密码保护

1.更新User对象,设置对内的_password

class User(db.Model):

    __tablename__ = 'user' 

    _password = db.Column(db.String(200), nullable=False) #内部使用

 

2.编写对外的password

from werkzeug.security import generate_password_hash, check_password_hash

    @property

    def password(self):  #外部使用,取值

        return self._password

    @password.setter

    def password(self, row_password):#外部使用,赋值

        self._password = generate_password_hash(row_password)

 

3.密码验证的方法:

    def check_password(self, row_password): #密码验证

        result = check_password_hash(self._password,row_password)

        return result

 

4.登录验证:

        password1 = request.form.get('password')

        user = User.query.filter(User.username == username).first()

        if user:

            if user.check_password(password1):

from flask import Flask,render_template,request,redirect,url_for,session
from flask_sqlalchemy import SQLAlchemy
import config
from functools import wraps
from datetime import datetime
from sqlalchemy import or_, and_
from werkzeug.security import generate_password_hash, check_password_hash

app = Flask(__name__)
app.config.from_object(config)
db=SQLAlchemy(app)

class User(db.Model):
    __table__name = 'user'
    id = db.Column(db.Integer,primary_key=True,autoincrement=True)
    username = db.Column(db.String(20),nullable=False)
    _password = db.Column(db.String(200),nullable=False) #内部使用
    nickname = db.Column(db.String(50))

    @property
    def password(self):  # 外部使用,取值
      return self._password

    @password.setter
    def password(self, row_password):  # 外部使用,赋值
      self._password = generate_password_hash(row_password)

     def check_password(self, row_password): #密码验证
         result = check_password_hash(self._password,row_password)
         return result

class Question(db.Model):
    __tablename__ = 'question'
    id = db.Column(db.Integer, primary_key=True, autoincrement=True)
    title = db.Column(db.String(100), nullable=False)
    detail = db.Column(db.Text, nullable=False)
    creat_time = db.Column(db.DateTime, default=datetime.now)
    author_id = db.Column(db.Integer, db.ForeignKey('user.id'))
    author = db.relationship('User', backref=db.backref('question'))

class Comment(db.Model):
    __tablename__='comment'
    id=db.Column(db.Integer, primary_key=True, autoincrement=True)
    author_id = db.Column(db.Integer,db.ForeignKey('user.id'))
    question_id = db.Column(db.Integer,db.ForeignKey('question.id'))
    creat_time = db.Column(db.DateTime, default=datetime.now)
    detail=db.Column(db.Text,nullable=False)
    question=db.relationship('Question',backref=db.backref('comments',order_by=creat_time.deac))
    author=db.relationship('User',backref=db.backref('comments'))

#db.create_all()
@app.route('/')
def base():
    return render_template('base.html')

@app.route('/index/')
def index():
    context = {
            'question':Question.query.all()
        }
    return render_template('index.html',**context)

@app.route('/detail/<question_id>')
def detail(question_id):
    quest = Question.query.filter(Question.id == question_id).first()
    return render_template('detail.html',ques = quest)

@app.route('/comment/',methods=['POST'])
def comment():
     comment = request.form.get('new_comment')
     ques_id = request.form.get('question_id')
     auth_id = User.query.filter(User.username == session.get('user')).first().id
     comm = Comment(author_id=auth_id,question_id=ques_id,detail=comment)
     db.session.add(comm)
     db.session.commit()
     return redirect(url_for('detail',question_id=ques_id))

@app.route('/usercenter/<user_id>/<tag>')

def usercenter(user_id,tag):
    user = User.query.filter(User.id == user_id).first()
    context = {
        'user':user
    }
    if tag == '1':
         return  render_template('user1.html',**context)
    elif tag == '2':
         return  render_template('user2.html',**context)
    else:
         return  render_template('user3.html',**context)

@app.route('/regist/',methods=['GET','POST'])
def regist():
    if request.method=='GET':
        return render_template('regist.html')
    else:
        username=request.form.get('username')
        password=request.form.get('password')
        nickname=request.form.get('nickname')
        user=User.query.filter(User.username==username).first()
        if user:
            return u'username existed'
        else:
            user=User (username=username,password=password,nickname=nickname)
            db.session.add(user)   #数据库操作
            db.session.commit()
            return redirect(url_for('login'))



@app.route('/login/',methods=['GET','POST'])
def login():
    if request.method=='GET':
        return render_template('login.html')
    else:
        username=request.form.get('username')
        password1=request.form.get('password')
        user = User.query.filter(User.username == username).first()
        if user:
          if user.check_password(password1):
            session['user']=username
            session['userid'] = user.id
            session.permanent = True
            return redirect(url_for('index'))
          else:
            return u'password error '
        else:
            return u' error username '



@app.route('/logout/')
def logout():
    session.clear()
    return redirect(url_for('index'))


def loginFirst(func):#定义需要登录装饰器
    @wraps(func)
    def wrapper(*args, ** kwargs):
        if session.get('user'):
            return func(*args, ** kwargs)
        else:
            return redirect(url_for('login'))
    return  wrapper


@app.route('/question/',methods=['GET','POST'])
@loginFirst #需要登录装饰器
def question():
    if request.method=='GET':
        return render_template('question.html')
    else:
        title = request.form.get('title')
        detail = request.form.get('detail')
        author_id = User.query.filter(User.username == session.get('user')).first().id
        question = Question(title=title, detail=detail, author_id=author_id)
        db.session.add(question)
        db.session.commit()
        return redirect(url_for('index'))

@app.route('/search')
def search():
    qu =request.args.get('q')
    ques =Question.query.filter(
        or_(
            Question.title.contains(qu),
            Question.detail.contains(qu)
        )
    ).order_by('-create_time')
    return render_template('index.html',questions=ques)


@app.context_processor
def mycontext():
    usern=session.get('user')
    if usern:
        return{'username':usern}
    else:
        return{}


if __name__ == '__main__':
    app.run(debug=True)

 

posted @ 2017-12-22 11:26  062许立帅  阅读(126)  评论(0)    收藏  举报