Python-flask实现登陆密码加密/验证
由于对密码要进行加密,并且不期望被外界调用,所以,将密码设置为私有属性,利用@property和@password.setter设置两发方法为属性,以便外界调用(加密后,非明文)
class User(db.Model):
__tablename__ = 'user'
id = db.Column(db.Integer, primary_key=True)
username = db.Column(db.String(15), nullable=False)
_password = db.Column(db.String(128))
# 设置访问密码的方法,并用装饰器@property设置为属性,调用时不用加括号
@property
def password(self):
return self._password
# 设置加密的方法,传入密码,对类属性进行操作
@password.setter
def password(self, value):
self._password = generate_password_hash(value)
# 设置验证密码的方法
def check_password(self, user_pad):
return check_password_hash(self._password, user_pad)
上述代码实现了主要功能。需要添加用户时,直接实例化User对象并且传入参数即可。
完整代码如下
#!/usr/bin/env python
# -*- coding: utf-8 -*-
# @Author: shuaigeek
# @Date : 2020/6/25
from flask import Flask, render_template, redirect, url_for, request, flash
from flask_sqlalchemy import SQLAlchemy
from flask_wtf import FlaskForm
from werkzeug.security import generate_password_hash, check_password_hash
app = Flask(__name__)
app.config['SQLALCHEMY_DATABASE_URI'] = 'mysql+pymysql://用户名:密码@127.0.0.1/数据表名'
app.config['SQLALCHEMY_TRACK_MODIFICATIONS'] = False
app.config['SECRET_KEY'] = 'geeksecretkey'
db = SQLAlchemy(app)
class User(db.Model):
__tablename__ = 'user'
id = db.Column(db.Integer, primary_key=True)
username = db.Column(db.String(15), nullable=False)
_password = db.Column(db.String(128))
@property
def password(self):
return self._password
@password.setter
def password(self, value):
self._password = generate_password_hash(value)
def check_password(self, user_pad):
return check_password_hash(self._password, user_pad)
@app.route('/', methods=['POST', 'GET'])
def index():
if request.method == 'POST':
un = request.form['username']
pd = request.form['password']
user = User(username=un, password=pd)
db.session.add(user)
db.session.commit()
return '注册成功'
return """
<form method="post">
<input type="hidden" name="csrf_token"><br>
username:<input type="text" name="username"><br><br>
password:<input type="text" name="password"><br><br>
<input type="submit" value="注册">
</form>
"""
@app.route('/login/', methods=['POST', 'GET'])
def login():
if request.method == 'POST':
name = request.form['username']
pawd = request.form['password']
user = User.query.filter_by(username=name).first()
if user:
if user.check_password(pawd):
return '登陆成功'
else:
return '登陆失败'
return '用户不存在'
return """
<form method="post">
<input type="hidden" name="csrf_token"><br>
username:<input type="text" name="username"><br><br>
password:<input type="text" name="password"><br><br>
<input type="submit" value="登陆">
</form>
"""
if __name__ == '__main__':
db.drop_all()
db.create_all()
app.run(debug=True)