def resetPwd():
if request.method == "GET":
return ops_render('user/reset_pwd.html', {'current': 'reset_pwd'})
resp = {'code': 200, 'msg': "操作成功", 'data': {}}
req = request.values
app.logger.info(req)
old_password = req['old_password'] if 'old_password' in req else ''
new_password = req['new_password'] if 'new_password' in req else ''
if old_password is None or len(old_password) < 6:
resp['code'] = -1
resp['msg'] = "请输入正确的原密码~~"
return jsonify(resp)
if new_password is None or len(new_password) < 6:
resp['code'] = -1
resp['msg'] = "请输入正确的新密码~~"
return jsonify(resp)
if old_password == new_password:
resp['code'] = -1
resp['msg'] = "密码与原密码一致~~"
return jsonify(resp)
user_info = g.current_user
user_info.login_pwd = UserService.genePwd(new_password,
user_info.login_salt)
db.session.add(user_info)
db.session.commit()
#重置cookie
response = make_response(json.dumps(resp))
response.set_cookie(app.config['AUTH_COOKIE_NAME'], '%s#%s' %
(UserService.geneAuthCode(user_info), user_info.uid),
60 * 60 * 24 * 120) # 保存120天
return response
def resetPwd():
if request.method == 'GET':
return ops_render( "user/reset_pwd.html" )
req = request.values
resp = {'code': 200, 'msg': '操作成功', 'data': {}}
new_password = req['new_password'] if 'new_password' in req else ''
old_password = req['old_password'] if 'old_password' in req else ''
if old_password is None or len(old_password) <6:
resp['code'] = -1
resp['msg'] = '请输入符合规范的原密码'
return jsonify(resp)
if new_password is None or len(new_password) < 6:
resp['code'] = -1
resp['msg'] = '请输入符合规范的新密码'
return jsonify(resp)
if old_password == new_password:
resp['code'] = -1
resp['msg'] = '新旧密码不能一致'
return jsonify(resp)
user_info = g.current_user
user_info.login_pwd = UserService.genePwd(new_password,user_info.login_salt)
db.session.commit()
response = make_response(json.dumps(resp))
response.set_cookie(app.config['AUTH_COOKIE_NAME'], '%s#%s' % (
UserService.geneAuthCode(user_info), user_info.uid), 60 * 60 * 24 * 120) # 保存120天
return response
def check_login():
cookies = request.cookies
auth_cookie = cookies[app.config['AUTH_COOKIE_NAME']] \
if app.config['AUTH_COOKIE_NAME'] in cookies else None
# cookie验证:从cookie中取出uid,通过个人信息生成授权码,与cookie授权码对比
if auth_cookie is None:
return False
auth_info = auth_cookie.split('#')
if len(auth_info) != 2:
return False
try:
user_info = User.query.filter_by(uid=auth_info[1]).first()
except Exception:
return False
if user_info is None:
return False
if auth_info[0] != UserService.geneAuthCode(user_info):
return False
if user_info.status != 1:
return False
return user_info
def check_login():
cookies = request.cookies
auth_cookie = cookies[app.config['AUTH_COOKIE_NAME']] if app.config['AUTH_COOKIE_NAME'] in cookies else None
if '/api' in request.path:
app.logger.info(request.path)
auth_cookie = request.headers.get("Authorization")
app.logger.info( request.headers.get("Authorization") )
if auth_cookie is None:
return False
auth_info = auth_cookie.split("#")
if len(auth_info) != 2:
return False
try:
user_info = User.query.filter_by(uid=auth_info[1]).first()
except Exception:
return False
if user_info is None:
return False
if auth_info[0] != UserService.geneAuthCode( user_info ):
return False
if user_info.status != 1:
return False
return user_info
def check_login():
cookies = request.cookies
auth_cookie = cookies[app.config['AUTH_COOKIE_NAME']] if app.config[
'AUTH_COOKIE_NAME'] in cookies else ''
# app.logger.info(auth_cookie)
if auth_cookie is None:
# app.logger.debug('这是没有cookie返回')
return False
auth_info = auth_cookie.split("#")
if len(auth_info) != 2:
# app.logger.debug('这是分割后没有两个返回')
return False
try:
user_info = User.query.filter_by(uid=auth_info[1]).first()
except Exception:
# app.logger.debug('这是分割后没有查到返回')
return False
if user_info is None:
# app.logger.debug('这是分割后查到是空返回')
return False
if auth_info[0] != UserService.geneAuthCode(user_info):
# app.logger.debug('这是分割后对比不正却返回')
return False
if user_info.status != 1:
return False
return user_info
def check_login():
cookies = request.cookies # 拿到 cookie
auth_cookie = cookies[app.config['AUTH_COOKIE_NAME']] if app.config[
'AUTH_COOKIE_NAME'] in cookies else None # 三连表达式。值如果在里面,否则
# cookie 对比。从cookie取出 uid,通过uid从数据库查出个人信息,通过个人信息生成授权码。和cookie的授权码进行对比,两个如果不一致,则被更改,重新登录。
if auth_cookie is None:
return None
auth_info = auth_cookie.split('#')
if len(auth_info) != 2:
return False # 即为空
try:
user_info = User.query.filter_by(
uid=auth_info[1]).first() # uid 为 cookies 加密后‘#’ 后面的部分
except Exception:
return False
if user_info is None: #如果拿到的加密信息(cookie值)里面的 uid,在数据库里面查不到这个user_info信息,说明这个uid是伪造的,uid为假
return False
if auth_info[0] != UserService.geneAuthCode(
user_info): # 如果uid为真,加密信息(cookie值)里面的 授权码部分 != 我们定义的授权码
# 因为授权码,是通过数据库的uid对应数据生成的。但是,网页请求返回的授权码可能被篡改过
return False
if user_info.status != 1:
return False
return user_info # 当 上面的全部为真时,则登陆成功
def login():
if request.method == "POST":
resp = {'code': 200, 'msg': '登录成功', 'data': ''}
req = request.values
login_name = req['login_name'] if 'login_name' in req else ''
login_pwd = req['login_pwd'] if 'login_pwd' in req else ''
if login_name is None or len(login_name) < 1:
resp['code'] = -1
resp['msg'] = '请输入正确的用户名'
return jsonify(resp)
if login_pwd is None or len(login_pwd) < 1:
resp['code'] = -2
resp['msg'] = '请输入正确的密码'
return jsonify(resp)
user_info = User.query.filter_by(login_name=login_name).first()
if not user_info:
resp['code'] = -3
resp['msg'] = '请输入正确的用户名密码'
return jsonify(resp)
if user_info.login_pwd != UserService.genePwd(login_pwd,
user_info.login_salt):
resp['code'] = -4
resp['msg'] = '请输入正确的用户名密码'
return jsonify(resp)
response = make_response(json.dumps(resp))
response.set_cookie(
app.config['AUTH_COOKIE_NAME'],
"%s#%s" % (UserService.geneAuthCode(user_info), user_info.uid))
return response
return ops_render("user/login.html")
def login():
if request.method == "GET":
return ops_render("user/login.html")
resp = {'code': 200, 'msg': '登录成功', 'data': {}}
req = request.values
login_name = req['login_name'] if 'login_name' in req else ''
login_pwd = req['login_pwd'] if 'login_pwd' in req else ''
if login_name is None or len(login_name) < 1:
resp['code'] = -1
resp['msg'] = "请输入正确的登录用户名~~"
return jsonify(resp)
if login_pwd is None or len(login_pwd) < 1:
resp['code'] = -1
resp['msg'] = "请输入正确的邮箱密码~~"
return jsonify(resp)
user_info = User.query.filter_by(login_name=login_name).first()
if not user_info:
resp['code'] = -1
resp['msg'] = "请输入正确的登录用户名和密码-1~~"
return jsonify(resp)
if user_info.login_pwd != UserService.genePwd(login_pwd,
user_info.login_salt):
resp['code'] = -1
resp['msg'] = "请输入正确的登录用户名和密码-2~~"
return jsonify(resp)
response = make_response(json.dumps({'code': 200, 'msg': '登录成功~~'}))
response.set_cookie(app.config['AUTH_COOKIE_NAME'], '%s#%s' %
(UserService.geneAuthCode(user_info), user_info.uid),
60 * 60 * 24 * 120) # 保存120天
return response
def resetPwd():
if request.method == 'GET':
return ops_render("user/reset_pwd.html", {"current": "reset-pwd"})
resp = {'code': 200, 'msg': ' 操作成功', 'data': {}}
req = request.values
old_password = req['old_password'] if 'old_password' in req else ''
new_password = req['new_password'] if 'new_password' in req else ''
if old_password is None or len(old_password) < 6:
resp['code'] = -1
resp['msg'] = "请输入符合规范的原密码"
return jsonify(resp)
if new_password is None or len(new_password) < 6:
resp['code'] = -1
resp['msg'] = "请输入符合规范的新密码"
return jsonify(resp)
if old_password == new_password:
resp['code'] = -1
resp['msg'] = "原密码和新密码不能相同哦"
return jsonify(resp)
user_info = g.current_user
user_info.login_pwd = UserService.genePwd( new_password, user_info.login_salt)
db.session.add(user_info)
db.session.commit()
response = make_response(json.dumps(resp))
response.set_cookie(app.config['AUTH_COOKIE_NAME'], "%s#%s" % (UserService.geneAuthCode(user_info), user_info.uid))
return jsonify(resp)
def check_login():
cookies = request.cookies
auth_cookie = cookies[app.config['AUTH_COOKIE_NAME']] if app.config[
'AUTH_COOKIE_NAME'] in cookies else None
# 校验cookie
# 根据cookie里存储的uid,查到对应的用户信息,再用用户信息去生成一个授权码和用户传过来的授权码进行对比
if auth_cookie is None:
return False
auth_info = auth_cookie.split('#')
if len(auth_info) != 2:
return False
try:
user_info = User.query.filter_by(uid=auth_info[1]).first()
except Exception:
return False
if user_info is None:
return False
if auth_info[0] != UserService.geneAuthCode(user_info):
return False
# 非正常状态的账号,应该禁止其任何操作
if user_info.status != 1:
return False
return user_info
def check_login():
# 第一步,取得cookie
cookies = request.cookies
auth_cookie = cookies[ app.config[ 'AUTH_COOKIE_NAME' ] ] if app.config[ 'AUTH_COOKIE_NAME' ] in cookies else None
# app.logger.info( auth_cookie )
'''
cookie验证过程就是cookie对比过程,当时怎么加密,现在就怎么解密
现在我们就知道当时在controllers/user/User.py中为什么会"%s#%s"中有“#”号,以及为什么我们会有一个生成授权码的方法geneAuthCode()了
我们会从cookie中取出userID,然后从数据库中查出ta的个人信息,通过个人信息生成一个授权码,
跟我们的cookie授权码进行对比,如果两个一致,那么匹配上了;如果不一致,那么cookie就是被别人修改的,就再次登录吧
'''
if auth_cookie is None:
return False
auth_info = auth_cookie.split("#") # 0是授权码,1是user ID
if len( auth_info ) != 2:
return False
# 查用户信息
try:
# 如果能查到这条数据,说明这个人是存在的。
user_info = User.query.filter_by( uid = auth_info[1]).first()
except Exception:
return False
if user_info is None:
return False
if auth_info[0] != UserService.geneAuthCode( user_info ): # 产生授权码当中有一个参数,就是user_info.login_pwd,所以修改了用户密码之后拦截器会登出并跳转到登录页面
return False
# 以上测试了所有的假,剩下的就是真,如下:
return user_info
def login():
resp = {"code": 200, "msg": "登陆成功", "data": {}}
if request.method == "GET":
if g.current_user:
return redirect(UrlManager.buildUrl("/"))
return ops_render("user/login.html")
req = request.values
login_name = req["login_name"] if "login_name" in req else ""
login_pwd = req["login_pwd"] if "login_pwd" in req else ""
if login_name is None or len(login_name) < 1:
resp["code"] = -1
resp["msg"] = "请输入正确的用户名"
return jsonify(resp)
if login_pwd is None or len(login_pwd) < 1:
resp["code"] = -1
resp["msg"] = "请输入正确的密码"
return jsonify(resp)
user_info = User.query.filter_by(login_name=login_name).first()
if not user_info:
resp["code"] = -1
resp["msg"] = "您输入的用户名或密码不正确"
return jsonify(resp)
if user_info.login_pwd != UserService.genePwd(login_pwd,
user_info.login_salt):
resp["code"] = -1
resp["msg"] = "您输入的用户名或密码不正确"
return jsonify(resp)
if user_info.status != 1:
resp["code"] = -1
resp["msg"] = "账号已被禁用,请联系管理员处理"
return jsonify(resp)
response = make_response(json.dumps(resp))
response.set_cookie(
"user", "%s#%s" % (UserService.geneAuthCode(user_info), user_info.uid))
return response
def check_login():
cookies = request.cookies
auth_cookie = cookies[app.config['AUTH_COOKIE_NAME']] if app.config[
'AUTH_COOKIE_NAME'] in cookies else None
# app.logger.info( auth_cookie)
if auth_cookie is None:
return False
auth_info = auth_cookie.split("#")
if len(auth_info) != 2:
return False
try:
user_info = User.query.filter_by(uid=auth_info[1]).first()
except Exception:
return False
if user_info is None:
return False
if auth_info[0] != UserService.geneAuthCode(user_info):
return False
if user_info.status != 1: # 判断账号状态是否正常 1:正常,0:禁用,-1:不存在
return False
return user_info
def check_login(): # 根据cookie信息判断是否登录
cookies = request.cookies
auth_cookie = cookies[app.config['AUTH_COOKIE_NAME']] if app.config[
'AUTH_COOKIE_NAME'] in cookies else None
if '/api' in request.path:
app.logger.info(request.path)
auth_cookie = request.headers.get("Authorization")
app.logger.info(request.headers.get("Authorization"))
if auth_cookie is None: # cookie不存在
return False
auth_info = auth_cookie.split("#") # 将cookie以#切割形成list
if len(auth_info) != 2: # 0为授权码 1为uid (cookie中只有这两个信息)
return False
try:
user_info = User.query.filter_by(uid=auth_info[1]).first() # 查找用户信息
except Exception:
return False
if user_info is None: # 差不多uid
return False
if auth_info[0] != UserService.geneAuthCode(user_info): # 授权码不相同
return False
if user_info.status != 1: # 判断管路员状态,已经删除的要立即退出
return False
return user_info
def check_login():
cookies = request.cookies
auth_cookie = cookies[app.config['AUTH_COOKIE_NAME']] if app.config[
'AUTH_COOKIE_NAME'] in cookies else ""
if auth_cookie is None:
return False
# [0] - UserService.geneAuthCode(user_info)
# [1] - user_info.uid
auth_info = auth_cookie.split("#")
if len(auth_info) != 2:
return False
# 数据库查询用户名
try:
user_info = User.query.filter_by(uid=auth_info[1]).first()
except Exception:
return False
if user_info is None:
return False
if auth_info[0] != UserService.geneAuthCode(user_info):
return False
if user_info.status != 1:
return False
return user_info
def check_login():
cookies = request.cookies
print("check_login-1")
auth_cookie = cookies[app.config['AUTH_COOKIE_NAME']] if app.config['AUTH_COOKIE_NAME'] in cookies else ''
if auth_cookie is None:
return False
auth_info = auth_cookie.split("#")
print("check_login-2")
print(auth_info)
if len(auth_info) != 2:
return False
try:
print("check_login-3")
user_info = User.query.filter_by(uid=auth_info[1]).first()
except Exception:
return False
if user_info is None:
return False
if auth_info[0] != UserService.geneAuthCode(user_info):
print("check_login-4")
return False
print("check_login-5")
return user_info
def check_login():
"""
判断用户是否已经登录
"""
cookies = request.cookies
auth_cookie = cookies[app.config["AUTH_COOKIE_NAME"]] if app.config[
"AUTH_COOKIE_NAME"] in cookies else None
if auth_cookie is None:
return False
auth_info = auth_cookie.split("#")
if len(auth_info) != 2:
return False
try:
user_info = User.query.filter_by(uid=auth_info[1]).first()
except Exception:
return False
if user_info is None:
return False
if auth_info[0] != UserService.geneAuthCode(user_info):
return False
if user_info.status != 1:
return False
return user_info
def check_login():
cookies = request.cookies
auth_cookie = cookies[app.config['AUTH_COOKIE_NAME']] if app.config['AUTH_COOKIE_NAME'] in cookies else None
if not auth_cookie:
return
auth_info = auth_cookie.split('#')
if len(auth_info) !=2:
return
try:
user_info = User.query.filter_by(uid=auth_info[1]).first()
except Exception as e:
return
if not user_info:
return
if auth_info[0] != UserService.geneAuthCode(user_info):
return
if user_info.status != 1:
return
return user_info
def check_login():
cookies = request.cookies
auth_cookie = cookies[app.config['AUTH_COOKIE_NAME']] if app.config[
'AUTH_COOKIE_NAME'] in cookies else None
if '/api' in request.path:
app.logger.info(request.path)
auth_cookie = request.headers.get("Authorization")
app.logger.info(request.headers.get("Authorization"))
if auth_cookie is None: # 如果页面中没有cookies
return False
auth_info = auth_cookie.split("#") # de0e0f7e2848bcbb9e00fd5458393257#1
if len(auth_info) != 2: # 不是标准的cookies
return False
try:
user_info = User.query.filter_by(
uid=auth_info[1]).first() # 查询能否和数据库中cookies对应
except Exception as e:
return False # 查不到接收异常为False
if user_info is None: # 有效性检验,但我感觉没必要,应该会有值,因为数据表设置的是非空,不过显得更加严谨
return False
if auth_info[0] != UserService.geneAuthCode(
user_info): # 如果得到的cookies值和通过我们对数据库中值加密过后的不一样,则是伪造
return False
if user_info.status != 1: # 已登录禁用账号刷新后退出登录
return False
return user_info
def login():
"""
登录页面,后台逻辑
"""
if request.method == "GET": # get请求
return ops_render("user/login.html")
# 获取登录变量
resp = {
'code': 200,
'msg': u"登陆成功",
'data': {}
} # 返回的信息用json值。定义整体全局变量 resp,即默认状态,data格外扩展字段
req = request.values # 所有的请求变量,放到这个数组里
login_name = req[
'login_name'] if 'login_name' in req else '' # 请求的变量 login_name 如果它在 请求里面,没有就是空
login_pwd = req[
'login_pwd'] if 'login_pwd' in req else '' # 请求的变量 login_name 如果它在 请求里面,没有就是空
if login_name is None or len(login_name) < 2: # 判断账号长度
resp['code'] = -1 # 返回的状态码
resp['msg'] = u"请输入正确的用户登录名" # 返回的信息
# return json.dumps( resp,ensure_ascii=False ) # 用 jsonify 把json返回回去
return jsonify(resp) # 用 jsonify 把json返回回去
if login_pwd is None or len(login_pwd) < 6:
resp['code'] = -1
resp['msg'] = u"请输入正确的用户登录名和密码1"
return jsonify(resp)
user_info = User.query.filter_by(login_name=login_name).first(
) # User表中查询 请求的login_name 与表中对应的第一个。因为用户名是唯一的
if not user_info: # 如果用户名不在user里面
resp['code'] = -1
resp['msg'] = u"请输入正确的用户登录名和密码3" # 返回的信息。返回两个是防止有人试登录信息
return jsonify(resp)
if user_info.status != 1:
resp['code'] = -1
resp['msg'] = u"账号已被禁用,请联系管理员Q:1040691703"
return jsonify(resp)
if user_info.login_pwd != UserService.genePwd(
login_pwd,
user_info.login_salt): # 如果数据库查询到的用户密码 != 生成的密码(login_salt:登录秘钥)
resp['code'] = -1
resp['msg'] = u"请输入正确的用户登录名和密码4"
return jsonify(resp)
response = make_response(json.dumps(resp)) #返回dumps:json序列化
response.set_cookie(
app.config['AUTH_COOKIE_NAME'],
"%s#%s" % (UserService.geneAuthCode(user_info), user_info.uid),
60 * 60 * 24 * 7
) # 设置cookie。cookie名称yl_food。cookie值 %s#%s。第一个%s为加密,后面的东西为用户uid明文。cookie保存7天
return response
def login():
if request.method == "GET": # 1判断是获取还是发出信息,获取是GET, 发送给服务器是post 1
return render_template("user/login.html")
resp = {
'code': 200,
'msg': 'Welcome!',
'data': {}
} #设置一个jason的初始值,与小程序的思路很像
# 2发出一个get请求获得前端的数据(填写的用户名和密码)
req = request.values #页面中全部的data都被存到变量req中, 下面再找出需要的data,比如loginname password 2
login_name = req[
'login_name'] if 'login_name' in req else '' #在下面就可以直接用login_name 和 pwd 了
login_pwd = req['login_pwd'] if 'login_pwd' in req else ''
# 3 username and pwd valification 用来过滤那些账号长度不符合要的
if login_name is None or len(login_name) < 1: #如果账户不对,则返回 json文件中的值 4
resp['code'] = -1
resp['msg'] = "Please input correct username~~"
return jsonify(resp)
if login_pwd is None or len(login_pwd) < 1: #如果账户不对,则返回 json文件中的值 4
resp['code'] = -1
resp['msg'] = "Please input correct password~~"
return jsonify(resp)
# username and pwd valification 与数据库进行比对
user_info = User.query.filter_by(
login_name=login_name).first() # 比对数据库中的login_name是否和输入的一样 5
if not user_info:
resp['code'] = -1
resp['msg'] = "请输入正确的登陆名或密码 "
return jsonify(resp)
#验证密码时,需要三个信息都正确
if user_info.login_pwd != UserService.genePwd(
login_pwd, user_info.login_salt
): #user_info.login_pwd 因为前面已经filter by username了,所以这里直接用该username的pwd 和 salt
resp['code'] = -1
resp['msg'] = "请输入正确的登陆名或密码 "
return jsonify(resp)
#用户状态的比对,如果用户已经被删除那就不能登陆了
if user_info.status != 1:
resp['code'] = -1
resp['msg'] = "账号异常:已被禁用 "
return jsonify(resp)
#4登录态 建立一个cookies,用于web.intercaptors.Authinterceptor 验证是否已经登陆用的,在里面的 check_login()函数里可以看到
response = make_response(json.dumps({'code': 200, 'msg': '登录成功~~'}))
response.set_cookie(app.config['AUTH_COOKIE_NAME'], '%s#%s' %
(UserService.geneAuthCode(user_info), user_info.uid),
60 * 60 * 24 * 120) # 保存120天
return response
def login():
# 目前login方法用不到
if request.method == "GET":
app.logger.debug("GET")
return make_response(jsonify("login get"), 200)
# if request.method == "POST":
# return make_response(jsonify("用戶登入"), 200)
# 取值
if request.method =="POST":
#app.logger.debug("POST")
#取得JSON的值因為angular是傳json值的
data = json.loads(request.data)
#app.logger.debug(data)
# 返回值
resp ={'code':200,'msg':'登錄成功','data':{}}
login_name = data['login_name'] if 'login_name' in data else ''
login_pwd = data['login_pwd'] if 'login_pwd' in data else ''
#resmsg="%s-%s" % (login_name,login_pwd)
#app.logger.debug(resmsg)
# return make_response(jsonify(resmsg),200)
# 檢查參數值
if login_name is None or len(login_name) < 1 :
resp['code']=RespCode.UNDEFINERROR
resp['msg']="請輸入正確的登錄用戶名~~"
app.logger.debug(resp)
return resp['msg'],resp['code']
if login_pwd is None or len(login_pwd) <1:
resp['code']=RespCode.UNDEFINERROR
resp['msg']="請輸入正確的登錄密碼~~"
return resp['msg'],resp['code']
# 資料庫相關
user_info = User.query.filter_by( login_name= login_name).first()
if not user_info:
resp['code']=RespCode.UNDEFINERROR
resp['msg']="請輸入正確的用戶名和密碼-1~~"
return resp['msg'],resp['code']
# 檢查密碼
if user_info.login_pwd != UserService.genePwd(login_pwd,user_info.login_salt):
resp['code']=RespCode.UNDEFINERROR
resp['msg'] ="請輸入正確的用戶名和密碼-2~~"
return resp['msg'],resp['code']
# 登入成功 時,返回 auth code
tokenData=dict()
#tokenData["mooc_foo"]="%s#%s"%("aaaaa",user_info.uid)
tokenData[app.config["AUTH_TOKEN_NAME"]]="%s#%s"%(UserService.geneAuthCode(user_info),user_info.uid)
resp['data']=tokenData
#return make_response(jsonify(resp),200)
return jsonify(resp)
def login():
if request.method == "GET":
# return '用户登录'
return ops_render( "user/login.html" )
#定义错误操作代码
resp = {'code':200, 'msg':"登录成功", 'data':{}}
# 定义一个数组存放用户登录时输入的用户名和密码
req = request.values
login_name = req['login_name'] if 'login_name' in req else ''
login_pwd = req['login_pwd'] if 'login_pwd' in req else ''
# 判断用户名合法性
if login_name is None or len(login_name) <1:
resp['code'] = -1
resp['msg'] = "请输入正确的登录用户名"
return jsonify(resp)
# 判断密码的合法性
if login_pwd is None or len(login_pwd) <1:
resp['code'] = -1
resp['msg'] = "请输入正确的登录密码"
return jsonify(resp)
# 读取数据库
user_info = WhiteoilUser.query.filter_by(user_name = login_name).first()
# 判断用户名是否正确
if not user_info:
resp['code'] = -1
resp['msg'] = "请输入正确的登录用户名和密码"
return jsonify(resp)
# 判断密码是否正确
if user_info.user_pwd != login_pwd:
resp['code'] = -1
resp['msg'] = "请输入正确的登录用户名和密码"
return jsonify(resp)
# 判断用户状态是否正确
if user_info.user_status != "1":
resp['code'] = -1
resp['msg'] = "账号已被禁用,请联系管理员处理!"
return jsonify(resp)
response = make_response(json.dumps(resp))
response.set_cookie(app.config['AUTH_COOKIE_NAME'], "%s#%s" % (UserService.geneAuthCode(user_info), user_info.user_id),
60 * 60 * 24 * 120)
return response
def resetPwd():
if request.method == "GET":
return ops_render("user/reset_pwd.html", {'current': 'reset-pwd'})
resp = {'code': 200, 'msg': '操作成功~', 'data': {}}
req = request.values
old_password = req['old_password'] if 'old_password' in req else ''
new_password = req['new_password'] if 'new_password' in req else ''
if old_password is None or len(old_password) < 6:
resp['code'] = -1
resp['msg'] = "请输入符合规范的原密码~~"
return jsonify(resp)
if new_password is None or len(new_password) < 6:
resp['code'] = -1
resp['msg'] = "请输入符合规范的新密码~~"
return jsonify(resp)
if old_password == new_password:
resp['code'] = -1
resp['msg'] = "请重新输入一个吧,新密码和原密码不能相同哦~~"
return jsonify(resp)
user_info = g.current_user
# if user_info.uid == 1:
# resp['code'] = -1
# resp['msg'] = "该用户是演示账号,不准修改密码和登录用户名~~"
# return jsonify(resp)
old_info = User.query.filter_by(uid=user_info.uid).first()
old_pwd = UserService.genePwd(old_password, user_info.login_salt)
if old_pwd != old_info.login_pwd:
resp['code'] = -1
resp['msg'] = "原始密码输入错误~~"
return jsonify(resp)
user_info.login_pwd = UserService.genePwd(new_password,
user_info.login_salt)
db.session.add(user_info)
db.session.commit()
response = make_response(json.dumps(resp))
response.set_cookie(app.config['AUTH_COOKIE_NAME'], '%s#%s' %
(UserService.geneAuthCode(user_info), user_info.uid),
60 * 60 * 24 * 120) # 保存120天
return response
def login():
if request.method == 'GET':
return ops_render('user/login.html')
resp = {"code": 200, "msg": "登录成功", "data": {}}
req = request.values
login_name = req['login_name'] if 'login_name' in req else ''
login_pwd = req['login_pwd'] if 'login_pwd' in req else ''
if login_name is None or len(login_name) < 1:
resp['code'] = -1
resp['msg'] = "请输入正确的用户名"
return jsonify(resp)
if login_pwd is None or len(login_pwd) < 1:
resp['code'] = -1
resp['msg'] = "请输入正确的密码"
return jsonify(resp)
# 校验用户名是否在数据库表中存在
user_info = User.query.filter_by(login_name=login_name).first()
if not user_info:
resp['code'] = -1
resp['msg'] = "请输入正确的用户名和密码!"
return jsonify(resp)
# 校验用户输入的密码
if user_info.login_pwd != UserService.genePwd(login_pwd,
user_info.login_salt):
resp['code'] = -1
resp['msg'] = "请输入正确的用户名和密码!"
return jsonify(resp)
if user_info.status != 1:
resp['code'] = -1
resp['msg'] = "账号已被禁用,请联系管理员处理!"
return jsonify(resp)
response = make_response(
json.dumps({
"code": 200,
"msg": "登录成功",
"data": {}
}))
# 此处进行cookie拼串
response.set_cookie(
app.config['AUTH_COOKIE_NAME'],
"%s#%s" % (UserService.geneAuthCode(user_info), user_info.uid),
60 * 60 * 24)
return response
def login():
if request.method == 'GET': # 如果是get请求直接返回登录页
return render_template('/user/login.html')
# 返回默认值
resp = {'code': 200, 'msg': '登录成功', 'data': {}}
# 获取返回值
req = request.values
login_name = req['login_name'] if 'login_name' in req else ''
login_pwd = req['login_pwd'] if 'login_pwd' in req else ''
# 判断输入用户名
# 对登录名和登录密码的有效性校验,不论前端是否做校验
if login_name is None or len(login_name) < 1:
resp['code'] = -1
resp['msg'] = '请输入正确的用户名'
return jsonify(resp)
# 判断输入密码
if login_pwd is None or len(login_pwd) < 1:
resp['code'] = -1
resp['msg'] = '请输入正确的密码'
return jsonify(resp)
# 查询数据库用户名
user_info = User.query.filter_by(login_name=login_name).first() # 因为登录名是唯一的,所以根据用户名查出的用户信息也是唯一
if not user_info:
resp['code'] = -1
resp['msg'] = '请输入正确的用户名和密码(-1)'
return jsonify(resp)
# 查询数据库密码于加密密码对比
# 通过数据库中的密码与用户填写信息加密后的密码进行校验,我们将这个函数写进通用模块中的UserService
if user_info.login_pwd != UserService.genePwd(login_pwd, user_info.login_salt):
resp['code'] = -1
resp['msg'] = '请输入正确的用户名和密码(-2)'
return jsonify(resp)
if user_info.status != 1:
resp['code'] = -1
resp['msg'] = '账号已被禁用,请联系管理员处理'
return jsonify(resp)
response = make_response(json.dumps(resp))
# # 设置了cookie,那么就能设置统一拦截器,防止客户端没有cookie而能进入后台,同时定义cookie的加密方式geneAuthCode
response.set_cookie(app.config['AUTH_COOKIE_NAME'], '%s#%s' % (UserService.geneAuthCode(user_info), user_info.uid),
60 * 60 * 24 * 120) # 生成cookie形式为 16进制加密字符#uid,保存120天
return response
def login():
if request.method == "GET":
if g.current_user:
return redirect(UrlManager.buildUrl("/"))
return ops_render("user/login.html")
resp = {'code': 200, 'msg': '登录成功~~', 'data': {}}
req = request.values
login_name = req['login_name'] if 'login_name' in req else ''
login_pwd = req['login_pwd'] if 'login_pwd' in req else ''
if login_name is None or len(login_name) < 1:
resp['code'] = -1
resp['msg'] = "请输入正确的登录用户名~~"
# return jsonify( resp )
return redirect(url_for('user_page.login'))
if login_pwd is None or len(login_pwd) < 1:
resp['code'] = -1
resp['msg'] = "请输入正确的邮箱密码~~"
# return jsonify(resp)
return redirect(url_for('user_page.login'))
user_info = User.query.filter_by(login_name=login_name).first()
if not user_info:
resp['code'] = -1
resp['msg'] = "请输入正确的登录用户名和密码-1~~"
# return jsonify(resp)
return redirect(url_for('user_page.login'))
if user_info.login_pwd != UserService.genePwd(login_pwd,
user_info.login_salt):
resp['code'] = -1
resp['msg'] = "请输入正确的登录用户名和密码-2~~"
# return jsonify(resp)
return redirect(url_for('user_page.login'))
if user_info.status != 1:
resp['code'] = -1
resp['msg'] = "账号已被禁用,请联系管理员处理~~"
# return jsonify(resp)
return redirect(url_for('user_page.login'))
# return redirect(url_for('/'))
response = make_response(redirect(url_for('index_page.index')))
response.set_cookie(app.config['AUTH_COOKIE_NAME'], '%s#%s' %
(UserService.geneAuthCode(user_info), user_info.uid),
60 * 60 * 24 * 120) # 保存120天
return response
def login():
if request.method == 'GET':
return render_template('user/login.html')
req = request.values
print('req', req)
resp = {'code': 200, 'msg': '登录成功1', 'data': {}}
login_name = req['login_name'] if 'login_name' in req else ''
login_pwd = req['login_pwd'] if 'login_pwd' in req else ''
if login_name is None or len(login_name) < 1:
resp['code'] = -1
resp['msg'] = '请输入正确的用户名或密码~~~'
return jsonify(resp)
if login_pwd is None or len(login_pwd) < 1:
resp['code'] = -1
resp['msg'] = '请输入正确的用户名或密码~~~'
return jsonify(resp)
# 根据输入的用户名 从库中 过滤
user_info = User.query.filter_by(login_name=login_name).first()
# 如果过滤出来没有 那就是不存在这个哦用户
if not user_info:
resp['code'] = -1
resp['msg'] = '请输入正确的用户名或密码~~~'
return jsonify(resp)
# 用户已被删除 不能登录
if user_info.status != 1:
resp['code'] = -1
resp['msg'] = '账号异常,请联系管理员~~~'
return jsonify(resp)
# 拿库中的加密密码 与 (用户的输入密码 去 加密后的 进行对比)
if user_info.login_pwd != UserService.genePwd(login_pwd,
user_info.login_salt):
resp['code'] = -1
resp['msg'] = '请输入正确的用户名或密码~~~'
return jsonify(resp)
response = make_response(json.dumps(resp))
# 设置cookie 把用户对象传入 方法 自制cookie授权码 经过md5加密
response.set_cookie(
app.config['COOKIE_AUTH_NAME'],
"%s#%s" % (UserService.geneAuthCode(user_info), user_info.uid))
# 没有进行登录页面的跳转渲染 仅返回json 后面用js 实现 如果 成功码 为 200 在进行 页面的跳转加载
return response
def resetPwd():
current_user = session.current_user
user_info = current_user
if request.method == "GET":
return render_template("user/reset_pwd.html",
current_user=current_user,
current="reset-pwd")
resp = {'code': 200, 'msg': '操作成功~', 'data': {}}
req = request.values
old_password = req['old_password'] if 'old_password' in req else ''
new_password = req['new_password'] if 'new_password' in req else ''
if old_password is None or len(old_password) < 6:
resp['code'] = -1
resp['msg'] = "请输入符合规范的原密码~~"
return jsonify(resp)
if new_password is None or len(new_password) < 6:
resp['code'] = -1
resp['msg'] = "请输入符合规范的新密码~~"
return jsonify(resp)
if old_password == new_password:
resp['code'] = -1
resp['msg'] = "请重新输入一个吧,新密码和原密码不能相同哦~~"
return jsonify(resp)
if user_info.uid == 1:
resp['code'] = -1
resp['msg'] = "该用户是演示账号,不准修改密码和登录用户名~~"
return jsonify(resp)
user_info.login_pwd = UserService.genePwd(new_password,
user_info.login_salt)
db.session.add(user_info)
db.session.commit()
#之所以需要这一步,是因为密码修改了 cookes已经修改了,这样就是无法通过验证,所以要更新cookies
response = make_response(json.dumps(resp))
response.set_cookie(app.config['AUTH_COOKIE_NAME'], '%s#%s' %
(UserService.geneAuthCode(user_info), user_info.uid),
60 * 60 * 24 * 120) # 保存120天
return response
def check_login():
cookies = request.cookies
auth_cookie = cookies["user"] if "user" in cookies else ""
# app.logger.error(auth_cookie)
if auth_cookie is None:
return False
auth_info = auth_cookie.split("#")
if len(auth_info) < 2:
return False
user_info = User.query.filter_by(uid=auth_info[1]).first()
if user_info is None:
return False
if auth_info[0] != UserService.geneAuthCode(user_info):
return False
if user_info.status != 1:
return False
return user_info
