def resetPwd(): if request.method == "GET": return ops_render('user/reset_pwd.html', {'current': 'reset_pwd'}) resp = {'code': 200, 'msg': "操作成功", 'data': {}} req = request.values app.logger.info(req) old_password = req['old_password'] if 'old_password' in req else '' new_password = req['new_password'] if 'new_password' in req else '' if old_password is None or len(old_password) < 6: resp['code'] = -1 resp['msg'] = "请输入正确的原密码~~" return jsonify(resp) if new_password is None or len(new_password) < 6: resp['code'] = -1 resp['msg'] = "请输入正确的新密码~~" return jsonify(resp) if old_password == new_password: resp['code'] = -1 resp['msg'] = "密码与原密码一致~~" return jsonify(resp) user_info = g.current_user user_info.login_pwd = UserService.genePwd(new_password, user_info.login_salt) db.session.add(user_info) db.session.commit() #重置cookie response = make_response(json.dumps(resp)) response.set_cookie(app.config['AUTH_COOKIE_NAME'], '%s#%s' % (UserService.geneAuthCode(user_info), user_info.uid), 60 * 60 * 24 * 120) # 保存120天 return response
def resetPwd(): if request.method == 'GET': return ops_render( "user/reset_pwd.html" ) req = request.values resp = {'code': 200, 'msg': '操作成功', 'data': {}} new_password = req['new_password'] if 'new_password' in req else '' old_password = req['old_password'] if 'old_password' in req else '' if old_password is None or len(old_password) <6: resp['code'] = -1 resp['msg'] = '请输入符合规范的原密码' return jsonify(resp) if new_password is None or len(new_password) < 6: resp['code'] = -1 resp['msg'] = '请输入符合规范的新密码' return jsonify(resp) if old_password == new_password: resp['code'] = -1 resp['msg'] = '新旧密码不能一致' return jsonify(resp) user_info = g.current_user user_info.login_pwd = UserService.genePwd(new_password,user_info.login_salt) db.session.commit() response = make_response(json.dumps(resp)) response.set_cookie(app.config['AUTH_COOKIE_NAME'], '%s#%s' % ( UserService.geneAuthCode(user_info), user_info.uid), 60 * 60 * 24 * 120) # 保存120天 return response
def check_login(): cookies = request.cookies auth_cookie = cookies[app.config['AUTH_COOKIE_NAME']] \ if app.config['AUTH_COOKIE_NAME'] in cookies else None # cookie验证:从cookie中取出uid,通过个人信息生成授权码,与cookie授权码对比 if auth_cookie is None: return False auth_info = auth_cookie.split('#') if len(auth_info) != 2: return False try: user_info = User.query.filter_by(uid=auth_info[1]).first() except Exception: return False if user_info is None: return False if auth_info[0] != UserService.geneAuthCode(user_info): return False if user_info.status != 1: return False return user_info
def check_login(): cookies = request.cookies auth_cookie = cookies[app.config['AUTH_COOKIE_NAME']] if app.config['AUTH_COOKIE_NAME'] in cookies else None if '/api' in request.path: app.logger.info(request.path) auth_cookie = request.headers.get("Authorization") app.logger.info( request.headers.get("Authorization") ) if auth_cookie is None: return False auth_info = auth_cookie.split("#") if len(auth_info) != 2: return False try: user_info = User.query.filter_by(uid=auth_info[1]).first() except Exception: return False if user_info is None: return False if auth_info[0] != UserService.geneAuthCode( user_info ): return False if user_info.status != 1: return False return user_info
def check_login(): cookies = request.cookies auth_cookie = cookies[app.config['AUTH_COOKIE_NAME']] if app.config[ 'AUTH_COOKIE_NAME'] in cookies else '' # app.logger.info(auth_cookie) if auth_cookie is None: # app.logger.debug('这是没有cookie返回') return False auth_info = auth_cookie.split("#") if len(auth_info) != 2: # app.logger.debug('这是分割后没有两个返回') return False try: user_info = User.query.filter_by(uid=auth_info[1]).first() except Exception: # app.logger.debug('这是分割后没有查到返回') return False if user_info is None: # app.logger.debug('这是分割后查到是空返回') return False if auth_info[0] != UserService.geneAuthCode(user_info): # app.logger.debug('这是分割后对比不正却返回') return False if user_info.status != 1: return False return user_info
def check_login(): cookies = request.cookies # 拿到 cookie auth_cookie = cookies[app.config['AUTH_COOKIE_NAME']] if app.config[ 'AUTH_COOKIE_NAME'] in cookies else None # 三连表达式。值如果在里面,否则 # cookie 对比。从cookie取出 uid,通过uid从数据库查出个人信息,通过个人信息生成授权码。和cookie的授权码进行对比,两个如果不一致,则被更改,重新登录。 if auth_cookie is None: return None auth_info = auth_cookie.split('#') if len(auth_info) != 2: return False # 即为空 try: user_info = User.query.filter_by( uid=auth_info[1]).first() # uid 为 cookies 加密后‘#’ 后面的部分 except Exception: return False if user_info is None: #如果拿到的加密信息(cookie值)里面的 uid,在数据库里面查不到这个user_info信息,说明这个uid是伪造的,uid为假 return False if auth_info[0] != UserService.geneAuthCode( user_info): # 如果uid为真,加密信息(cookie值)里面的 授权码部分 != 我们定义的授权码 # 因为授权码,是通过数据库的uid对应数据生成的。但是,网页请求返回的授权码可能被篡改过 return False if user_info.status != 1: return False return user_info # 当 上面的全部为真时,则登陆成功
def login(): if request.method == "POST": resp = {'code': 200, 'msg': '登录成功', 'data': ''} req = request.values login_name = req['login_name'] if 'login_name' in req else '' login_pwd = req['login_pwd'] if 'login_pwd' in req else '' if login_name is None or len(login_name) < 1: resp['code'] = -1 resp['msg'] = '请输入正确的用户名' return jsonify(resp) if login_pwd is None or len(login_pwd) < 1: resp['code'] = -2 resp['msg'] = '请输入正确的密码' return jsonify(resp) user_info = User.query.filter_by(login_name=login_name).first() if not user_info: resp['code'] = -3 resp['msg'] = '请输入正确的用户名密码' return jsonify(resp) if user_info.login_pwd != UserService.genePwd(login_pwd, user_info.login_salt): resp['code'] = -4 resp['msg'] = '请输入正确的用户名密码' return jsonify(resp) response = make_response(json.dumps(resp)) response.set_cookie( app.config['AUTH_COOKIE_NAME'], "%s#%s" % (UserService.geneAuthCode(user_info), user_info.uid)) return response return ops_render("user/login.html")
def login(): if request.method == "GET": return ops_render("user/login.html") resp = {'code': 200, 'msg': '登录成功', 'data': {}} req = request.values login_name = req['login_name'] if 'login_name' in req else '' login_pwd = req['login_pwd'] if 'login_pwd' in req else '' if login_name is None or len(login_name) < 1: resp['code'] = -1 resp['msg'] = "请输入正确的登录用户名~~" return jsonify(resp) if login_pwd is None or len(login_pwd) < 1: resp['code'] = -1 resp['msg'] = "请输入正确的邮箱密码~~" return jsonify(resp) user_info = User.query.filter_by(login_name=login_name).first() if not user_info: resp['code'] = -1 resp['msg'] = "请输入正确的登录用户名和密码-1~~" return jsonify(resp) if user_info.login_pwd != UserService.genePwd(login_pwd, user_info.login_salt): resp['code'] = -1 resp['msg'] = "请输入正确的登录用户名和密码-2~~" return jsonify(resp) response = make_response(json.dumps({'code': 200, 'msg': '登录成功~~'})) response.set_cookie(app.config['AUTH_COOKIE_NAME'], '%s#%s' % (UserService.geneAuthCode(user_info), user_info.uid), 60 * 60 * 24 * 120) # 保存120天 return response
def resetPwd(): if request.method == 'GET': return ops_render("user/reset_pwd.html", {"current": "reset-pwd"}) resp = {'code': 200, 'msg': ' 操作成功', 'data': {}} req = request.values old_password = req['old_password'] if 'old_password' in req else '' new_password = req['new_password'] if 'new_password' in req else '' if old_password is None or len(old_password) < 6: resp['code'] = -1 resp['msg'] = "请输入符合规范的原密码" return jsonify(resp) if new_password is None or len(new_password) < 6: resp['code'] = -1 resp['msg'] = "请输入符合规范的新密码" return jsonify(resp) if old_password == new_password: resp['code'] = -1 resp['msg'] = "原密码和新密码不能相同哦" return jsonify(resp) user_info = g.current_user user_info.login_pwd = UserService.genePwd( new_password, user_info.login_salt) db.session.add(user_info) db.session.commit() response = make_response(json.dumps(resp)) response.set_cookie(app.config['AUTH_COOKIE_NAME'], "%s#%s" % (UserService.geneAuthCode(user_info), user_info.uid)) return jsonify(resp)
def check_login(): cookies = request.cookies auth_cookie = cookies[app.config['AUTH_COOKIE_NAME']] if app.config[ 'AUTH_COOKIE_NAME'] in cookies else None # 校验cookie # 根据cookie里存储的uid,查到对应的用户信息,再用用户信息去生成一个授权码和用户传过来的授权码进行对比 if auth_cookie is None: return False auth_info = auth_cookie.split('#') if len(auth_info) != 2: return False try: user_info = User.query.filter_by(uid=auth_info[1]).first() except Exception: return False if user_info is None: return False if auth_info[0] != UserService.geneAuthCode(user_info): return False # 非正常状态的账号,应该禁止其任何操作 if user_info.status != 1: return False return user_info
def check_login(): # 第一步,取得cookie cookies = request.cookies auth_cookie = cookies[ app.config[ 'AUTH_COOKIE_NAME' ] ] if app.config[ 'AUTH_COOKIE_NAME' ] in cookies else None # app.logger.info( auth_cookie ) ''' cookie验证过程就是cookie对比过程,当时怎么加密,现在就怎么解密 现在我们就知道当时在controllers/user/User.py中为什么会"%s#%s"中有“#”号,以及为什么我们会有一个生成授权码的方法geneAuthCode()了 我们会从cookie中取出userID,然后从数据库中查出ta的个人信息,通过个人信息生成一个授权码, 跟我们的cookie授权码进行对比,如果两个一致,那么匹配上了;如果不一致,那么cookie就是被别人修改的,就再次登录吧 ''' if auth_cookie is None: return False auth_info = auth_cookie.split("#") # 0是授权码,1是user ID if len( auth_info ) != 2: return False # 查用户信息 try: # 如果能查到这条数据,说明这个人是存在的。 user_info = User.query.filter_by( uid = auth_info[1]).first() except Exception: return False if user_info is None: return False if auth_info[0] != UserService.geneAuthCode( user_info ): # 产生授权码当中有一个参数,就是user_info.login_pwd,所以修改了用户密码之后拦截器会登出并跳转到登录页面 return False # 以上测试了所有的假,剩下的就是真,如下: return user_info
def login(): resp = {"code": 200, "msg": "登陆成功", "data": {}} if request.method == "GET": if g.current_user: return redirect(UrlManager.buildUrl("/")) return ops_render("user/login.html") req = request.values login_name = req["login_name"] if "login_name" in req else "" login_pwd = req["login_pwd"] if "login_pwd" in req else "" if login_name is None or len(login_name) < 1: resp["code"] = -1 resp["msg"] = "请输入正确的用户名" return jsonify(resp) if login_pwd is None or len(login_pwd) < 1: resp["code"] = -1 resp["msg"] = "请输入正确的密码" return jsonify(resp) user_info = User.query.filter_by(login_name=login_name).first() if not user_info: resp["code"] = -1 resp["msg"] = "您输入的用户名或密码不正确" return jsonify(resp) if user_info.login_pwd != UserService.genePwd(login_pwd, user_info.login_salt): resp["code"] = -1 resp["msg"] = "您输入的用户名或密码不正确" return jsonify(resp) if user_info.status != 1: resp["code"] = -1 resp["msg"] = "账号已被禁用,请联系管理员处理" return jsonify(resp) response = make_response(json.dumps(resp)) response.set_cookie( "user", "%s#%s" % (UserService.geneAuthCode(user_info), user_info.uid)) return response
def check_login(): cookies = request.cookies auth_cookie = cookies[app.config['AUTH_COOKIE_NAME']] if app.config[ 'AUTH_COOKIE_NAME'] in cookies else None # app.logger.info( auth_cookie) if auth_cookie is None: return False auth_info = auth_cookie.split("#") if len(auth_info) != 2: return False try: user_info = User.query.filter_by(uid=auth_info[1]).first() except Exception: return False if user_info is None: return False if auth_info[0] != UserService.geneAuthCode(user_info): return False if user_info.status != 1: # 判断账号状态是否正常 1:正常,0:禁用,-1:不存在 return False return user_info
def check_login(): # 根据cookie信息判断是否登录 cookies = request.cookies auth_cookie = cookies[app.config['AUTH_COOKIE_NAME']] if app.config[ 'AUTH_COOKIE_NAME'] in cookies else None if '/api' in request.path: app.logger.info(request.path) auth_cookie = request.headers.get("Authorization") app.logger.info(request.headers.get("Authorization")) if auth_cookie is None: # cookie不存在 return False auth_info = auth_cookie.split("#") # 将cookie以#切割形成list if len(auth_info) != 2: # 0为授权码 1为uid (cookie中只有这两个信息) return False try: user_info = User.query.filter_by(uid=auth_info[1]).first() # 查找用户信息 except Exception: return False if user_info is None: # 差不多uid return False if auth_info[0] != UserService.geneAuthCode(user_info): # 授权码不相同 return False if user_info.status != 1: # 判断管路员状态,已经删除的要立即退出 return False return user_info
def check_login(): cookies = request.cookies auth_cookie = cookies[app.config['AUTH_COOKIE_NAME']] if app.config[ 'AUTH_COOKIE_NAME'] in cookies else "" if auth_cookie is None: return False # [0] - UserService.geneAuthCode(user_info) # [1] - user_info.uid auth_info = auth_cookie.split("#") if len(auth_info) != 2: return False # 数据库查询用户名 try: user_info = User.query.filter_by(uid=auth_info[1]).first() except Exception: return False if user_info is None: return False if auth_info[0] != UserService.geneAuthCode(user_info): return False if user_info.status != 1: return False return user_info
def check_login(): cookies = request.cookies print("check_login-1") auth_cookie = cookies[app.config['AUTH_COOKIE_NAME']] if app.config['AUTH_COOKIE_NAME'] in cookies else '' if auth_cookie is None: return False auth_info = auth_cookie.split("#") print("check_login-2") print(auth_info) if len(auth_info) != 2: return False try: print("check_login-3") user_info = User.query.filter_by(uid=auth_info[1]).first() except Exception: return False if user_info is None: return False if auth_info[0] != UserService.geneAuthCode(user_info): print("check_login-4") return False print("check_login-5") return user_info
def check_login(): """ 判断用户是否已经登录 """ cookies = request.cookies auth_cookie = cookies[app.config["AUTH_COOKIE_NAME"]] if app.config[ "AUTH_COOKIE_NAME"] in cookies else None if auth_cookie is None: return False auth_info = auth_cookie.split("#") if len(auth_info) != 2: return False try: user_info = User.query.filter_by(uid=auth_info[1]).first() except Exception: return False if user_info is None: return False if auth_info[0] != UserService.geneAuthCode(user_info): return False if user_info.status != 1: return False return user_info
def check_login(): cookies = request.cookies auth_cookie = cookies[app.config['AUTH_COOKIE_NAME']] if app.config['AUTH_COOKIE_NAME'] in cookies else None if not auth_cookie: return auth_info = auth_cookie.split('#') if len(auth_info) !=2: return try: user_info = User.query.filter_by(uid=auth_info[1]).first() except Exception as e: return if not user_info: return if auth_info[0] != UserService.geneAuthCode(user_info): return if user_info.status != 1: return return user_info
def check_login(): cookies = request.cookies auth_cookie = cookies[app.config['AUTH_COOKIE_NAME']] if app.config[ 'AUTH_COOKIE_NAME'] in cookies else None if '/api' in request.path: app.logger.info(request.path) auth_cookie = request.headers.get("Authorization") app.logger.info(request.headers.get("Authorization")) if auth_cookie is None: # 如果页面中没有cookies return False auth_info = auth_cookie.split("#") # de0e0f7e2848bcbb9e00fd5458393257#1 if len(auth_info) != 2: # 不是标准的cookies return False try: user_info = User.query.filter_by( uid=auth_info[1]).first() # 查询能否和数据库中cookies对应 except Exception as e: return False # 查不到接收异常为False if user_info is None: # 有效性检验,但我感觉没必要,应该会有值,因为数据表设置的是非空,不过显得更加严谨 return False if auth_info[0] != UserService.geneAuthCode( user_info): # 如果得到的cookies值和通过我们对数据库中值加密过后的不一样,则是伪造 return False if user_info.status != 1: # 已登录禁用账号刷新后退出登录 return False return user_info
def login(): """ 登录页面,后台逻辑 """ if request.method == "GET": # get请求 return ops_render("user/login.html") # 获取登录变量 resp = { 'code': 200, 'msg': u"登陆成功", 'data': {} } # 返回的信息用json值。定义整体全局变量 resp,即默认状态,data格外扩展字段 req = request.values # 所有的请求变量,放到这个数组里 login_name = req[ 'login_name'] if 'login_name' in req else '' # 请求的变量 login_name 如果它在 请求里面,没有就是空 login_pwd = req[ 'login_pwd'] if 'login_pwd' in req else '' # 请求的变量 login_name 如果它在 请求里面,没有就是空 if login_name is None or len(login_name) < 2: # 判断账号长度 resp['code'] = -1 # 返回的状态码 resp['msg'] = u"请输入正确的用户登录名" # 返回的信息 # return json.dumps( resp,ensure_ascii=False ) # 用 jsonify 把json返回回去 return jsonify(resp) # 用 jsonify 把json返回回去 if login_pwd is None or len(login_pwd) < 6: resp['code'] = -1 resp['msg'] = u"请输入正确的用户登录名和密码1" return jsonify(resp) user_info = User.query.filter_by(login_name=login_name).first( ) # User表中查询 请求的login_name 与表中对应的第一个。因为用户名是唯一的 if not user_info: # 如果用户名不在user里面 resp['code'] = -1 resp['msg'] = u"请输入正确的用户登录名和密码3" # 返回的信息。返回两个是防止有人试登录信息 return jsonify(resp) if user_info.status != 1: resp['code'] = -1 resp['msg'] = u"账号已被禁用,请联系管理员Q:1040691703" return jsonify(resp) if user_info.login_pwd != UserService.genePwd( login_pwd, user_info.login_salt): # 如果数据库查询到的用户密码 != 生成的密码(login_salt:登录秘钥) resp['code'] = -1 resp['msg'] = u"请输入正确的用户登录名和密码4" return jsonify(resp) response = make_response(json.dumps(resp)) #返回dumps:json序列化 response.set_cookie( app.config['AUTH_COOKIE_NAME'], "%s#%s" % (UserService.geneAuthCode(user_info), user_info.uid), 60 * 60 * 24 * 7 ) # 设置cookie。cookie名称yl_food。cookie值 %s#%s。第一个%s为加密,后面的东西为用户uid明文。cookie保存7天 return response
def login(): if request.method == "GET": # 1判断是获取还是发出信息,获取是GET, 发送给服务器是post 1 return render_template("user/login.html") resp = { 'code': 200, 'msg': 'Welcome!', 'data': {} } #设置一个jason的初始值,与小程序的思路很像 # 2发出一个get请求获得前端的数据(填写的用户名和密码) req = request.values #页面中全部的data都被存到变量req中, 下面再找出需要的data,比如loginname password 2 login_name = req[ 'login_name'] if 'login_name' in req else '' #在下面就可以直接用login_name 和 pwd 了 login_pwd = req['login_pwd'] if 'login_pwd' in req else '' # 3 username and pwd valification 用来过滤那些账号长度不符合要的 if login_name is None or len(login_name) < 1: #如果账户不对,则返回 json文件中的值 4 resp['code'] = -1 resp['msg'] = "Please input correct username~~" return jsonify(resp) if login_pwd is None or len(login_pwd) < 1: #如果账户不对,则返回 json文件中的值 4 resp['code'] = -1 resp['msg'] = "Please input correct password~~" return jsonify(resp) # username and pwd valification 与数据库进行比对 user_info = User.query.filter_by( login_name=login_name).first() # 比对数据库中的login_name是否和输入的一样 5 if not user_info: resp['code'] = -1 resp['msg'] = "请输入正确的登陆名或密码 " return jsonify(resp) #验证密码时,需要三个信息都正确 if user_info.login_pwd != UserService.genePwd( login_pwd, user_info.login_salt ): #user_info.login_pwd 因为前面已经filter by username了,所以这里直接用该username的pwd 和 salt resp['code'] = -1 resp['msg'] = "请输入正确的登陆名或密码 " return jsonify(resp) #用户状态的比对,如果用户已经被删除那就不能登陆了 if user_info.status != 1: resp['code'] = -1 resp['msg'] = "账号异常:已被禁用 " return jsonify(resp) #4登录态 建立一个cookies,用于web.intercaptors.Authinterceptor 验证是否已经登陆用的,在里面的 check_login()函数里可以看到 response = make_response(json.dumps({'code': 200, 'msg': '登录成功~~'})) response.set_cookie(app.config['AUTH_COOKIE_NAME'], '%s#%s' % (UserService.geneAuthCode(user_info), user_info.uid), 60 * 60 * 24 * 120) # 保存120天 return response
def login(): # 目前login方法用不到 if request.method == "GET": app.logger.debug("GET") return make_response(jsonify("login get"), 200) # if request.method == "POST": # return make_response(jsonify("用戶登入"), 200) # 取值 if request.method =="POST": #app.logger.debug("POST") #取得JSON的值因為angular是傳json值的 data = json.loads(request.data) #app.logger.debug(data) # 返回值 resp ={'code':200,'msg':'登錄成功','data':{}} login_name = data['login_name'] if 'login_name' in data else '' login_pwd = data['login_pwd'] if 'login_pwd' in data else '' #resmsg="%s-%s" % (login_name,login_pwd) #app.logger.debug(resmsg) # return make_response(jsonify(resmsg),200) # 檢查參數值 if login_name is None or len(login_name) < 1 : resp['code']=RespCode.UNDEFINERROR resp['msg']="請輸入正確的登錄用戶名~~" app.logger.debug(resp) return resp['msg'],resp['code'] if login_pwd is None or len(login_pwd) <1: resp['code']=RespCode.UNDEFINERROR resp['msg']="請輸入正確的登錄密碼~~" return resp['msg'],resp['code'] # 資料庫相關 user_info = User.query.filter_by( login_name= login_name).first() if not user_info: resp['code']=RespCode.UNDEFINERROR resp['msg']="請輸入正確的用戶名和密碼-1~~" return resp['msg'],resp['code'] # 檢查密碼 if user_info.login_pwd != UserService.genePwd(login_pwd,user_info.login_salt): resp['code']=RespCode.UNDEFINERROR resp['msg'] ="請輸入正確的用戶名和密碼-2~~" return resp['msg'],resp['code'] # 登入成功 時,返回 auth code tokenData=dict() #tokenData["mooc_foo"]="%s#%s"%("aaaaa",user_info.uid) tokenData[app.config["AUTH_TOKEN_NAME"]]="%s#%s"%(UserService.geneAuthCode(user_info),user_info.uid) resp['data']=tokenData #return make_response(jsonify(resp),200) return jsonify(resp)
def login(): if request.method == "GET": # return '用户登录' return ops_render( "user/login.html" ) #定义错误操作代码 resp = {'code':200, 'msg':"登录成功", 'data':{}} # 定义一个数组存放用户登录时输入的用户名和密码 req = request.values login_name = req['login_name'] if 'login_name' in req else '' login_pwd = req['login_pwd'] if 'login_pwd' in req else '' # 判断用户名合法性 if login_name is None or len(login_name) <1: resp['code'] = -1 resp['msg'] = "请输入正确的登录用户名" return jsonify(resp) # 判断密码的合法性 if login_pwd is None or len(login_pwd) <1: resp['code'] = -1 resp['msg'] = "请输入正确的登录密码" return jsonify(resp) # 读取数据库 user_info = WhiteoilUser.query.filter_by(user_name = login_name).first() # 判断用户名是否正确 if not user_info: resp['code'] = -1 resp['msg'] = "请输入正确的登录用户名和密码" return jsonify(resp) # 判断密码是否正确 if user_info.user_pwd != login_pwd: resp['code'] = -1 resp['msg'] = "请输入正确的登录用户名和密码" return jsonify(resp) # 判断用户状态是否正确 if user_info.user_status != "1": resp['code'] = -1 resp['msg'] = "账号已被禁用,请联系管理员处理!" return jsonify(resp) response = make_response(json.dumps(resp)) response.set_cookie(app.config['AUTH_COOKIE_NAME'], "%s#%s" % (UserService.geneAuthCode(user_info), user_info.user_id), 60 * 60 * 24 * 120) return response
def resetPwd(): if request.method == "GET": return ops_render("user/reset_pwd.html", {'current': 'reset-pwd'}) resp = {'code': 200, 'msg': '操作成功~', 'data': {}} req = request.values old_password = req['old_password'] if 'old_password' in req else '' new_password = req['new_password'] if 'new_password' in req else '' if old_password is None or len(old_password) < 6: resp['code'] = -1 resp['msg'] = "请输入符合规范的原密码~~" return jsonify(resp) if new_password is None or len(new_password) < 6: resp['code'] = -1 resp['msg'] = "请输入符合规范的新密码~~" return jsonify(resp) if old_password == new_password: resp['code'] = -1 resp['msg'] = "请重新输入一个吧,新密码和原密码不能相同哦~~" return jsonify(resp) user_info = g.current_user # if user_info.uid == 1: # resp['code'] = -1 # resp['msg'] = "该用户是演示账号,不准修改密码和登录用户名~~" # return jsonify(resp) old_info = User.query.filter_by(uid=user_info.uid).first() old_pwd = UserService.genePwd(old_password, user_info.login_salt) if old_pwd != old_info.login_pwd: resp['code'] = -1 resp['msg'] = "原始密码输入错误~~" return jsonify(resp) user_info.login_pwd = UserService.genePwd(new_password, user_info.login_salt) db.session.add(user_info) db.session.commit() response = make_response(json.dumps(resp)) response.set_cookie(app.config['AUTH_COOKIE_NAME'], '%s#%s' % (UserService.geneAuthCode(user_info), user_info.uid), 60 * 60 * 24 * 120) # 保存120天 return response
def login(): if request.method == 'GET': return ops_render('user/login.html') resp = {"code": 200, "msg": "登录成功", "data": {}} req = request.values login_name = req['login_name'] if 'login_name' in req else '' login_pwd = req['login_pwd'] if 'login_pwd' in req else '' if login_name is None or len(login_name) < 1: resp['code'] = -1 resp['msg'] = "请输入正确的用户名" return jsonify(resp) if login_pwd is None or len(login_pwd) < 1: resp['code'] = -1 resp['msg'] = "请输入正确的密码" return jsonify(resp) # 校验用户名是否在数据库表中存在 user_info = User.query.filter_by(login_name=login_name).first() if not user_info: resp['code'] = -1 resp['msg'] = "请输入正确的用户名和密码!" return jsonify(resp) # 校验用户输入的密码 if user_info.login_pwd != UserService.genePwd(login_pwd, user_info.login_salt): resp['code'] = -1 resp['msg'] = "请输入正确的用户名和密码!" return jsonify(resp) if user_info.status != 1: resp['code'] = -1 resp['msg'] = "账号已被禁用,请联系管理员处理!" return jsonify(resp) response = make_response( json.dumps({ "code": 200, "msg": "登录成功", "data": {} })) # 此处进行cookie拼串 response.set_cookie( app.config['AUTH_COOKIE_NAME'], "%s#%s" % (UserService.geneAuthCode(user_info), user_info.uid), 60 * 60 * 24) return response
def login(): if request.method == 'GET': # 如果是get请求直接返回登录页 return render_template('/user/login.html') # 返回默认值 resp = {'code': 200, 'msg': '登录成功', 'data': {}} # 获取返回值 req = request.values login_name = req['login_name'] if 'login_name' in req else '' login_pwd = req['login_pwd'] if 'login_pwd' in req else '' # 判断输入用户名 # 对登录名和登录密码的有效性校验,不论前端是否做校验 if login_name is None or len(login_name) < 1: resp['code'] = -1 resp['msg'] = '请输入正确的用户名' return jsonify(resp) # 判断输入密码 if login_pwd is None or len(login_pwd) < 1: resp['code'] = -1 resp['msg'] = '请输入正确的密码' return jsonify(resp) # 查询数据库用户名 user_info = User.query.filter_by(login_name=login_name).first() # 因为登录名是唯一的,所以根据用户名查出的用户信息也是唯一 if not user_info: resp['code'] = -1 resp['msg'] = '请输入正确的用户名和密码(-1)' return jsonify(resp) # 查询数据库密码于加密密码对比 # 通过数据库中的密码与用户填写信息加密后的密码进行校验,我们将这个函数写进通用模块中的UserService if user_info.login_pwd != UserService.genePwd(login_pwd, user_info.login_salt): resp['code'] = -1 resp['msg'] = '请输入正确的用户名和密码(-2)' return jsonify(resp) if user_info.status != 1: resp['code'] = -1 resp['msg'] = '账号已被禁用,请联系管理员处理' return jsonify(resp) response = make_response(json.dumps(resp)) # # 设置了cookie,那么就能设置统一拦截器,防止客户端没有cookie而能进入后台,同时定义cookie的加密方式geneAuthCode response.set_cookie(app.config['AUTH_COOKIE_NAME'], '%s#%s' % (UserService.geneAuthCode(user_info), user_info.uid), 60 * 60 * 24 * 120) # 生成cookie形式为 16进制加密字符#uid,保存120天 return response
def login(): if request.method == "GET": if g.current_user: return redirect(UrlManager.buildUrl("/")) return ops_render("user/login.html") resp = {'code': 200, 'msg': '登录成功~~', 'data': {}} req = request.values login_name = req['login_name'] if 'login_name' in req else '' login_pwd = req['login_pwd'] if 'login_pwd' in req else '' if login_name is None or len(login_name) < 1: resp['code'] = -1 resp['msg'] = "请输入正确的登录用户名~~" # return jsonify( resp ) return redirect(url_for('user_page.login')) if login_pwd is None or len(login_pwd) < 1: resp['code'] = -1 resp['msg'] = "请输入正确的邮箱密码~~" # return jsonify(resp) return redirect(url_for('user_page.login')) user_info = User.query.filter_by(login_name=login_name).first() if not user_info: resp['code'] = -1 resp['msg'] = "请输入正确的登录用户名和密码-1~~" # return jsonify(resp) return redirect(url_for('user_page.login')) if user_info.login_pwd != UserService.genePwd(login_pwd, user_info.login_salt): resp['code'] = -1 resp['msg'] = "请输入正确的登录用户名和密码-2~~" # return jsonify(resp) return redirect(url_for('user_page.login')) if user_info.status != 1: resp['code'] = -1 resp['msg'] = "账号已被禁用,请联系管理员处理~~" # return jsonify(resp) return redirect(url_for('user_page.login')) # return redirect(url_for('/')) response = make_response(redirect(url_for('index_page.index'))) response.set_cookie(app.config['AUTH_COOKIE_NAME'], '%s#%s' % (UserService.geneAuthCode(user_info), user_info.uid), 60 * 60 * 24 * 120) # 保存120天 return response
def login(): if request.method == 'GET': return render_template('user/login.html') req = request.values print('req', req) resp = {'code': 200, 'msg': '登录成功1', 'data': {}} login_name = req['login_name'] if 'login_name' in req else '' login_pwd = req['login_pwd'] if 'login_pwd' in req else '' if login_name is None or len(login_name) < 1: resp['code'] = -1 resp['msg'] = '请输入正确的用户名或密码~~~' return jsonify(resp) if login_pwd is None or len(login_pwd) < 1: resp['code'] = -1 resp['msg'] = '请输入正确的用户名或密码~~~' return jsonify(resp) # 根据输入的用户名 从库中 过滤 user_info = User.query.filter_by(login_name=login_name).first() # 如果过滤出来没有 那就是不存在这个哦用户 if not user_info: resp['code'] = -1 resp['msg'] = '请输入正确的用户名或密码~~~' return jsonify(resp) # 用户已被删除 不能登录 if user_info.status != 1: resp['code'] = -1 resp['msg'] = '账号异常,请联系管理员~~~' return jsonify(resp) # 拿库中的加密密码 与 (用户的输入密码 去 加密后的 进行对比) if user_info.login_pwd != UserService.genePwd(login_pwd, user_info.login_salt): resp['code'] = -1 resp['msg'] = '请输入正确的用户名或密码~~~' return jsonify(resp) response = make_response(json.dumps(resp)) # 设置cookie 把用户对象传入 方法 自制cookie授权码 经过md5加密 response.set_cookie( app.config['COOKIE_AUTH_NAME'], "%s#%s" % (UserService.geneAuthCode(user_info), user_info.uid)) # 没有进行登录页面的跳转渲染 仅返回json 后面用js 实现 如果 成功码 为 200 在进行 页面的跳转加载 return response
def resetPwd(): current_user = session.current_user user_info = current_user if request.method == "GET": return render_template("user/reset_pwd.html", current_user=current_user, current="reset-pwd") resp = {'code': 200, 'msg': '操作成功~', 'data': {}} req = request.values old_password = req['old_password'] if 'old_password' in req else '' new_password = req['new_password'] if 'new_password' in req else '' if old_password is None or len(old_password) < 6: resp['code'] = -1 resp['msg'] = "请输入符合规范的原密码~~" return jsonify(resp) if new_password is None or len(new_password) < 6: resp['code'] = -1 resp['msg'] = "请输入符合规范的新密码~~" return jsonify(resp) if old_password == new_password: resp['code'] = -1 resp['msg'] = "请重新输入一个吧,新密码和原密码不能相同哦~~" return jsonify(resp) if user_info.uid == 1: resp['code'] = -1 resp['msg'] = "该用户是演示账号,不准修改密码和登录用户名~~" return jsonify(resp) user_info.login_pwd = UserService.genePwd(new_password, user_info.login_salt) db.session.add(user_info) db.session.commit() #之所以需要这一步,是因为密码修改了 cookes已经修改了,这样就是无法通过验证,所以要更新cookies response = make_response(json.dumps(resp)) response.set_cookie(app.config['AUTH_COOKIE_NAME'], '%s#%s' % (UserService.geneAuthCode(user_info), user_info.uid), 60 * 60 * 24 * 120) # 保存120天 return response
def check_login(): cookies = request.cookies auth_cookie = cookies["user"] if "user" in cookies else "" # app.logger.error(auth_cookie) if auth_cookie is None: return False auth_info = auth_cookie.split("#") if len(auth_info) < 2: return False user_info = User.query.filter_by(uid=auth_info[1]).first() if user_info is None: return False if auth_info[0] != UserService.geneAuthCode(user_info): return False if user_info.status != 1: return False return user_info