From 109a9447a7d5fa24920ac7764994c10e03731ef4 Mon Sep 17 00:00:00 2001
From: ChenLingjie <3132185193@qq.com>
Date: Thu, 4 Jul 2024 11:16:32 +0800
Subject: [PATCH 1/3] Fix bug 574

---
 app/account_service.py   | 52 +++++++++++++++++++-------
 app/black.txt            |  1 +
 app/templates/login.html | 81 ++++++++++++++++++++++++++++++++++------
 3 files changed, 110 insertions(+), 24 deletions(-)
 create mode 100644 app/black.txt

diff --git a/app/account_service.py b/app/account_service.py
index fd5f7f6..068446f 100644
--- a/app/account_service.py
+++ b/app/account_service.py
@@ -1,7 +1,7 @@
 from flask import *
 from markupsafe import escape
 from Login import check_username_availability, verify_user, add_user, get_expiry_date, change_password, WarningMessage
-
+from model import deactivate_user
 
 # 初始化蓝图
 accountService = Blueprint("accountService", __name__)
@@ -44,7 +44,6 @@ def signup():
                 return jsonify({'status': '1'})
 
 
-
 @accountService.route("/login", methods=['GET', 'POST'])
 def login():
     '''
@@ -60,17 +59,42 @@ def login():
         username = escape(request.form['username'])
         password = escape(request.form['password'])
         verified = verify_user(username, password)
-        if verified:
-            # 登录成功，写入session
-            session['logged_in'] = True
-            session[username] = username
-            session['username'] = username
-            user_expiry_date = get_expiry_date(username)
-            session['expiry_date'] = user_expiry_date
-            session['visited_articles'] = None
-            return jsonify({'status': '1'})
-        else:
-            return jsonify({'status': '0'})
+        with open('black.txt', 'a+') as f:
+            f.seek(0)
+            lines = f.readlines()
+            line=[]
+            for i in lines:
+                line.append(i.strip('\n'))
+            #读black.txt文件判断用户是否在黑名单中
+            if verified and username not in line:
+                # 登录成功，写入session
+                session['logged_in'] = True
+                session[username] = username
+                session['username'] = username
+                user_expiry_date = get_expiry_date(username)
+                session['expiry_date'] = user_expiry_date
+                session['visited_articles'] = None
+                f.close()
+                return jsonify({'status': '1'})
+            elif verified==0 and password!='黑名单':
+                #输入错误密码次数小于5次
+                return jsonify({'status': '0'})
+            else:
+                #输入错误密码次数达到5次
+                with open('black.txt', 'a+') as f:
+                    f.seek(0)
+                    lines = f.readlines()
+                    line = []
+                    for i in lines:
+                        line.append(i.strip('\n'))
+                    if username in line:
+                        return jsonify({'status': '5'})
+                    else:
+                        f.write(username)
+                        f.write('\n')
+                        return jsonify({'status': '5'})
+
+
 
 
 @accountService.route("/logout", methods=['GET', 'POST'])
@@ -84,6 +108,7 @@ def logout():
     return redirect(url_for('mainpage'))
 
 
+
 @accountService.route("/reset", methods=['GET', 'POST'])
 def reset():
     '''
@@ -109,3 +134,4 @@ def reset():
             return jsonify({'status':'1'})  # 修改成功
         else:
             return jsonify({'status':'2'})  # 修改失败
+
diff --git a/app/black.txt b/app/black.txt
new file mode 100644
index 0000000..daa84a2
--- /dev/null
+++ b/app/black.txt
@@ -0,0 +1 @@
+hsy
diff --git a/app/templates/login.html b/app/templates/login.html
index b0806b6..c3aebf0 100644
--- a/app/templates/login.html
+++ b/app/templates/login.html
@@ -8,7 +8,27 @@
 <link rel="stylesheet" href="static/css/login_service.css">
 <script src="static/js/jquery.js"></script>
 <script>
-    function login(){
+let blackList = [];
+
+<!--function getBlack() {-->
+<!--    const fs = require('fs');-->
+<!--    global.blackFile = fs.readFileSync('black', 'utf8');-->
+<!--    const blackListTemp = blackFile.split('\n');-->
+<!--    global.blackList = blackListTemp.map(line => line.trim()).filter(line => line !== '');-->
+<!--}-->
+
+function putUserIntoBlack(usernameTemp) {
+
+    blackList.push(usernameTemp);
+}
+
+function ifUsernameInBlack(usernameTemp) {
+    return blackList.includes(usernameTemp);
+}
+
+    count=0
+    function login()
+    {
         let username = $("#username").val();
         let password = $("#password").val();
         if (username === "" || password === ""){
@@ -19,17 +39,56 @@
             alert('输入不能包含空格!');
             return false;
         }
-        $.post(
-            "/login", {'username': username, 'password': password},
-            function (response) {
-                if (response.status === '0') {
-                    alert('无法通过验证。');
-                    window.location.href = "/login";
-                } else if (response.status === '1') {
-                    window.location.href = "/"+username+"/userpage";
+
+
+          $.post
+          (
+              "/login", {'username': username, 'password': password},
+
+              function (response)
+              {
+
+                if(response.status === '5')
+                {
+                  alert('已被加入黑名单，请联系管理员！');
                 }
-            }
-        )
+                else{
+                if(!ifUsernameInBlack(username))
+                {
+                  if (response.status === '0')
+                  {
+                      if(count<5)
+                      {
+                          alert('无法通过验证。');
+                          <!--window.location.href = "/login";-->
+                          count++;
+                      }
+                       else
+                      {
+                          <!--输入错误密码次数超过5次-->
+                          alert('密码输入错误超过五次，已被加入黑名单！');
+                          putUserIntoBlack(username);
+                          console.log(ifUsernameInBlack(username));
+                          response.status=5;
+                           $("#password").val('黑名单');
+                      }
+                  }
+                  else if (response.status === '1')
+                  {
+                        window.location.href = "/"+username+"/userpage";
+                  }
+                }
+                else if(ifUsernameInBlack(username))
+                {
+                    alert('已被加入黑名单！');
+
+                }
+                }
+              }
+          )
+
+
+
         return false;
     }
 </script>
-- 
2.17.1


From f9003ece6962984ca0793f97e88ba630193cc0c5 Mon Sep 17 00:00:00 2001
From: Lan Hui <1348141770@qq.com>
Date: Wed, 28 Aug 2024 07:23:52 +0800
Subject: [PATCH 2/3] Remove unused import

---
 app/account_service.py | 1 -
 1 file changed, 1 deletion(-)

diff --git a/app/account_service.py b/app/account_service.py
index 068446f..cc5b585 100644
--- a/app/account_service.py
+++ b/app/account_service.py
@@ -1,7 +1,6 @@
 from flask import *
 from markupsafe import escape
 from Login import check_username_availability, verify_user, add_user, get_expiry_date, change_password, WarningMessage
-from model import deactivate_user
 
 # 初始化蓝图
 accountService = Blueprint("accountService", __name__)
-- 
2.17.1


From c453317ad88e2cc5f3a174c4160465fad123eed4 Mon Sep 17 00:00:00 2001
From: Lan Hui <1348141770@qq.com>
Date: Wed, 28 Aug 2024 07:42:05 +0800
Subject: [PATCH 3/3] Make sure the user name is not on the black list before
 proceeding

---
 app/account_service.py | 8 +++++++-
 1 file changed, 7 insertions(+), 1 deletion(-)

diff --git a/app/account_service.py b/app/account_service.py
index cc5b585..dfc403e 100644
--- a/app/account_service.py
+++ b/app/account_service.py
@@ -58,6 +58,12 @@ def login():
         username = escape(request.form['username'])
         password = escape(request.form['password'])
         verified = verify_user(username, password)
+        #读black.txt文件判断用户是否在黑名单中
+        with open('black.txt') as f:
+            for line in f:
+                line = line.strip()
+                if username == line:
+                    return jsonify({'status': '5'})
         with open('black.txt', 'a+') as f:
             f.seek(0)
             lines = f.readlines()
@@ -65,7 +71,7 @@ def login():
             for i in lines:
                 line.append(i.strip('\n'))
             #读black.txt文件判断用户是否在黑名单中
-            if verified and username not in line:
+            if verified and username not in line: #TODO: 一个用户名是另外一个用户名的子串怎么办？
                 # 登录成功，写入session
                 session['logged_in'] = True
                 session[username] = username
-- 
2.17.1