Merge Wang Ziming's work and Wu Yuhan's work.

Alpha
Lan Hui 2023-04-07 06:41:49 +08:00
commit f3d609c92b
11 changed files with 213 additions and 146 deletions

View File

@ -182,6 +182,7 @@ Bug report: http://118.25.96.118/bugzilla/show_bug.cgi?id=215
### 丁锐
修复了以下漏洞
@ -192,3 +193,4 @@ Bug report: http://118.25.96.118/bugzilla/show_bug.cgi?id=489
*Last modified on 2023-01-30*

View File

@ -32,12 +32,17 @@ def get_article_body(s):
return '\n'.join(lst)
def get_today_article(user_word_list, articleID):
def get_today_article(user_word_list, existing_articles):
rq = RecordQuery(path_prefix + 'static/wordfreqapp.db')
if articleID == None:
if existing_articles is None:
existing_articles = {
"index" : 0, # 为 article_ids 的索引
"article_ids": [] # 之前显示文章的id列表越后越新
}
if existing_articles["index"] > len(existing_articles["article_ids"])-1:
rq.instructions("SELECT * FROM article")
else:
rq.instructions('SELECT * FROM article WHERE article_id=%d' % (articleID))
rq.instructions('SELECT * FROM article WHERE article_id=%d' % (existing_articles["article_ids"][existing_articles["index"]]))
rq.do()
result = rq.get_results()
random.shuffle(result)
@ -47,36 +52,41 @@ def get_today_article(user_word_list, articleID):
d2 = load_freq_history(path_prefix + 'static/words_and_tests.p')
d3 = get_difficulty_level(d1, d2)
d = {}
d = None
d_user = load_freq_history(user_word_list)
user_level = user_difficulty_level(d_user, d3) # more consideration as user's behaviour is dynamic. Time factor should be considered.
random.shuffle(result) # shuffle list
d = random.choice(result)
text_level = text_difficulty_level(d['text'], d3)
if articleID == None:
text_level = 0
if existing_articles["index"] > len(existing_articles["article_ids"])-1: # 下一篇
flag_get_article = False
for reading in result:
text_level = text_difficulty_level(reading['text'], d3)
factor = random.gauss(0.8,
0.1) # a number drawn from Gaussian distribution with a mean of 0.8 and a stand deviation of 1
if within_range(text_level, user_level, (8.0 - user_level) * factor):
if reading['article_id'] not in existing_articles["article_ids"] and within_range(text_level, user_level, (8.0 - user_level) * factor): # 新的文章之前没有出现过且符合一定范围的水平
d = reading
existing_articles["article_ids"].append(d['article_id']) # 列表添加新的文章id下面进行
flag_get_article = True
break
if not flag_get_article:
existing_articles["index"] -= 1
else: # 上一篇
d = random.choice(result)
text_level = text_difficulty_level(d['text'], d3)
s = '<div class="alert alert-success" role="alert">According to your word list, your level is <span class="badge bg-success">%4.2f</span> and we have chosen an article with a difficulty level of <span class="badge bg-success">%4.2f</span> for you.</div>' % (
user_level, text_level)
s += '<p class="text-muted">Article added on: %s</p>' % (d['date'])
s += '<div class="p-3 mb-2 bg-light text-dark">'
article_title = get_article_title(d['text'])
article_body = get_article_body(d['text'])
s += '<p class="display-5">%s</p>' % (article_title)
s += '<p class="lead"><font id="article" size=2>%s</font></p>' % (article_body)
s += '<p><small class="text-muted">%s</small></p>' % (d['source'])
s += '<p><b>%s</b></p>' % (get_question_part(d['question']))
s = s.replace('\n', '<br/>')
s += '%s' % (get_answer_part(d['question']))
s += '</div>'
session['articleID'] = d['article_id']
return s
today_article = None
if d:
today_article = {
"user_level": '%4.2f' % user_level,
"text_level": '%4.2f' % text_level,
"date": d['date'],
"article_title": get_article_title(d['text']),
"article_body": get_article_body(d['text']),
"source": d["source"],
"question": get_question_part(d['question']),
"answer": get_answer_part(d['question'])
}
return existing_articles, today_article
def load_freq_history(path):
@ -116,21 +126,4 @@ def get_answer_part(s):
flag = 1
elif flag == 1:
result.append(line)
# https://css-tricks.com/snippets/javascript/showhide-element/
js = '''
<script type="text/javascript">
function toggle_visibility(id) {
var e = document.getElementById(id);
if(e.style.display == 'block')
e.style.display = 'none';
else
e.style.display = 'block';
}
</script>
'''
html_code = js
html_code += '\n'
html_code += '<button onclick="toggle_visibility(\'answer\');">ANSWER</button>\n'
html_code += '<div id="answer" style="display:none;">%s</div>\n' % ('\n'.join(result))
return html_code
return '\n'.join(result)

View File

@ -19,21 +19,15 @@ def signup():
# POST方法需判断是否注册成功再根据结果返回不同的内容
username = escape(request.form['username'])
password = escape(request.form['password'])
password2 = escape(request.form['password2'])
#! 添加如下代码为了过滤注册时的非法字符
warn = WarningMessage(username)
if str(warn) != 'OK':
return str(warn)
return jsonify({'status': '3', 'warn': str(warn)})
available = check_username_availability(username)
if not available: # 用户名不可用
flash('用户名 %s 已经被注册。' % (username))
return render_template('signup.html')
elif len(password.strip()) < 4: # 密码过短
return '密码过于简单。'
elif password != password2:
return '确认密码与输入密码不一致!'
return jsonify({'status': '0'})
else: # 添加账户信息
add_user(username, password)
verified = verify_user(username, password)
@ -43,11 +37,10 @@ def signup():
session[username] = username
session['username'] = username
session['expiry_date'] = get_expiry_date(username)
session['articleID'] = None
return '<p>恭喜,你已成功注册, 你的用户名是 <a href="%s">%s</a>。</p>\
<p><a href="/%s">开始使用</a> <a href="/">返回首页</a><p/>' % (username, username, username)
session['existing_articles'] = None
return jsonify({'status': '2'})
else:
return '用户名密码验证失败。'
return jsonify({'status': '1'})
@ -59,13 +52,7 @@ def login():
'''
if request.method == 'GET':
# GET请求
if not session.get('logged_in'):
# 未登录,返回登录页面
return render_template('login.html')
else:
# 已登录,提示信息并显示登出按钮
return '你已登录 <a href="/%s">%s</a>。 登出点击<a href="/logout">这里</a>。' % (
session['username'], session['username'])
elif request.method == 'POST':
# POST方法用于判断登录是否成功
# check database and verify user
@ -79,10 +66,10 @@ def login():
session['username'] = username
user_expiry_date = get_expiry_date(username)
session['expiry_date'] = user_expiry_date
session['articleID'] = None
return redirect(url_for('user_bp.userpage', username=username))
session['existing_articles'] = None
return jsonify({'status': '1'})
else:
return '无法通过验证。'
return jsonify({'status': '0'})
@accountService.route("/logout", methods=['GET', 'POST'])
@ -115,31 +102,9 @@ def reset():
# POST请求用于提交修改后信息
old_password = escape(request.form['old-password'])
new_password = escape(request.form['new-password'])
re_new_password = escape(request.form['re-new-password']) # 确认新密码
if re_new_password != new_password: #验证新密码两次输入是否相同
return '新密码不匹配,请重新输入'
if len(new_password) < 4: #验证新密码长度,原则参照注册模块
return '密码过于简单。(密码长度至少4位)'
flag = change_password(username, old_password, new_password) # flag表示是否修改成功
if flag:
session['logged_in'] = False
return \
'''
<script>
alert('密码修改成功,请重新登录。');
window.location.href="/login";
</script>
'''
return jsonify({'status':'1'}) # 修改成功
else:
return \
'''
<script>
alert('密码修改失败');
window.location.href="/reset";
</script>
'''
return jsonify({'status':'2'}) # 修改失败

View File

@ -39,8 +39,7 @@ def get_random_ads():
返回随机广告
:return: 一个广告(包含HTML标签)
'''
ads = random.choice(['个性化分析精准提升', '你的专有单词本', '智能捕捉阅读弱点,针对性提高你的阅读水平'])
return ads + '。 <a href="/signup">试试</a>吧!'
return random.choice(['个性化分析精准提升', '你的专有单词本', '智能捕捉阅读弱点,针对性提高你的阅读水平'])
def appears_in_test(word, d):

View File

@ -1,28 +1,47 @@
{% block body %}
{% if session['logged_in'] %}
You're logged in already!
你已登录 <a href="/{{ session['username'] }}">{{ session['username'] }}</a>。 登出点击<a href="/logout">这里</a>
{% else %}
<meta charset="utf-8" name="viewport" content="width=device-width, initial-scale=1.0, minimum-scale=0.5, maximum-scale=3.0, user-scalable=yes" />
<link rel="stylesheet" href="static/css/login_service.css">
<script src="static/js/jquery.js"></script>
<script>
function login(){
let username = $("#username").val();
let password = $("#password").val();
if (username === "" || password === ""){
alert('输入不能为空!');
return false;
}
$.post(
"/login", {'username': username, 'password': password},
function (response) {
if (response.status === '0') {
alert('无法通过验证。');
window.location.href = "/login";
} else if (response.status === '1') {
window.location.href = "/"+username;
}
}
)
return false;
}
</script>
<div class="container">
<section class="signin-heading">
<h1>Sign In</h1>
</section>
<form action="/login" method="POST">
<input type="text" placeholder="用户名" class="username" name="username" required>
<input type="password" placeholder="密码" class="password" name="password" required>
<button type="submit" class="btn">登录</button>
</form>
<input type="text" placeholder="用户名" class="username" id="username">
<input type="password" placeholder="密码" class="password" id="password">
<button type="button" class="btn" onclick="login()">登录</button>
<a class="signup" href="/signup">注册</a>
</div>
<a href="/signup" class="signup">注册</a>
{% endif %}
{% endblock %}

View File

@ -29,7 +29,7 @@
{% endif %}
{% else %}
<p><a href="/login">登录</a> <a href="/signup">注册</a> <a href="/static/usr/instructions.html">使用说明</a></p >
<p><b>{{random_ads|safe}}</b></p>
<p><b> {{ random_ads }}。 <a href="/signup">试试</a>吧!</b></p>
{% endif %}
<div class="alert alert-success" role="alert">共有文章 <span class="badge bg-success"> {{ number_of_essays }} </span></div>
<p>粘贴1篇文章 (English only)</p>

View File

@ -2,6 +2,38 @@
<meta charset="utf-8" name="viewport"
content="width=device-width, initial-scale=1.0, minimum-scale=0.5, maximum-scale=3.0, user-scalable=yes"/>
<link rel="stylesheet" href="static/css/login_service.css">
<script src="static/js/jquery.js"></script>
<script>
function reset() {
let old_password = $("#old-password").val();
let new_password = $("#new-password").val();
let re_new_password = $("#re-new-password").val();
if (old_password === "" || new_password === "" || re_new_password === ""){
alert('输入不能为空!');
return false;
}
if (new_password !== re_new_password) {
alert('新密码不匹配,请重新输入');
return false;
}
if (new_password.length < 4) {
alert('密码过于简单。(密码长度至少4位)');
return false;
}
$.post("/reset", {'old-password': old_password, 'new-password': new_password},
function (response) {
if (response.status === '1') {
alert('密码修改成功,请重新登录。');
window.location.href = "/login";
} else if (response.status === '2') {
alert('密码修改失败');
window.location.href = "/reset";
}
}
)
return false;
}
</script>
<div class="container">
@ -9,14 +41,11 @@
<h1>Reset Password</h1>
</section>
<form action="/reset" method="POST">
<input type="password" placeholder="原密码" class="old-password" name="old-password" required>
<input type="password" placeholder="新密码" class="new-password" name="new-password" required>
<input type="password" placeholder="确认新密码" class="re-new-password" name="re-new-password" required>
<input type="submit" name="submit" class="btn" value="提交"/>
<input type="button" name="submit" class="btn" value="放弃修改"
onclick="window.location.href='/{{ username }}'"/>
</form>
<input type="password" placeholder="原密码" class="old-password" name="old-password" id="old-password"/>
<input type="password" placeholder="新密码" class="new-password" name="new-password" id="new-password"/>
<input type="password" placeholder="确认新密码" class="re-new-password" name="re-new-password" id="re-new-password"/>
<button id="submit" class="btn" onclick="reset()">提交</button>
<button class="btn" onclick="window.location.href='/{{ username }}'">放弃修改</button>
</div>
{% endblock %}

View File

@ -6,6 +6,47 @@ You're logged in already! <a href="/logout">Logout</a>.
{% else %}
<meta name="viewport" content="width=device-width, initial-scale=1.0, minimum-scale=0.5, maximum-scale=3.0, user-scalable=yes" />
<link rel="stylesheet" href="static/css/login_service.css">
<script src="static/js/jquery.js"></script>
<script>
function signup() {
let username = $("#username").val();
let password = $("#password").val();
let password2 = $("#password2").val();
if (username === "" || password === "" || password2 === ""){
alert('输入不能为空!');
return false;
}
if (password !== password2) {
alert('确认密码与输入密码不一致!');
return false;
}
if (password.length < 4) {
alert('密码过于简单。(密码长度至少4位)');
return false;
}
$.post("/signup", {'username': username, 'password': password},
function (response) {
if (response.status === '0') {
alert('用户名'+username+'已经被注册。');
window.location.href = "/signup";
} else if (response.status === '1') {
alert('用户名密码验证失败。');
window.location.href = "/signup";
} else if (response.status === '2') {
let f = confirm("恭喜,你已成功注册,你的用户名是"+username+'.\n点击“确认”开始使用或点击“取消”返回首页');
if (f) {
window.location.href = '/'+username;
} else {
window.location.href = '/';
}
} else if (response.status === '3') {
alert(response.warn);
}
}
)
return false;
}
</script>
<p>{{ get_flashed_messages()[0] | safe }}</p>
@ -15,12 +56,10 @@ You're logged in already! <a href="/logout">Logout</a>.
<h1>Sign Up</h1>
</section>
<form action="/signup" method="POST">
<p><input type="username" name="username" placeholder="输入用户名" required="required" class="username"></p>
<p><input type="password" name="password" placeholder="输入密码" required="required" class="password"></p>
<p><input type="password" name="password2" placeholder="确认密码" required="required" class="password" ></p>
<button type="submit" class="btn">注册</button>
</form>
<p><input type="username" id="username" placeholder="输入用户名" class="username"></p>
<p><input type="password" id="password" placeholder="输入密码" class="password"></p>
<p><input type="password" id="password2" placeholder="确认密码" class="password" ></p>
<button type="button" class="btn" onclick="signup()">注册</button>
</div>

View File

@ -43,17 +43,43 @@
<a class="btn btn-secondary" href="/logout" role="button" onclick="stopRead()">退出</a>
<a class="btn btn-secondary" href="/reset" role="button" onclick="stopRead()">重设密码</a>
</p>
{{ flashed_messages|safe }}
{# {% for message in flashed_messages %}#} {# 根据user_service.userpage,取消了参数flashed_messages因此注释了这段代码 #}
{# <div class="alert alert-warning" role="alert">Congratulations! {{ message }}</div>#}
{# {% endfor %}#}
<a class="btn btn-success" href="/{{ username }}/reset" role="button"> 下一篇 Next Article </a>
{% if session.get('articleID') != session.get('old_articleID') %}
{% if session.get('old_articleID') != None %}
{% if session.get('existing_articles') != None and session.get('existing_articles')["index"] !=0 %}
<a class="btn btn-success" href="/{{ username }}/back" role="button"> 上一篇 Previous Article </a>
{% endif%}
{% endif %}
<p><b>阅读文章并回答问题</b></p>
<div id="text-content">{{ today_article|safe }}</div>
<div id="text-content">
{% if today_article %}
<div class="alert alert-success" role="alert">According to your word list, your level is <span class="badge bg-success">{{ today_article["user_level"] }}</span> and we have chosen an article with a difficulty level of <span class="badge bg-success">{{ today_article["text_level"] }}</span> for you.</div>
<p class="text-muted">Article added on: {{ today_article["date"] }}</p><br/>
<div class="p-3 mb-2 bg-light text-dark"><br/>
<p class="display-5">{{ today_article["article_title"] }}</p><br/>
<p class="lead"><font id="article" size=2>{{ today_article["article_body"] }}</font></p><br/>
<p><small class="text-muted">{{ today_article['source'] }}</small></p><br/>
<p><b>{{ today_article['question'] }}</b></p><br/>
<script type="text/javascript">
function toggle_visibility(id) { {# https://css-tricks.com/snippets/javascript/showhide-element/#}
const e = document.getElementById(id);
if(e.style.display === 'block')
e.style.display = 'none';
else
e.style.display = 'block';
}
</script>
<button onclick="toggle_visibility('answer');">ANSWER</button>
<div id="answer" style="display:none;">{{ today_article['answer'] }}</div><br/>
</div>
{% else %}
<div class="alert alert-success" role="alert">
<p class="text-muted"><span class="badge bg-success">Notes:</span><br>No article is currently available for you. You can try again a few times or mark new words in the passage to improve your level.</p>
</div>
{% endif %}
</div>
<input type="checkbox" onclick="toggleHighlighting()" checked/>生词高亮
<input type="checkbox" onclick="onReadClick()" checked/>大声朗读
@ -63,7 +89,7 @@
<div class="sliderValue">
<span id="rangeValue">1×</span>
</div>
<input type="range" id="rangeComponent" min="0.5" max="2" value="1" step="0.25" "/>
<input type="range" id="rangeComponent" min="0.5" max="2" value="1" step="0.25"/>
</div>
</div>
<p><b>收集生词吧</b> (可以在正文中划词,也可以复制黏贴)</p>
@ -121,8 +147,8 @@
<style>
mark {
color: #{{ yml['highlight']['color'] }};
background-color: rgba(0,0,0,0);
}
background-color: rgba(0, 0, 0, 0);
}
</style>
</html>

View File

@ -29,9 +29,10 @@ def user_reset(username):
:param username: 用户名
:return: 返回页面内容
'''
session['old_articleID'] = session.get('articleID')
if request.method == 'GET':
session['articleID'] = None
existing_articles = session.get("existing_articles")
existing_articles["index"] += 1
session["existing_articles"] = existing_articles
return redirect(url_for('user_bp.userpage', username=username))
else:
return 'Under construction'
@ -44,7 +45,9 @@ def user_back(username):
:return: 返回页面内容
'''
if request.method == 'GET':
session['articleID'] = session.get('old_articleID')
existing_articles = session.get("existing_articles")
existing_articles["index"] -= 1
session["existing_articles"] = existing_articles
return redirect(url_for('user_bp.userpage', username=username))
@ -89,7 +92,8 @@ def deleteword(username, word):
'''
user_freq_record = path_prefix + 'static/frequency/' + 'frequency_%s.pickle' % (username)
pickle_idea2.deleteRecord(user_freq_record, word)
flash(f'<strong>{word}</strong> is no longer in your word list.')
# 模板userpage_get.html中删除单词是异步执行而flash的信息后续是同步执行的所以注释这段代码同时如果这里使用flash但不提取信息则会影响 signup.html的显示。bug复现删除单词后点击退出点击注册注册页面就会出现提示信息
# flash(f'{word} is no longer in your word list.')
return "success"
@ -130,12 +134,15 @@ def userpage(username):
words = ''
for x in lst3:
words += x[0] + ' '
existing_articles, today_article = get_today_article(user_freq_record, session.get('existing_articles'))
session['existing_articles'] = existing_articles
# 通过 today_article加载前端的显示页面
return render_template('userpage_get.html',
admin_name=ADMIN_NAME,
username=username,
session=session,
flashed_messages=get_flashed_messages_if_any(),
today_article=get_today_article(user_freq_record, session['articleID']),
# flashed_messages=get_flashed_messages(), 仅有删除单词的时候使用到flash而删除单词是异步执行这里的信息提示是同步执行所以就没有存在的必要了
today_article=today_article,
d_len=len(d),
lst3=lst3,
yml=Yaml.yml,
@ -174,15 +181,3 @@ def get_time():
'''
return datetime.now().strftime('%Y%m%d%H%M') # upper to minutes
def get_flashed_messages_if_any():
'''
在用户界面显示黄色提示信息
:return: 包含HTML标签的提示信息
'''
messages = get_flashed_messages()
s = ''
for message in messages:
s += '<div class="alert alert-warning" role="alert">'
s += f'Congratulations! {message}'
s += '</div>'
return s

View File

@ -70,7 +70,7 @@ def sort_in_ascending_order(lst):# 单词按频率降序排列
return lst2
def make_html_page(lst, fname):
def make_html_page(lst, fname): # 只是在wordfreqCMD.py中的main函数中调用所以不做修改
'''
功能把lst的信息存到fname中以html格式
'''