用python web框架 bottle 开发网站(五)
2018-04-18 本文已影响226人
firewt
编写加密函数,存储敏感用户信息
安装使用bcrypt库:pip install bcrypt
生成一个固定的Salt
image.png
复制生成的固定的bin类型值(每次都不一样)
#user.py
from bcrypt import hashpw
SALT = b'$2b$10$8g62hrrYx4W11cQTuvi5ye'
def password_crypt(password):
password = password.encode()
cry_pwd = hashpw(password, SALT)
return cry_pwd.decode()
增加写入用户函数
def write_user(username, password):
fob = open('./userinfo.txt', 'a', encoding = 'utf-8')
fob.write(username + '=>' + password_crypt(password) + '\n')
fob.close()
return True
全部的user.py
import os
from bcrypt import hashpw
SALT = b'$2b$10$8g62hrrYx4W11cQTuvi5ye'
if not os.path.exists('./userinfo.txt'):
open('./userinfo.txt', 'w', encoding = 'utf-8').close()
def password_crypt(password):
password = password.encode()
cry_pwd = hashpw(password, SALT)
return cry_pwd.decode()
def read_user(username, password, nopwd = False):
userinfo = dict()
with open('./userinfo.txt', 'r', encoding = 'utf-8') as fob:
for line in fob.readlines():
uname = line.strip().split('=>')[0]
try:
pwd = line.strip().split('=>')[1]
userinfo[uname] = pwd
except:
print('\033[1;31;40m 严重:用户信息文件格式错误,系统无法运行 \033[0m')
exit(1)
if nopwd == True:
if username in userinfo:
return False
else:
return True
if userinfo.get(username,False) == password:
return True
return False
def write_user(username, password):
fob = open('./userinfo.txt', 'a', encoding = 'utf-8')
fob.write(username + '=>' + password_crypt(password) + '\n')
fob.close()
return True
修改main.py增加注册功能
from bottle import run,route,template,request,response
from user import read_user
from user import write_user
from user import password_crypt
@route('/login', method = 'GET')
def login_get():
username = request.get_cookie('username', secret = 'usafe')
password = request.get_cookie('password', secret = 'psafe')
if read_user(username, password):
return '你已经登录'
return template('login')
@route('/login', method = 'POST')
def login_post():
username = request.forms.get('username')
password = request.forms.get('password')
password = password_crypt(password)
if read_user(username, password):
response.set_cookie('username', username, secret = 'usafe', httponly = True, max_age = 600)
response.set_cookie('password', password, secret = 'psafe', httponly = True, max_age = 600)
return '登录成功'
return '账号密码错误'
@route('/register', method = 'GET')
def register_get():
return template('register')
@route('/register', method = 'POST')
def register_post():
username = request.forms.get('username')
password = request.forms.get('password')
if read_user(username, password, nopwd = True):
write_user(username, password)
return 'success'
return 'register faild'
run(host = 'localhost', port = 80, debug = True, reloader = True)
用户注册后生成的密码:
image.png
cookie中的密码:
image.png
下一步我们把用户的post数据在浏览器加密,然后后端再做一次加密,实际部署中,建议使用HTTPS证书
