1
0
Fork 0

加入注册验证码机制,防止被机器人恶意批量注册。

修改源代码的 account_service.py 文件,并加入验证码机制。
Bug534-WangWeitao
王伟涛 2024-07-07 17:54:44 +08:00
parent 8cbc7c9a0c
commit de392ddc5a
2 changed files with 86 additions and 12 deletions

View File

@ -1,10 +1,10 @@
from flask import * from flask import *
from Login import check_username_availability, verify_user, add_user, get_expiry_date, change_password, WarningMessage from Login import check_username_availability, verify_user, add_user, get_expiry_date, change_password, WarningMessage
# 初始化蓝图 # 初始化蓝图
accountService = Blueprint("accountService", __name__) accountService = Blueprint("accountService", __name__)
### Sign-up, login, logout ### ### Sign-up, login, logout ###
@accountService.route("/signup", methods=['GET', 'POST']) @accountService.route("/signup", methods=['GET', 'POST'])
def signup(): def signup():
@ -19,16 +19,44 @@ def signup():
# POST方法需判断是否注册成功再根据结果返回不同的内容 # POST方法需判断是否注册成功再根据结果返回不同的内容
username = escape(request.form['username']) username = escape(request.form['username'])
password = escape(request.form['password']) password = escape(request.form['password'])
#! 添加如下代码为了过滤注册时的非法字符 # ! 添加如下代码为了过滤注册时的非法字符
warn = WarningMessage(username) warn = WarningMessage(username)
if str(warn) != 'OK': if str(warn) != 'OK':
return jsonify({'status': '3', 'warn': str(warn)}) return str(warn)
# return jsonify({'status': '3', 'warn': str(warn)})
available = check_username_availability(username) available = check_username_availability(username)
if not available: # 用户名不可用 if not available: # 用户名不可用
return jsonify({'status': '0'}) flash('用户名 %s 已经被注册。' % (username))
else: # 添加账户信息 return render_template('signup.html')
elif len(password.strip()) < 8: # 密码过短
return '密码少于8位。'
# return jsonify({'status': '0'})
has_specialchar = False
specialchar_list = ['+', '-', '*', '/', '_', '&', '%', ',']
for c in password.strip():
if c in specialchar_list:
has_specialchar = True
break
if not has_specialchar:
return '密码必须包含特殊字符'
has_upper_letter = False
has_lower_letter = False
for c in password.strip():
if c.isupper():
has_upper_letter = True
elif c.islower():
has_lower_letter = True
has_both_letter = has_upper_letter and has_lower_letter
if has_both_letter:
break
if not has_both_letter:
return '密码必须同时包含大写字母和小写字母'
else: # 添加账户信息
add_user(username, password) add_user(username, password)
verified = verify_user(username, password) verified = verify_user(username, password)
if verified: if verified:
@ -43,7 +71,6 @@ def signup():
return jsonify({'status': '1'}) return jsonify({'status': '1'})
@accountService.route("/login", methods=['GET', 'POST']) @accountService.route("/login", methods=['GET', 'POST'])
def login(): def login():
''' '''
@ -102,9 +129,9 @@ def reset():
# POST请求用于提交修改后信息 # POST请求用于提交修改后信息
old_password = escape(request.form['old-password']) old_password = escape(request.form['old-password'])
new_password = escape(request.form['new-password']) new_password = escape(request.form['new-password'])
flag = change_password(username, old_password, new_password) # flag表示是否修改成功 flag = change_password(username, old_password, new_password) # flag表示是否修改成功
if flag: if flag:
session['logged_in'] = False session['logged_in'] = False
return jsonify({'status':'1'}) # 修改成功 return jsonify({'status': '1'}) # 修改成功
else: else:
return jsonify({'status':'2'}) # 修改失败 return jsonify({'status': '2'}) # 修改失败

47
app/bug.py Normal file
View File

@ -0,0 +1,47 @@
from random import randint
from PIL import Image, ImageDraw, ImageFont
def get_random_color():
# 随机颜色RGB
return randint(120, 200), randint(120, 200), randint(120, 200)
def get_random_code():
# 随机字符
codes = [[chr(i) for i in range(48, 58)], [chr(i) for i in range(65, 91)], [chr(i) for i in range(97, 123)]]
codes = codes[randint(0, 2)]
return codes[randint(0, len(codes)-1)]
def generate_captcha(width=140, height=60, length=4):
# 生成验证码
img = Image.new("RGB", (width, height), (250, 250, 250))
draw = ImageDraw.Draw(img)
font = ImageFont.truetype("static/font/font.ttf", size=36)
# 验证码文本
text = ""
for i in range(length):
c = get_random_code()
text += c
rand_len = randint(-5, 5)
draw.text((width * 0.2 * (i+1) + rand_len, height * 0.2 + rand_len), c, font=font, fill=get_random_color())
# 加入干扰线
for i in range(3):
x1 = randint(0, width)
y1 = randint(0, height)
x2 = randint(0, width)
y2 = randint(0, height)
draw.line((x1, y1, x2, y2), fill=get_random_color())
# 加入干扰点
for i in range(16):
draw.point((randint(0, width), randint(0, height)), fill=get_random_color())
# 保存图片
img.save("static/captcha/" + text + ".jpg")
return text + ".jpg"
if __name__ == "__main__":
for i in range(1000):
generate_captcha()