六十二:CSRF攻击与防御之系统准备之注册功能

时间:2019-11-14
本文章向大家介绍六十二:CSRF攻击与防御之系统准备之注册功能,主要包括六十二:CSRF攻击与防御之系统准备之注册功能使用实例、应用技巧、基本知识点总结和需要注意事项,具有一定的参考价值,需要的朋友可以参考一下。

CSRF攻击原理:

数据库信息

SQLALCHEMY_DATABASE_URI = 'mysql+pymysql://root:123456@127.0.0.1:3306/test'
SQLALCHEMY_TRACK_MODIFICATIONS = False

创建模型:

from flask_sqlalchemy import SQLAlchemy

db = SQLAlchemy()
from exts import db


class User(db.Model):
    __tablename__ = 'user'
    id = db.Column(db.Integer, primary_key=True)  # int类型的主键,SQLAlchemy会自动设为自增
    email = db.Column(db.String(50), nullable=False)
    username = db.Column(db.String(50), nullable=False)
    password = db.Column(db.String(50), nullable=False)
    deposit = db.Column(db.Float, default=0)

主入口

from flask import Flask
from exts import db
import config

app = Flask(__name__)
app.config.from_object(config)
db.init_app(app)

if __name__ == '__main__':
    app.run(debug=True)

manager

from flask_script import Manager
from app import app
from exts import db
from flask_migrate import Migrate, MigrateCommand
from models import User  # 在此导入模型

manager = Manager(app)
Migrate(app, db)
manager.add_command('db', MigrateCommand)

if __name__ == '__main__':
    manager.run()

初始化:python manager.py db init

生成迁移脚本:python manager.py db migrate

把迁移脚本映射到数据库:python manager.py db migrate

form验证

from wtforms import Form, StringField, FloatField
from wtforms.validators import Email, Length, EqualTo, InputRequired


class RegistForm(Form):
    email = StringField(validators=[Email(message='邮箱格式错误')])
    username = StringField(validators=[Length(3, 20, message='用户名长度3~20位')])
    password = StringField(validators=[Length(3, 20, message='用户名长度3~20位')])
    check_password = StringField(validators=[EqualTo('password', message='两次密码不一致')])
    deposit = FloatField(validators=[InputRequired(message='设置余额')])

注册的视图

from flask import Flask, render_template, views, request
from forms import RegistForm
from exts import db
import config
from models import User

app = Flask(__name__)
app.config.from_object(config)
db.init_app(app)


@app.route('/')
def index():
    return render_template('index.html')


class RegistView(views.MethodView):
    """ 注册视图 """

    def get(self):
        return render_template('regist.html')

    def post(self):
        form = RegistForm(request.form)
        if form.validate():
            email = form.email.data
            username = form.username.data
            password = form.password.data
            deposit = form.deposit.data
            user = User(email=email, username=username, password=password, deposit=deposit)
            db.session.add(user)
            db.session.commit()
            return '注册成功'
        else:
            return f'注册失败,错误如下:{form.errors}'


app.add_url_rule('/regist/', view_func=RegistView.as_view('regist'))

if __name__ == '__main__':
    app.run(debug=True)

index.html

<!DOCTYPE html>
<html lang="en">
<head>
    <meta charset="UTF-8">
    <title>银行首页</title>
</head>
<body>
    <h1>欢迎来到宇宙银行</h1>
    <ul>
        <li><a href="{{ url_for('regist') }}">去注册</a></li>
    </ul>
</body>
</html>

regist.html

<!DOCTYPE html>
<html lang="en">
<head>
    <meta charset="UTF-8">
    <title>注册页</title>
</head>
<body>
<form action="" method="post">
    <table>
        <tbody>
        <tr>
            <td>邮箱:</td>
            <td><input type="text" name="email"></td>
        </tr>
        <tr>
            <td>用户名:</td>
            <td><input type="text" name="username"></td>
        </tr>
        <tr>
            <td>密码:</td>
            <td><input type="text" name="password"></td>
        </tr>
        <tr>
            <td>确认密码:</td>
            <td><input type="text" name="check_password"></td>
        </tr>
        <tr>
            <td>设置余额:</td>
            <td><input type="text" name="deposit"></td>
        </tr>
        <tr>
            <td></td>
            <td><input type="submit" value="点击注册"></td>
        </tr>
        </tbody>
    </table>
</form>
</body>
</html>

注册两个用户

原文地址:https://www.cnblogs.com/zhongyehai/p/11862727.html

随机文章
本站知识点必读
最近更新