1、安装flask_wtf
pip install flask_wtf
2、添加CSRF保护
修改fhuang_forum.py
from flask import Flask
from flask_wtf import CSRFProtect
from apps.cms import cms_blueprint
from apps.common import common_blueprint
from apps.front import front_blueprint
import config
from exts import db
def create_app():
app = Flask(__name__)
app.config.from_object(config)
app.register_blueprint(cms_blueprint)
app.register_blueprint(common_blueprint)
app.register_blueprint(front_blueprint)
db.init_app(app)
return app
if __name__ == "__main__":
app = create_app()
app.run()
CSRFProject(app)
修改templates\cms\cms_login.html
<!DOCTYPE html>
<html>
<head>
<meta charset="utf-8">
<meta http-equiv="X-UA-Compatible" content="IE=edge">
<meta name="viewport" content="width=device-width, initial=1">
<!-- 前面三个meta标签必须放在最前面! -->
<title>凤凰论坛 - CMS登录</title>
<link href="https://cdn.bootcss.com/bootstrap/3.3.7/css/bootstrap.min.css" rel="stylesheet">
<link href="{{ url_for('static', filename='cms/css/signin.css') }}" rel="stylesheet">
</head>
<body>
<div class="top-pannel">
<h2>凤凰论坛</h2>
<br>
<p>fhuang forum</p>
</div>
<div class="content">
<form class="form-signin">
<br><br><br><br><br><br><br><br><br><br><br>
<h2 class="form-signin-heading">请登录</h2>
<label for="inputEmail" class="sr-only">邮箱:</label>
<input type="email" id="inputEmail" class="form-control" name="email" placeholder="邮箱" required autofocus>
<label for="inputPassword" class="sr-only">密吗</label>
<input type="password" id="inputPassword" class="form-control" name="password" placeholder="密码" required>
<input type="hidden" name="csrf_token" value="{{ csrf_token() }}">
<div class="checkbox">
<label>
<input type="checkbox" value="1" name="remember"> 记住我
</label>
</div>
<button class="btn btn-lg btn-primary btn-block" type="submit">立即登录</button>
</form>
{% if message %}
<p style="text-align: center" class="text-danger">{{ message }}</p>
{% endif %}
</div>
</body>
</html>
3、修改密码界面
修改apps\cms\views.py
from flask import Blueprint, views, render_template, request, session, url_for, redirect
from .forms import LoginForm
from .models import CMSUser
from .decorators import login_required
cms_blueprint = Blueprint("cms", __name__, url_prefix="/cms")
@cms_blueprint.route("/")
@login_required
def index():
return render_template("cms/cms_index.html")
@cms_blueprint.route("/logout/")
@login_required
def logout():
del session[config.CMS_USER_ID]
return redirect(url_for("cms.login"))
@cms_blueprint.route("/profile/")
@login_required
def profile():
return render_template("cms/cms_profile.html")
class LoginView(views.MethodView):
def get(self, message=None):
return render_template("cms/cms_index.html", message=message)
def post(self):
form = LoginForm(request.form)
if form.validate():
email = form.email.data
password = form.password.data
remember = form.remember.data
user = CMSUser.query.filter_by(email=email).first()
if user and user.check_password(password):
session[config.CMS_USER_ID] = user.id
if remember:
session.permanent = True
return redirect(url_for("cms.index"))
else:
return self.get(message="用户名或密码错误")
else:
message = form.errors.popitem()[1][0]
return self.get(message=message)
class ResetPwdView(views.MethodView):
decorators = [login_required]
def get(self):
return render_template("cms/cms_resetpwd.html")
def post(self):
pass
cms_blueprint.add_url_rule("/login/", view_func=LoginView.as_view("login"))
修改templates\cms\cms_base.html
{% from "common/_macros.html" import static %}
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="UTF-8">
<title>凤凰论坛 - CMS个人中心</title>
<link rel="stylesheet" href="{{ static('cms/css/signin.css') }}">
<link rel="stylesheet" href="https://cdn.staticfile.org/foundation/5.5.3/css/foundation.min.css">
<script src="https://cdn.staticfile.org/jquery/2.1.1/jquery.min.js"></script>
<script src="https://cdn.staticfile.org/foundation/5.5.3/js/foundation.min.js"></script>
<script src="https://cdn.staticfile.org/foundation/5.5.3/js/vendor/modernizr.js"></script>
</head>
<body>
<div class="top-pannel">
<h2 style="color:#eee">凤凰论坛 - {{ g.cms_user.username }}论坛管理后台</h2>
<br>
<p>fhuang forum</p>
</div>
<br><br><br><br><br><br>
<div class="row" style="float:left;">
<div class="medium-4 columns" style="background-color: #444;">
<ul class="side-nav">
<li class="active"><a href="#">首页</a></li>
<li><a href="#">个人中心</a></li>
<li><a href="#"> 个人信息</a></li>
<li><a href="{{ url_for('cms.resetpwd') }}"> 修改密码</a></li>
<li><a href="#"> 修改邮箱</a></li>
<li><a href="{{ url_for("cms.logout") }}"> 注销</a></li>
<li><a href="#">帖子管理</a></li>
<li><a href="#">评论管理</a></li>
<li><a href="#">板块管理</a></li>
<li><a href="#">用户管理</a></li>
<li><a href="#">CMS用户管理</a></li>
<li><a href="#">CMS组管理</a></li>
</ul>
</div>
<div class="medium-8 columns">
<h1>{% block page_title %}{% endblock %}</h1>
<hr>
{% block main_content %}{% endblock %}
</div>
</div>
</body>
</html>
在templates\cms\里新建cms_resetpwd.html
{% extends "cms/cms_base.html" %}
{% block title %}
修改密码
{% endblock %}
{% block page_title %}
{{ self.title() }}
{% endblock %}
{% block head %}
{% endblock %}
{% block main_content %}
<form method="post">
<div class="form-container">
<div class="form-group">
<div class="input-group">
<span class="input-group-addon">旧密码</span>
<input type="password" class="form-control" name="oldpwd" placeholder="请输入旧密码">
</div>
</div>
<div class="form-group">
<div class="input-group">
<span class="input-group-addon">新密码</span>
<input type="password" class="form-control" name="newpwd" placeholder="请输入新密码">
</div>
</div>
<div class="form-group">
<div class="input-group">
<span class="input-group-addon">确认新密码</span>
<input type="password" class="form-control" name="newpwd2" placeholder="请确认新密码">
</div>
</div>
<div class="form-group">
<button class="btn btn-primary">立即保存</button>
</div>
</div>
</form>
{% endblock %}