flask登陸功能與權限
阿新 • • 發佈:2018-02-07
action down 邏輯 self 技術分享 contact request eth ews
from datetime import datetime from app import db # 會員 class User(db.Model): __tablename__ = "user" id = db.Column(db.Integer, primary_key=True) # 編號 name = db.Column(db.String(100), unique=True) # 昵稱 pwd = db.Column(db.String(100)) # 密碼 email = db.Column(db.String(100), unique=True) # 郵箱 phone = db.Column(db.String(11), unique=True) # 手機號碼 info = db.Column(db.Text) # 個性簡介 face = db.Column(db.String(255), unique=True) # 頭像 addtime = db.Column(db.DateTime, index=True, default=datetime.now) # 註冊時間 uuid = db.Column(db.String(255), unique=True) # 唯一標誌符 userlogs = db.relationship(‘Userlog‘, backref=‘user‘) # 會員日誌外鍵關系關聯 comments = db.relationship(‘Comment‘, backref=‘user‘) # 評論外鍵關系關聯 moviecols = db.relationship(‘Moviecol‘, backref=‘user‘) # 收藏外鍵關系關聯 def __repr__(self): return "<User %r>" % self.name # 檢查密碼匹配 def check_pwd(self, pwd): from werkzeug.security import check_password_hash return check_password_hash(self.pwd, pwd) # 會員登錄日誌 class Userlog(db.Model): __tablename__ = "userlog" id = db.Column(db.Integer, primary_key=True) # 編號 user_id = db.Column(db.Integer, db.ForeignKey(‘user.id‘)) # 所屬會員 ip = db.Column(db.String(100)) # 登錄IP addtime = db.Column(db.DateTime, index=True, default=datetime.now) # 登錄時間 def __repr__(self): return "<Userlog %r>" % self.id
第一步: forms模板制作
class LoginForm(FlaskForm): name = StringField( label="昵稱(賬號)", description="昵稱(賬號)", validators=[ DataRequired("請輸入昵稱(賬號)"), ], render_kw={ "class": "form-control input-lg", "placeholder": "昵稱(賬號)", } ) pwd = PasswordField( label="密碼", description="密碼", validators=[ DataRequired("請輸入密碼"), ], render_kw={ "class": "form-control input-lg", "placeholder": "密碼", } ) submit = SubmitField( label="登錄", render_kw={ "class": "btn btn-lg btn-success btn-block", } ) # 最好在forms中驗證賬號 def validate_name(self, field): name = field.data if User.query.filter_by(name=name).count() == 0: raise ValidationError("賬號不存在")
第二步:html模板的修改, 傳入form
{% for msg in get_flashed_messages(category_filter=["fail"]) %} <div><span style="color: red">{{ msg }}</span></div> {% endfor %} <div class="panel-body"> <form role="form" method="post" action="{{ url_for(‘home.login‘) }}"> <fieldset> <div class="form-group"> <label for="input_contact"><span class="glyphicon glyphicon-user"></span> {{ form.name.label }}</label> {{ form.name }} </div> {% for err in form.name.errors %} <div class="col-md-12" id="error_contact">{{ err }}</div> {% endfor %} <div class="form-group"> <label for="input_password"><span class="glyphicon glyphicon-lock"></span> {{ form.pwd.label }}</label> {{ form.pwd }} </div> {% for err in form.pwd.errors %} <div class="col-md-12" id="error_contact">{{ err }}</div> {% endfor %} {{ form.submit }} {{ form.csrf_token }} </fieldset> </form>
第三步: views中邏輯編寫
from . import home
from flask import render_template, redirect, url_for, flash, session, request
from .forms import RegistForm, LoginForm
from werkzeug.security import generate_password_hash
from app.models import User, Userlog
from app import db
import uuid
from functools import wraps
# 權限裝飾器
def user_login_req(f):
@wraps(f)
def decorated_function(*args, **kwargs):
if "user" not in session:
return redirect(url_for(‘home.login‘, next=request.url))
return f(*args, **kwargs)
return decorated_function
@home.route("/login/", methods=["GET", "POST"])
def login():
form = LoginForm()
if form.validate_on_submit():
data = form.data
user = User.query.filter_by(name=data.get("name")).first()
if not user.check_pwd(data.get("pwd")):
flash("密碼錯誤", "fail")
return redirect(url_for(‘home.login‘))
session[‘user‘] = user.name
session[‘user_id‘] = user.id
user_log = Userlog(
user_id=user.id,
ip=request.remote_addr,
)
db.session.add(user_log)
db.session.commit()
return redirect(url_for(‘home.user‘))
return render_template("home/login.html", form=form)
@home.route("/logout/")
def logout():
session.pop("user", None)
session.pop("user_id", None)
return redirect(url_for(‘home.login‘))flask登陸功能與權限