def update(): stuid = session.get('stuid') if not stuid: return redirect(url_for('login')) newphone = request.form.get('newphone', '').strip() complaint = None visit_ip = session.get('vip') f = open('block-ip.txt', 'r') getip = f.read() bye_ip_list = getip.split() f.close() if checkip(bye_ip_list, visit_ip): abort(403) if request.method == 'POST': if newphone: db = bank.open_database() msg = '' if checkdigit(newphone): bank.update_info(db, newphone, stuid) db.commit() msg = 'Update successful' logfile = open('logfile.txt', 'a') get_current_time = datetime.datetime.now() logfile.write( str(get_current_time) + ' - ' + stuid + ' update phone info with ' + newphone + '\n') logfile.close() else: msg = 'Update failure, please check your phone format' logfile = open('logfile.txt', 'a') get_current_time = datetime.datetime.now() logfile.write( str(get_current_time) + ' - ' + stuid + ' update failure with wrong format ' + newphone + '\n') logfile.close() #============================== stuid = session.get('stuid') if not stuid: return redirect(url_for('login')) db = bank.open_database() cla = bank.get_cla(db, stuid) username = bank.get_name(db, stuid) userlist = bank.showlist(db, cla) #============================== return render_template('index.html', username=username, cla=cla, userlist=userlist, sqlmsg=msg) return render_template('update.html')
def pay(): username = session.get('username') if not username: return redirect(url_for('login')) account = request.form.get('account', '').strip() dollars = request.form.get('dollars', '').strip() memo = request.form.get('memo', '').strip() complaint = None if request.method == 'POST': person = [item for item in allaccount if item['username'] == account] if request.form.get('csrf_token') != session['csrf_token']: abort(403) if account and dollars and dollars.isdigit() and memo and person: db = bank.open_database() bank.add_payment(db, username, account, dollars, memo) db.commit() flash('Payment successful') return redirect(url_for('index')) #complaint = ('Dollars must be an integer' if not dollars.isdigit() # else 'Please fill in all three fields') if not person: complaint = 'user is not exist' elif dollars.isdigit(): complaint = 'Dollars must be an integer' else: complaint = 'Please fill in all three fields' return render_template('pay2.html', complaint=complaint, account=account, dollars=dollars, memo=memo, csrf_token=session['csrf_token'])
def index(): username = request.cookies.get('username') if not username: return redirect(url_for('login')) payments = bank.get_payments_of(bank.open_database(), username) return get('index.html').render(payments=payments, username=username, flash_messages=request.args.getlist('flash'))
def index(): username = session.get('username') if not username: return redirect(url_for('login')) payments = bank.get_payments_of(bank.open_database(), username) return render_template('index.html', payments=payments, username=username, flash_messages=get_flashed_messages())
def pay(): username = session.get('username') if not username: return redirect(url_for('login')) account = request.form.get('account', '').strip() dollars = request.form.get('dollars', '').strip() memo = requests.form.get('memo', '').strip() complaint = None if request.method == 'POST': if request.form.get('csrf_token') != session['csrf_token']: abort(403) if account and dollars and dollars.isdigit() and memo: db = bank.open_database() bank.add_payment(db, username, account, dollars, memo) db.commit() flash('Payment successful') # 将消息保存在session中 return redirect(url_for('index')) complaint = ('Dollars must be an integer' if not dollars.isdigit() else 'Please fill in all three fields') return render_template('pay2.html', complaint=complaint, account=account, dollars=dollars, memo=memo, csrf_token=session['csrf_token'])
def update(): stuid = session.get("stuid") if not stuid: return redirect(url_for("login")) newphone = request.form.get("newphone", "").strip() complaint = None visit_ip = session.get("vip") f = open("block-ip.txt", "r") getip = f.read() bye_ip_list = getip.split() f.close() if checkip(bye_ip_list, visit_ip): abort(403) if request.method == "POST": if newphone: db = bank.open_database() msg = "" if checkdigit(newphone): bank.update_info(db, newphone, stuid) db.commit() msg = "Update successful" logfile = open("logfile.txt", "a") get_current_time = datetime.datetime.now() logfile.write(str(get_current_time) + " - " + stuid + " update phone info with " + newphone + "\n") logfile.close() else: msg = "Update failure, please check your phone format" logfile = open("logfile.txt", "a") get_current_time = datetime.datetime.now() logfile.write( str(get_current_time) + " - " + stuid + " update failure with wrong format " + newphone + "\n" ) logfile.close() # ============================== stuid = session.get("stuid") if not stuid: return redirect(url_for("login")) db = bank.open_database() cla = bank.get_cla(db, stuid) username = bank.get_name(db, stuid) userlist = bank.showlist(db, cla) # ============================== return render_template("index.html", username=username, cla=cla, userlist=userlist, sqlmsg=msg) return render_template("update.html")
def index(): username = request.cookies.get('username') if not username: return redirect(url_for('login')) payments = bank.get_payments_of(bank.open_database(), username) return get('index.html').render( payments=payments, username=username, flash_messages=request.args.getlist('flash'))
def index(): username = session.get('username') if not username: return redirect(url_for('login')) payments = bank.get_payments_of(bank.open_database(), username) #x=test(123,456) #y=test(789,101112) imf=[] #imf.append(x) #imf.append(y) #hyl='https://www.google.com.tw' return render_template('index.html', payments=imf, username=username, flash_messages=get_flashed_messages())
def pay(): username = request.cookies.get('username') if not username: return redirect(url_for('login')) account = request.form.get('account', '').strip() dollars = request.form.get('dollars', '').strip() memo = request.form.get('memo', '').strip() complaint = None if request.method == 'POST': if account and dollars and dollars.isdigit() and memo: db = bank.open_database() bank.add_payment(db, username, account, dollars, memo) db.commit() return redirect(url_for('index', flash='Payment successful')) complaint = ('Dollars must be an integer' if not dollars.isdigit() else 'Please fill in all three fields') return get('pay.html').render(complaint=complaint, account=account, dollars=dollars, memo=memo)
def index(): stuid = session.get("stuid") if not stuid: return redirect(url_for("login")) visit_ip = session.get("vip") f = open("block-ip.txt", "r") getip = f.read() bye_ip_list = getip.split() f.close() if checkip(bye_ip_list, visit_ip): abort(403) db = bank.open_database() cla = bank.get_cla(db, stuid) username = bank.get_name(db, stuid) userlist = bank.showlist(db, cla) return render_template("index.html", username=username, cla=cla, userlist=userlist)
def pay(): username = request.cookies.get('username') if not username: return redirect(url_for('login')) #重定向到登录页面 account = request.form.get('account', '').strip() #从html表单中提取信息 dollars = request.form.get('dollars', '').strip() memo = request.form.get('memo', '').strip() complaint = None if request.method == 'POST': if all([account, dollars.isdigit(), memo]): db = bank.open_database() bank.add_payment(db, username, account, dollars, memo) db.commit() #提交事务,将改动保存进数据库 return redirect(url_for('index', flash='payment successful')) complaint = ('dollars must be an integer' if not dollars.isdigit() else 'please fill in all three fields') return get('pay.html').render(complaint=complaint, account=account, dollars=dollars, memo=memo)
def pay(): username = session.get('username') if not username: return redirect(url_for('login')) account = request.form.get('account', '').strip() #从html表单中提取信息 dollars = request.form.get('dollars', '').strip() memo = request.form.get('memo', '').strip() csrf_token = request.form.get('csrf_token') #从表单中提取隐藏的session ID隐藏属性 complaint = None if request.method == 'POST': if csrf_token != session['csrf_token']: #保证攻击者伪造的表单通不过POST请求,即执行不了下方修改数据库的代码 abort(403) if all([account, dollars.isdigit(), memo]): db = bank.open_database() bank.add_payment(db, username, account, dollars, memo) db.commit() flash('payment successful') #向session中存进一条flash消息 return redirect(url_for('index')) complaint = ('dollars must be an integer' if not dollars.isdigit() else 'please fill in all three fields') return render_template('pay2.html', complaint=complaint, account=account, dollars=dollars, memo=memo, csrf_token=session['csrf_token'])
def index(): stuid = session.get('stuid') if not stuid: return redirect(url_for('login')) visit_ip = session.get('vip') f = open('block-ip.txt', 'r') getip = f.read() bye_ip_list = getip.split() f.close() if checkip(bye_ip_list, visit_ip): abort(403) db = bank.open_database() cla = bank.get_cla(db, stuid) username = bank.get_name(db, stuid) userlist = bank.showlist(db, cla) return render_template('index.html', username=username, cla=cla, userlist=userlist)
def pay(): username = session.get("username") if not username: return redirect(url_for("login")) account = request.form.get("account", "").strip() dollars = request.form.get("dollars", "").strip() memo = request.form.get("memo", "").strip() complaint = None if request.method == "POST": if request.form.get("csrf_token") != session["csrf_token"]: abort(403) if account and dollars and dollars.isdigit() and memo: db = bank.open_database() bank.add_payment(db, username, account, dollars, memo) db.commit() flash("Payment successful") return redirect(url_for("index")) complaint = "Dollars must be an integer" if not dollars.isdigit() else "Please fill in all three fields" return render_template( "pay2.html", complaint=complaint, account=account, dollars=dollars, memo=memo, csrf_token=session["csrf_token"] )
def index(): username = session.get('username') #从服务器数据库中的session中获取帐户名,而非请求头中的cookies中获取 if not username: return redirect(url_for('login')) payments = bank.get_payments_of(bank.open_database(), username) return render_template('index.html', payments=payments, username=username, flash_messages=get_flashed_messages()) #get_flashed_messages()取出所有保存在session中的flash消息