forked from mrlan/EnglishPal
Merge pull request 'Use named style for sqlite3 execute()' (#22) from Hui-SaferSQL into master
Reviewed-on: http://121.4.94.30:3000/mrlan/EnglishPal/pulls/22ChenTianle-TypoCorrection
commit
c43e4c3f7c
|
@ -49,8 +49,7 @@ def get_today_article(user_word_list, articleID):
|
||||||
|
|
||||||
d = {}
|
d = {}
|
||||||
d_user = load_freq_history(user_word_list)
|
d_user = load_freq_history(user_word_list)
|
||||||
user_level = user_difficulty_level(d_user,
|
user_level = user_difficulty_level(d_user, d3) # more consideration as user's behaviour is dynamic. Time factor should be considered.
|
||||||
d3) # more consideration as user's behaviour is dynamic. Time factor should be considered.
|
|
||||||
random.shuffle(result) # shuffle list
|
random.shuffle(result) # shuffle list
|
||||||
d = random.choice(result)
|
d = random.choice(result)
|
||||||
text_level = text_difficulty_level(d['text'], d3)
|
text_level = text_difficulty_level(d['text'], d3)
|
||||||
|
|
24
app/Login.py
24
app/Login.py
|
@ -1,6 +1,5 @@
|
||||||
import hashlib
|
import hashlib
|
||||||
from datetime import datetime
|
from datetime import datetime
|
||||||
|
|
||||||
from UseSqlite import InsertQuery, RecordQuery
|
from UseSqlite import InsertQuery, RecordQuery
|
||||||
|
|
||||||
path_prefix = '/var/www/wordfreq/wordfreq/'
|
path_prefix = '/var/www/wordfreq/wordfreq/'
|
||||||
|
@ -10,7 +9,8 @@ path_prefix = './' # comment this line in deployment
|
||||||
def verify_user(username, password):
|
def verify_user(username, password):
|
||||||
rq = RecordQuery(path_prefix + 'static/wordfreqapp.db')
|
rq = RecordQuery(path_prefix + 'static/wordfreqapp.db')
|
||||||
password = md5(username + password)
|
password = md5(username + password)
|
||||||
rq.instructions_with_parameters("SELECT * FROM user WHERE name=? AND password=?", (username, password))
|
rq.instructions_with_parameters("SELECT * FROM user WHERE name=:username AND password=:password", dict(
|
||||||
|
username=username, password=password)) # the named style https://docs.python.org/3/library/sqlite3.html
|
||||||
rq.do_with_parameters()
|
rq.do_with_parameters()
|
||||||
result = rq.get_results()
|
result = rq.get_results()
|
||||||
return result != []
|
return result != []
|
||||||
|
@ -22,14 +22,16 @@ def add_user(username, password):
|
||||||
# 将用户名和密码一起加密,以免暴露不同用户的相同密码
|
# 将用户名和密码一起加密,以免暴露不同用户的相同密码
|
||||||
password = md5(username + password)
|
password = md5(username + password)
|
||||||
rq = InsertQuery(path_prefix + 'static/wordfreqapp.db')
|
rq = InsertQuery(path_prefix + 'static/wordfreqapp.db')
|
||||||
rq.instructions("INSERT INTO user VALUES ('%s', '%s', '%s', '%s')" % (username, password, start_date, expiry_date))
|
rq.instructions_with_parameters("INSERT INTO user VALUES (:username, :password, :start_date, :expiry_date)", dict(
|
||||||
rq.do()
|
username=username, password=password, start_date=start_date, expiry_date=expiry_date))
|
||||||
|
rq.do_with_parameters()
|
||||||
|
|
||||||
|
|
||||||
def check_username_availability(username):
|
def check_username_availability(username):
|
||||||
rq = RecordQuery(path_prefix + 'static/wordfreqapp.db')
|
rq = RecordQuery(path_prefix + 'static/wordfreqapp.db')
|
||||||
rq.instructions("SELECT * FROM user WHERE name='%s'" % (username))
|
rq.instructions_with_parameters(
|
||||||
rq.do()
|
"SELECT * FROM user WHERE name=:username", dict(username=username))
|
||||||
|
rq.do_with_parameters()
|
||||||
result = rq.get_results()
|
result = rq.get_results()
|
||||||
return result == []
|
return result == []
|
||||||
|
|
||||||
|
@ -47,15 +49,17 @@ def change_password(username, old_password, new_password):
|
||||||
# 将用户名和密码一起加密,以免暴露不同用户的相同密码
|
# 将用户名和密码一起加密,以免暴露不同用户的相同密码
|
||||||
password = md5(username + new_password)
|
password = md5(username + new_password)
|
||||||
rq = InsertQuery(path_prefix + 'static/wordfreqapp.db')
|
rq = InsertQuery(path_prefix + 'static/wordfreqapp.db')
|
||||||
rq.instructions("UPDATE user SET password = '%s' WHERE name = '%s'" % (password, username))
|
rq.instructions_with_parameters("UPDATE user SET password=:password WHERE name=:username", dict(
|
||||||
rq.do()
|
password=password, username=username))
|
||||||
|
rq.do_with_parameters()
|
||||||
return True
|
return True
|
||||||
|
|
||||||
|
|
||||||
def get_expiry_date(username):
|
def get_expiry_date(username):
|
||||||
rq = RecordQuery(path_prefix + 'static/wordfreqapp.db')
|
rq = RecordQuery(path_prefix + 'static/wordfreqapp.db')
|
||||||
rq.instructions("SELECT expiry_date FROM user WHERE name='%s'" % (username))
|
rq.instructions_with_parameters(
|
||||||
rq.do()
|
"SELECT expiry_date FROM user WHERE name=:username", dict(username=username))
|
||||||
|
rq.do_with_parameters()
|
||||||
result = rq.get_results()
|
result = rq.get_results()
|
||||||
if len(result) > 0:
|
if len(result) > 0:
|
||||||
return result[0]['expiry_date']
|
return result[0]['expiry_date']
|
||||||
|
|
|
@ -17,8 +17,8 @@ def signup():
|
||||||
return render_template('signup.html')
|
return render_template('signup.html')
|
||||||
elif request.method == 'POST':
|
elif request.method == 'POST':
|
||||||
# POST方法需判断是否注册成功,再根据结果返回不同的内容
|
# POST方法需判断是否注册成功,再根据结果返回不同的内容
|
||||||
username = request.form['username']
|
username = escape(request.form['username'])
|
||||||
password = request.form['password']
|
password = escape(request.form['password'])
|
||||||
|
|
||||||
available = check_username_availability(username)
|
available = check_username_availability(username)
|
||||||
if not available: # 用户名不可用
|
if not available: # 用户名不可用
|
||||||
|
@ -60,8 +60,8 @@ def login():
|
||||||
elif request.method == 'POST':
|
elif request.method == 'POST':
|
||||||
# POST方法用于判断登录是否成功
|
# POST方法用于判断登录是否成功
|
||||||
# check database and verify user
|
# check database and verify user
|
||||||
username = request.form['username']
|
username = escape(request.form['username'])
|
||||||
password = request.form['password']
|
password = escape(request.form['password'])
|
||||||
verified = verify_user(username, password)
|
verified = verify_user(username, password)
|
||||||
if verified:
|
if verified:
|
||||||
# 登录成功,写入session
|
# 登录成功,写入session
|
||||||
|
@ -104,15 +104,15 @@ def reset():
|
||||||
return render_template('reset.html', username=session['username'], state='wait')
|
return render_template('reset.html', username=session['username'], state='wait')
|
||||||
else:
|
else:
|
||||||
# POST请求用于提交修改后信息
|
# POST请求用于提交修改后信息
|
||||||
old_psd = request.form['old-psd']
|
old_password = escape(request.form['old-password'])
|
||||||
new_psd = request.form['new-psd']
|
new_password = escape(request.form['new-password'])
|
||||||
flag = change_password(username, old_psd, new_psd) # flag表示是否修改成功
|
flag = change_password(username, old_password, new_password) # flag表示是否修改成功
|
||||||
if flag:
|
if flag:
|
||||||
session['logged_in'] = False
|
session['logged_in'] = False
|
||||||
return \
|
return \
|
||||||
'''
|
'''
|
||||||
<script>
|
<script>
|
||||||
alert('修改密码成功!!!请重新登录');
|
alert('密码修改成功,请重新登录。');
|
||||||
window.location.href="/login";
|
window.location.href="/login";
|
||||||
</script>
|
</script>
|
||||||
|
|
||||||
|
@ -122,7 +122,7 @@ window.location.href="/login";
|
||||||
return \
|
return \
|
||||||
'''
|
'''
|
||||||
<script>
|
<script>
|
||||||
alert('修改密码失败!!!');
|
alert('密码修改失败');
|
||||||
window.location.href="/reset";
|
window.location.href="/reset";
|
||||||
</script>
|
</script>
|
||||||
|
|
||||||
|
|
|
@ -25,7 +25,7 @@
|
||||||
{% if session['logged_in'] %}
|
{% if session['logged_in'] %}
|
||||||
<a href="/{{session['username']}}">{{session['username']}}</a></p>
|
<a href="/{{session['username']}}">{{session['username']}}</a></p>
|
||||||
{% else %}
|
{% else %}
|
||||||
<p><a href="/login">登录</a> <a href="/signup">成为会员</a> <a href="/static/usr/instructions.html">使用说明</a></p >
|
<p><a href="/login">登录</a> <a href="/signup">注册</a> <a href="/static/usr/instructions.html">使用说明</a></p >
|
||||||
<p><b>{{random_ads|safe}}</b></p>
|
<p><b>{{random_ads|safe}}</b></p>
|
||||||
{% endif %}
|
{% endif %}
|
||||||
<div class="alert alert-success" role="alert">共有文章 <span class="badge bg-success"> {{number_of_essays}} </span> 篇</div>
|
<div class="alert alert-success" role="alert">共有文章 <span class="badge bg-success"> {{number_of_essays}} </span> 篇</div>
|
||||||
|
|
|
@ -2,10 +2,10 @@
|
||||||
<body>
|
<body>
|
||||||
<form action="/reset" method='POST'>
|
<form action="/reset" method='POST'>
|
||||||
旧密码:
|
旧密码:
|
||||||
<input type="password" name="old-psd" />
|
<input type="password" name="old-password" />
|
||||||
<br/>
|
<br/>
|
||||||
新密码:
|
新密码:
|
||||||
<input type="password" name="new-psd" />
|
<input type="password" name="new-password" />
|
||||||
<br/>
|
<br/>
|
||||||
<input type="submit" name="submit" value="提交" />
|
<input type="submit" name="submit" value="提交" />
|
||||||
<input type="button" name="submit" value="放弃修改" onclick="window.location.href='/{{ username }}'"/>
|
<input type="button" name="submit" value="放弃修改" onclick="window.location.href='/{{ username }}'"/>
|
||||||
|
|
Loading…
Reference in New Issue