def login():
if request.method == 'GET':
return render_template('login.html')
else:
telephone = request.form.get('telephone')
pwd = request.form.get('password')
user_salt = User.query.filter(User.telephone == telephone).first()
if user_salt:
salt = user_salt.salt
password = security.create_md5(pwd, salt)
user = User.query.filter(User.telephone == telephone,User.password==password).first()
if user:
session['user_id'] = user.id
#如果想在31天内都不需要登录
session.permanent = True
return redirect(url_for('index'))
else:
return render_template('login_warning.html')
else:
return render_template('login_warning.html')
def register():
if request.method == 'GET':
return render_template('register.html')
else:
telephone = request.form.get('telephone')
username = request.form.get('username')
password1 = request.form.get('password1')
password2 = request.form.get('password2')
#进行手机号码验证是否注册
user = User.query.filter(User.telephone == telephone).first()
if user:
return render_template('register_warning.html')
else:
# 随机生成4位salt
salt = security.create_salt()
password = security.create_md5(password1, salt)
user = User(telephone=telephone,username=username,password=password,salt=salt)
db.session.add(user)
db.session.commit()
return redirect(url_for('login'))