def update():
stuid = session.get('stuid')
if not stuid:
return redirect(url_for('login'))
newphone = request.form.get('newphone', '').strip()
complaint = None
visit_ip = session.get('vip')
f = open('block-ip.txt', 'r')
getip = f.read()
bye_ip_list = getip.split()
f.close()
if checkip(bye_ip_list, visit_ip):
abort(403)
if request.method == 'POST':
if newphone:
db = bank.open_database()
msg = ''
if checkdigit(newphone):
bank.update_info(db, newphone, stuid)
db.commit()
msg = 'Update successful'
logfile = open('logfile.txt', 'a')
get_current_time = datetime.datetime.now()
logfile.write(
str(get_current_time) + ' - ' + stuid +
' update phone info with ' + newphone + '\n')
logfile.close()
else:
msg = 'Update failure, please check your phone format'
logfile = open('logfile.txt', 'a')
get_current_time = datetime.datetime.now()
logfile.write(
str(get_current_time) + ' - ' + stuid +
' update failure with wrong format ' + newphone + '\n')
logfile.close()
#==============================
stuid = session.get('stuid')
if not stuid:
return redirect(url_for('login'))
db = bank.open_database()
cla = bank.get_cla(db, stuid)
username = bank.get_name(db, stuid)
userlist = bank.showlist(db, cla)
#==============================
return render_template('index.html',
username=username,
cla=cla,
userlist=userlist,
sqlmsg=msg)
return render_template('update.html')
def pay():
username = session.get('username')
if not username:
return redirect(url_for('login'))
account = request.form.get('account', '').strip()
dollars = request.form.get('dollars', '').strip()
memo = request.form.get('memo', '').strip()
complaint = None
if request.method == 'POST':
person = [item for item in allaccount if item['username'] == account]
if request.form.get('csrf_token') != session['csrf_token']:
abort(403)
if account and dollars and dollars.isdigit() and memo and person:
db = bank.open_database()
bank.add_payment(db, username, account, dollars, memo)
db.commit()
flash('Payment successful')
return redirect(url_for('index'))
#complaint = ('Dollars must be an integer' if not dollars.isdigit()
# else 'Please fill in all three fields')
if not person:
complaint = 'user is not exist'
elif dollars.isdigit():
complaint = 'Dollars must be an integer'
else:
complaint = 'Please fill in all three fields'
return render_template('pay2.html', complaint=complaint, account=account,
dollars=dollars, memo=memo,
csrf_token=session['csrf_token'])
def index():
username = request.cookies.get('username')
if not username:
return redirect(url_for('login'))
payments = bank.get_payments_of(bank.open_database(), username)
return get('index.html').render(payments=payments, username=username,
flash_messages=request.args.getlist('flash'))
def index():
username = session.get('username')
if not username:
return redirect(url_for('login'))
payments = bank.get_payments_of(bank.open_database(), username)
return render_template('index.html', payments=payments, username=username,
flash_messages=get_flashed_messages())
def index():
username = session.get('username')
if not username:
return redirect(url_for('login'))
payments = bank.get_payments_of(bank.open_database(), username)
return render_template('index.html', payments=payments, username=username,
flash_messages=get_flashed_messages())
def pay():
username = session.get('username')
if not username:
return redirect(url_for('login'))
account = request.form.get('account', '').strip()
dollars = request.form.get('dollars', '').strip()
memo = requests.form.get('memo', '').strip()
complaint = None
if request.method == 'POST':
if request.form.get('csrf_token') != session['csrf_token']:
abort(403)
if account and dollars and dollars.isdigit() and memo:
db = bank.open_database()
bank.add_payment(db, username, account, dollars, memo)
db.commit()
flash('Payment successful') # 将消息保存在session中
return redirect(url_for('index'))
complaint = ('Dollars must be an integer' if not dollars.isdigit() else
'Please fill in all three fields')
return render_template('pay2.html',
complaint=complaint,
account=account,
dollars=dollars,
memo=memo,
csrf_token=session['csrf_token'])
def update():
stuid = session.get("stuid")
if not stuid:
return redirect(url_for("login"))
newphone = request.form.get("newphone", "").strip()
complaint = None
visit_ip = session.get("vip")
f = open("block-ip.txt", "r")
getip = f.read()
bye_ip_list = getip.split()
f.close()
if checkip(bye_ip_list, visit_ip):
abort(403)
if request.method == "POST":
if newphone:
db = bank.open_database()
msg = ""
if checkdigit(newphone):
bank.update_info(db, newphone, stuid)
db.commit()
msg = "Update successful"
logfile = open("logfile.txt", "a")
get_current_time = datetime.datetime.now()
logfile.write(str(get_current_time) + " - " + stuid + " update phone info with " + newphone + "\n")
logfile.close()
else:
msg = "Update failure, please check your phone format"
logfile = open("logfile.txt", "a")
get_current_time = datetime.datetime.now()
logfile.write(
str(get_current_time) + " - " + stuid + " update failure with wrong format " + newphone + "\n"
)
logfile.close()
# ==============================
stuid = session.get("stuid")
if not stuid:
return redirect(url_for("login"))
db = bank.open_database()
cla = bank.get_cla(db, stuid)
username = bank.get_name(db, stuid)
userlist = bank.showlist(db, cla)
# ==============================
return render_template("index.html", username=username, cla=cla, userlist=userlist, sqlmsg=msg)
return render_template("update.html")
def index():
username = request.cookies.get('username')
if not username:
return redirect(url_for('login'))
payments = bank.get_payments_of(bank.open_database(), username)
return get('index.html').render(
payments=payments,
username=username,
flash_messages=request.args.getlist('flash'))
def index():
username = session.get('username')
if not username:
return redirect(url_for('login'))
payments = bank.get_payments_of(bank.open_database(), username)
#x=test(123,456)
#y=test(789,101112)
imf=[]
#imf.append(x)
#imf.append(y)
#hyl='https://www.google.com.tw'
return render_template('index.html', payments=imf, username=username,
flash_messages=get_flashed_messages())
def pay():
username = request.cookies.get('username')
if not username:
return redirect(url_for('login'))
account = request.form.get('account', '').strip()
dollars = request.form.get('dollars', '').strip()
memo = request.form.get('memo', '').strip()
complaint = None
if request.method == 'POST':
if account and dollars and dollars.isdigit() and memo:
db = bank.open_database()
bank.add_payment(db, username, account, dollars, memo)
db.commit()
return redirect(url_for('index', flash='Payment successful'))
complaint = ('Dollars must be an integer' if not dollars.isdigit()
else 'Please fill in all three fields')
return get('pay.html').render(complaint=complaint, account=account,
dollars=dollars, memo=memo)
def index():
stuid = session.get("stuid")
if not stuid:
return redirect(url_for("login"))
visit_ip = session.get("vip")
f = open("block-ip.txt", "r")
getip = f.read()
bye_ip_list = getip.split()
f.close()
if checkip(bye_ip_list, visit_ip):
abort(403)
db = bank.open_database()
cla = bank.get_cla(db, stuid)
username = bank.get_name(db, stuid)
userlist = bank.showlist(db, cla)
return render_template("index.html", username=username, cla=cla, userlist=userlist)
def pay():
username = request.cookies.get('username')
if not username:
return redirect(url_for('login')) #重定向到登录页面
account = request.form.get('account', '').strip() #从html表单中提取信息
dollars = request.form.get('dollars', '').strip()
memo = request.form.get('memo', '').strip()
complaint = None
if request.method == 'POST':
if all([account, dollars.isdigit(), memo]):
db = bank.open_database()
bank.add_payment(db, username, account, dollars, memo)
db.commit() #提交事务,将改动保存进数据库
return redirect(url_for('index', flash='payment successful'))
complaint = ('dollars must be an integer' if not dollars.isdigit() else
'please fill in all three fields')
return get('pay.html').render(complaint=complaint,
account=account,
dollars=dollars,
memo=memo)
def pay():
username = session.get('username')
if not username:
return redirect(url_for('login'))
account = request.form.get('account', '').strip() #从html表单中提取信息
dollars = request.form.get('dollars', '').strip()
memo = request.form.get('memo', '').strip()
csrf_token = request.form.get('csrf_token') #从表单中提取隐藏的session ID隐藏属性
complaint = None
if request.method == 'POST':
if csrf_token != session['csrf_token']: #保证攻击者伪造的表单通不过POST请求,即执行不了下方修改数据库的代码
abort(403)
if all([account, dollars.isdigit(), memo]):
db = bank.open_database()
bank.add_payment(db, username, account, dollars, memo)
db.commit()
flash('payment successful') #向session中存进一条flash消息
return redirect(url_for('index'))
complaint = ('dollars must be an integer' if not dollars.isdigit() else 'please fill in all three fields')
return render_template('pay2.html', complaint=complaint, account=account, dollars=dollars, memo=memo, csrf_token=session['csrf_token'])
def index():
stuid = session.get('stuid')
if not stuid:
return redirect(url_for('login'))
visit_ip = session.get('vip')
f = open('block-ip.txt', 'r')
getip = f.read()
bye_ip_list = getip.split()
f.close()
if checkip(bye_ip_list, visit_ip):
abort(403)
db = bank.open_database()
cla = bank.get_cla(db, stuid)
username = bank.get_name(db, stuid)
userlist = bank.showlist(db, cla)
return render_template('index.html',
username=username,
cla=cla,
userlist=userlist)
def pay():
username = session.get("username")
if not username:
return redirect(url_for("login"))
account = request.form.get("account", "").strip()
dollars = request.form.get("dollars", "").strip()
memo = request.form.get("memo", "").strip()
complaint = None
if request.method == "POST":
if request.form.get("csrf_token") != session["csrf_token"]:
abort(403)
if account and dollars and dollars.isdigit() and memo:
db = bank.open_database()
bank.add_payment(db, username, account, dollars, memo)
db.commit()
flash("Payment successful")
return redirect(url_for("index"))
complaint = "Dollars must be an integer" if not dollars.isdigit() else "Please fill in all three fields"
return render_template(
"pay2.html", complaint=complaint, account=account, dollars=dollars, memo=memo, csrf_token=session["csrf_token"]
)
def index():
username = session.get('username') #从服务器数据库中的session中获取帐户名,而非请求头中的cookies中获取
if not username:
return redirect(url_for('login'))
payments = bank.get_payments_of(bank.open_database(), username)
return render_template('index.html', payments=payments, username=username, flash_messages=get_flashed_messages()) #get_flashed_messages()取出所有保存在session中的flash消息
