-
Notifications
You must be signed in to change notification settings - Fork 0
/
admin.py
64 lines (52 loc) · 1.62 KB
/
admin.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
#!/usr/bin/env python
# -*- coding: utf-8 -*-
import tornado.web
from utils import encrypt_password,join_path
class BaseHandler(tornado.web.RequestHandler):
@property
def db(self):
return self.application.db
def get_current_user(self):
admin_id = self.get_secure_cookie("admin")
if not admin_id: return None
return self.db.get("SELECT uid,email,name,type FROM user WHERE uid=?", int(admin_id))
def get_login_url(self):
return '/admin/login'
def get_template_path(self):
template_path = self.application.settings.get("template_path")
return join_path(template_path, 'admin')
class AdminHandler(BaseHandler):
@tornado.web.authenticated
def get(self):
self.render('index.html')
def get_login_url(self):
return '/admin/login'
class LoginHandler(BaseHandler):
def get(self):
self.render('login.html')
def post(self):
if self.get_current_user():
raise tornado.web.HTTPError(403)
name = self.get_argument('name')
pwd = self.get_argument('password')
if name == '' or pwd == '':
self.write('用户名和密码不能为空!')
return
pwd = encrypt_password(pwd)
sql = "SELECT uid FROM user WHERE name=? AND password=? AND type>=10 LIMIT 1"
user = self.db.get(sql, name, pwd)
print user
if user:
self.set_secure_cookie("admin", str(user.uid))
self.redirect(self.get_argument('next', '/admin'))
else:
self.write('用户名或密码不正确!')
class LogoutHandler(BaseHandler):
def get(self):
self.clear_cookie("admin")
self.redirect(self.get_argument('next', '/admin'))
adminUrls = [
(r'/admin', AdminHandler),
(r'/admin/login', LoginHandler),
(r'/admin/logout', LogoutHandler)
]