Skip to content
Browse files

Merge branch 'account' of github.com:dongyi/photo-equipment into account

  • Loading branch information...
2 parents a8dcb89 + 6182428 commit a72079be034a069d96279f0b06070ce581ce117d dongyi committed
Showing with 32 additions and 18 deletions.
  1. +1 −1 common/base_httphandler.py
  2. +1 −1 common/util.py
  3. +28 −14 controller/account.py
  4. +1 −0 schema/account.sql
  5. +1 −2 templates/base.html
View
2 common/base_httphandler.py
@@ -54,7 +54,7 @@ def get_error_html(self, status_code, exception=None, **kwargs):
return self.render_string('_error.htm', status_code=status_code, exception=exception, **kwargs)
def get_current_user(self):
- return None
+ return self.session.get('user',{}).get('name', None)
class ReqMixin(object):
user_callback = {}
View
2 common/util.py
@@ -80,7 +80,7 @@ def is_in_same_day(argtime):
"""
now = int(time.time())
-
+ kDaySeconds = 24 * 3600
return (argtime / kDaySeconds) == (now / kDaySeconds)
#return (now-argtime)/kDaySeconds == 0
View
42 controller/account.py
@@ -1,13 +1,11 @@
#coding=utf8
-import tornado.web
-import tornado.database
+import tornado.web
from common.base_httphandler import BaseHandler
-def check_user(email, password):
- pass
def qn(s):
+ # 防止sql注入
dirty_stuff = ["\"", "\\", "/", "*", "'", "=", "-", "#", ";", "<", ">", "+", "%"]
for stuff in dirty_stuff:
s = s.replace(stuff,"")
@@ -15,9 +13,6 @@ def qn(s):
class AccountHandler(BaseHandler):
def get(self, action):
- f = lambda x:self.get_argument(x, '').strip()
- name = f('name')
- password = f('password')
if action == 'login':
return self.render('login.html')
elif action == 'signup':
@@ -26,17 +21,36 @@ def get(self, action):
self.session.clear()
self.session.save()
self.redirect('/')
+ elif action == 'check_user':
+ # 从微博,人人,豆瓣登录过来的请求最后重定向到这里,检查用户是否在本站注册过,注册过就再重定向到首页,否则render到注册页面
+ platform = self.session.get('platform', '')
+ site_username = self.session.get('site_username', '')
+ site_id = self.session.get('site_id', '') #TODO: 在connect下的各个登录模块中把session中存的内容加上这3个, 统一处理
+ if platform == 'weibo':
+ sql = 'select count(*) from account where weiboid=%d'%int(site_id)
+ elif platform == 'douban':
+ sql = 'select count(*) from account where doubanid=%d'%int(site_id)
+ elif platform == 'renren':
+ sql = 'select count(*) from account where renrenid=%d'%int(site_id)
+ count = self.db.get(sql)
+ if count == 0:
+ return self.render('signup.html', platform=platform, site_username=site_username) # TODO: 更新signup模版显示用户是从哪里来的
+ elif count == 1:
+ return self.redirect('/')
+ else:
+ raise tornado.web.HTTPError(500, 'more than 1 account found')
+
def post(self, action):
f = lambda x:self.get_argument(x, '').strip()
+ email = f('form_email')
+ name = f('form_name')
+ password = f('form_password')
if action == 'login':
- user = self.db.get('select * from account where name=%s and password=PASSWORD(%s)'%(qn(name), qn(password))) # this will raise error if not exist
- self.session['user'] = dict(name=user.name, id=user.id)
+ user = self.db.get('select * from account where email=%s and password=MD5(%s)'%(qn(email), qn(password))) # this will raise error if not exist
+ self.session['user'] = dict(name=user.username, id=user.userid)
self.session.save()
return self.redirect('/')
elif action == 'signup':
- name = f('name')
- email = f('email')
- password = f('password')
- self.db.execute('INSERT INTO account (name, email, password) VALUES(%s, %s, MD5(%s))'%(qn(name), qn(email), qn(password)))
- return self.render('/')
+ self.db.execute('INSERT INTO account (username, email, password) VALUES(%s, %s, MD5(%s))'%(qn(name), qn(email), qn(password)))
+ return self.redirect('/')
View
1 schema/account.sql
@@ -2,6 +2,7 @@ CREATE TABLE `account` (
`userid` int(11) NOT NULL auto_increment,
`email` text character set utf8 NOT NULL,
`username` varchar(32) NOT NULL,
+ `password` varchar(64) NOT NULL,
`weiboid` bigint(20) default NULL,
`renrenid` bigint(20) default NULL,
`doubanid` bigint(20) default NULL,
View
3 templates/base.html
@@ -29,8 +29,7 @@
</ul>
</div>
<div class="top-nav-info">
- <a href="/account/login">登录</a>
- <a href="/account/login">{% if current_user %} {{ current_user }} {% else %} <a href="/account/signup">signup</a> {% end %}</a>
+ <a href="/account/login">{% if current_user %} <a href="">{{ current_user }}</a> {% else %} <a href="/account/signup">注册</a> <a href="/account/login">登录</a>{% end %}</a>
<a href="/account/logout">退出</a>
</div>
</div>

0 comments on commit a72079b

Please sign in to comment.
Something went wrong with that request. Please try again.