2022-01-26 21:10:09 +08:00
|
|
|
|
from flask import *
|
2023-07-14 09:11:02 +08:00
|
|
|
|
from markupsafe import escape
|
2022-11-10 19:03:59 +08:00
|
|
|
|
from Login import check_username_availability, verify_user, add_user, get_expiry_date, change_password, WarningMessage
|
2024-07-04 10:09:27 +08:00
|
|
|
|
from model import deactivate_user
|
2022-01-26 21:10:09 +08:00
|
|
|
|
|
|
|
|
|
# 初始化蓝图
|
|
|
|
|
accountService = Blueprint("accountService", __name__)
|
|
|
|
|
|
|
|
|
|
### Sign-up, login, logout ###
|
|
|
|
|
@accountService.route("/signup", methods=['GET', 'POST'])
|
|
|
|
|
def signup():
|
|
|
|
|
'''
|
|
|
|
|
注册
|
|
|
|
|
:return: 根据注册是否成功返回不同界面
|
|
|
|
|
'''
|
|
|
|
|
if request.method == 'GET':
|
|
|
|
|
# GET方法直接返回注册页面
|
|
|
|
|
return render_template('signup.html')
|
|
|
|
|
elif request.method == 'POST':
|
|
|
|
|
# POST方法需判断是否注册成功,再根据结果返回不同的内容
|
2022-01-27 17:01:03 +08:00
|
|
|
|
username = escape(request.form['username'])
|
|
|
|
|
password = escape(request.form['password'])
|
2022-10-21 11:07:20 +08:00
|
|
|
|
|
2022-10-21 10:44:39 +08:00
|
|
|
|
#! 添加如下代码为了过滤注册时的非法字符
|
2022-11-03 21:59:12 +08:00
|
|
|
|
warn = WarningMessage(username)
|
2022-11-03 22:06:24 +08:00
|
|
|
|
if str(warn) != 'OK':
|
2023-03-08 16:33:13 +08:00
|
|
|
|
return jsonify({'status': '3', 'warn': str(warn)})
|
2022-10-21 10:44:39 +08:00
|
|
|
|
|
2022-01-26 21:10:09 +08:00
|
|
|
|
available = check_username_availability(username)
|
|
|
|
|
if not available: # 用户名不可用
|
2023-03-08 16:33:13 +08:00
|
|
|
|
return jsonify({'status': '0'})
|
2022-01-26 21:10:09 +08:00
|
|
|
|
else: # 添加账户信息
|
|
|
|
|
add_user(username, password)
|
|
|
|
|
verified = verify_user(username, password)
|
|
|
|
|
if verified:
|
|
|
|
|
# 写入session
|
|
|
|
|
session['logged_in'] = True
|
|
|
|
|
session[username] = username
|
|
|
|
|
session['username'] = username
|
|
|
|
|
session['expiry_date'] = get_expiry_date(username)
|
2023-04-25 17:47:51 +08:00
|
|
|
|
session['visited_articles'] = None
|
2023-03-08 16:33:13 +08:00
|
|
|
|
return jsonify({'status': '2'})
|
2022-01-26 21:10:09 +08:00
|
|
|
|
else:
|
2023-03-08 16:33:13 +08:00
|
|
|
|
return jsonify({'status': '1'})
|
2022-01-26 21:10:09 +08:00
|
|
|
|
|
|
|
|
|
|
|
|
|
|
@accountService.route("/login", methods=['GET', 'POST'])
|
|
|
|
|
def login():
|
|
|
|
|
'''
|
|
|
|
|
登录
|
|
|
|
|
:return: 根据登录是否成功返回不同页面
|
|
|
|
|
'''
|
|
|
|
|
if request.method == 'GET':
|
|
|
|
|
# GET请求
|
2023-03-08 16:33:13 +08:00
|
|
|
|
return render_template('login.html')
|
2022-01-26 21:10:09 +08:00
|
|
|
|
elif request.method == 'POST':
|
|
|
|
|
# POST方法用于判断登录是否成功
|
|
|
|
|
# check database and verify user
|
2022-01-27 17:01:03 +08:00
|
|
|
|
username = escape(request.form['username'])
|
|
|
|
|
password = escape(request.form['password'])
|
2022-01-26 21:10:09 +08:00
|
|
|
|
verified = verify_user(username, password)
|
2024-07-04 10:09:27 +08:00
|
|
|
|
with open('black.txt', 'a+') as f:
|
|
|
|
|
f.seek(0)
|
|
|
|
|
lines = f.readlines()
|
|
|
|
|
line=[]
|
|
|
|
|
for i in lines:
|
|
|
|
|
line.append(i.strip('\n'))
|
|
|
|
|
print(line)
|
|
|
|
|
#读black.txt文件判断用户是否在黑名单中
|
|
|
|
|
if verified and username not in line:
|
|
|
|
|
# 登录成功,写入session
|
|
|
|
|
session['logged_in'] = True
|
|
|
|
|
session[username] = username
|
|
|
|
|
session['username'] = username
|
|
|
|
|
user_expiry_date = get_expiry_date(username)
|
|
|
|
|
session['expiry_date'] = user_expiry_date
|
|
|
|
|
session['visited_articles'] = None
|
|
|
|
|
f.close()
|
|
|
|
|
return jsonify({'status': '1'})
|
|
|
|
|
elif verified==0 and password!='黑名单':
|
|
|
|
|
#输入错误密码次数小于5次
|
|
|
|
|
return jsonify({'status': '0'})
|
|
|
|
|
else:
|
|
|
|
|
#输入错误密码次数达到5次
|
|
|
|
|
with open('black.txt', 'a+') as f:
|
|
|
|
|
f.seek(0)
|
|
|
|
|
lines = f.readlines()
|
|
|
|
|
line = []
|
|
|
|
|
for i in lines:
|
|
|
|
|
line.append(i.strip('\n'))
|
|
|
|
|
if username in line:
|
|
|
|
|
return jsonify({'status': '5'})
|
|
|
|
|
else:
|
|
|
|
|
f.write(username)
|
|
|
|
|
f.write('\n')
|
|
|
|
|
return jsonify({'status': '5'})
|
|
|
|
|
|
|
|
|
|
|
2022-01-26 21:10:09 +08:00
|
|
|
|
|
|
|
|
|
|
|
|
|
|
@accountService.route("/logout", methods=['GET', 'POST'])
|
|
|
|
|
def logout():
|
|
|
|
|
'''
|
|
|
|
|
登出
|
|
|
|
|
:return: 重定位到主界面
|
|
|
|
|
'''
|
|
|
|
|
# 将session标记为登出状态
|
|
|
|
|
session['logged_in'] = False
|
|
|
|
|
return redirect(url_for('mainpage'))
|
|
|
|
|
|
|
|
|
|
|
2024-07-04 10:09:27 +08:00
|
|
|
|
|
2022-01-26 21:10:09 +08:00
|
|
|
|
@accountService.route("/reset", methods=['GET', 'POST'])
|
|
|
|
|
def reset():
|
|
|
|
|
'''
|
|
|
|
|
重设密码
|
|
|
|
|
:return: 返回适当的页面
|
|
|
|
|
'''
|
|
|
|
|
# 下列方法用于防止未登录状态下的修改密码
|
|
|
|
|
if not session.get('logged_in'):
|
|
|
|
|
return render_template('login.html')
|
|
|
|
|
username = session['username']
|
|
|
|
|
if username == '':
|
|
|
|
|
return redirect('/login')
|
|
|
|
|
if request.method == 'GET':
|
|
|
|
|
# GET请求返回修改密码页面
|
|
|
|
|
return render_template('reset.html', username=session['username'], state='wait')
|
|
|
|
|
else:
|
|
|
|
|
# POST请求用于提交修改后信息
|
2022-01-27 17:01:03 +08:00
|
|
|
|
old_password = escape(request.form['old-password'])
|
|
|
|
|
new_password = escape(request.form['new-password'])
|
|
|
|
|
flag = change_password(username, old_password, new_password) # flag表示是否修改成功
|
2022-01-26 21:10:09 +08:00
|
|
|
|
if flag:
|
|
|
|
|
session['logged_in'] = False
|
2023-03-08 16:33:13 +08:00
|
|
|
|
return jsonify({'status':'1'}) # 修改成功
|
2022-01-26 21:10:09 +08:00
|
|
|
|
else:
|
2023-03-08 16:33:13 +08:00
|
|
|
|
return jsonify({'status':'2'}) # 修改失败
|
2024-07-04 10:09:27 +08:00
|
|
|
|
|