密碼保護

1.更新User對象，設置對內的_password

class User(db.Model):

    __tablename__ = 'user' 

    _password = db.Column(db.String(200), nullable=False) #內部使用

 

2.編寫對外的password

from werkzeug.security import generate_password_hash, check_password_hash

    @property

    def password(self):  #外部使用，取值

        return self._password

    @password.setter

    def password(self, row_password):#外部使用，賦值

        self._password = generate_password_hash(row_password)

 

3.密碼驗證的方法：

    def check_password(self, row_password): #密碼驗證

        result = check_password_hash(self._password,row_password)

        return result

 

4.登陸驗證：

        password1 = request.form.get('password')

        user = User.query.filter(User.username == username).first()

        if user:

            if user.check_password(password1):

from flask import Flask,render_template,request,redirect,url_for,session
from flask_sqlalchemy import SQLAlchemy
from functools import wraps
from datetime import datetime
import config
from sqlalchemy import or_,and_
from werkzeug.security import generate_password_hash,check_password_hash
app = Flask(__name__)
app.config.from_object(config)
db=SQLAlchemy(app)

class User(db.Model):
    __tablename__ = 'user'
    id = db.Column(db.Integer,primary_key=True,autoincrement=True)
    username = db.Column(db.String(20),nullable=False)
    _password = db.Column(db.String(200),nullable=False)

    @property
    def password(self):
        return self._password

    @password.setter
    def password(self,row_password):
        self._password = generate_password_hash(row_password)

    def check_password(self,row_password):
        result = check_password_hash(self._password,row_password)
        return result


class Question(db.Model):
    __tablename__ = 'question'
    id = db.Column(db.Integer,primary_key=True,autoincrement=True)
    title = db.Column(db.String(100),nullable=False)
    detail = db.Column(db.Text,nullable=False)
    c520555reat_time = db.Column(db.DateTime,default=datetime.now)
    author_id = db.Column(db.Integer,db.ForeignKey('user.id'))
    author = db.relationship('User',backref=db.backref('question'))

class Comment(db.Model):
    __tablename__='comment'
    id = db.Column(db.Integer, primary_key=True, autoincrement=True)
    author_id = db.Column(db.Integer, db.ForeignKey('user.id'))
    question_id = db.Column(db.Integer, db.ForeignKey('question.id'))
    detail = db.Column(db.Text, nullable=False)
    creat_time = db.Column(db.DateTime, default=datetime.now)
    question = db.relationship('Question', backref=db.backref('comments',order_by=creat_time.desc))
    author = db.relationship('User', backref=db.backref('comments'))

db.create_all()


@app.route('/')
def shouye():
    context = {
        'questions': Question.query.all()
    }
    return render_template('shouye.html', **context)

@app.route('/denglu/',methods=['GET','POST'])
def gg():
    if request.method == 'GET':
        return render_template('denglu.html') #跳轉登陸
    else:
        usern = request.form.get('username')
        passw = request.form.get('password')
        user = User.query.filter(User.username == usern).first()
        if user:
            if user.check_password(passw):
                session['user'] = usern
                session['user_id'] = user.id
                session.permanent = True
                return redirect(url_for('shouye'))
            else:
                return u'password error'
        else:
            return u'username is not existed'

@app.route('/zhuche/', methods=['GET','POST'])
def login ():
    if request.method =='GET':
        return render_template('zhuce.html')#跳轉註冊
    else:
        usern = request.form.get('username')
        passw = request.form.get('password')
        user = User.query.filter(User.username == usern).first()
        if user:
            return u'username existed'
        else:
            user1 = User(username = usern,password = passw)
            db.session.add(user1)#數據庫操做
            db.session.commit()
            return redirect(url_for('gg'))

@app.route('/tupian/')
def hh():
    return render_template('tupian.html') #跳轉圖片庫

def loginFirst(func):
    @wraps(func)
    def wrapper (*args,**kwargs):
        if session.get('user'):
            return  func(*args,**kwargs)
        else:
            return redirect(url_for('gg'))
    return wrapper

@app.route('/xiangqing/<question_id>')
def xiangqing(question_id):
    quest = Question.query.filter(Question.id == question_id).first()
    return render_template('xiangqing.html',ques = quest)

@app.route('/comment/',methods=['POST'])
@loginFirst
def comment():
    comment =request.form.get('new_comment')
    ques_id =request.form.get('question_id')
    auth_id =User.query.filter(User.username == session.get('user')).first().id
    comm = Comment(author_id=auth_id,question_id=ques_id,detail=comment)
    db.session.add(comm)
    db.session.commit()
    return redirect(url_for('xiangqing',question_id=ques_id))

@app.route('/fabu/',methods=['GET','POST'])
@loginFirst
def fabu():
    if request.method == 'GET':
        return render_template('fabu.html')
    else:
        title = request.form.get('title')
        detail = request.form.get('detail')
        author_id = User.query.filter(User.username == session.get('user')).first().id
        question = Question(title=title, detail=detail, author_id=author_id)
        db.session.add(question)
        db.session.commit()
    return redirect(url_for('shouye')) # 跳轉發布

@app.context_processor
def context():
    usern = session.get('user')
    if usern:
        return {'username': usern }
    else:
        return {}

@app.route('/logout/')
def logout():
    session.clear()
    return redirect(url_for('shouye'))

@app.route('/usercenter/<user_id>/<tag>')
@loginFirst
def usercenter(user_id,tag):
    user = User.query.filter(User.id == user_id).first()
    context = {
        'user': user
    }
    if tag =='1':
        return render_template('user1.html',**context)
    elif tag =='2':
        return render_template('user2.html', **context)
    else:
        return render_template('user3.html', **context)

@app.route('/search/')
def search():
    qu = request.args.get('q')
    ques = Question.query.filter(
        or_(
            Question.title.contains(qu),
            Question.detail.contains(qu)
        )
    )
    return render_template('shouye.html',questions = ques)

if __name__ == '__main__':
    app.run(debug=True)

import os

SQLALCHEMY_DATABASE_URI = 'mysql+pymysql://root:@127.0.0.1:3306/mis_16?charset=utf8'
SQLALCHEMY_TRACK_MODIFICATIONS = False

SECRET_KEY = os.urandom(24)