':'用户不存在或已禁用'})
def unbindwechat(req): def unbindwechat(req):
@ -3086,12 +3085,16 @@ def bindmp(req):
password = req.POST.get('password') password = req.POST.get('password')
mpopenid = req.POST.get('mpopenid') mpopenid = req.POST.get('mpopenid')
#print(username,password,mpopenid) #print(username,password,mpopenid)
user = User.objects.filter(username__exact = username, password__exact = password) user = User.objects.filter(username = username,deletemark=1)
if user: if user.exists():
if check_password(password,user[0].epassword):
user.update(mpopenid=mpopenid) user.update(mpopenid=mpopenid)
return JsonResponse({"code":1}) return JsonResponse({"code":1})
else: else:
return JsonResponse({"code":0}) return JsonResponse({"code":0})
else:
return JsonResponse({"code":0})
def setup(req): def setup(req):
if req.GET.get('a') == 'setuph': if req.GET.get('a') == 'setuph':
userid = req.session['userid'] userid = req.session['userid']
@ -3153,6 +3156,7 @@ def apicompany(req):
x.username = admin x.username = admin
x.name = '超级管理员' x.name = '超级管理员'
x.password = 'Aq123456' x.password = 'Aq123456'
x.epassword = make_password('Aq123456')
x.issuper = 1 x.issuper = 1
x.ubelongpart = y x.ubelongpart = y
x.usecomp = y x.usecomp = y
@ -3706,7 +3710,7 @@ def apiuser(req):
nowuserid = req.GET.get('userid') nowuserid = req.GET.get('userid')
a = User.objects.get(userid=userid) a = User.objects.get(userid=userid)
if a.issuper==1: if a.issuper==1:
User.objects.filter(userid=nowuserid).update(password='0000') User.objects.filter(userid=nowuserid).update(password='0000',epassword=make_password('0000'))
return JsonResponse({"code":1}) return JsonResponse({"code":1})
else: else:
return JsonResponse({"code":0}) return JsonResponse({"code":0})
@ -4091,6 +4095,11 @@ def apitool(req):
if create: if create:
print(i.partname+'---加入supergroup') print(i.partname+'---加入supergroup')
return JsonResponse({"code":1}) return JsonResponse({"code":1})
elif a == 'correct_password':
for i in User.objects.all():
i.epassword = make_password(i.password)
i.save()
return JsonResponse({"code":1})