lanlab-org · spm2020spring · Dec 9, 2020
diff --git a/database.sqlite b/database.sqlite
diff --git a/service.py b/service.py
@@ -1,10 +1,13 @@
+import sqlite3
+
 from flask_sqlalchemy import SQLAlchemy
 from sqlalchemy import or_
 import os, uuid ,math, random
 from flask import Flask, flash, request, redirect, url_for, session, jsonify, render_template, send_from_directory
 from werkzeug.utils import secure_filename
 from datetime import datetime, timedelta
 from flask import Flask
+from werkzeug.security import generate_password_hash,check_password_hash
 basedir = os.path.abspath(os.path.dirname(__file__))
 UPLOAD_FOLDER = basedir + '\static\pdf'
 ALLOWED_EXTENSIONS = set(['pdf'])
@@ -150,21 +153,21 @@ def find_path_last_id(path):
     # @param some text
     # @return some text without sensitive words
     # ======================================================================================================
-    @staticmethod
-    def sensitive_words_filter(text):
-        f = open('static/sensitive words/1.txt', 'r')
-        result = ''
-        flag = True
-        for line in f:
-            if line.strip() in text.split():
-                flag = False
-                result = text.replace(line.strip(), '**')
-                text = result
-        f.close()
-        if flag:
-            return text
-        else:
-            return result
+    # @staticmethod
+    # def sensitive_words_filter(text):
+    #     f = open('static/sensitive words/1.txt', 'r')
+    #     result = ''
+    #     flag = True
+    #     for line in f:
+    #         if line.strip() in text.split():
+    #             flag = False
+    #             result = text.replace(line.strip(), '**')
+    #             text = result
+    #     f.close()
+    #     if flag:
+    #         return text
+    #     else:
+    #         return result
 
     @staticmethod
     def check_short_time():
@@ -200,6 +203,16 @@ def email_display_filter(email):
 
         return display + suf
 
+    # 哈希加盐的密码加密方法
+    def enPassWord(password):  # 将明密码转化为hash码
+        return generate_password_hash(password)  # 返回转换的hash码
+
+    def checkPassWord(enpassword, password):  # 第一参数是从数据查询出来的hash值，第二参数是需要检验的密码
+        return check_password_hash(enpassword, password)  # 如果匹配返回true
+
+
+
+
 # =========================================================================================
 # like and dislike
 # ========================================================================================
@@ -567,23 +580,50 @@ def post_comment(articleID):
 def donaton():
     return render_template('donation.html')
 
+
+def checkPassword(email, db_file):
+    sql = "select password from admins where email ='%s'" % (email)
+    conn = sqlite3.connect(db_file)
+    cursor = conn.cursor()
+    cursor.execute(sql)
+    result = cursor.fetchall()
+    return str(result)[3:69]  # 返回hash码
+
+def isNameExisted(email,db_file):
+    sql = "select * from admins where email ='%s'" % (email)
+    conn = sqlite3.connect(db_file)
+    cursor = conn.cursor()
+    cursor.execute(sql)
+    result = cursor.fetchall()
+    if (len(result) == 0):
+        return False
+    else:
+        return True
+
+
 @app.route('/login',methods=['POST','GET'])
 def login_verfaication():
     #admins login verification function
     #fetch the email and password from the html login form
     email = request.form['email']
     password = request.form['pass']
     #check if it's exists in the database.
-    validate = db.session.query(Admin).filter_by(email=email,password=password).first()
-
-    #allow access
-    if validate:
-        session['logged_in'] = True
-        return redirect('/admin')
-    else:
-        #handle error
+    # validate = db.session.query(Admin).filter_by(email=email,password=password).first()
+    if isNameExisted(email,'database.sqlite'):
+        t = checkPassword(email,'database.sqlite');  # 获得数据库存储的hash值
+        if check_password_hash(t, password):  # 查询有没有这个用户
+            session['logged_in'] = True
+            return redirect('/admin')
+    else:  #
         error = 'invalid username or password!'
-        return render_template('login.html',error = error)
+        return render_template('login.html', error=error)
+    #allow access
+    # if validate:
+    #     session['logged_in'] = True
+    #
+    # else:
+    #     #handle error
+
 
 @app.route('/admin')
 def admin():
@@ -693,7 +733,7 @@ def author(author_id):
     return render_template('author.html', articles=articles, comments=comments, Tool=Tool, author=author)
 
 if __name__ == '__main__':
-    app.run(debug=True)
+    app.run(debug=True, port=8080, threaded=True)
 
 
 

diff --git a/templates/article.html b/templates/article.html
@@ -87,7 +87,7 @@
 
     <h2 class="card-title">{{ article.title }}</h2><!--title-->
 
-    <p class="card-text bp" >-abstract<br></p><p>&nbsp;{{ Tool.sensitive_words_filter(article.abstract) }}</p><br><br><!--abstract-->
+{#    <p class="card-text bp" >-abstract<br></p><p>&nbsp;{{ Tool.sensitive_words_filter(article.abstract) }}</p><br><br><!--abstract-->#}
 
     <p class="card-text bp">-hightlights<br></p><p>&nbsp;{{ article.highlight }}</p><br><br><!--highlights-->
 
@@ -145,7 +145,7 @@ <h2 class="card-title">{{ article.title }}</h2><!--title-->
     <div class="card">
         <div class="card-body">
             <p><a href="/author/{{ comment.author.id }}">{{ Tool.email_display_filter(comment.author.mail) }}</a></p><br>
-            <p>{{ Tool.sensitive_words_filter(comment.body) }}</p><br>
+{#            <p>{{ Tool.sensitive_words_filter(comment.body) }}</p><br>#}
             <p class="text-primary pp"  onclick="clike({{ comment.id }})">like</p> <p id='cl{{ comment.id }}'>{{ comment.upvote }}</p>
             <p class="text-primary pp" onclick="cdislike({{ comment.id }})">dislike</p> <p id='cd{{ comment.id }}'>{{ comment.downvote }}</p>
             <p  style="float:right" >{{ comment.time.strftime("%Y-%m-%d %H:%M") }}</p>

diff --git a/templates/author.html b/templates/author.html
@@ -78,7 +78,7 @@ <h4 class="card-title">{{ Tool.email_display_filter(author.mail) }}</h4>
     {% for comment in comments %}
       <tr>
           <td><a href="/article/{{ comment.article.id }}">{{ comment.article.title }}</a></td>
-          <td>{{ Tool.sensitive_words_filter(comment.body) }}</td>
+{#          <td>{{ Tool.sensitive_words_filter(comment.body) }}</td>#}
         <td>{{ comment.time.strftime("%Y-%m-%d %H:%M") }}</td>
         <td>{{ comment.upvote }}</td>
               <td>{{ comment.downvote }}</td>

diff --git a/templates/search.html b/templates/search.html
@@ -45,7 +45,7 @@
         {% for comment in comments %}
         <tr>
             <td><a href="/article/{{ comment.article_id }}">{{ comment.article.title }}</a></td>
-            <td>{{ Tool.sensitive_words_filter(comment.body) }}</td>
+{#            <td>{{ Tool.sensitive_words_filter(comment.body) }}</td>#}
             <td>{{ comment.time.strftime("%Y-%m-%d %H:%M") }}</td>
             <td><a href="/author/{{ comment.author_id }}">{{ Tool.email_display_filter(comment.author.mail) }}</a></td>
         </tr>