def pay():
username = session.get('username')
if not username:
return redirect(url_for('login'))
account = request.form.get('account', '').strip()
dollars = request.form.get('dollars', '').strip()
memo = request.form.get('memo', '').strip()
complaint = None
if request.method == 'POST':
person = [item for item in allaccount if item['username'] == account]
if request.form.get('csrf_token') != session['csrf_token']:
abort(403)
if account and dollars and dollars.isdigit() and memo and person:
db = bank.open_database()
bank.add_payment(db, username, account, dollars, memo)
db.commit()
flash('Payment successful')
return redirect(url_for('index'))
#complaint = ('Dollars must be an integer' if not dollars.isdigit()
# else 'Please fill in all three fields')
if not person:
complaint = 'user is not exist'
elif dollars.isdigit():
complaint = 'Dollars must be an integer'
else:
complaint = 'Please fill in all three fields'
return render_template('pay2.html', complaint=complaint, account=account,
dollars=dollars, memo=memo,
csrf_token=session['csrf_token'])
def pay():
username = session.get('username')
if not username:
return redirect(url_for('login'))
account = request.form.get('account', '').strip()
dollars = request.form.get('dollars', '').strip()
memo = requests.form.get('memo', '').strip()
complaint = None
if request.method == 'POST':
if request.form.get('csrf_token') != session['csrf_token']:
abort(403)
if account and dollars and dollars.isdigit() and memo:
db = bank.open_database()
bank.add_payment(db, username, account, dollars, memo)
db.commit()
flash('Payment successful') # 将消息保存在session中
return redirect(url_for('index'))
complaint = ('Dollars must be an integer' if not dollars.isdigit() else
'Please fill in all three fields')
return render_template('pay2.html',
complaint=complaint,
account=account,
dollars=dollars,
memo=memo,
csrf_token=session['csrf_token'])
def pay():
username = request.cookies.get('username')
if not username:
return redirect(url_for('login'))
account = request.form.get('account', '').strip()
dollars = request.form.get('dollars', '').strip()
memo = request.form.get('memo', '').strip()
complaint = None
if request.method == 'POST':
if account and dollars and dollars.isdigit() and memo:
db = bank.open_database()
bank.add_payment(db, username, account, dollars, memo)
db.commit()
return redirect(url_for('index', flash='Payment successful'))
complaint = ('Dollars must be an integer' if not dollars.isdigit()
else 'Please fill in all three fields')
return get('pay.html').render(complaint=complaint, account=account,
dollars=dollars, memo=memo)
def pay():
username = request.cookies.get('username')
if not username:
return redirect(url_for('login')) #重定向到登录页面
account = request.form.get('account', '').strip() #从html表单中提取信息
dollars = request.form.get('dollars', '').strip()
memo = request.form.get('memo', '').strip()
complaint = None
if request.method == 'POST':
if all([account, dollars.isdigit(), memo]):
db = bank.open_database()
bank.add_payment(db, username, account, dollars, memo)
db.commit() #提交事务,将改动保存进数据库
return redirect(url_for('index', flash='payment successful'))
complaint = ('dollars must be an integer' if not dollars.isdigit() else
'please fill in all three fields')
return get('pay.html').render(complaint=complaint,
account=account,
dollars=dollars,
memo=memo)
def pay():
username = session.get('username')
if not username:
return redirect(url_for('login'))
account = request.form.get('account', '').strip() #从html表单中提取信息
dollars = request.form.get('dollars', '').strip()
memo = request.form.get('memo', '').strip()
csrf_token = request.form.get('csrf_token') #从表单中提取隐藏的session ID隐藏属性
complaint = None
if request.method == 'POST':
if csrf_token != session['csrf_token']: #保证攻击者伪造的表单通不过POST请求,即执行不了下方修改数据库的代码
abort(403)
if all([account, dollars.isdigit(), memo]):
db = bank.open_database()
bank.add_payment(db, username, account, dollars, memo)
db.commit()
flash('payment successful') #向session中存进一条flash消息
return redirect(url_for('index'))
complaint = ('dollars must be an integer' if not dollars.isdigit() else 'please fill in all three fields')
return render_template('pay2.html', complaint=complaint, account=account, dollars=dollars, memo=memo, csrf_token=session['csrf_token'])
def pay():
username = session.get("username")
if not username:
return redirect(url_for("login"))
account = request.form.get("account", "").strip()
dollars = request.form.get("dollars", "").strip()
memo = request.form.get("memo", "").strip()
complaint = None
if request.method == "POST":
if request.form.get("csrf_token") != session["csrf_token"]:
abort(403)
if account and dollars and dollars.isdigit() and memo:
db = bank.open_database()
bank.add_payment(db, username, account, dollars, memo)
db.commit()
flash("Payment successful")
return redirect(url_for("index"))
complaint = "Dollars must be an integer" if not dollars.isdigit() else "Please fill in all three fields"
return render_template(
"pay2.html", complaint=complaint, account=account, dollars=dollars, memo=memo, csrf_token=session["csrf_token"]
)