|
|
@ -165,6 +165,7 @@ def login():
|
|
|
|
password = request.form['password']
|
|
|
|
password = request.form['password']
|
|
|
|
|
|
|
|
|
|
|
|
cursor = mysql.connection.cursor()
|
|
|
|
cursor = mysql.connection.cursor()
|
|
|
|
|
|
|
|
# 使用参数化查询检查用户是否存在
|
|
|
|
cursor.execute("SELECT * FROM users WHERE username = %s AND password = %s", (username, password))
|
|
|
|
cursor.execute("SELECT * FROM users WHERE username = %s AND password = %s", (username, password))
|
|
|
|
user_data = cursor.fetchone()
|
|
|
|
user_data = cursor.fetchone()
|
|
|
|
cursor.close()
|
|
|
|
cursor.close()
|
|
|
@ -189,19 +190,30 @@ def login():
|
|
|
|
return render_template('login.html')
|
|
|
|
return render_template('login.html')
|
|
|
|
|
|
|
|
|
|
|
|
# 处理数据库语句
|
|
|
|
# 处理数据库语句
|
|
|
|
def con_my_sql(sql_code):
|
|
|
|
def con_my_sql(sql_code, params=None):
|
|
|
|
try:
|
|
|
|
try:
|
|
|
|
|
|
|
|
# 尝试连接数据库
|
|
|
|
conn.ping(reconnect=True)
|
|
|
|
conn.ping(reconnect=True)
|
|
|
|
cursor= conn.cursor(pymysql.cursors.DictCursor)
|
|
|
|
# 创建游标对象,结果以字典形式返回
|
|
|
|
cursor.execute(sql_code)
|
|
|
|
cursor = conn.cursor(pymysql.cursors.DictCursor)
|
|
|
|
|
|
|
|
# 如果传入了参数,使用参数化查询
|
|
|
|
|
|
|
|
if params:
|
|
|
|
|
|
|
|
cursor.execute(sql_code, params)
|
|
|
|
|
|
|
|
else:
|
|
|
|
|
|
|
|
cursor.execute(sql_code)
|
|
|
|
|
|
|
|
# 提交事务
|
|
|
|
conn.commit()
|
|
|
|
conn.commit()
|
|
|
|
conn.close()
|
|
|
|
# 返回游标对象
|
|
|
|
return cursor
|
|
|
|
return cursor
|
|
|
|
except pymysql.MySQLError as err_massage:
|
|
|
|
except pymysql.MySQLError as err_massage:
|
|
|
|
|
|
|
|
# 捕获异常,回滚事务
|
|
|
|
conn.rollback()
|
|
|
|
conn.rollback()
|
|
|
|
|
|
|
|
# 关闭连接
|
|
|
|
conn.close()
|
|
|
|
conn.close()
|
|
|
|
|
|
|
|
# 返回异常类型和异常信息
|
|
|
|
return type(err_massage), err_massage
|
|
|
|
return type(err_massage), err_massage
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
class RegisterForm(Form):
|
|
|
|
class RegisterForm(Form):
|
|
|
|
captcha = StringField(validators=[Length(min=4,max=4,message='校验码格式错误')])
|
|
|
|
captcha = StringField(validators=[Length(min=4,max=4,message='校验码格式错误')])
|
|
|
|
username = StringField(validators=[Length(min=3,max=10,message='用户名长度必须在3到10个字符之间')])
|
|
|
|
username = StringField(validators=[Length(min=3,max=10,message='用户名长度必须在3到10个字符之间')])
|
|
|
@ -226,13 +238,16 @@ def register():
|
|
|
|
# 静态注册码进行角色注册
|
|
|
|
# 静态注册码进行角色注册
|
|
|
|
if captcha == "1111":
|
|
|
|
if captcha == "1111":
|
|
|
|
role = "侦查者"
|
|
|
|
role = "侦查者"
|
|
|
|
if captcha == "2222":
|
|
|
|
elif captcha == "2222":
|
|
|
|
role = "指挥者"
|
|
|
|
role = "指挥者"
|
|
|
|
if captcha == "3333":
|
|
|
|
elif captcha == "3333":
|
|
|
|
role = "攻击者"
|
|
|
|
role = "攻击者"
|
|
|
|
|
|
|
|
else:
|
|
|
|
|
|
|
|
return '无效的校验码 <a href="/">返回登录</a>'
|
|
|
|
|
|
|
|
|
|
|
|
code = "select * from users where username = '%s'" % username
|
|
|
|
# 使用参数化查询检查用户是否存在
|
|
|
|
cursor_ans = con_my_sql(code)
|
|
|
|
code = "SELECT * FROM users WHERE username = %s"
|
|
|
|
|
|
|
|
cursor_ans = con_my_sql(code, (username,))
|
|
|
|
cursor_select = cursor_ans.fetchall()
|
|
|
|
cursor_select = cursor_ans.fetchall()
|
|
|
|
|
|
|
|
|
|
|
|
if len(cursor_select) > 0:
|
|
|
|
if len(cursor_select) > 0:
|
|
|
@ -240,8 +255,9 @@ def register():
|
|
|
|
else:
|
|
|
|
else:
|
|
|
|
# 加密密码
|
|
|
|
# 加密密码
|
|
|
|
encrypted_password = encrypt_message(password)
|
|
|
|
encrypted_password = encrypt_message(password)
|
|
|
|
code = "INSERT INTO users(username, password, role) VALUES('%s', '%s', '%s')" % (username, encrypted_password, role)
|
|
|
|
# 使用参数化查询插入新用户
|
|
|
|
print(con_my_sql(code))
|
|
|
|
code = "INSERT INTO users(username, password, role) VALUES(%s, %s, %s)"
|
|
|
|
|
|
|
|
con_my_sql(code, (username, encrypted_password, role))
|
|
|
|
return '注册成功 <a href="/">返回登录</a>'
|
|
|
|
return '注册成功 <a href="/">返回登录</a>'
|
|
|
|
else:
|
|
|
|
else:
|
|
|
|
print(form.errors)
|
|
|
|
print(form.errors)
|
|
|
|