试图在客户端登录时收集信息。该信息先前已输入数据库。我得到了除了email值之外的所有“1”,因为用户必须手动输入电子邮件,因此它必须在从我的表中检索数据时出错。我想我在Python代码中遗漏了一些东西。。。有什么想法吗?在
from content_management import Content
#form validations
from wtforms import Form, BooleanField, TextField, PasswordField, validators
#to encrypt the password
from passlib.hash import sha256_crypt
#for SQL injection
from MySQLdb import escape_string as thwart
import gc
from functools import wraps
from dbconnect import connection
TOPIC_DICT = Content()
app = Flask(__name__)
@app.route('/login/', methods=['GET','POST'])
def login_page():
error = ''
try:
c, conn = connection()
if request.method == "POST":
data = c.execute("SELECT * FROM clients WHERE email = (%s)", (thwart(request.form['email']),))
data = c.fetchone()[3]
if sha256_crypt.verify(request.form['password'], data):
email = request.form['email']
#grab all the clients info
clientcid = c.execute("SELECT cid FROM clients WHERE email = (%s)", (thwart(email),))
phone = c.execute("SELECT phone FROM clients WHERE email = (%s)", (thwart(email),))
rating = c.execute("SELECT rating FROM clients WHERE email = (%s)", (thwart(email),))
first_name = c.execute("SELECT first_name FROM cpersonals WHERE cid = (%s)", (clientcid,))
last_name = c.execute("SELECT last_name FROM cpersonals WHERE cid = (%s)", (clientcid,))
address = c.execute("SELECT address FROM cpersonals WHERE cid = (%s)", (clientcid,))
czip = c.execute("SELECT zip FROM cpersonals WHERE cid = (%s)", (clientcid,))
reg_date = c.execute("SELECT reg_date FROM cpersonals WHERE cid = (%s)", (clientcid,))
conn.commit()
c.close()
conn.close()
gc.collect()
session['logged_in'] = 'client'
session['clientcid'] = clientcid
session['email'] = email
session['phone'] = phone
session['rating'] = rating
session['first_name'] = first_name
session['last_name'] = last_name
session['address'] = address
session['czip'] = czip
session['reg_date'] = reg_date
flash("You are now logged in.")
return redirect(url_for("dashboard"))
else:
error = "Invalid credentials, try again."
gc.collect()
return render_template("login.html", error = error)
except Exception as e:
#flash(e)
error = "Invalid credentials, try again."
return render_template("login.html", error = error)
编辑:尝试了以下操作,但现在无法登录…
^{pr2}$EDIT2:与上一次编辑相同,即使电子邮件和密码正确,此代码也无法确认登录凭据。当我返回到我发布的第一个代码块时,它将确认登录(使用相同的凭据),但除了电子邮件之外,每个变量中仍有“1”。在
@app.route('/login/', methods=['GET','POST'])
def login_page():
error = ''
try:
c, conn = connection()
if request.method == "POST":
data = c.execute("SELECT * FROM clients WHERE email = (%s)", (thwart(request.form['email']),))
data = c.fetchone()[3]
password = request.form['password']
if password == data:
email = request.form['email']
#grab all the clients info
c.execute("SELECT * FROM clients WHERE email = (%s)", (thwart(email),))
clients_table = c.fetchall()
clientcid = clients_table[0]
phone = clients_table[1]
rating = clients_table[4]
conn.commit()
c.execute("SELECT * FROM cpersonals WHERE cid = (%s)", (clientcid,))
cpersonals_table = c.fetchall()
first_name = cpersonals_table[1]
last_name = cpersonals_table[2]
address = cpersonals_table[3]
czip = cpersonals_table[4]
reg_date = cpersonals_table[5]
conn.commit()
c.close()
conn.close()
session['logged_in'] = 'client'
session['clientcid'] = clientcid
session['email'] = email
session['phone'] = phone
session['rating'] = rating
session['first_name'] = first_name
session['last_name'] = last_name
session['address'] = address
session['czip'] = czip
session['reg_date'] = reg_date
flash("You are now logged in.")
return redirect(url_for("ask"))
else:
error = "Invalid credentials, try again."
return render_template("login.html", error = error)
except Exception as e:
#flash(e)
error = "Invalid credentials, try again."
return render_template("login.html", error = error)
目前没有回答
相关问题 更多 >
编程相关推荐