def member_security():
if not ('unchange' in session and session['unchange']):
return redirect(url_for('index_index'))
if request.method == 'POST':
new_password = request.form['pass']
if new_password.strip() == "":
return render_template('member/security.html', message=u"請輸入新密碼", type="error")
database.doing_sql("insert into user_info values(?, ?, ?, ?, '')", (session['uid'], sha512(new_password).hexdigest(), session['username'], session['class'],))
del session['unchange']
return redirect(url_for("index_index"))
else:
return render_template('member/security.html')
def member_index():
if request.method == 'POST':
try:
username = request.form['user']
password = request.form['pass']
if database.doing_sql("select * from user_info where u_id=? limit 1", (username,)) == []:
s = requests.session()
payload = {
'uid': username,
'pwd': password
}
result = s.post('http://140.127.113.231/kuas/perchk.jsp', data=payload).content
if 'f_index.html' in result:
tree = etree.HTML(s.get('http://140.127.113.231/kuas/f_head.jsp').content)
info = tree.xpath("//div//span")
session['uid'] = username
session['username'] = info[2].text
session['class'] = info[1].text
session['unchange'] = True
return redirect(url_for('member_security'))
else:
message = u"帳號/密碼錯誤"
else:
password = sha512(password).hexdigest()
user = database.doing_sql("select * from user_info where u_id=? and u_pass=? limit 1", (username, password, ))
if user == []:
message = u"帳號/密碼錯誤"
else:
user = user[0]
(uid, passwd, name, _class, club) = user
session['uid'] = uid
session['username'] = name
session['class'] = _class
return redirect(url_for("index_index"))
except KeyError:
message = u"登入資訊錯誤"
return render_template('member/index.html', message=message, type='error')
else:
return render_template('member/index.html')
