2023-05-26 22:18:11 +08:00
|
|
|
"""
|
|
|
|
|
This module provides methods for Login
|
|
|
|
|
"""
|
2022-01-26 21:10:09 +08:00
|
|
|
import hashlib
|
2022-11-03 21:59:12 +08:00
|
|
|
import string
|
2023-01-29 10:57:58 +08:00
|
|
|
from datetime import datetime, timedelta
|
2022-01-26 21:10:09 +08:00
|
|
|
from UseSqlite import InsertQuery, RecordQuery
|
|
|
|
|
|
|
|
|
|
path_prefix = '/var/www/wordfreq/wordfreq/'
|
|
|
|
|
path_prefix = './' # comment this line in deployment
|
|
|
|
|
|
2022-06-05 23:36:55 +08:00
|
|
|
def verify_pass(newpass,oldpass):
|
2023-05-26 22:18:11 +08:00
|
|
|
if newpass==oldpass:
|
2022-06-05 23:36:55 +08:00
|
|
|
return True
|
|
|
|
|
|
2022-01-26 21:10:09 +08:00
|
|
|
def verify_user(username, password):
|
|
|
|
|
rq = RecordQuery(path_prefix + 'static/wordfreqapp.db')
|
|
|
|
|
password = md5(username + password)
|
2023-05-26 22:18:11 +08:00
|
|
|
rq.instructions_with_parameters(
|
|
|
|
|
"SELECT * FROM user WHERE name=:username AND password=:password",
|
|
|
|
|
dict( # the named style https://docs.python.org/3/library/sqlite3.html
|
|
|
|
|
username=username,
|
|
|
|
|
password=password))
|
2022-01-26 21:10:09 +08:00
|
|
|
rq.do_with_parameters()
|
|
|
|
|
result = rq.get_results()
|
|
|
|
|
return result != []
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
def add_user(username, password):
|
|
|
|
|
start_date = datetime.now().strftime('%Y%m%d')
|
2023-05-26 22:18:11 +08:00
|
|
|
# will expire after 30 days
|
|
|
|
|
expiry_date = (datetime.now() + timedelta(days=30)).strftime('%Y%m%d')
|
2022-01-26 21:10:09 +08:00
|
|
|
# 将用户名和密码一起加密,以免暴露不同用户的相同密码
|
|
|
|
|
password = md5(username + password)
|
|
|
|
|
rq = InsertQuery(path_prefix + 'static/wordfreqapp.db')
|
2023-05-26 22:18:11 +08:00
|
|
|
rq.instructions_with_parameters(
|
|
|
|
|
"INSERT INTO user VALUES (:username, :password, :start_date, :expiry_date)",
|
|
|
|
|
dict(
|
|
|
|
|
username=username,
|
|
|
|
|
password=password,
|
|
|
|
|
start_date=start_date,
|
|
|
|
|
expiry_date=expiry_date
|
|
|
|
|
))
|
2022-01-27 17:01:03 +08:00
|
|
|
rq.do_with_parameters()
|
2022-01-26 21:10:09 +08:00
|
|
|
|
|
|
|
|
|
|
|
|
|
def check_username_availability(username):
|
|
|
|
|
rq = RecordQuery(path_prefix + 'static/wordfreqapp.db')
|
2022-01-27 17:01:03 +08:00
|
|
|
rq.instructions_with_parameters(
|
|
|
|
|
"SELECT * FROM user WHERE name=:username", dict(username=username))
|
|
|
|
|
rq.do_with_parameters()
|
2022-01-26 21:10:09 +08:00
|
|
|
result = rq.get_results()
|
|
|
|
|
return result == []
|
|
|
|
|
|
|
|
|
|
|
2022-01-27 12:28:41 +08:00
|
|
|
def change_password(username, old_password, new_password):
|
2022-01-26 21:10:09 +08:00
|
|
|
'''
|
|
|
|
|
修改密码
|
|
|
|
|
:param username: 用户名
|
2022-01-27 12:28:41 +08:00
|
|
|
:param old_password: 旧的密码
|
|
|
|
|
:param new_password: 新密码
|
2022-01-26 21:10:09 +08:00
|
|
|
:return: 修改成功:True 否则:False
|
|
|
|
|
'''
|
2022-01-27 12:28:41 +08:00
|
|
|
if not verify_user(username, old_password): # 旧密码错误
|
2022-01-26 21:10:09 +08:00
|
|
|
return False
|
|
|
|
|
# 将用户名和密码一起加密,以免暴露不同用户的相同密码
|
2022-06-05 23:36:55 +08:00
|
|
|
if verify_pass(new_password,old_password): #新旧密码一致
|
|
|
|
|
return False
|
2022-01-27 12:28:41 +08:00
|
|
|
password = md5(username + new_password)
|
2022-01-26 21:10:09 +08:00
|
|
|
rq = InsertQuery(path_prefix + 'static/wordfreqapp.db')
|
2022-01-27 17:01:03 +08:00
|
|
|
rq.instructions_with_parameters("UPDATE user SET password=:password WHERE name=:username", dict(
|
|
|
|
|
password=password, username=username))
|
|
|
|
|
rq.do_with_parameters()
|
2022-01-26 21:10:09 +08:00
|
|
|
return True
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
def get_expiry_date(username):
|
|
|
|
|
rq = RecordQuery(path_prefix + 'static/wordfreqapp.db')
|
2022-01-27 17:01:03 +08:00
|
|
|
rq.instructions_with_parameters(
|
|
|
|
|
"SELECT expiry_date FROM user WHERE name=:username", dict(username=username))
|
|
|
|
|
rq.do_with_parameters()
|
2022-01-26 21:10:09 +08:00
|
|
|
result = rq.get_results()
|
|
|
|
|
if len(result) > 0:
|
|
|
|
|
return result[0]['expiry_date']
|
|
|
|
|
else:
|
|
|
|
|
return '20191024'
|
|
|
|
|
|
|
|
|
|
|
2022-01-27 12:24:20 +08:00
|
|
|
def md5(s):
|
2022-01-26 21:10:09 +08:00
|
|
|
'''
|
|
|
|
|
MD5摘要
|
|
|
|
|
:param str: 字符串
|
|
|
|
|
:return: 经MD5以后的字符串
|
|
|
|
|
'''
|
2022-01-27 12:24:20 +08:00
|
|
|
h = hashlib.md5(s.encode(encoding='utf-8'))
|
2022-01-27 17:01:03 +08:00
|
|
|
return h.hexdigest()
|
2022-11-03 21:59:12 +08:00
|
|
|
|
|
|
|
|
|
|
|
|
|
class UserName:
|
|
|
|
|
def __init__(self, username):
|
|
|
|
|
self.username = username
|
|
|
|
|
|
|
|
|
|
def validate(self):
|
2022-11-03 22:02:32 +08:00
|
|
|
if len(self.username) > 20:
|
2022-11-03 21:59:12 +08:00
|
|
|
return f'{self.username} is too long. The user name cannot exceed 20 characters.'
|
|
|
|
|
if self.username.startswith('.'): # a user name must not start with a dot
|
|
|
|
|
return 'Period (.) is not allowed as the first letter in the user name.'
|
2022-11-03 22:28:25 +08:00
|
|
|
if ' ' in self.username: # a user name must not include a whitespace
|
2022-11-03 21:59:12 +08:00
|
|
|
return 'Whitespace is not allowed in the user name.'
|
2022-11-03 22:28:25 +08:00
|
|
|
for c in self.username: # a user name must not include special characters, except non-leading periods or underscores
|
2023-05-26 22:18:11 +08:00
|
|
|
if c in string.punctuation and c != '.' and c != '_':
|
2022-11-03 21:59:12 +08:00
|
|
|
return f'{c} is not allowed in the user name.'
|
2022-11-10 19:03:59 +08:00
|
|
|
if self.username in ['signup', 'login', 'logout', 'reset', 'mark', 'back', 'unfamiliar', 'familiar', 'del']:
|
|
|
|
|
return 'You used a restricted word as your user name. Please come up with a better one.'
|
|
|
|
|
|
2022-11-03 21:59:12 +08:00
|
|
|
return 'OK'
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
class WarningMessage:
|
|
|
|
|
def __init__(self, s):
|
|
|
|
|
self.s = s
|
|
|
|
|
|
|
|
|
|
def __str__(self):
|
2022-11-10 19:03:59 +08:00
|
|
|
return UserName(self.s).validate()
|
