diff --git a/app/Login.py b/app/Login.py index db4df18..cd750d1 100644 --- a/app/Login.py +++ b/app/Login.py @@ -3,6 +3,18 @@ import string from datetime import datetime, timedelta from UseSqlite import InsertQuery, RecordQuery +def md5(s): + ''' + MD5摘要 + :param str: 字符串 + :return: 经MD5以后的字符串 + ''' + h = hashlib.md5(s.encode(encoding='utf-8')) + return h.hexdigest() + +# import model.user after the defination of md5(s) to avoid circular import +from model.user import get_user_by_username, insert_user, update_password_by_username + path_prefix = '/var/www/wordfreq/wordfreq/' path_prefix = './' # comment this line in deployment @@ -12,13 +24,9 @@ def verify_pass(newpass,oldpass): def verify_user(username, password): - rq = RecordQuery(path_prefix + 'static/wordfreqapp.db') - password = md5(username + password) - rq.instructions_with_parameters("SELECT * FROM user WHERE name=:username AND password=:password", dict( - username=username, password=password)) # the named style https://docs.python.org/3/library/sqlite3.html - rq.do_with_parameters() - result = rq.get_results() - return result != [] + user = get_user_by_username(username) + encoded_password = md5(username + password) + return user is not None and user.password == encoded_password def add_user(username, password): @@ -26,19 +34,12 @@ def add_user(username, password): expiry_date = (datetime.now() + timedelta(days=30)).strftime('%Y%m%d') # will expire after 30 days # 将用户名和密码一起加密,以免暴露不同用户的相同密码 password = md5(username + password) - rq = InsertQuery(path_prefix + 'static/wordfreqapp.db') - rq.instructions_with_parameters("INSERT INTO user VALUES (:username, :password, :start_date, :expiry_date)", dict( - username=username, password=password, start_date=start_date, expiry_date=expiry_date)) - rq.do_with_parameters() + insert_user(username=username, password=password, start_date=start_date, expiry_date=expiry_date) def check_username_availability(username): - rq = RecordQuery(path_prefix + 'static/wordfreqapp.db') - rq.instructions_with_parameters( - "SELECT * FROM user WHERE name=:username", dict(username=username)) - rq.do_with_parameters() - result = rq.get_results() - return result == [] + existed_user = get_user_by_username(username) + return existed_user is None def change_password(username, old_password, new_password): @@ -54,35 +55,16 @@ def change_password(username, old_password, new_password): # 将用户名和密码一起加密,以免暴露不同用户的相同密码 if verify_pass(new_password,old_password): #新旧密码一致 return False - password = md5(username + new_password) - rq = InsertQuery(path_prefix + 'static/wordfreqapp.db') - rq.instructions_with_parameters("UPDATE user SET password=:password WHERE name=:username", dict( - password=password, username=username)) - rq.do_with_parameters() + update_password_by_username(username, new_password) return True def get_expiry_date(username): - rq = RecordQuery(path_prefix + 'static/wordfreqapp.db') - rq.instructions_with_parameters( - "SELECT expiry_date FROM user WHERE name=:username", dict(username=username)) - rq.do_with_parameters() - result = rq.get_results() - if len(result) > 0: - return result[0]['expiry_date'] - else: + user = get_user_by_username(username) + if user is None: return '20191024' - - -def md5(s): - ''' - MD5摘要 - :param str: 字符串 - :return: 经MD5以后的字符串 - ''' - h = hashlib.md5(s.encode(encoding='utf-8')) - return h.hexdigest() - + else: + return user.expiry_date class UserName: def __init__(self, username): diff --git a/app/model/user.py b/app/model/user.py index 28173b9..d684332 100644 --- a/app/model/user.py +++ b/app/model/user.py @@ -1,5 +1,6 @@ from model import * from Login import md5 +from pony import orm def get_users(): with db_session: @@ -11,6 +12,11 @@ def get_user_by_username(username): if user: return user.first() +def insert_user(username, password, start_date, expiry_date): + with db_session: + user = User(name=username, password=password, start_date=start_date, expiry_date=expiry_date) + orm.commit() + def update_password_by_username(username, password="123456"): with db_session: user = User.select(name=username)