初步完成登录、注册、修改账号、主页内容

Project/func/config.py

@@ -0,0 +1,18 @@
+db = {
+    'host':'localhost', 
+    'user':'kejingfan', 
+    'password':'KJF2811879', 
+    'database':'TESTDB'
+}
+
+SECRET_KEY = 'ILOVEDATABASETECH'
+
+slideshow_images = [
+    {"link": "https://www.csair.com/mcms/mcms/SG/zh/2024/20240208_6/index-zh.html?lang=zh&country=sg&utm_campaign=2402gwstu&utm_source=gw&utm_channel=sg-lb", "src": "https://www.csair.com/mcms/20240321/3ee85acd463f481bb33f0d535a5814c6.jpg"},
+    {"link": "https://www.csair.com/mcms/mcms/SG/zh/2024/20240605_10/index_sg_cn.html?lang=zh&country=sg&utm_source=sg&utm_campaign=ZB001lydc&utm_channel=gw", "src": "https://www.csair.com/mcms/20240605/a553252769834188b0c76a9698292f27.jpg"},
+    {"link": "https://www.csair.com/mcms/mcms/SG/zh/2024/20240426_17/index_cn.html?lang=zh&country=sg&utm_source=sg&utm_campaign=ZB001znjp&utm_channel=gw", "src": "https://www.csair.com/mcms/20240321/820cd99c111849408b84c2b579086ef6.jpg"},
+    {"link": "https://www.csair.com/mcms/mcms/SG/zh/2024/20240524_2/index_cn.html?lang=zh&country=sg&country=my&utm_source=us&utm_campaign=ZB001nhzgx&utm_channel=gw", "src": "https://www.csair.com/mcms/20240321/61889331ca174670babd144bb064d398.jpg"},
+    {"link": "https://www.csair.com/mcms/mcms/SG/zh/2024/20240514_7/coupon.html?lang=zh&country=sg", "src": "https://www.csair.com/mcms/20240321/97e67c05291b4c64a8905e8a0c915d89.jpg"},
+    {"link": "#", "src": "https://www.csair.com/mcms/1026/43124f5d5124487f8d6678745ae42f57.jpg"},
+    {"link": "https://www.csair.com/mcms/mcms/SG/zh/2023/20231120_2/index_sg_cn.html?lang=zh&country=sg&utm_source=sg&utm_campaign=ZB001mq&utm_channel=gw", "src": "https://www.csair.com/mcms/1026/ea00e9cb9d9b43bea6497a6895c6d9e1.jpg"}
+]

Project/func/index.py

@@ -1,4 +1,15 @@
-from flask import render_template
+from flask import render_template, request, g, redirect, url_for, session
+from .config import slideshow_images
 
 def index():
-    return render_template("index.html")
+    if request.method == 'GET':
+        if not g.user:
+            return redirect(url_for("login"))
+        username = g.name
+        images = slideshow_images
+        return render_template('index.html', images=images, username=username)
+
+def logout():
+    session.clear()
+    session.pop('user_id', None)
+    return redirect(url_for('login'))

Project/func/login.py

@@ -0,0 +1,35 @@
+from flask import request, jsonify, session, url_for, render_template
+from .config import db, slideshow_images
+import pymysql
+
+
+def connect(mobileNo, encrypted_password):
+    conn = pymysql.connect(**db)
+    cursor = conn.cursor(pymysql.cursors.DictCursor)
+    args = (mobileNo, encrypted_password)
+    verify_sql = "SELECT Phone_number FROM Users WHERE Phone_number = %s AND `Password` = %s;"
+    cursor.execute(verify_sql, args)
+    user = cursor.fetchone()
+    cursor.close()
+    conn.close()
+    return user
+
+def login():
+    if request.method == 'GET':
+        images = slideshow_images
+        return render_template('login.html', images=images)
+
+    if request.method == 'POST':
+        session.pop('user_id', None)
+        mobileNo = request.json.get('username')
+        encrypted_password = request.json.get('password')
+        try:
+            user = connect(mobileNo, encrypted_password)
+            if not user:
+                return jsonify({'message': '用户不存在，请点击注册按钮注册'}), 401
+            session['user_id'] = mobileNo
+            session.modified = True
+            return jsonify({'redirect': url_for('index')})
+        except Exception as e:
+            print(e)
+            return jsonify({'message': '数据库错误，请稍后再试'}), 500

Project/func/modify.py

@@ -1,79 +1,127 @@
-from flask import render_template, request, flash, redirect, url_for
+from flask import render_template, request, flash, redirect, url_for, session
 from typing import Dict
-
+from pymysql.cursors import Cursor
 from .get_db import get_db
-from .verify_user import verify_user
 
+def get_current_user(cursor: Cursor, phone_number: str):
+    sql = "SELECT Username FROM Users WHERE Phone_number = %s"
+    cursor.execute(sql, (phone_number,))
+    return cursor.fetchone()
+
+def verify_user(cursor: Cursor, phone_number: str, password: str) -> str:
+    sql = """
+    SELECT Password FROM Users WHERE Phone_number = %s;
+    """
+    cursor.execute(sql, (phone_number,))
+    record = cursor.fetchone()
+    if not record:
+        return "NO_USER"
+    if record[0] != password:
+        return "WRONG_PASSWORD"
+    return "USER_VERIFIED"
 
 class ModifyInfo:
-    def __init__(self, form:Dict[str, str]):
-        self.id = form['cardCode']
+    def __init__(self, form: Dict[str, str], user_phone: str):
+        self.phone_number = user_phone
+        print(form)
         modifyType = form['modifyType']
-        self.new_password = form['encryptedNewPassword']
-        self.phone_number = form['mobileNo']
+        self.new_password = form.get('encryptedNewPassword', None)
+        self.new_phone_number = form.get('mobileNo', None)
+        self.new_username = form.get('username', None)
         modifyType2command = {
-            '1':'delete account',
-            '2':'modify Password',
-            '3':'modify Phone_Number'
+            '删除账户': 'delete account',
+            '修改密码': 'modify Password',
+            '修改手机号': 'modify Phone_Number',
+            '修改用户名': 'modify Username'
         }
         self.sql_dict = {
-            'delete account': 'DELETE FROM passengers WHERE ID = %s;',
-            'modify Password': 'UPDATE passengers SET `Password` = %s WHERE ID = %s;',
-            'modify Phone_Number': 'UPDATE passengers SET Phone_number = %s WHERE ID = %s;'
+            'delete account': 'DELETE FROM Users WHERE Phone_number = %s;',
+            'modify Password': 'UPDATE Users SET Password = %s WHERE Phone_number = %s;',
+            'modify Phone_Number': 'UPDATE Users SET Phone_number = %s WHERE Phone_number = %s;',
+            'modify Username': 'UPDATE Users SET Username = %s WHERE Phone_number = %s;'
         }
         self.sql_args_dict = {
-            'delete account': (self.id,),
-            'modify Password': (self.new_password, self.id),
-            'modify Phone_Number': (self.phone_number, self.id)
+            'delete account': (self.phone_number,),
+            'modify Password': (self.new_password, self.phone_number),
+            'modify Phone_Number': (self.new_phone_number, self.phone_number),
+            'modify Username': (self.new_username, self.phone_number)
         }
         self.ok_message_dict = {
             'delete account': "删除账户成功",
             'modify Password': "修改密码成功",
-            'modify Phone_Number': "修改手机号成功"
+            'modify Phone_Number': "修改手机号成功",
+            'modify Username': "修改用户名成功"
         }
         self.fail_message_dict = {
             'delete account': "数据库异常，删除账户失败",
             'modify Password': "数据库异常，修改密码失败",
-            'modify Phone_Number': "数据库异常，修改手机号失败"
+            'modify Phone_Number': "数据库异常，修改手机号失败",
+            'modify Username': "数据库异常，修改用户名失败"
         }
         self.command = modifyType2command[modifyType]
+
     def get_sql(self):
         return self.sql_dict[self.command]
+
     def get_args(self):
         return self.sql_args_dict[self.command]
+
     def get_ok_message(self):
         return self.ok_message_dict[self.command]
+
     def get_fail_message(self):
         return self.fail_message_dict[self.command]
 
 def modify():
     if request.method == 'GET':
-        return render_template('modify.html')
-    
+        user_phone = session.get('user_id')
+        db = get_db()
+        cursor = db.cursor()
+        current_user = get_current_user(cursor, user_phone)
+        if not current_user:
+            session.clear()
+            return redirect(url_for('login'))
+        return render_template('modify.html', current_user_phone=user_phone, current_username=current_user[0])
+
     if request.method == 'POST':
-        id = request.form['cardCode']
+        user_phone = session.get('user_id')
         password = request.form['encryptedPassword']
         db = get_db()
         cursor = db.cursor()
 
-        verify_info = verify_user(cursor, id, password)
-        if (verify_info == "NO_USER"):
-            flash("您未注册过，无法修改账号")
-            db.close()
-            return redirect(url_for('signup'))
-        elif (verify_info == "WRONG_PASSWORD"):
+        verify_info = verify_user(cursor, user_phone, password)
+        if verify_info == "NO_USER":
+            session.clear()
+            return redirect(url_for('login'))
+        elif verify_info == "WRONG_PASSWORD":
             flash("密码错误")
             db.close()
             return redirect(url_for('modify'))
 
-        modifyInfo = ModifyInfo(request.form)
+        modifyInfo = ModifyInfo(request.form, user_phone)
+
+        if modifyInfo.command == 'modify Phone_Number':
+            check_sql = "SELECT COUNT(*) FROM Users WHERE Phone_number = %s;"
+            cursor.execute(check_sql, (modifyInfo.new_phone_number,))
+            if cursor.fetchone()[0] > 0:
+                flash("手机号已存在，请使用其他手机号")
+                db.close()
+                return redirect(url_for('modify'))
+
         try:
             cursor.execute(modifyInfo.get_sql(), modifyInfo.get_args())
             db.commit()
             flash(modifyInfo.get_ok_message())
+            db.close()
+            if modifyInfo.command in ['modify Phone_Number', 'modify Password', 'delete account']:
+                session.clear()
+                session.pop("user_id", None)
+                return redirect(url_for('login'))
+            elif modifyInfo.command == 'modify Username':
+                return redirect(url_for('modify'))
         except Exception as e:
             db.rollback()
             print(e)
             flash(modifyInfo.get_fail_message())
-        db.close()
-        return redirect(url_for('index'))
+            db.close()
+            return redirect(url_for('modify'))

Project/func/signup.py

@@ -1,15 +1,38 @@
-from flask import render_template, request, flash, redirect, url_for
+from flask import render_template, request, redirect, url_for
 from .get_db import get_db
+import re
 
 def signup():
+    error_messages = {
+        'username': '',
+        'mobileNo': '',
+        'password': '',
+        'confirmPassword': ''
+    }
+
     if request.method == 'GET':
-        return render_template('signup.html')
+        return render_template('signup.html', errors=error_messages)
     
     if request.method == 'POST':
-        id = request.form['cardCode']
-        name = request.form['name']
+        username = request.form['username']
         phone_number = request.form['mobileNo']
         password = request.form['encryptedPassword']
+        confirm_password = request.form['encryptedConfirmPassword']
+
+        # Basic validation for phone number
+        if not re.match(r'^\d{11}$', phone_number):
+            error_messages['mobileNo'] = '手机号格式有误'
+
+        # Check password length after MD5 hash
+        if len(password) != 32:  # MD5 hash length is 32 characters
+            error_messages['password'] = '密码格式有误'
+
+        # Confirm password validation
+        if password != confirm_password:
+            error_messages['confirmPassword'] = '两次输入的密码不一致'
+
+        if any(error_messages.values()):
+            return render_template('signup.html', errors=error_messages)
 
         db = get_db()
         cursor = db.cursor()
@@ -17,32 +40,34 @@ def signup():
         # 检查已有用户
         sql = """
         SELECT COUNT(*) FROM Users \
-        WHERE ID = %s;
+        WHERE Phone_number = %s;
         """
         try:
-            cursor.execute(sql, (id,))
-            id_exist = cursor.fetchall()[0][0]
+            cursor.execute(sql, (phone_number,))
+            phone_exist = cursor.fetchall()[0][0]
         except Exception as e:
-            flash("数据库异常，查询失败")
+            error_messages['mobileNo'] = "数据库异常，查询失败"
             print(e)
-            return redirect(url_for('signup'))
-        if (id_exist != 0):
-            flash("您已注册过，请勿重复注册")
+            return render_template('signup.html', errors=error_messages)
+        
+        if phone_exist != 0:
+            error_messages['mobileNo'] = "该手机号已注册，请勿重复注册"
             db.close()
-            return redirect(url_for('index'))
+            return render_template('signup.html', errors=error_messages)
 
         # 插入
         sql = '''
-        INSERT INTO passengers (ID, `Name`, Phone_number, `Password`) \
-        VALUES (%s, %s, %s, %s); \
+        INSERT INTO Users (Phone_number, Username, `Password`) \
+        VALUES (%s, %s, %s); \
         '''
         try:
-            cursor.execute(sql, (id, name, phone_number, password))
+            cursor.execute(sql, (phone_number, username, password))
             db.commit()
-            flash("注册成功")
+            return redirect(url_for('index'))
         except Exception as e:
             db.rollback()
             print(e)
-            flash("数据库异常，注册失败")
-        db.close()
-        return redirect(url_for('index'))
+            error_messages['mobileNo'] = "数据库异常，注册失败"
+            return render_template('signup.html', errors=error_messages)
+        finally:
+            db.close()

Project/func/verify_user.py

@@ -1,35 +0,0 @@
-from flask import flash, redirect, url_for
-from pymysql.cursors import Cursor
-
-def verify_user(cursor:Cursor, id:str, password:str) -> str:
-    # 检查已有用户
-        sql = """
-        SELECT COUNT(*) FROM passengers \
-        WHERE ID = %s;
-        """
-        try:
-            cursor.execute(sql, (id,))
-            id_exist = cursor.fetchall()[0][0]
-        except Exception as e:
-            flash("数据库异常，查询失败")
-            print(e)
-            return redirect(url_for('signup'))
-        if (id_exist == 0):
-            return "NO_USER"
-        
-        # 检查密码
-        sql = """
-        SELECT `Password` FROM passengers \
-        WHERE ID = %s;
-        """
-        try:
-            cursor.execute(sql, (id,))
-            record_password = cursor.fetchall()[0][0]
-        except Exception as e:
-            flash("数据库异常，查询失败")
-            print(e)
-            return redirect(url_for('modify'))
-        if (record_password != password):
-            return "WRONG_PASSWORD"
-        
-        return "USER_VERIFIED"