Compare commits

...

2 Commits

Author SHA1 Message Date
mrlan 12752341db Merge pull request 'Fix bug 394' (#185) from Bug394-Hui into Alpha-snapshot20240618
Reviewed-on: #185
2024-09-06 08:55:35 +08:00
Lan Hui 3abebdfb21 Fix bug 394 2024-09-06 08:54:11 +08:00
5 changed files with 41 additions and 44 deletions

View File

@ -21,11 +21,6 @@ path_prefix = '/var/www/wordfreq/wordfreq/'
path_prefix = './' # comment this line in deployment
def verify_pass(newpass, oldpass):
if (newpass == oldpass):
return True
def verify_user(username, password):
user = get_user_by_username(username)
encoded_password = md5(username + password)
@ -54,12 +49,12 @@ def change_password(username, old_password, new_password):
:return: 修改成功:True 否则:False
'''
if not verify_user(username, old_password): # 旧密码错误
return False
return {'error':'Old password is wrong.', 'username':username}
# 将用户名和密码一起加密,以免暴露不同用户的相同密码
if verify_pass(new_password, old_password): #新旧密码一致
return False
if new_password == old_password: #新旧密码一致
return {'error':'New password cannot be the same as the old password.', 'username':username}
update_password_by_username(username, new_password)
return True
return {'success':'Password changed', 'username':username}
def get_expiry_date(username):

View File

@ -133,10 +133,7 @@ def reset():
# POST请求用于提交修改后信息
old_password = escape(request.form['old-password'])
new_password = escape(request.form['new-password'])
flag = change_password(username, old_password, new_password) # flag表示是否修改成功
if flag:
session['logged_in'] = False
return jsonify({'status':'1'}) # 修改成功
else:
return jsonify({'status':'2'}) # 修改失败
result = change_password(username, old_password, new_password)
return jsonify(result)

20
app/static/js/password.js Normal file
View File

@ -0,0 +1,20 @@
function containsDigitsLettersSpecialCharacters(s) {
let resultD = 0, resultL = 0, resultS = 0;
// Digit test
'0123456789'.split('').forEach((x) => {
if (s.includes(x))
resultD = 1;
});
// Letter test
resultL = /[a-z]/i.test(s);
// Special charater test
'+-*/,.:;/\[]<>$%&()!?^~'.split('').forEach((x) => {
if (s.includes(x))
resultS = 1;
});
return resultD + resultL + resultS == 3;
}

View File

@ -3,6 +3,7 @@
content="width=device-width, initial-scale=1.0, minimum-scale=0.5, maximum-scale=3.0, user-scalable=yes"/>
<link rel="stylesheet" href="static/css/login_service.css">
<script src="static/js/jquery.js"></script>
<script src="static/js/password.js"></script>
<script>
function reset() {
let old_password = $("#old-password").val();
@ -24,15 +25,19 @@
alert('密码过于简单。(密码长度至少4位)');
return false;
}
if (!containsDigitsLettersSpecialCharacters(new_password)) {
alert('密码过于简单。(密码要包括数字,字母,特殊符号)');
return false;
}
$.post("/reset", {'old-password': old_password, 'new-password': new_password},
function (response) {
if (response.status === '1') {
alert('密码修改成功,请重新登录。');
window.location.href = "/login";
} else if (response.status === '2') {
alert('密码修改失败');
window.location.href = "/reset";
console.log(response);
if ('success' in response) {
alert('密码修改成功。');
} else if ('error' in response) {
alert(`密码修改失败 ${response.error}`);
}
window.location.href = `/${response.username}/userpage`;
}
)
return false;

View File

@ -7,6 +7,7 @@
<meta charset="UTF-8">
<meta http-equiv="X-UA-Compatible" content="IE-edge,chrome=1">
<link href="static/css/slide-unlock.css" rel="stylesheet">
<script src="static/js/password.js"></script>
<script src="static/js/jquery.js"></script>
<script src="static/js/jquery.slideunlock.js"></script>
<script>
@ -21,27 +22,6 @@
slider.init(); // 初始化滑块解锁功能
});
function containsDigitsLettersSpecialCharacters(s) {
let resultD = 0, resultL = 0, resultS = 0;
// Digit test
'0123456789'.split('').forEach((x) => {
if (s.includes(x))
resultD = 1;
});
// Letter test
resultL = /[a-z]/i.test(s);
// Special charater test
'+-*/,.:;/\[]<>$%&()!?^~'.split('').forEach((x) => {
if (s.includes(x))
resultS = 1;
});
return resultD + resultL + resultS == 3;
}
function signup(){
// 发起 AJAX 请求来处理注册
username = $("#username").val().trim();