Merge branch 'master' into Bug534-NingShushuang

了对密码中特殊字符和大小写字母的包含要求检查，并将密码的最低长度限制提升到 8 位以提高用户密码的安全性。
但与该版本EnglishPal中jsonify函数起冲突。

验证码机制
在EnglishPal/app中增加了generate.py函数，该函数用于生成验证码图片以供调用，需要先运行此函数，图片将会保存在app/static/captcha中。
在main.py中注册了两个新路由，用来接收前端用户提交的刷新验证码请求和验证码匹配检查请求。
修改了app/templates/signup.html的样式表和表单，新增了两个js函数，Change()用于检测用户刷新验证码的请求并发送给后端以切换验证码图片，Check()用以检查用户输入的验证码是否与图片匹配。

app/account_service.py

@@ -23,11 +23,39 @@ def signup():
         #! 添加如下代码为了过滤注册时的非法字符
         warn = WarningMessage(username)
         if str(warn) != 'OK':
-            return jsonify({'status': '3', 'warn': str(warn)})
+            return str(warn)
+            # return jsonify({'status': '3', 'warn': str(warn)})
         
         available = check_username_availability(username)
         if not available: # 用户名不可用
-            return jsonify({'status': '0'})
+            flash('用户名 %s 已经被注册。' %(username))
+            return render_template('signup.html')
+        elif len(password.strip()) < 8: # 密码过短
+            return '密码少于8位。'
+            # return jsonify({'status': '0'})
+
+        has_specialchar = False
+        specialchar_list = ['+', '-', '*', '/', '_', '&', '%', ',']
+        for c in password.strip():
+            if c in specialchar_list:
+                has_specialchar = True
+                break
+        if not has_specialchar:
+            return '密码必须包含特殊字符'
+
+        has_upper_letter = False
+        has_lower_letter = False
+        for c in password.strip():
+            if c.isupper():
+                has_upper_letter = True
+            elif c.islower():
+                has_lower_letter = True
+            has_both_letter = has_upper_letter and has_lower_letter
+            if has_both_letter:
+                break
+        if not has_both_letter:
+            return '密码必须同时包含大写字母和小写字母'
+
         else: # 添加账户信息
             add_user(username, password)
             verified = verify_user(username, password)

app/generate.py

@@ -0,0 +1,48 @@
+
+from random import randint
+from PIL import Image, ImageDraw, ImageFont
+
+
+def get_random_color():
+    # 随机颜色RGB
+    return randint(120, 200), randint(120, 200), randint(120, 200)
+
+
+def get_random_code():
+    # 随机字符
+    codes = [[chr(i) for i in range(48, 58)], [chr(i) for i in range(65, 91)], [chr(i) for i in range(97, 123)]]
+    codes = codes[randint(0, 2)]
+    return codes[randint(0, len(codes)-1)]
+
+
+def generate_captcha(width=140, height=60, length=4):
+    # 生成验证码
+    img = Image.new("RGB", (width, height), (250, 250, 250))
+    draw = ImageDraw.Draw(img)
+    font = ImageFont.truetype("static/font/font.ttf", size=36)
+    # 验证码文本
+    text = ""
+    for i in range(length):
+        c = get_random_code()
+        text += c
+
+        rand_len = randint(-5, 5)
+        draw.text((width * 0.2 * (i+1) + rand_len, height * 0.2 + rand_len), c, font=font, fill=get_random_color())
+    # 加入干扰线
+    for i in range(3):
+        x1 = randint(0, width)
+        y1 = randint(0, height)
+        x2 = randint(0, width)
+        y2 = randint(0, height)
+        draw.line((x1, y1, x2, y2), fill=get_random_color())
+    # 加入干扰点
+    for i in range(16):
+        draw.point((randint(0, width), randint(0, height)), fill=get_random_color())
+    # 保存图片
+    img.save("static/captcha/" + text + ".jpg")
+    return text + ".jpg"
+
+
+if __name__ == "__main__":
+    for i in range(1000):
+        generate_captcha()

app/main.py

@@ -105,6 +105,17 @@ def mainpage():
                                yml=Yaml.yml,
                                number_of_essays=number_of_essays)
 
+@app.route('/index')
+def index():
+    return render_template("signup.html")
+
+
+@app.route('/get_captcha', methods=['GET'])
+def get_captcha():
+    img_list = os.listdir("static/captcha")
+    img = img_list[random.randint(0, 1000)]
+    return os.path.join("static/captcha", img)
+
 
 if __name__ == '__main__':
     '''

app/static/css/login_service.css

@@ -3,7 +3,7 @@
 .container {
     background-color: #FFFFFF;
     width: 400px;
-    height: 500px;
+    height: 700px;
     margin: 7em auto;
     border-radius: 1.5em;
     box-shadow: 0px 11px 35px 2px rgba(0, 0, 0, 0.14);
@@ -40,6 +40,27 @@
     font-family: 'Ubuntu', sans-serif;
 }
 
+/*增加1个类.image*/
+.image{
+    width: 39%;
+    color: rgb(38, 50, 56);
+    font-weight: 700;
+    font-size: 14px;
+    letter-spacing: 1px;
+    background: rgba(136, 126, 126, 0.04);
+    padding: 10px 20px;
+    border: none;
+    border-radius: 20px;
+    outline: none;
+    box-sizing: border-box;
+    border: 2px solid rgba(124, 16, 97, 0.02);
+    margin-bottom: 50px;
+    margin-left: 46px;
+    text-align: center;
+    margin-bottom: 27px;
+    font-family: 'Ubuntu', sans-serif;
+}
+
 .btn {
     width: 50%;
     border: none;

app/templates/signup.html

@@ -6,7 +6,7 @@ You're logged in already! <a href="/logout">Logout</a>.
 {% else %}
 <meta name="viewport" content="width=device-width, initial-scale=1.0, minimum-scale=0.5, maximum-scale=3.0, user-scalable=yes" />
 <link rel="stylesheet" href="static/css/login_service.css">
-<script src="static/js/jquery.js"></script>
+<script src="../static/js/jquery.js"></script>
     <script>
         function signup() {
             let username = $("#username").val();
@@ -47,6 +47,37 @@ You're logged in already! <a href="/logout">Logout</a>.
             return false;
         }
     </script>
+<!--增加两个js函数，Change()用于检测用户刷新验证码的请求并发送给后端以切换验证码图片，Check()用以检查用户输入的验证码是否与图片匹配-->
+<script>
+        function Change() {
+            $.ajax({
+                url: '{{ url_for('get_captcha') }}',
+                async: true,
+                type: "GET",
+                success: function (data) {
+                    document.getElementById("captcha").src = data;
+                }
+            })
+        }
+    </script>
+    <script>
+        function Check() {
+            var img = document.getElementById("captcha").src;
+            var img_path = img.replace("\\", "/").split("/");
+            var img_name = img_path[img_path.length - 1];
+            img_name = img_name.split(".")[0];
+            var your_in = document.getElementById("your_in").value;
+            if(img_name.toLowerCase() == your_in.toLowerCase()){
+                alert("验证成功！");
+                return true;
+            }
+            else {
+                alert("验证错误！");
+                return false;
+            }
+        }
+        window.onload = Change();
+    </script>
 <p>{{ get_flashed_messages()[0] | safe }}</p>
 
 
@@ -56,10 +87,17 @@ You're logged in already! <a href="/logout">Logout</a>.
     <h1>Sign Up</h1>
   </section>
 
-  <p><input type="username" id="username" placeholder="输入用户名" class="username"></p>
-  <p><input type="password" id="password" placeholder="输入密码" class="password"></p>
-  <p><input type="password" id="password2" placeholder="确认密码" class="password" ></p>
-  <button type="button" class="btn" onclick="signup()">注册</button>
+  <form action="/signup" method="POST" onsubmit="return Check()">
+    <p><input type="username" name="username" placeholder="输入用户名" required="required" class="username"></p>
+    <p><input type="password" name="password" placeholder="输入密码" class="password"></p>
+    <p><input type="password" name="password2" placeholder="确认密码" class="password"></p>
+    <div style="font-size: medium">
+        <p align="center"><img src="" id="captcha" class="image"></p>
+        <p align="center"><a href="javascript:void(0)" onclick="Change()">看不清楚，换一张</a></p>
+        <input id="your_in" placeholder="输入验证码" class="password">
+    </div>
+    <button type="submit" class="btn" >注册</button>
+  </form>
 
 </div>
   

requirements.txt

@@ -3,3 +3,4 @@ selenium==3.141.0
 PyYAML~=6.0
 pony==0.7.16
 snowballstemmer==2.2.0
+PIL==8.3.2