万朱浩 / Venue-Ops

Go to a project
Toggle navigation Toggle navigation pinning
kpt
d2f10640 1 parent 510f09af

【user.py】密码存储方式调整为哈希加盐

Inline Side-by-side
Showing 1 changed file with 36 additions and 16 deletions
1 import time 1 import time
2 -from flask import Blueprint, redirect, render_template, request,Flask, session 2 +import hashlib
  3 +from flask import Blueprint, redirect, render_template, request, Flask, session
3 4
4 from utils.query import query 5 from utils.query import query
5 from utils.errorResponse import errorResponse 6 from utils.errorResponse import errorResponse
6 7
  8 +hash_with_salt = hashlib.sha256('XiaoXueQi2024'.encode('utf-8'))
  9 +ub = Blueprint('user',
  10 + __name__,
  11 + url_prefix='/user',
  12 + template_folder='templates')
7 13
8 -ub = Blueprint('user',__name__,url_prefix='/user',template_folder='templates')  
9 14
10 -@ub.route('/login',methods=['GET','POST']) 15 +@ub.route('/login', methods=['GET', 'POST'])
11 def login(): 16 def login():
12 if request.method == 'GET': 17 if request.method == 'GET':
13 return render_template('login.html') 18 return render_template('login.html')
14 else: 19 else:
  20 +
15 def filter_fn(user): 21 def filter_fn(user):
16 - return request.form['username'] in user and request.form['password'] in user 22 + hash_with_salt.update(request.form['password'].encode('utf-8'))
  23 + return request.form[
  24 + 'username'] in user and hash_with_salt.hexdigest in user
  25 +
17 users = query('select * from user', [], 'select') 26 users = query('select * from user', [], 'select')
18 - login_success = list(filter(filter_fn,users))  
19 - if not len(login_success):return errorResponse('账号或密码错误') 27 + login_success = list(filter(filter_fn, users))
  28 + if not len(login_success): return errorResponse('账号或密码错误')
20 29
21 session['username'] = request.form['username'] 30 session['username'] = request.form['username']
22 return redirect('/page/home') 31 return redirect('/page/home')
23 -  
24 -@ub.route('/register',methods=['GET','POST']) 32 +
  33 +
  34 +@ub.route('/register', methods=['GET', 'POST'])
25 def register(): 35 def register():
26 if request.method == 'GET': 36 if request.method == 'GET':
27 return render_template('register.html') 37 return render_template('register.html')
28 else: 38 else:
29 - if request.form['password'] != request.form['checkPassword']:return errorResponse('两次密码不符合') 39 + if request.form['password'] != request.form['checkPassword']:
  40 + return errorResponse('两次密码不符合')
  41 +
30 def filter_fn(user): 42 def filter_fn(user):
31 return request.form['username'] in user 43 return request.form['username'] in user
32 44
33 - users = query('select * from user',[],'select')  
34 - filter_list = list(filter(filter_fn,users)) 45 + users = query('select * from user', [], 'select')
  46 + filter_list = list(filter(filter_fn, users))
35 if len(filter_list): 47 if len(filter_list):
36 return errorResponse('该用户名已被注册') 48 return errorResponse('该用户名已被注册')
37 else: 49 else:
38 time_tuple = time.localtime(time.time()) 50 time_tuple = time.localtime(time.time())
39 - query(''' 51 + hash_with_salt.update(request.form['password'].encode('utf-8'))
  52 + query(
  53 + '''
40 insert into user(username,password,createTime) values(%s,%s,%s) 54 insert into user(username,password,createTime) values(%s,%s,%s)
41 - ''',[request.form['username'],request.form['password'],str(time_tuple[0]) + '-' + str(time_tuple[1]) + '-' + str(time_tuple[2])]) 55 + ''', [
  56 + request.form['username'],
  57 + hash_with_salt.hexdigest(),
  58 + str(time_tuple[0]) + '-' + str(time_tuple[1]) + '-' +
  59 + str(time_tuple[2])
  60 + ])
42 61
43 return redirect('/user/login') 62 return redirect('/user/login')
44 - 63 +
  64 +
45 @ub.route('/logOut') 65 @ub.route('/logOut')
46 def logOut(): 66 def logOut():
47 - session.clear()  
48 - return redirect('/user/login')  
  67 + session.clear()
  68 + return redirect('/user/login')