From ea78e8abdde271c249a8635ed25dcd26c86fe7dc Mon Sep 17 00:00:00 2001 From: zmister Date: Wed, 27 Oct 2021 17:01:33 +0800 Subject: [PATCH] =?UTF-8?q?=E5=BF=98=E8=AE=B0=E5=AF=86=E7=A0=81=E9=A1=B5?= =?UTF-8?q?=E9=9D=A2=E6=96=B0=E5=A2=9E=E8=AF=B7=E6=B1=82=E9=A2=91=E7=8E=87?= =?UTF-8?q?=E9=99=90=E5=88=B6=EF=BC=8C=E9=98=B2=E6=AD=A2=E6=9A=B4=E5=8A=9B?= =?UTF-8?q?=E7=A0=B4=E8=A7=A3?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- app_admin/views.py | 32 ++++++++++++++++++++++++++++---- 1 file changed, 28 insertions(+), 4 deletions(-) diff --git a/app_admin/views.py b/app_admin/views.py index 55c11516f..bd63348f5 100644 --- a/app_admin/views.py +++ b/app_admin/views.py @@ -196,6 +196,25 @@ def forget_pwd(request): new_pwd_confirm = request.POST.get('confirm_password') # 查询验证码和邮箱是否匹配 try: + # 验证重试次数 + if 'ForgetPwdEmailCodeVerifyLock' not in request.session.keys(): + request.session['ForgetPwdEmailCodeVerifyNum'] = 1 # 重试次数 + request.session['ForgetPwdEmailCodeVerifyLock'] = False # 是否锁定 + request.session['ForgetPwdEmailCodeVerifyTime'] = datetime.datetime.now().timestamp() # 解除锁定时间 + verify_num = request.session['ForgetPwdEmailCodeVerifyNum'] + if verify_num > 5: + request.session['ForgetPwdEmailCodeVerifyLock'] = True + request.session['ForgetPwdEmailCodeVerifyTime'] = (datetime.datetime.now() + datetime.timedelta(minutes=10)).timestamp() + verify_lock = request.session['ForgetPwdEmailCodeVerifyLock'] + verify_time = request.session['ForgetPwdEmailCodeVerifyTime'] + + # 验证是否锁定 + # print(datetime.datetime.now().timestamp(),verify_time) + if verify_lock is True and datetime.datetime.now().timestamp() < verify_time: + errormsg = _("操作过于频繁,请10分钟后再试!") + request.session['ForgetPwdEmailCodeVerifyNum'] = 0 # 重试次数清零 + return render(request, 'forget_pwd.html', locals()) + # 比对验证码 data = EmaiVerificationCode.objects.get(email_name=email,verification_code=vcode,verification_type='忘记密码') expire_time = data.expire_time if expire_time > datetime.datetime.now(): @@ -203,17 +222,22 @@ def forget_pwd(request): user.set_password(new_pwd) user.save() errormsg = _("修改密码成功,请返回登录!") + request.session['ForgetPwdEmailCodeVerifyNum'] = 0 # 重试次数 + request.session['ForgetPwdEmailCodeVerifyLock'] = False # 是否锁定 + request.session['ForgetPwdEmailCodeVerifyTime'] = datetime.datetime.now().timestamp() # 解除锁定时间 return render(request, 'forget_pwd.html', locals()) else: - errormsg = _("验证码已过期") + errormsg = _("验证码已过期!") return render(request, 'forget_pwd.html', locals()) except ObjectDoesNotExist: - logger.error(_("邮箱不存在:{}".format(email))) - errormsg = _("验证码或邮箱错误") + logger.error(_("验证码或邮箱不存在:{}".format(email))) + errormsg = _("验证码或邮箱错误!") + request.session['ForgetPwdEmailCodeVerifyNum'] += 1 return render(request, 'forget_pwd.html', locals()) except Exception as e: logger.exception("修改密码异常") - errormsg = _("验证码或邮箱错误") + errormsg = _("验证码或邮箱错误!") + request.session['ForgetPwdEmailCodeVerifyNum'] += 1 return render(request,'forget_pwd.html',locals())