上传文件至 /

account_service.py

@@ -0,0 +1,165 @@
+from flask import *
+from Login import check_username_availability, verify_user, add_user, get_expiry_date, change_password, WarningMessage
+
+
+# 初始化蓝图
+accountService = Blueprint("accountService", __name__)
+
+### Sign-up, login, logout ###
+@accountService.route("/signup", methods=['GET', 'POST'])
+def signup():
+    '''
+    注册
+    :return: 根据注册是否成功返回不同界面
+    '''
+    if request.method == 'GET':
+        # GET方法直接返回注册页面
+        return render_template('signup.html')
+    elif request.method == 'POST':
+        # POST方法需判断是否注册成功，再根据结果返回不同的内容
+        username = escape(request.form['username'])
+        password = escape(request.form['password'])
+        password2 = escape(request.form['password2'])
+        
+        #! 添加如下代码为了过滤注册时的非法字符
+        warn = WarningMessage(username)
+        if str(warn) != 'OK':
+            return str(warn)
+        
+        available = check_username_availability(username)
+        if not available: # 用户名不可用
+            flash('用户名 %s 已经被注册。' % (username))
+            return render_template('signup.html')
+        elif len(password.strip()) < 8: # 密码过短
+            return '密码过于简单。'
+        elif password != password2:
+            return '确认密码与输入密码不一致！'
+        has_specialchar = False
+        specialchar_List = ['@']
+        for c in password.strip():
+            if c in specialchar_List:
+                has_specialchar = True
+                break
+            if not has_specialchar:
+                return '密码必须包含特殊字符'
+            has_upper_letter = False
+            has_lower_letter = False
+            for c in password.strip():
+                if c.isupper():
+                    has_upper_letter = True
+                elif c.islower():
+                    has_lower_letter = True
+            has_both_letter = has_upper_letter and has_lower_letter
+            if has_both_letter:
+                break
+            if not has_both_letter:
+                return '密码必须同时包含大小写字母'
+        else: # 添加账户信息
+            add_user(username, password)
+            verified = verify_user(username, password)
+            if verified:
+                # 写入session
+                session['logged_in'] = True
+                session[username] = username
+                session['username'] = username
+                session['expiry_date'] = get_expiry_date(username)
+                session['articleID'] = None
+                return '<p>恭喜，你已成功注册， 你的用户名是 <a href="%s">%s</a>。</p>\
+                <p><a href="/%s">开始使用</a> <a href="/">返回首页</a><p/>' % (username, username, username)
+            else:
+                return '用户名密码验证失败。'
+
+
+
+@accountService.route("/login", methods=['GET', 'POST'])
+def login():
+    '''
+    登录
+    :return: 根据登录是否成功返回不同页面
+    '''
+    if request.method == 'GET':
+        # GET请求
+        if not session.get('logged_in'):
+            # 未登录，返回登录页面
+            return render_template('login.html')
+        else:
+            # 已登录，提示信息并显示登出按钮
+            return '你已登录 <a href="/%s">%s</a>。 登出点击<a href="/logout">这里</a>。' % (
+                session['username'], session['username'])
+    elif request.method == 'POST':
+        # POST方法用于判断登录是否成功
+        # check database and verify user
+        username = escape(request.form['username'])
+        password = escape(request.form['password'])
+        verified = verify_user(username, password)
+        if verified:
+            # 登录成功，写入session
+            session['logged_in'] = True
+            session[username] = username
+            session['username'] = username
+            user_expiry_date = get_expiry_date(username)
+            session['expiry_date'] = user_expiry_date
+            session['articleID'] = None
+            return redirect(url_for('user_bp.userpage', username=username))
+        else:
+            return '无法通过验证。'
+
+
+@accountService.route("/logout", methods=['GET', 'POST'])
+def logout():
+    '''
+    登出
+    :return: 重定位到主界面
+    '''
+    # 将session标记为登出状态
+    session['logged_in'] = False
+    return redirect(url_for('mainpage'))
+
+
+@accountService.route("/reset", methods=['GET', 'POST'])
+def reset():
+    '''
+    重设密码
+    :return: 返回适当的页面
+    '''
+    # 下列方法用于防止未登录状态下的修改密码
+    if not session.get('logged_in'):
+        return render_template('login.html')
+    username = session['username']
+    if username == '':
+        return redirect('/login')
+    if request.method == 'GET':
+        # GET请求返回修改密码页面
+        return render_template('reset.html', username=session['username'], state='wait')
+    else:
+        # POST请求用于提交修改后信息
+        old_password = escape(request.form['old-password'])
+        new_password = escape(request.form['new-password'])
+
+        re_new_password = escape(request.form['re-new-password'])  # 确认新密码
+        if re_new_password != new_password: #验证新密码两次输入是否相同
+            return '新密码不匹配，请重新输入'
+        if len(new_password) < 4: #验证新密码长度，原则参照注册模块
+            return '密码过于简单。(密码长度至少4位)'
+
+        flag = change_password(username, old_password, new_password) # flag表示是否修改成功
+        if flag:
+            session['logged_in'] = False
+            return \
+'''
+<script>
+alert('密码修改成功，请重新登录。');
+window.location.href="/login";
+</script>
+
+'''
+
+        else:
+            return \
+'''
+<script>
+alert('密码修改失败');
+window.location.href="/reset";
+</script>
+
+'''