def signup():
error = None
form = SignUpForm()
if form.validate_on_submit():
user = User(
name=form.username.data,
email=form.email.data,
password=form.password.data,
ip=get_ip())
try:
db.session.add(user)
db.session.commit()
login_user(user)
flash("You just added user <strong>%s</strong>" % user.name, "success")
next = request.args.get("next")
if not is_safe_url(next):
return flask.abort(400)
return redirect(next or url_for("index"))
except:
flash("That username already exists", "danger")
return redirect(url_for("signup"))
return render_template(
"signup.html",
error=error,
form=form
)
def login():
if request.method == 'GET':
return render_template("login.html")
if request.method == 'POST':
login_account = request.form.get("login_account")
login_passwd = request.form.get("login_passwd")
user = User.query.filter(
or_(User.user_name == login_account,
User.mobile == login_account)).first()
if not user:
return render_template("login.html", **{"message": "账户不存在"})
password = user.password
if hashlib.md5(login_passwd.encode("utf-8")).hexdigest() != password:
return render_template("login.html", **{"message": "密码错误"})
login_flag = login_user(user, remember=request.form.get("remembr_me"))
if login_flag:
session_user = dict(
id=user.id,
user_name=user.user_name,
nickname=user.nickname,
mobile=user.mobile,
email=user.email,
avatar=user.avatar,
)
session[KEY_SESSION_USER] = session_user
next = flask.request.args.get('next')
if not is_safe_url(next):
return flask.abort(400)
return flask.redirect(next or "/index")
return render_template("login.html", **{"message": "登陆失败"})
def login():
reason = 'Unknown error.'
redir = request.args.get('next')
if redir is None:
redir = ''
else:
redir = '?next={}'.format(redir)
if not event_start(EVENT_DATA):
if ENV_DEV:
pass
else:
return redirect('/')
if request.method == "POST":
try:
uname = request.form.get('uname').strip()
pword = request.form.get('pword').strip()
if validate_user(get_db().cursor(), uname, pword):
auth_user = User(uname)
login_user(auth_user)
if request.args.get('next') is None:
if current_user.is_authenticated:
return redirect(
routing(
EVENT_DATA,
get_user_level(get_db().cursor(),
current_user.id), 'path'))
if is_safe_url(request, request.args.get('next')):
return redirect(request.args.get('next'))
else:
abort(400)
else:
reason = 'Incorrect username or password.'
raise GameException
except GameException:
return render_template(
'login.html',
event="NETWORK TREASURE HUNT",
social="https://www.instagram.com/acespvg/?hl=en",
host="ACESPVG",
error=True,
reason=reason,
year=YEAR,
next=redir)
else:
return render_template(
'login.html',
event="NETWORK TREASURE HUNT",
social="https://www.instagram.com/acespvg/?hl=en",
host="ACESPVG",
error=False,
reason='',
next=redir,
year=YEAR)
def login():
form = LoginForm()
if request.method == 'POST':
if form.validate():
flask_login.login_user(form.user)
next = request.args.get('next')
# is_safe_url should check if the url is safe for redirects.
# See http://flask.pocoo.org/snippets/62/ for an example.
if not utils.is_safe_url(next):
return flask.abort(400)
return redirect(next or url_for('hello'))
return render_template('login.html', form=form)
async def confirm_18plus(request):
target = request.query.get('next')
if target is None:
return web.HTTPTemporaryRedirect('/')
if not is_safe_url(request, target):
return web.HTTPBadRequest()
if '18+' in request.cookies:
return web.HTTPTemporaryRedirect(target)
is_18plus = request.query.get('confirm')
if is_18plus is None:
return await render_template('confirm-18+.html', target=target)
elif is_18plus == 'false':
response = web.HTTPTemporaryRedirect('/')
return response
response = web.HTTPTemporaryRedirect(target)
response.set_cookie('18+', '', max_age=ONE_YEAR)
return response
def admin_login():
if request.method == "POST":
user = User.get(request.form["username"])
if user is not None:
pass_hash = hash_pass(request.form["password"])
if user.password == pass_hash:
login_user(user)
flash("Logged in successfully.")
nexturl = request.args.get("next")
if not utils.is_safe_url(nexturl):
return abort(400)
return redirect(nexturl or url_for("admin_index"))
return render_template(
"admin/login.html",
message="Error: Incorrect username and/or password.",
message_style="error")
return render_template("admin/login.html")
def login():
error = None
form = LoginForm()
if form.validate_on_submit():
user = User.query.filter_by(name=form.username.data).first()
if user is not None and bcrypt.check_password_hash(
user.password, form.password.data):
login_user(user)
flash("You have signed in as <strong>%s</strong>!" % user.name, "success")
next = request.args.get("next")
if not is_safe_url(next):
return flask.abort(400)
return redirect(next or url_for("index"))
else:
flash("<strong>Invalid password.</strong> Please try again.", "danger")
return redirect(url_for("login"))
return render_template(
"login.html",
form=form,
error=error
)
def redirect(self, endpoint="diary_index", **values):
if is_safe_url(self.next.data):
return redirect(self.next.data)
target = get_redirect_target()
return redirect(target or url_for(endpoint, **values))
def login():
reason = 'Unknown error.'
redir = request.args.get('next')
if redir is None:
redir = ''
else:
redir = '?next={}'.format(redir)
if not event_start(EVENT_DATA):
if ENV_DEV:
pass
else:
return redirect('/')
if request.method == "POST":
try:
uname = request.form.get('uname').strip()
pword = request.form.get('pword').strip()
if validate_user(get_db().cursor(), uname, pword):
auth_user = User(uname)
login_user(auth_user)
if request.args.get('next') is None:
if current_user.is_authenticated:
return redirect(
routing(
EVENT_DATA,
get_user_level(get_db().cursor(),
current_user.id), 'path'))
if is_safe_url(request, request.args.get('next')):
return redirect(request.args.get('next'))
else:
abort(400)
else:
reason = 'Incorrect username or password.'
raise GameException
except GameException:
return render_template('login.html',
event=EVENT_DATA['name'],
host=EVENT_DATA['host'],
faq=EVENT_DATA['faq'],
discuss=EVENT_DATA['discuss'],
social=EVENT_DATA['social'],
error=True,
reason=reason,
year=YEAR,
next=redir)
else:
return render_template('login.html',
event=EVENT_DATA['name'],
host=EVENT_DATA['host'],
faq=EVENT_DATA['faq'],
social=EVENT_DATA['social'],
discuss=EVENT_DATA['discuss'],
error=False,
reason='',
next=redir,
year=YEAR)
def redirect(self, endpoint="diary_index", **values):
if is_safe_url(self.next.data):
return redirect(self.next.data)
target = get_redirect_target()
return redirect(target or url_for(endpoint, **values))
def safe_redirect_ajax(form, json):
next = form.get('next', '')
if is_safe_url(next):
json['next'] = next
else:
json['next'] = url_for('bbs_content.content_show', _external=True)