密码保护
1.更新User对象,设置对内的_password
class User(db.Model):
__tablename__ = 'user'
_password = db.Column(db.String(200), nullable=False) #内部使用
2.编写对外的password
from werkzeug.security import generate_password_hash, check_password_hash
@property
def password(self): #外部使用,取值
return self._password
@password.setter
def password(self, row_password):#外部使用,赋值
self._password = generate_password_hash(row_password)
3.密码验证方法:
def check_password(self, row_password): #密码验证
result = check_password_hash(self._password,row_password)
return result
4.登录验证:
password1 = request.form.get('password')
user = User.query.filter(User.username == username).first()
if user:
if user.check_password(password1):
代码如下:
from flask import Flask, render_template, request, redirect, url_for, session from flask_sqlalchemy import SQLAlchemy from sqlalchemy import or_,and_ from functools import wraps from hashlib import md5 import os import congif app = Flask(__name__) app.config.from_object(congif) db = SQLAlchemy(app) # 用户信息 class User(db.Model): __tablename__ = 'user' id = db.Column(db.String(17), primary_key=True) # 数据库唯识别id name = db.Column(db.String(20), nullable=False) # 登录账号名 title = db.Column(db.String(30)) # 显示名称 password = db.Column(db.String(42), nullable=False) # 密码 truename = db.Column(db.String(10)) # 真实姓名 sex = db.Column(db.String(1), default='0') # 性别 phone = db.Column(db.String(11)) # 电话号码 email = db.Column(db.String(40)) # 邮箱 logo = db.Column(db.String(50)) # 头像 qq = db.Column(db.String(11)) # qq号码 createdate = db.Column(db.DATETIME) # 注册日期 level = db.Column(db.String(2)) # 用户等级 address = db.Column(db.String(60)) # 用户住址 # 图书分类 classification(id,name,content) class Classification(db.Model): __tablname__ = 'classification' id = db.Column(db.String(17), primary_key=True) # 数据库唯识别id name = db.Column(db.String(30)) # 文章名称 logo = db.Column(db.String(50)) # 头像地址 context = db.Column(db.TEXT) # 分类内容 # book(id,title,abstracts,content,createdate,author_id,size,chilk,disc,classification) # 发布图书及问答 class Book(db.Model): __tablname__ = 'book' id = db.Column(db.String(17), primary_key=True) # 数据库唯识别id title = db.Column(db.String(30)) # 文章标题 abstracts = db.Column(db.String(150)) # 文章摘要 content = db.Column(db.TEXT) # 文章内容 createdate = db.Column(db.DATETIME) # 发布时间 author_id = db.Column(db.String(17), db.ForeignKey('user.id')) # 发布者id size = db.Column(db.String(30)) # 文章长度 chilk = db.Column(db.Integer()) # 阅读数 disc = db.Column(db.Integer()) #点赞数 classification = db.Column(db.String(17), db.ForeignKey('classification.id')) # 文章分类id authorClass = db.relationship('User', backref=db.backref('book')) classificationClass = db.relationship('Classification', backref=db.backref('book')) # 评论表 class Commentaries(db.Model): __tablname__ = 'commentaries' id = db.Column(db.String(17), primary_key=True) # 数据库唯一识别id book_id = db.Column(db.String(17), db.ForeignKey('book.id')) # 评论对应的文章的id question_id = db.Column(db.String(17)) # 问题的提出者id,或者是文章作者id answer_id = db.Column(db.String(17), db.ForeignKey('user.id')) # 回答问题用户的id date = db.Column(db.DATETIME) # 回答日期 content = db.Column(db.TEXT) # 回答内容 answer = db.relationship('User', backref=db.backref('commentaries')) book = db.relationship('Book', backref=db.backref('commentaries',order_by=date.desc)) # db.create_all() # 增加一条数据 # user = User(name = 'xiao',password = '123') # db.session.add(user) # db.session.commit() # 查询一条数据 # user = User.query.filter(User.name=='xiao').first() # print(user.name,user.password) # 更改一条数据 # user = User.query.filter(User.name=='xiao').first() # user.password = 'xxx' # db.session.commit() # 删除一条数据 # user = User.query.filter(User.name=='xiao').first() # db.session.delete(user) # db.session.commit() # 退出登录 @app.route('/logout/') def logout(): session.pop('user_id') session.pop('title') return redirect(url_for('index')) # 登录 @app.route('/login/', methods=['GET', 'POST']) def login(): if request.method == 'POST': user_name = request.form.get('user_name') user_password = request.form.get('user_password') user = User.query.filter(User.name == user_name, User.password == md5(user_password.encode("utf-8")).hexdigest()).first() if user: session['user_id'] = user.id session['title'] = user.title session.permanent = True poi = request.args.get('poi') if poi: return redirect(url_for('poi', book_id=poi)) return redirect(url_for('index')) else: return redirect(url_for('login')) else: return render_template('login.html') # 上下文处理器 @app.context_processor def myContext(): id = session.get('user_id') title = session.get('title') if id: user = User.query.filter(User.id == id).first() else: user = {} if title: return {'title': title, 'user_id': id, 'user': user} else: return {} # 注册 @app.route('/regist/', methods=['GET', 'POST']) def regist(): if request.method == 'GET': user_name = request.args.get('user_name') if user_name: user = User.query.filter(User.name == user_name).first() if user: return '用户已存在' else: return 'ok' else: return render_template('regist.html') else: user_name = request.form.get('user_name') user_title = request.form.get('user_title') user_password = request.form.get('user_password') user = User.query.filter(User.name == user_name).first() if user: return 'error:user exitst' else: user = User(id="1", name=user_name, title=user_title, password=user_password) db.session.add(user) # 加入数据库 db.session.commit() return redirect(url_for('login')) # 定义一个装饰器出验证用户有是否是登陆 # 定义一个参数函数 def loginFirst(func): # 定义一个函数将其返回 @wraps(func) def wrapper(*args, **kwargs): if session.get('title'): return func(*args, **kwargs) else: return redirect(url_for('login')) # 返回一个函数 return wrapper # 发布问答 @app.route('/question', methods=['GET', 'POST']) @loginFirst def question(): if request.method == 'GET': classfly = Classification.query.all() context = { 'classfly' : classfly } return render_template('question.html',**context) else: book_title = request.form.get('title') book_content = request.form.get('content') abstracts = request.form.get('abstracts') classification = request.form.get('classification') user_id = request.form.get('user_id') size = request.form.get('size') book = Book(id='1', title=book_title, abstracts=abstracts, content=book_content, author_id=user_id,classification=classification,size=size) db.session.add(book) # 加入数据库 db.session.commit() return 'true' # 详情页面 @app.route('/poi/<book_id>') def poi(book_id): book = Book.query.filter(Book.id == book_id).first() answer = len(Commentaries.query.filter(Commentaries.book_id==book_id).all()) book.chilk = book.chilk+1 db.session.commit() id = session.get('user_id') if id: user = User.query.filter(User.id == id).first() else: user = {} return render_template('poi.html', book=book, user=user,answer=answer) # 点赞 @app.route('/disc/') def disc(): book_id = request.args.get('book_id') book = Book.query.filter(Book.id == book_id).first() book.disc = book.disc+1 db.session.commit() return str(book.disc) # 发布评论 @app.route('/answer/', methods=['GET', 'POST']) def answer(): if request.method == 'POST': book_id = request.form.get('book_id') question_id = request.form.get('question_id') answer_id = request.form.get('answer_id') content = request.form.get('content') commentaries = Commentaries(id='1', book_id=book_id, question_id=question_id, answer_id=answer_id, content=content) db.session.add(commentaries) db.session.commit() commentaries = Commentaries.query.filter(Commentaries.book_id == book_id).order_by('-date').all() context = { 'commentaries': commentaries, } return render_template('answer.html', **context) else: book_id = request.args.get('book_id') commentaries = Commentaries.query.filter(Commentaries.book_id == book_id).order_by('-date').all() context = { 'commentaries': commentaries, } return render_template('answer.html', **context) # 某用户发布过的所有评论 @app.route('/commentaries/<user_id>',methods=['GET','POST']) def commentaries(user_id): user = User.query.filter(User.id == user_id).first() content = { 'userCommentaries':user.commentaries, 'books':user.book, 'num': len(user.commentaries), 'user2':user } return render_template('commentaries.html', **content) # 设置中心 @app.route('/config/<user_id>',methods=['GET','POST']) @loginFirst def config(user_id): user = User.query.filter(User.id == user_id).first() if request.method == 'GET': return render_template('config.html') else: user.title = request.form.get('title') user.truename = request.form.get('truename') user.sex = request.form.get('sex') user.qq = request.form.get('qq') user.phone = request.form.get('phone') user.email = request.form.get('email') user.address = request.form.get('address') db.session.commit() return render_template('config.html') # 上传头像 @app.route('/uploadLogo/<user_id>',methods=['GET','POST']) def uploadLogo(user_id): user = User.query.filter(User.id == user_id).first() f = request.files['logo'] basepath = os.path.dirname(__file__) # 当前文件所在路径 upload_path = os.path.join(basepath, 'static/uploads', f.filename) # 注意:没有的文件夹一定要先创建,不然会提示没有该路径 f.save(upload_path) user.logo = 'uploads/'+f.filename db.session.commit() return '{"url":"'+url_for('static',filename='uploads/'+f.filename)+'"}'; # 分类列表 @app.route('/classflyList/') def classflyList(): classfly = Classification.query.all() context = { 'classfly':classfly } return render_template('classflyList.html',**context) # 某个分类下的文章 @app.route('/classfly/<classification_id>') def classfly(classification_id): classflyList = Classification.query.all() classfly = Classification.query.filter(Classification.id == classification_id).first() context = { 'classfly': classfly, 'books':classfly.book, 'classflyList': classflyList } return render_template('classfly.html',**context) # 改密码 @app.route('/resetPassword/<user_id>', methods=['GET', 'POST']) @loginFirst def resetPassword(user_id): user = User.query.filter(User.id == user_id).first() if request.method == 'GET': return render_template('resetPassword.html') else: password = request.form.get('password') oldPassword = request.form.get('oldPassword') if(md5(oldPassword.encode("utf-8")).hexdigest()==user.password): user.password = md5(password.encode("utf-8")).hexdigest() db.session.commit() else: return '原密码有误'; return render_template('resetPassword.html') # 模糊查找 @app.route('/search', methods=['GET', 'POST']) def search(): qu = request.args.get('q') query = Book.query.filter( or_( Book.title.contains(qu), Book.content.contains(qu), ) ).order_by('-createdate').all() classfly = Classification.query.all() context = { 'books': query, 'classfly':classfly } return render_template('home.html', **context) # 首页 @app.route('/', methods=['GET', 'POST']) def index(): # context = { # 'userName' : "AllianceHacker", # 'toTime' : '11小时前', # 'title' : 'PHP是世界是最好的语言', # 'context' : 'PHP是世界是最好的语言,这是一个不需要有疑问的问题,谁不服可以来战啊!!!' # } books = Book.query.order_by('-createdate').all() classfly = Classification.query.all() context = { 'books': books, 'classfly':classfly } return render_template('home.html', **context) # 主函数 if __name__ == '__main__': app.run(debug=True)
