from flask import * from markupsafe import escape from Login import check_username_availability, verify_user, add_user, get_expiry_date, change_password, WarningMessage # 初始化蓝图 accountService = Blueprint("accountService", __name__) ### Sign-up, login, logout ### @accountService.route("/signup", methods=['GET', 'POST']) def signup(): ''' 注册 :return: 根据注册是否成功返回不同界面 ''' if request.method == 'GET': # GET方法直接返回注册页面 return render_template('signup.html') elif request.method == 'POST': # POST方法需判断是否注册成功,再根据结果返回不同的内容 username = escape(request.form['username']) password = escape(request.form['password']) #! 添加如下代码为了过滤注册时的非法字符 warn = WarningMessage(username) if str(warn) != 'OK': return jsonify({'status': '3', 'warn': str(warn)}) available = check_username_availability(username) if not available: # 用户名不可用 return jsonify({'status': '0'}) else: # 添加账户信息 add_user(username, password) verified = verify_user(username, password) if verified: # 写入session session['logged_in'] = True session[username] = username session['username'] = username session['expiry_date'] = get_expiry_date(username) session['visited_articles'] = None return jsonify({'status': '2'}) else: return jsonify({'status': '1'}) @accountService.route("/login", methods=['GET', 'POST']) def login(): ''' 登录 :return: 根据登录是否成功返回不同页面 ''' if request.method == 'GET': # GET请求 return render_template('login.html') elif request.method == 'POST': # POST方法用于判断登录是否成功 # check database and verify user username = escape(request.form['username']) password = escape(request.form['password']) verified = verify_user(username, password) #读black.txt文件判断用户是否在黑名单中 with open('black.txt') as f: for line in f: line = line.strip() if username == line: return jsonify({'status': '5'}) with open('black.txt', 'a+') as f: f.seek(0) lines = f.readlines() line=[] for i in lines: line.append(i.strip('\n')) #读black.txt文件判断用户是否在黑名单中 if verified and username not in line: #TODO: 一个用户名是另外一个用户名的子串怎么办? # 登录成功,写入session session['logged_in'] = True session[username] = username session['username'] = username user_expiry_date = get_expiry_date(username) session['expiry_date'] = user_expiry_date session['visited_articles'] = None f.close() return jsonify({'status': '1'}) elif verified==0 and password!='黑名单': #输入错误密码次数小于5次 return jsonify({'status': '0'}) else: #输入错误密码次数达到5次 with open('black.txt', 'a+') as f: f.seek(0) lines = f.readlines() line = [] for i in lines: line.append(i.strip('\n')) if username in line: return jsonify({'status': '5'}) else: f.write(username) f.write('\n') return jsonify({'status': '5'}) @accountService.route("/logout", methods=['GET', 'POST']) def logout(): ''' 登出 :return: 重定位到主界面 ''' # 将session标记为登出状态 session['logged_in'] = False return redirect(url_for('mainpage')) @accountService.route("/reset", methods=['GET', 'POST']) def reset(): ''' 重设密码 :return: 返回适当的页面 ''' # 下列方法用于防止未登录状态下的修改密码 if not session.get('logged_in'): return render_template('login.html') username = session['username'] if username == '': return redirect('/login') if request.method == 'GET': # GET请求返回修改密码页面 return render_template('reset.html', username=session['username'], state='wait') else: # POST请求用于提交修改后信息 old_password = escape(request.form['old-password']) new_password = escape(request.form['new-password']) result = change_password(username, old_password, new_password) return jsonify(result)