Compare commits

..

No commits in common. "Bug509-XieQiuHan-WangZiming" and "master" have entirely different histories.

12 changed files with 161 additions and 251 deletions

View File

@ -182,7 +182,6 @@ Bug report: http://118.25.96.118/bugzilla/show_bug.cgi?id=215
### 丁锐
修复了以下漏洞
@ -193,4 +192,3 @@ Bug report: http://118.25.96.118/bugzilla/show_bug.cgi?id=489
*Last modified on 2023-01-30*

View File

@ -32,20 +32,12 @@ def get_article_body(s):
return '\n'.join(lst)
def get_today_article(user_word_list, visited_articles):
def get_today_article(user_word_list, articleID):
rq = RecordQuery(path_prefix + 'static/wordfreqapp.db')
if visited_articles is None:
visited_articles = {
"index" : 0, # 为 article_ids 的索引
"article_ids": [] # 之前显示文章的id列表越后越新
}
if visited_articles["index"] > len(visited_articles["article_ids"])-1: # 生成新的文章,因此查找所有的文章
if articleID == None:
rq.instructions("SELECT * FROM article")
else: # 生成阅读过的文章,因此查询指定 article_id 的文章
if visited_articles["article_ids"][visited_articles["index"]] == 'null': # 可能因为直接刷新页面导致直接去查询了'null',因此当刷新的页面的时候,需要直接进行“上一篇”操作
visited_articles["index"] -= 1
visited_articles["article_ids"].pop()
rq.instructions('SELECT * FROM article WHERE article_id=%d' % (visited_articles["article_ids"][visited_articles["index"]]))
else:
rq.instructions('SELECT * FROM article WHERE article_id=%d' % (articleID))
rq.do()
result = rq.get_results()
random.shuffle(result)
@ -55,49 +47,36 @@ def get_today_article(user_word_list, visited_articles):
d2 = load_freq_history(path_prefix + 'static/words_and_tests.p')
d3 = get_difficulty_level(d1, d2)
d = None
result_of_generate_article = "not found"
d = {}
d_user = load_freq_history(user_word_list)
user_level = user_difficulty_level(d_user, d3) # more consideration as user's behaviour is dynamic. Time factor should be considered.
text_level = 0
if visited_articles["index"] > len(visited_articles["article_ids"])-1: # 生成新的文章
amount_of_visited_articles = len(visited_articles["article_ids"])
amount_of_existing_articles = result.__len__()
if amount_of_visited_articles == amount_of_existing_articles: # 如果当前阅读过的文章的数量 == 存在的文章的数量,即所有的书本都阅读过了
result_of_generate_article = "had read all articles"
else:
for k in range(3): # 最多尝试3次
for reading in result:
text_level = text_difficulty_level(reading['text'], d3)
factor = random.gauss(0.8, 0.1) # a number drawn from Gaussian distribution with a mean of 0.8 and a stand deviation of 1
if reading['article_id'] not in visited_articles["article_ids"] and within_range(text_level, user_level, (8.0 - user_level) * factor): # 新的文章之前没有出现过且符合一定范围的水平
d = reading
visited_articles["article_ids"].append(d['article_id']) # 列表添加新的文章id下面进行
result_of_generate_article = "found"
break
if result_of_generate_article == "found": # 用于成功找到文章后及时退出外层循环
break
if result_of_generate_article != "found": # 阅读完所有文章或者循环3次没有找到适合的文章则放入空“null”
visited_articles["article_ids"].append('null')
else: # 生成已经阅读过的文章
random.shuffle(result) # shuffle list
d = random.choice(result)
text_level = text_difficulty_level(d['text'], d3)
result_of_generate_article = "found"
if articleID == None:
for reading in result:
text_level = text_difficulty_level(reading['text'], d3)
factor = random.gauss(0.8,
0.1) # a number drawn from Gaussian distribution with a mean of 0.8 and a stand deviation of 1
if within_range(text_level, user_level, (8.0 - user_level) * factor):
d = reading
break
today_article = None
if d:
today_article = {
"user_level": '%4.2f' % user_level,
"text_level": '%4.2f' % text_level,
"date": d['date'],
"article_title": get_article_title(d['text']),
"article_body": get_article_body(d['text']),
"source": d["source"],
"question": get_question_part(d['question']),
"answer": get_answer_part(d['question'])
}
return visited_articles, today_article, result_of_generate_article
s = '<div class="alert alert-success" role="alert">According to your word list, your level is <span class="badge bg-success">%4.2f</span> and we have chosen an article with a difficulty level of <span class="badge bg-success">%4.2f</span> for you.</div>' % (
user_level, text_level)
s += '<p class="text-muted">Article added on: %s</p>' % (d['date'])
s += '<div class="p-3 mb-2 bg-light text-dark">'
article_title = get_article_title(d['text'])
article_body = get_article_body(d['text'])
s += '<p class="display-5">%s</p>' % (article_title)
s += '<p class="lead"><font id="article" size=2>%s</font></p>' % (article_body)
s += '<p><small class="text-muted">%s</small></p>' % (d['source'])
s += '<p><b>%s</b></p>' % (get_question_part(d['question']))
s = s.replace('\n', '<br/>')
s += '%s' % (get_answer_part(d['question']))
s += '</div>'
session['articleID'] = d['article_id']
return s
def load_freq_history(path):
@ -137,4 +116,21 @@ def get_answer_part(s):
flag = 1
elif flag == 1:
result.append(line)
return '\n'.join(result)
# https://css-tricks.com/snippets/javascript/showhide-element/
js = '''
<script type="text/javascript">
function toggle_visibility(id) {
var e = document.getElementById(id);
if(e.style.display == 'block')
e.style.display = 'none';
else
e.style.display = 'block';
}
</script>
'''
html_code = js
html_code += '\n'
html_code += '<button onclick="toggle_visibility(\'answer\');">ANSWER</button>\n'
html_code += '<div id="answer" style="display:none;">%s</div>\n' % ('\n'.join(result))
return html_code

View File

@ -19,15 +19,21 @@ def signup():
# POST方法需判断是否注册成功再根据结果返回不同的内容
username = escape(request.form['username'])
password = escape(request.form['password'])
password2 = escape(request.form['password2'])
#! 添加如下代码为了过滤注册时的非法字符
warn = WarningMessage(username)
if str(warn) != 'OK':
return jsonify({'status': '3', 'warn': str(warn)})
return str(warn)
available = check_username_availability(username)
if not available: # 用户名不可用
return jsonify({'status': '0'})
flash('用户名 %s 已经被注册。' % (username))
return render_template('signup.html')
elif len(password.strip()) < 4: # 密码过短
return '密码过于简单。'
elif password != password2:
return '确认密码与输入密码不一致!'
else: # 添加账户信息
add_user(username, password)
verified = verify_user(username, password)
@ -37,10 +43,11 @@ def signup():
session[username] = username
session['username'] = username
session['expiry_date'] = get_expiry_date(username)
session['visited_articles'] = None
return jsonify({'status': '2'})
session['articleID'] = None
return '<p>恭喜,你已成功注册, 你的用户名是 <a href="%s">%s</a>。</p>\
<p><a href="/%s">开始使用</a> <a href="/">返回首页</a><p/>' % (username, username, username)
else:
return jsonify({'status': '1'})
return '用户名密码验证失败。'
@ -52,7 +59,13 @@ def login():
'''
if request.method == 'GET':
# GET请求
if not session.get('logged_in'):
# 未登录,返回登录页面
return render_template('login.html')
else:
# 已登录,提示信息并显示登出按钮
return '你已登录 <a href="/%s">%s</a>。 登出点击<a href="/logout">这里</a>。' % (
session['username'], session['username'])
elif request.method == 'POST':
# POST方法用于判断登录是否成功
# check database and verify user
@ -66,10 +79,10 @@ def login():
session['username'] = username
user_expiry_date = get_expiry_date(username)
session['expiry_date'] = user_expiry_date
session['visited_articles'] = None
return jsonify({'status': '1'})
session['articleID'] = None
return redirect(url_for('user_bp.userpage', username=username))
else:
return jsonify({'status': '0'})
return '无法通过验证。'
@accountService.route("/logout", methods=['GET', 'POST'])
@ -102,9 +115,31 @@ def reset():
# POST请求用于提交修改后信息
old_password = escape(request.form['old-password'])
new_password = escape(request.form['new-password'])
re_new_password = escape(request.form['re-new-password']) # 确认新密码
if re_new_password != new_password: #验证新密码两次输入是否相同
return '新密码不匹配,请重新输入'
if len(new_password) < 4: #验证新密码长度,原则参照注册模块
return '密码过于简单。(密码长度至少4位)'
flag = change_password(username, old_password, new_password) # flag表示是否修改成功
if flag:
session['logged_in'] = False
return jsonify({'status':'1'}) # 修改成功
return \
'''
<script>
alert('密码修改成功,请重新登录。');
window.location.href="/login";
</script>
'''
else:
return jsonify({'status':'2'}) # 修改失败
return \
'''
<script>
alert('密码修改失败');
window.location.href="/reset";
</script>
'''

View File

@ -39,7 +39,8 @@ def get_random_ads():
返回随机广告
:return: 一个广告(包含HTML标签)
'''
return random.choice(['个性化分析精准提升', '你的专有单词本', '智能捕捉阅读弱点,针对性提高你的阅读水平'])
ads = random.choice(['个性化分析精准提升', '你的专有单词本', '智能捕捉阅读弱点,针对性提高你的阅读水平'])
return ads + '。 <a href="/signup">试试</a>吧!'
def appears_in_test(word, d):

View File

@ -1,16 +1,16 @@
# 全局引入的css文件地址
css:
item:
- ../static/css/bootstrap.css
- static/css/bootstrap.css
# 全局引入的js文件地址
js:
head: # 在页面加载之前加载
- ../static/js/jquery.js
- ../static/js/word_operation.js
- static/js/jquery.js
- static/js/word_operation.js
bottom: # 在页面加载完之后加载
- ../static/js/fillword.js
- ../static/js/highlight.js
- static/js/fillword.js
- static/js/highlight.js
# 高亮样式,目前仅支持修改颜色
highlight:

View File

@ -1,47 +1,28 @@
{% block body %}
{% if session['logged_in'] %}
你已登录 <a href="/{{ session['username'] }}">{{ session['username'] }}</a>。 登出点击<a href="/logout">这里</a>
You're logged in already!
{% else %}
<meta charset="utf-8" name="viewport" content="width=device-width, initial-scale=1.0, minimum-scale=0.5, maximum-scale=3.0, user-scalable=yes" />
<link rel="stylesheet" href="static/css/login_service.css">
<script src="static/js/jquery.js"></script>
<script>
function login(){
let username = $("#username").val();
let password = $("#password").val();
if (username === "" || password === ""){
alert('输入不能为空!');
return false;
}
$.post(
"/login", {'username': username, 'password': password},
function (response) {
if (response.status === '0') {
alert('无法通过验证。');
window.location.href = "/login";
} else if (response.status === '1') {
window.location.href = "/"+username+"/userpage";
}
}
)
return false;
}
</script>
<div class="container">
<section class="signin-heading">
<h1>Sign In</h1>
</section>
<input type="text" placeholder="用户名" class="username" id="username">
<input type="password" placeholder="密码" class="password" id="password">
<button type="button" class="btn" onclick="login()">登录</button>
<a class="signup" href="/signup">注册</a>
<form action="/login" method="POST">
<input type="text" placeholder="用户名" class="username" name="username" required>
<input type="password" placeholder="密码" class="password" name="password" required>
<button type="submit" class="btn">登录</button>
</form>
</div>
<a href="/signup" class="signup">注册</a>
{% endif %}
{% endblock %}

View File

@ -26,7 +26,7 @@
<a href="/{{session['username']}}">{{session['username']}}</a></p>
{% else %}
<p><a href="/login">登录</a> <a href="/signup">注册</a> <a href="/static/usr/instructions.html">使用说明</a></p >
<p><b> {{ random_ads }}。 <a href="/signup">试试</a>吧!</b></p>
<p><b>{{random_ads|safe}}</b></p>
{% endif %}
<div class="alert alert-success" role="alert">共有文章 <span class="badge bg-success"> {{number_of_essays}} </span></div>
<p>粘贴1篇文章 (English only)</p>

View File

@ -2,38 +2,6 @@
<meta charset="utf-8" name="viewport"
content="width=device-width, initial-scale=1.0, minimum-scale=0.5, maximum-scale=3.0, user-scalable=yes"/>
<link rel="stylesheet" href="static/css/login_service.css">
<script src="static/js/jquery.js"></script>
<script>
function reset() {
let old_password = $("#old-password").val();
let new_password = $("#new-password").val();
let re_new_password = $("#re-new-password").val();
if (old_password === "" || new_password === "" || re_new_password === ""){
alert('输入不能为空!');
return false;
}
if (new_password !== re_new_password) {
alert('新密码不匹配,请重新输入');
return false;
}
if (new_password.length < 4) {
alert('密码过于简单。(密码长度至少4位)');
return false;
}
$.post("/reset", {'old-password': old_password, 'new-password': new_password},
function (response) {
if (response.status === '1') {
alert('密码修改成功,请重新登录。');
window.location.href = "/login";
} else if (response.status === '2') {
alert('密码修改失败');
window.location.href = "/reset";
}
}
)
return false;
}
</script>
<div class="container">
@ -41,11 +9,14 @@
<h1>Reset Password</h1>
</section>
<input type="password" placeholder="原密码" class="old-password" name="old-password" id="old-password"/>
<input type="password" placeholder="新密码" class="new-password" name="new-password" id="new-password"/>
<input type="password" placeholder="确认新密码" class="re-new-password" name="re-new-password" id="re-new-password"/>
<button id="submit" class="btn" onclick="reset()">提交</button>
<button class="btn" onclick="window.location.href='/{{ username }}/userpage'">放弃修改</button>
<form action="/reset" method="POST">
<input type="password" placeholder="原密码" class="old-password" name="old-password" required>
<input type="password" placeholder="新密码" class="new-password" name="new-password" required>
<input type="password" placeholder="确认新密码" class="re-new-password" name="re-new-password" required>
<input type="submit" name="submit" class="btn" value="提交"/>
<input type="button" name="submit" class="btn" value="放弃修改"
onclick="window.location.href='/{{ username }}'"/>
</form>
</div>
{% endblock %}

View File

@ -6,47 +6,6 @@ You're logged in already! <a href="/logout">Logout</a>.
{% else %}
<meta name="viewport" content="width=device-width, initial-scale=1.0, minimum-scale=0.5, maximum-scale=3.0, user-scalable=yes" />
<link rel="stylesheet" href="static/css/login_service.css">
<script src="static/js/jquery.js"></script>
<script>
function signup() {
let username = $("#username").val();
let password = $("#password").val();
let password2 = $("#password2").val();
if (username === "" || password === "" || password2 === ""){
alert('输入不能为空!');
return false;
}
if (password !== password2) {
alert('确认密码与输入密码不一致!');
return false;
}
if (password.length < 4) {
alert('密码过于简单。(密码长度至少4位)');
return false;
}
$.post("/signup", {'username': username, 'password': password},
function (response) {
if (response.status === '0') {
alert('用户名'+username+'已经被注册。');
window.location.href = "/signup";
} else if (response.status === '1') {
alert('用户名密码验证失败。');
window.location.href = "/signup";
} else if (response.status === '2') {
let f = confirm("恭喜,你已成功注册,你的用户名是"+username+'.\n点击“确认”开始使用或点击“取消”返回首页');
if (f) {
window.location.href = '/'+username+'/userpage';
} else {
window.location.href = '/';
}
} else if (response.status === '3') {
alert(response.warn);
}
}
)
return false;
}
</script>
<p>{{ get_flashed_messages()[0] | safe }}</p>
@ -56,10 +15,12 @@ You're logged in already! <a href="/logout">Logout</a>.
<h1>Sign Up</h1>
</section>
<p><input type="username" id="username" placeholder="输入用户名" class="username"></p>
<p><input type="password" id="password" placeholder="输入密码" class="password"></p>
<p><input type="password" id="password2" placeholder="确认密码" class="password" ></p>
<button type="button" class="btn" onclick="signup()">注册</button>
<form action="/signup" method="POST">
<p><input type="username" name="username" placeholder="输入用户名" required="required" class="username"></p>
<p><input type="password" name="password" placeholder="输入密码" required="required" class="password"></p>
<p><input type="password" name="password2" placeholder="确认密码" required="required" class="password" ></p>
<button type="submit" class="btn">注册</button>
</form>
</div>

View File

@ -37,52 +37,20 @@
<body>
<div class="container-fluid">
<p><b>English Pal for <font id="username" color="red">{{ username }}</font></b>
<a id="quit" class="btn btn-secondary" href="/logout" role="button">退出</a>
<a class="btn btn-secondary" href="/logout" role="button">退出</a>
<a class="btn btn-secondary" href="/reset" role="button">重设密码</a>
</p>
{# {% for message in flashed_messages %}#} {# 根据user_service.userpage,取消了参数flashed_messages因此注释了这段代码 #}
{# <div class="alert alert-warning" role="alert">Congratulations! {{ message }}</div>#}
{# {% endfor %}#}
{{ flashed_messages|safe }}
{% if result_of_generate_article != "had read all articles" %}
<a id="next_btn" class="btn btn-success" href="/{{ username }}/reset" role="button"> 下一篇 Next Article </a>
<a class="btn btn-success" href="/{{ username }}/reset" role="button"> 下一篇 Next Article </a>
{% if session.get('articleID') != session.get('old_articleID') %}
{% if session.get('old_articleID') != None %}
<a class="btn btn-success" href="/{{ username }}/back" role="button"> 上一篇 Previous Article </a>
{% endif%}
{% if session.get('visited_articles') and session.get('visited_articles')['index']>0 %}
<a id="pre_btn" class="btn btn-success" href="/{{ username }}/back" role="button"> 上一篇 Previous Article </a>
{% endif %}
<p><b>阅读文章并回答问题</b></p>
<div id="text-content">
{% if result_of_generate_article == 'found' %}
<div class="alert alert-success" role="alert">According to your word list, your level is <span class="badge bg-success">{{ today_article["user_level"] }}</span> and we have chosen an article with a difficulty level of <span class="badge bg-success">{{ today_article["text_level"] }}</span> for you.</div>
<p class="text-muted">Article added on: {{ today_article["date"] }}</p><br/>
<div class="p-3 mb-2 bg-light text-dark"><br/>
<p class="display-5">{{ today_article["article_title"] }}</p><br/>
<p class="lead"><font id="article" size=2>{{ today_article["article_body"] }}</font></p><br/>
<p><small class="text-muted">{{ today_article['source'] }}</small></p><br/>
<p><b>{{ today_article['question'] }}</b></p><br/>
<script type="text/javascript">
function toggle_visibility(id) { {# https://css-tricks.com/snippets/javascript/showhide-element/#}
const e = document.getElementById(id);
if(e.style.display === 'block')
e.style.display = 'none';
else
e.style.display = 'block';
}
</script>
<button onclick="toggle_visibility('answer');">ANSWER</button>
<div id="answer" style="display:none;">{{ today_article['answer'] }}</div><br/>
</div>
{% elif result_of_generate_article == "not found" %}
<div class="alert alert-success" role="alert">
<p class="text-muted"><span class="badge bg-success">Notes:</span><br>No article is currently available for you. You can try again a few times or mark new words in the passage to improve your level.</p>
</div>
{% elif result_of_generate_article == "had read all articles" %}
<div class="alert alert-success" role="alert">
<p class="text-muted"><span class="badge bg-success">Notes:</span><br>You've read all the articles.</p>
</div>
{% endif %}
</div>
<div id="text-content">{{ today_article|safe }}</div>
<input type="checkbox" onclick="toggleHighlighting()" checked/>生词高亮
<input type="checkbox" onclick="onReadClick()" checked/>大声朗读
@ -92,11 +60,11 @@
<div class="sliderValue">
<span id="rangeValue">1×</span>
</div>
<input type="range" id="rangeComponent" min="0.5" max="2" value="1" step="0.25"/>
<input type="range" id="rangeComponent" min="0.5" max="2" value="1" step="0.25" "/>
</div>
</div>
<p><b>收集生词吧</b> (可以在正文中划词,也可以复制黏贴)</p>
<form method="post" action="/{{ username }}/userpage">
<form method="post" action="/{{ username }}">
<textarea name="content" id="selected-words" rows="10" cols="120"></textarea><br/>
<input type="submit" value="把生词加入我的生词库"/>
<input type="reset" value="清除"/>

View File

@ -29,13 +29,9 @@ def user_reset(username):
:param username: 用户名
:return: 返回页面内容
'''
session['old_articleID'] = session.get('articleID')
if request.method == 'GET':
visited_articles = session.get("visited_articles")
if visited_articles['article_ids'][-1] == "null": # 如果当前还是“null”则将“null”pop出来,无需index+=1
visited_articles['article_ids'].pop()
else: # 当前不为“null”直接 index+=1
visited_articles["index"] += 1
session["visited_articles"] = visited_articles
session['articleID'] = None
return redirect(url_for('user_bp.userpage', username=username))
else:
return 'Under construction'
@ -48,11 +44,7 @@ def user_back(username):
:return: 返回页面内容
'''
if request.method == 'GET':
visited_articles = session.get("visited_articles")
visited_articles["index"] -= 1 # 上一篇index-=1
if visited_articles['article_ids'][-1] == "null": # 如果当前还是“null”则将“null”pop出来
visited_articles['article_ids'].pop()
session["visited_articles"] = visited_articles
session['articleID'] = session.get('old_articleID')
return redirect(url_for('user_bp.userpage', username=username))
@ -97,12 +89,11 @@ def deleteword(username, word):
'''
user_freq_record = path_prefix + 'static/frequency/' + 'frequency_%s.pickle' % (username)
pickle_idea2.deleteRecord(user_freq_record, word)
# 模板userpage_get.html中删除单词是异步执行而flash的信息后续是同步执行的所以注释这段代码同时如果这里使用flash但不提取信息则会影响 signup.html的显示。bug复现删除单词后点击退出点击注册注册页面就会出现提示信息
# flash(f'{word} is no longer in your word list.')
flash(f'<strong>{word}</strong> is no longer in your word list.')
return "success"
@userService.route("/<username>/userpage", methods=['GET', 'POST'])
@userService.route("/<username>", methods=['GET', 'POST'])
def userpage(username):
'''
用户界面
@ -139,15 +130,11 @@ def userpage(username):
words = ''
for x in lst3:
words += x[0] + ' '
visited_articles, today_article, result_of_generate_article = get_today_article(user_freq_record, session.get('visited_articles'))
session['visited_articles'] = visited_articles
# 通过 today_article加载前端的显示页面
return render_template('userpage_get.html',
username=username,
session=session,
# flashed_messages=get_flashed_messages(), 仅有删除单词的时候使用到flash而删除单词是异步执行这里的信息提示是同步执行所以就没有存在的必要了
today_article=today_article,
result_of_generate_article=result_of_generate_article,
flashed_messages=get_flashed_messages_if_any(),
today_article=get_today_article(user_freq_record, session['articleID']),
d_len=len(d),
lst3=lst3,
yml=Yaml.yml,
@ -186,3 +173,15 @@ def get_time():
'''
return datetime.now().strftime('%Y%m%d%H%M') # upper to minutes
def get_flashed_messages_if_any():
'''
在用户界面显示黄色提示信息
:return: 包含HTML标签的提示信息
'''
messages = get_flashed_messages()
s = ''
for message in messages:
s += '<div class="alert alert-warning" role="alert">'
s += f'Congratulations! {message}'
s += '</div>'
return s

View File

@ -70,7 +70,7 @@ def sort_in_ascending_order(lst):# 单词按频率降序排列
return lst2
def make_html_page(lst, fname): # 只是在wordfreqCMD.py中的main函数中调用所以不做修改
def make_html_page(lst, fname):
'''
功能把lst的信息存到fname中以html格式
'''