def login(): userName = request.form['username'] pwd = request.form['passwd'] checkStr(userName, 25) checkStr(pwd, 40) #print(userName,pwd) #生成hash并加盐 md = hashlib.md5() md.update((userName + "leo" + pwd).encode('utf-8')) hashPwd = md.hexdigest() #查询是否已经注册 try: db.session.commit() detectFlag = User.query.filter_by(username=userName).first() except Exception as e: logger.info(e, exc_info=True) return jsonify({'code': 500, 'msg': 'sqlserver error'}) if not detectFlag: return jsonify({'code': 402, 'msg': 'account has not been registed'}) else: realPwd = detectFlag.passwd if hashPwd == realPwd: session['username'] = userName return jsonify({'code': 0, 'msg': 'successfully login'}) else: return jsonify({'code': 404, 'msg': 'password wrong'})
def regist(): userName = request.form['username'] pwd = request.form['passwd'] checkStr(userName, 25) checkStr(pwd, 40) #生成hash并加盐 md = hashlib.md5() md.update((userName + "leo" + pwd).encode('utf-8')) hashPwd = md.hexdigest() #检测是否注册 try: db.session.commit() detectFlag = User.query.filter_by(username=userName).first() except Exception as e: logger.info(e, exc_info=True) return jsonify({'code': 500, 'msg': 'sqlserver error'}) if detectFlag == None: try: user = User(userName, hashPwd) db.session.add(user) db.session.commit() session['username'] = userName return jsonify({'code': 0, 'msg': 'success regist'}) except Exception as e: logger.info(e, exc_info=True) db.session.rollback() return jsonify({'code': 500, 'msg': 'sqlserver error'}) else: return jsonify({'code': 401, 'msg': 'account has been registed'})
def commentAdd(): if 'username' in session: #csrf check if request.headers.get('csrfToken') == session['csrf']: pass else: abort(400) userName = session['username'] bid = request.form['blogid'] content = request.form['content'] checkInt(bid) checkStr(content, 65535) db.session.commit() ref_blog = db.session.query(Blog).filter( Blog.blogid == bid).with_for_update().first() print(ref_blog) if not ref_blog == None: try: new_data = BlogComment(bid, userName, content) ref_blog.comment_num = ref_blog.comment_num + 1 db.session.add(new_data) db.session.commit() return jsonify({'code': 0, 'msg': 'success add'}) except Exception as e: logger.info(e, exc_info=True) db.session.rollback() return jsonify({'code': 500, 'msg': 'sqlserver error'}) else: return jsonify({'code': 405, 'msg': "request blog not exist"}) else: return jsonify({'code': 403, 'msg': 'please log in'})
def blogModify(): if 'username' in session: #csrf check if request.headers.get('csrfToken') == session['csrf']: pass else: abort(400) bid = request.form['blogid'] title = request.form['title'] content = request.form['content'] comment_num = request.form['comment_num'] checkInt(bid) checkInt(comment_num) checkStr(title, 40) checkStr(content, 65535) origin_data = Blog.query.filter_by(blogid=bid).first() if not origin_data == None: if origin_data.author == session['username']: try: origin_data.title = title origin_data.content = content origin_data.sub_date = datetime.datetime.now() db.session.commit() return jsonify({'code': 0, 'msg': 'success update'}) except Exception as e: logger.info(e, exc_info=True) db.session.rollback() return jsonify({'code': 500, 'msg': 'sqlserver error'}) else: return jsonify({ 'code': 404, 'msg': "you don't have the power" }) else: return jsonify({'code': 405, 'msg': "request blog not exist"}) else: return jsonify({'code': 403, 'msg': 'please log in'})
def blogAdd(): if 'username' in session: #csrf check if request.headers.get('csrfToken') == session['csrf']: pass else: abort(400) userName = session['username'] title = request.form['title'] content = request.form['content'] checkStr(title, 40) checkStr(content, 65535) try: new_data = Blog(title, userName, content) db.session.add(new_data) db.session.commit() return jsonify({'code': 0, 'msg': 'success add'}) except Exception as e: logger.info(e, exc_info=True) db.session.rollback() return jsonify({'code': 500, 'msg': 'sqlserver error'}) else: return jsonify({'code': 403, 'msg': 'please log in'})