密码保护
1.更新User对象,设置对内的_password
class User(db.Model):
__tablename__ = 'user'
_password = db.Column(db.String(200), nullable=False) #内部使用
2.编写对外的password
from werkzeug.security import generate_password_hash, check_password_hash
@property
def password(self): #外部使用,取值
return self._password
@password.setter
def password(self, row_password):#外部使用,赋值
self._password = generate_password_hash(row_password)
3.密码验证的方法:
def check_password(self, row_password): #密码验证
result = check_password_hash(self._password,row_password)
return result
4.登录验证:
password1 = request.form.get('password')
user = User.query.filter(User.username == username).first()
if user:
if user.check_password(password1):
from flask import Flask,render_template,request,redirect,url_for,session from flask_sqlalchemy import SQLAlchemy import config from functools import wraps from datetime import datetime from sqlalchemy import or_, and_ from werkzeug.security import generate_password_hash, check_password_hash app = Flask(__name__) app.config.from_object(config) db=SQLAlchemy(app) class User(db.Model): __table__name = 'user' id = db.Column(db.Integer,primary_key=True,autoincrement=True) username = db.Column(db.String(20),nullable=False) _password = db.Column(db.String(200),nullable=False) #内部使用 nickname = db.Column(db.String(50)) @property def password(self): # 外部使用,取值 return self._password @password.setter def password(self, row_password): # 外部使用,赋值 self._password = generate_password_hash(row_password) def check_password(self, row_password): #密码验证 result = check_password_hash(self._password,row_password) return result class Question(db.Model): __tablename__ = 'question' id = db.Column(db.Integer, primary_key=True, autoincrement=True) title = db.Column(db.String(100), nullable=False) detail = db.Column(db.Text, nullable=False) creat_time = db.Column(db.DateTime, default=datetime.now) author_id = db.Column(db.Integer, db.ForeignKey('user.id')) author = db.relationship('User', backref=db.backref('question')) class Comment(db.Model): __tablename__='comment' id=db.Column(db.Integer, primary_key=True, autoincrement=True) author_id = db.Column(db.Integer,db.ForeignKey('user.id')) question_id = db.Column(db.Integer,db.ForeignKey('question.id')) creat_time = db.Column(db.DateTime, default=datetime.now) detail=db.Column(db.Text,nullable=False) question=db.relationship('Question',backref=db.backref('comments',order_by=creat_time.deac)) author=db.relationship('User',backref=db.backref('comments')) #db.create_all() @app.route('/') def base(): return render_template('base.html') @app.route('/index/') def index(): context = { 'question':Question.query.all() } return render_template('index.html',**context) @app.route('/detail/<question_id>') def detail(question_id): quest = Question.query.filter(Question.id == question_id).first() return render_template('detail.html',ques = quest) @app.route('/comment/',methods=['POST']) def comment(): comment = request.form.get('new_comment') ques_id = request.form.get('question_id') auth_id = User.query.filter(User.username == session.get('user')).first().id comm = Comment(author_id=auth_id,question_id=ques_id,detail=comment) db.session.add(comm) db.session.commit() return redirect(url_for('detail',question_id=ques_id)) @app.route('/usercenter/<user_id>/<tag>') def usercenter(user_id,tag): user = User.query.filter(User.id == user_id).first() context = { 'user':user } if tag == '1': return render_template('user1.html',**context) elif tag == '2': return render_template('user2.html',**context) else: return render_template('user3.html',**context) @app.route('/regist/',methods=['GET','POST']) def regist(): if request.method=='GET': return render_template('regist.html') else: username=request.form.get('username') password=request.form.get('password') nickname=request.form.get('nickname') user=User.query.filter(User.username==username).first() if user: return u'username existed' else: user=User (username=username,password=password,nickname=nickname) db.session.add(user) #数据库操作 db.session.commit() return redirect(url_for('login')) @app.route('/login/',methods=['GET','POST']) def login(): if request.method=='GET': return render_template('login.html') else: username=request.form.get('username') password1=request.form.get('password') user = User.query.filter(User.username == username).first() if user: if user.check_password(password1): session['user']=username session['userid'] = user.id session.permanent = True return redirect(url_for('index')) else: return u'password error ' else: return u' error username ' @app.route('/logout/') def logout(): session.clear() return redirect(url_for('index')) def loginFirst(func):#定义需要登录装饰器 @wraps(func) def wrapper(*args, ** kwargs): if session.get('user'): return func(*args, ** kwargs) else: return redirect(url_for('login')) return wrapper @app.route('/question/',methods=['GET','POST']) @loginFirst #需要登录装饰器 def question(): if request.method=='GET': return render_template('question.html') else: title = request.form.get('title') detail = request.form.get('detail') author_id = User.query.filter(User.username == session.get('user')).first().id question = Question(title=title, detail=detail, author_id=author_id) db.session.add(question) db.session.commit() return redirect(url_for('index')) @app.route('/search') def search(): qu =request.args.get('q') ques =Question.query.filter( or_( Question.title.contains(qu), Question.detail.contains(qu) ) ).order_by('-create_time') return render_template('index.html',questions=ques) @app.context_processor def mycontext(): usern=session.get('user') if usern: return{'username':usern} else: return{} if __name__ == '__main__': app.run(debug=True)