Compare commits

..

2 Commits

Author SHA1 Message Date
mrlan 12752341db Merge pull request 'Fix bug 394' (#185) from Bug394-Hui into Alpha-snapshot20240618
Reviewed-on: #185
2024-09-06 08:55:35 +08:00
Lan Hui 3abebdfb21 Fix bug 394 2024-09-06 08:54:11 +08:00
5 changed files with 41 additions and 44 deletions

View File

@ -21,11 +21,6 @@ path_prefix = '/var/www/wordfreq/wordfreq/'
path_prefix = './' # comment this line in deployment path_prefix = './' # comment this line in deployment
def verify_pass(newpass, oldpass):
if (newpass == oldpass):
return True
def verify_user(username, password): def verify_user(username, password):
user = get_user_by_username(username) user = get_user_by_username(username)
encoded_password = md5(username + password) encoded_password = md5(username + password)
@ -54,12 +49,12 @@ def change_password(username, old_password, new_password):
:return: 修改成功:True 否则:False :return: 修改成功:True 否则:False
''' '''
if not verify_user(username, old_password): # 旧密码错误 if not verify_user(username, old_password): # 旧密码错误
return False return {'error':'Old password is wrong.', 'username':username}
# 将用户名和密码一起加密,以免暴露不同用户的相同密码 # 将用户名和密码一起加密,以免暴露不同用户的相同密码
if verify_pass(new_password, old_password): #新旧密码一致 if new_password == old_password: #新旧密码一致
return False return {'error':'New password cannot be the same as the old password.', 'username':username}
update_password_by_username(username, new_password) update_password_by_username(username, new_password)
return True return {'success':'Password changed', 'username':username}
def get_expiry_date(username): def get_expiry_date(username):

View File

@ -133,10 +133,7 @@ def reset():
# POST请求用于提交修改后信息 # POST请求用于提交修改后信息
old_password = escape(request.form['old-password']) old_password = escape(request.form['old-password'])
new_password = escape(request.form['new-password']) new_password = escape(request.form['new-password'])
flag = change_password(username, old_password, new_password) # flag表示是否修改成功 result = change_password(username, old_password, new_password)
if flag: return jsonify(result)
session['logged_in'] = False
return jsonify({'status':'1'}) # 修改成功
else:
return jsonify({'status':'2'}) # 修改失败

20
app/static/js/password.js Normal file
View File

@ -0,0 +1,20 @@
function containsDigitsLettersSpecialCharacters(s) {
let resultD = 0, resultL = 0, resultS = 0;
// Digit test
'0123456789'.split('').forEach((x) => {
if (s.includes(x))
resultD = 1;
});
// Letter test
resultL = /[a-z]/i.test(s);
// Special charater test
'+-*/,.:;/\[]<>$%&()!?^~'.split('').forEach((x) => {
if (s.includes(x))
resultS = 1;
});
return resultD + resultL + resultS == 3;
}

View File

@ -3,6 +3,7 @@
content="width=device-width, initial-scale=1.0, minimum-scale=0.5, maximum-scale=3.0, user-scalable=yes"/> content="width=device-width, initial-scale=1.0, minimum-scale=0.5, maximum-scale=3.0, user-scalable=yes"/>
<link rel="stylesheet" href="static/css/login_service.css"> <link rel="stylesheet" href="static/css/login_service.css">
<script src="static/js/jquery.js"></script> <script src="static/js/jquery.js"></script>
<script src="static/js/password.js"></script>
<script> <script>
function reset() { function reset() {
let old_password = $("#old-password").val(); let old_password = $("#old-password").val();
@ -24,15 +25,19 @@
alert('密码过于简单。(密码长度至少4位)'); alert('密码过于简单。(密码长度至少4位)');
return false; return false;
} }
if (!containsDigitsLettersSpecialCharacters(new_password)) {
alert('密码过于简单。(密码要包括数字,字母,特殊符号)');
return false;
}
$.post("/reset", {'old-password': old_password, 'new-password': new_password}, $.post("/reset", {'old-password': old_password, 'new-password': new_password},
function (response) { function (response) {
if (response.status === '1') { console.log(response);
alert('密码修改成功,请重新登录。'); if ('success' in response) {
window.location.href = "/login"; alert('密码修改成功。');
} else if (response.status === '2') { } else if ('error' in response) {
alert('密码修改失败'); alert(`密码修改失败 ${response.error}`);
window.location.href = "/reset";
} }
window.location.href = `/${response.username}/userpage`;
} }
) )
return false; return false;
@ -52,4 +57,4 @@
<button class="btn" onclick="window.location.href='/{{ username }}/userpage'">放弃修改</button> <button class="btn" onclick="window.location.href='/{{ username }}/userpage'">放弃修改</button>
</div> </div>
{% endblock %} {% endblock %}

View File

@ -7,6 +7,7 @@
<meta charset="UTF-8"> <meta charset="UTF-8">
<meta http-equiv="X-UA-Compatible" content="IE-edge,chrome=1"> <meta http-equiv="X-UA-Compatible" content="IE-edge,chrome=1">
<link href="static/css/slide-unlock.css" rel="stylesheet"> <link href="static/css/slide-unlock.css" rel="stylesheet">
<script src="static/js/password.js"></script>
<script src="static/js/jquery.js"></script> <script src="static/js/jquery.js"></script>
<script src="static/js/jquery.slideunlock.js"></script> <script src="static/js/jquery.slideunlock.js"></script>
<script> <script>
@ -21,27 +22,6 @@
slider.init(); // 初始化滑块解锁功能 slider.init(); // 初始化滑块解锁功能
}); });
function containsDigitsLettersSpecialCharacters(s) {
let resultD = 0, resultL = 0, resultS = 0;
// Digit test
'0123456789'.split('').forEach((x) => {
if (s.includes(x))
resultD = 1;
});
// Letter test
resultL = /[a-z]/i.test(s);
// Special charater test
'+-*/,.:;/\[]<>$%&()!?^~'.split('').forEach((x) => {
if (s.includes(x))
resultS = 1;
});
return resultD + resultL + resultS == 3;
}
function signup(){ function signup(){
// 发起 AJAX 请求来处理注册 // 发起 AJAX 请求来处理注册
username = $("#username").val().trim(); username = $("#username").val().trim();