def after_model_change(self, form, model, is_created):
if is_created:
admin_log = AdminLog(admin=current_user, ip=request.remote_addr,
info='创建了 ' + str(model))
elif not is_created:
admin_log = AdminLog(admin=current_user, ip=request.remote_addr,
info='修改了' + str(model))
db.session.add(admin_log)
try:
db.session.commit()
except:
db.session.rollback()
def _login(user):
login_user(user, remember=True)
if (user.auth == AuthEnum.Admin) or (user.auth == AuthEnum.SuperAdmin):
admin_log = AdminLog()
admin_log.add()
user_log = UserLog()
user_log.add()
next_ = request.args.get('next')
# not next_.startswith('/') 防止重定向攻击
if (next_ is None) or (not next_.startswith('/')):
if (user.auth == AuthEnum.Admin) or (user.auth == AuthEnum.SuperAdmin):
next_ = url_for('admin.index')
else:
next_ = url_for('home.index')
return next_
def login():
form = LoginForm()
if form.validate_on_submit():
data = form.data
admin = Admin.query.filter_by(name=data["name"]).first()
print(admin.name, admin.check_password(data["password"]))
if not admin.check_password(data["password"]):
flash(u"密码错误", "error")
return redirect(url_for("admin.login"))
# login_user(admin)
session["admin"] = data['name']
session["admin_id"] = admin.id
adminlog = AdminLog(
admin_id=admin.id,
ip=request.remote_addr # 获取ip地址
)
db.session.add(adminlog)
db.session.commit()
# 判断是从那个页面跳转到登录页面的
next_page = request.args.get("next")
# 如果没有跳转页面,默认设置为登录成功后返回到index页面
if not next_page or url_parse(next_page).netloc != '':
next_page = url_for("admin.index")
return redirect(next_page)
return render_template("admin/login.html", form=form)
def login():
if request.method == "GET":
return render_template('login.html')
else:
user = request.form.get('user')
pwd = request.form.get('pwd')
username = User.query.filter_by(username=user).first()
if user and pwd:
if username:
session['user_id'] = username.user_id
if username.check_password(pwd):
op_log = AdminLog(admin_id=username.user_id,
ip=request.remote_addr,
time=datetime.datetime.now(),
operate="用户:{} 进行了登录操作!".format(
username.username))
db.session.add(op_log)
db.session.commit()
return jsonify({'code': 200, 'error': ""})
else:
print('用户名或密码错误')
return jsonify({'code': 401, 'error': '用户名或密码错误'})
else:
return jsonify({'code': 401, 'error': '用户名或密码错误'})
else:
return jsonify({'code': 401, 'error': '用户名或密码不能为空'})
def login():
form = LoginForm()
print('开始登陆-验证:')
print(form.validate_on_submit())
if form.validate_on_submit():
name = form.username.data
password = form.password.data
admin = Admin.query.filter_by(name=name).first()
if admin and admin.verify_password(password):
# 存储 session 信息
session['admin_id'] = admin.id
session['admin'] = admin.name
remote_ip = request.remote_addr
# 存储登录信息到登录日志
adminlog = AdminLog(admin_name=admin.name, ip=remote_ip)
db.session.add(adminlog)
db.session.commit()
print('管理员登录成功!')
return redirect(url_for('admin.index'))
else:
flash('帐号或密码错误')
print(form.errors)
return render_template('admin/login.html', form=form)
def after_model_delete(self, model):
admin_log = AdminLog(admin=current_user, ip=request.remote_addr,
info='删除了' + str(model))
db.session.add(admin_log)
try:
db.session.commit()
except:
db.session.rollback()
def login():
form = LoginForm()
if form.validate_on_submit():
log = AdminLog(admin_id=session.get("admin_id"),
ip=request.remote_addr)
db.session.add(log)
db.session.commit()
return redirect(request.args.get("next") or url_for("admin.index"))
return render_template("admin/login.html", form=form)
def logout():
users = User.query.filter(User.user_id == session['user_id']).first()
op_log = AdminLog(admin_id=users.user_id,
ip=request.remote_addr,
time=datetime.datetime.now(),
operate="用户:{} 进行了注销操作!".format(users.username))
db.session.add(op_log)
db.session.commit()
del session['user_id']
return redirect(url_for('login.login'))
def post(self):
'''
登录
'''
args_login = parse_login.parse_args()
password = args_login.get('password')
username = args_login.get('username').lower()
captcha = args_login.get('captcha')
text = cache.get('image_code_%s'%args_login.get('image_code'))
if not text:
abort(RET.Forbidden,msg='验证码错误')
if captcha.lower() != text.lower():
abort(RET.Forbidden,msg='验证码错误')
cache.delete('image_code_%s'%args_login.get('image_code'))
admin = Admin.query.filter_by(username = username,is_del='0').first()
if not admin:
abort(RET.BadRequest,msg='用户名或密码错误')
if not admin.check_pwd(password):
abort(RET.Unauthorized,msg='用户名或密码错误')
token = Auth.encode_auth_token(admin.id)
cache.set(admin.id,token,timeout=60*60*8)
# 记录登陆日志
admin_log = AdminLog()
admin_log.username = admin.username
admin_log.ip = request.remote_addr
admin_log.add()
data = {
'status':RET.OK,
'msg':'登录成功',
'token':token
}
return data
def login():
form = LoginForm()
if form.validate_on_submit():
data = form.data
account = data["account"]
password = data["password"]
admin = Admin.query.filter_by(account=account).first()
if admin.check_password_hash(password):
session["admin"] = admin.account
session["admin_id"] = admin.id
adminlog = AdminLog(admin_id=admin.id, ip=request.remote_addr)
db.session.add(adminlog)
db.session.commit()
return redirect(url_for("admin.index"))
return render_template("admin/login.html", form=form)
def login():
# TODO: 在已登录状态访问此页面跳转到主页或当前页
form = LoginForm()
if form.validate_on_submit():
data = form.data
admin = Admin.query.filter_by(name=data["account"]).first()
if not admin.check_pwd(data["pwd"]):
flash("密码错误!", "err")
return redirect(url_for("admin.login"))
session["admin"] = data["account"]
session["admin_id"] = admin.id
adminlog = AdminLog(admin_id=admin.id, ip=request.remote_addr)
db.session.add(adminlog)
db.session.commit()
return redirect(request.args.get("next") or url_for("admin.index"))
return render_template("admin/login.html", form=form)
def login():
form = LoginForm()
if form.validate_on_submit():
data = form.data
admin = Admin.query.filter_by(name=data["account"]).first()
if not admin.check_pwd(data['pwd']):
flash("wrong password", "error")
return redirect(url_for('admin.login'))
else:
session["admin"] = data["account"]
session["aid"] = admin.id
adminlog = AdminLog(admin_id=session["aid"],
ip=request.remote_addr)
db.session.add(adminlog)
db.session.commit()
return redirect(request.args.get("next") or url_for("admin.index"))
return render_template("admin/login.html", form=form)
def login():
form = LoginForm()
if form.validate_on_submit():
data = form.data
admin_i = Admin.query.filter_by(name=data['account']).first()
print(admin_i)
if not admin_i.check_pwd(data['pwd']):
flash("密码错误")
return redirect(url_for('admin.login'))
session['admin'] = data['account']
session['admin_id'] = admin_i.id
admin_log = AdminLog(admin_id=admin_i.id, ip=request.remote_addr)
db.session.add(admin_log)
db.session.commit()
return redirect(request.args.get("next") or url_for('admin.index'))
return render_template('admin/login.html', form=form)
def login():
form = LoginForm()
if form.validate_on_submit():
data = form.data
admin = Admin.query.filter(Admin.name == data["account"]).first()
if not admin.check_pwd(data["pwd"]):
flash(u"密码错误!", "err")
return redirect(url_for('admin.login'))
session["admin"] = data["account"] # 用户名
session['admin_id'] = admin.id # 管理员的id
adminlog = AdminLog(admin_id=admin.id,
ip=request.remote_addr,
addtime=current_time)
db.session.add(adminlog)
db.session.commit()
return redirect(request.args.get('next') or url_for('admin.index'))
return render_template('admin/login.html', form=form)
def login():
form = LoginForm()
if form.validate_on_submit():
data = form.data
name = data.get('account')
password = data.get('pwd')
admin = Admin.query.filter(Admin.name == name).first()
if not admin.check_password(password):
flash('密码错误!', 'error')
return redirect(url_for(
'admin.login')) # redirect不能带参数,但是flash是基于session的,因此不依赖于传参。
session['admin'] = name
session['admin_id'] = admin.id
admin_log = AdminLog(admin_id=admin.id, ip=request.remote_addr)
db.session.add(admin_log)
db.session.commit()
return redirect(request.args.get('next') or url_for('admin.index'))
return render_template('admin/login.html', form=form)
def login():
form = LoginForm()
if request.method == "GET":
form.account.flags.required = False
form.pwd.flags.required = False
if form.validate_on_submit():
data = form.data
admin = Admin.query.filter_by(name=data["account"]).first()
if not admin.check_pwd(data["pwd"]):
flash("账号或者密码错误", "error")
return redirect(url_for("admin.login"))
session["admin"] = data["account"]
session["admin_id"] = admin.id
adminlog = AdminLog(admin_id=admin.id, ip=request.remote_addr)
db.session.add(adminlog)
db.session.commit()
return redirect(request.args.get("next") or url_for("admin.index"))
return render_template("admin/login.html", form=form)
def login():
form = LoginForm()
if form.validate_on_submit():
data = form.data
admin = Admin.query.filter_by(name=data["account"]).first()
if not admin.check_pwd(data["pwd"]): # 切记密码错误时,check_pwd返回false,但此时not check_pwd(data["pwd"])为真!
flash("密码错误!", "err")
return redirect(url_for("admin.login"))
session["admin"] = data["account"] # 如果密码正确,就定义session的会话把数据保存到数据库。
session["admin_id"] = admin.id
adminlog = AdminLog(
admin_id=session["admin_id"],
ip=request.remote_addr,
)
db.session.add(adminlog)
db.session.commit()
return redirect(request.args.get("next") or url_for("admin.index"))
return render_template("admin/login.html", form=form)
def login():
# 进行表单实例化
form = LoginForm()
# 提交表单的时候进行验证
if form.validate_on_submit():
# 获取表单的账号密码
data = form.data
admin = Admin.query.filter_by(name=data["account"]).first()
if not admin.check_pwd(data["pwd"]):
flash("密码错误")
return redirect(url_for("admin.login"))
# 账号密码正确
session["admin"] = data["account"]
session["admin_id"] = admin.id
adminlog = AdminLog(admin_id=admin.id, ip=request.remote_addr)
db.session.add(adminlog)
db.session.commit()
return redirect(url_for("admin.index"))
return render_template("admin/login.html", form=form)
def login():
form = LoginForm()
if form.validate_on_submit():
data = form.data
admin = Admin.query.filter_by(name=data["account"]).first()
if not admin.check_password(data["password"]):
flash("密码错误!", category="error")
return redirect(url_for("admin.login"))
session["admin"] = data["account"]
session["admin_id"] = admin.id
# 记录到 管理员登录日志
admin_log = AdminLog(
admin_id=admin.id,
ip=request.remote_addr,
)
db.session.add(admin_log)
db.session.commit()
return redirect(request.args.get("next") or url_for("admin.index"))
return render_template("admin/login.html", form=form)
def login():
"""登陆"""
form = LoginForm(account=session.get("admin", None))
if form.validate_on_submit():
data = form.data
admin = Admin.query.filter_by(name=data["account"]).first()
if not admin.check_pwd(data["pwd"]):
flash("密码错误!", "err")
return redirect(url_for('admin.login'))
session["admin"] = data["account"]
session["role"] = Admin.query.join(Role).filter(
admin.role_id == Role.id).first().role.name
session["admin_id"] = admin.id
#管理员登录日志
adminlog = AdminLog(admin_id=session["admin_id"],
ip=request.remote_addr)
db.session.add(adminlog)
db.session.commit()
return redirect(request.args.get("next") or url_for('admin.index'))
return render_template('admin/login.html', form=form)
def login():
form = LoginForm()
if form.validate_on_submit():
name = form.username.data
password = form.password.data
admin = Admin.query.filter_by(name=name).first()
if admin and admin.check(password):
session['admin_id'] = admin.id
session['admin'] = admin.name
adminLog = AdminLog(admin_id=admin.id,
ip=request.remote_addr,
area='陕西西安')
db.session.add(adminLog)
db.session.commit()
flash('管理员%s登录成功' % (name))
return redirect(url_for('admin.index'))
else:
flash('管理员登录失败')
return redirect(url_for('admin.login'))
else:
return render_template('admin/login.html', form=form)
def login():
form = LoginFrom()
if form.validate_on_submit():
# 提交的时候验证表单
data = form.data # 获取表单的数据
# print(data)
login_admin = Admin.query.filter_by(name=data['account']).first()
if not login_admin.check_pwd(data['pwd']):
# 判断密码错误,然后将错误信息返回,使用flash用于消息闪现
flash('密码错误!')
return redirect(url_for('admin.login'))
# 如果密码正确,session中添加账号记录,然后跳转到request中的next,或者是跳转到后台的首页
session['login_admin'] = data['account']
# 操作日志
session['admin_id'] = login_admin.id
# 管理员登录日志
admin_log = AdminLog(admin_id=login_admin.id, ip=request.remote_addr)
db.session.add(admin_log)
db.session.commit()
return redirect(request.args.get('next') or url_for('admin.index'))
return render_template('admin/login.html', form=form)
def login_view(self):
form = AdminLoginForm()
if form.validate_on_submit():
admin = Admin.query.filter_by(name=form.name.data).first()
if admin is not None and admin.verify_password(form.password.data):
if current_user.is_authenticated:
logout_user()
login_user(admin)
flash('管理员登录成功!')
# flash(request.endpoint)
admin_log = AdminLog(admin_id=admin.id,
ip=request.remote_addr,
info='登录后台')
db.session.add(admin_log)
try:
db.session.commit()
except:
db.session.rollback()
finally:
return redirect(url_for('.index'))
flash('管理员账户认证失败!')
return render_template('admin/login.html', form=form)
def login():
"""
后台登录
"""
form = LoginForm()
if form.validate_on_submit():
data = form.data
admin = Admin.query.filter_by(name=data['account']).first()
if not admin.check_pwd(data['pwd']):
# 错误消息闪现
flash('密码错误', 'error')
return redirect(url_for('admin.login'))
# 检测通过,则在session中保存admin的名称和ID
session['admin'] = data['account']
session['admin_id'] = admin.id
# 记录登陆操作
admin_log = AdminLog(admin_id=admin.id, ip=request.remote_addr)
db.session.add(admin_log)
db.session.commit()
return redirect(request.args.get('next') or url_for('admin.index'))
return render_template('admin/login.html', form=form)
def login():
form = LoginForm()
if form.validate_on_submit():
data = form.data
# 查询账号
admin = Admin.query.filter_by(name=data["account"]).first()
if not admin.check_pwd(data["pwd"]):
# 若密码信息错误,提示错误信息闪出
flash("密码错误!", "err")
# 重定向
return redirect(url_for('admin.login'))
# 若密码正确,将管理员的账号信息保存在session中
session['admin'] = data['account']
session['admin_id'] = admin.id
adminlog = AdminLog(
admin_id=admin.id,
ip=request.remote_addr,
)
db.session.add(adminlog)
db.session.commit()
return redirect(request.args.get("next") or url_for('admin.index'))
return render_template("admin/login.html", form=form)
def login():
form = LoginForm()
# form.validata_account(form.account)
if form.validate_on_submit():
data = form.data
admin = Admin.query.filter_by(name=data['account']).first()
if not admin.check_pwd(data['pwd']):
flash("密码错误!", 'pwderr')
return redirect(url_for("admin.login"))
# 验证通过保存账号到session
session["admin"] = data["account"]
session['id'] = admin.id
# 获取管理员登录ip
admin_ip = request.remote_addr
session['login_ip'] = admin_ip
# 保存到登录日志
new_adminlog = AdminLog(admin_id=session['id'], ip=session['login_ip'])
db.session.add(new_adminlog)
db.session.commit()
return redirect(request.args.get("next") or url_for("admin.index"))
return render_template("admin/login.html", form=form)
def login():
form = LoginForm()
if form.validate_on_submit() is True: # 对传入数据进行格式验证
data = form.data # 获取传入表单数据
admin_field = Admin.query.filter_by(name=data['account']).first()
if admin_field.check_pwd(data['password']) is False:
flash('密码验证失败!')
return redirect(url_for('admin.login')) # 密码验证失败重定向到登录界面
session.update({
'admin': data['account'],
'pwd': data['password'],
'admin_id': admin_field.id
})
admin_log = AdminLog(
admin_id=admin_field.id,
ip=request.remote_addr,
)
db.session.add(admin_log)
db.session.commit()
# 密码验证成功之后重定向到后台管理页面主页
return redirect(request.args.get('next') or url_for('admin.index'))
return render_template('admin/login.html', form=form)
def adminloginlog_list(page=0):
if not page:
page = 1
adminlogs = AdminLog.get_ten_page(page=page)
return render_template("admin/adminloginlog_list.html",
adminlogs=adminlogs)