Bennett/Arcaea-server
1
0
Fork 0
mirror of https://github.com/Lost-MSth/Arcaea-server.git synced 2026-02-12 19:17:26 +08:00
Code Issues Packages Projects Releases Wiki Activity

Waiting for updating and fix some bugs

Browse Source 
It will be released soon because lowiro will update in some days.
Fix many bugs and I forgot them. :<

I push this because there's a small but serious safety problem. It should be fixed immediately.

Oh, and this update needs you to login in arcaea again because a new function is added.
This commit is contained in:
Lost-MSth
2021-02-08 14:45:10 +08:00
parent c6bb4c9afb
commit a890a9af4a
11 changed files with 563 additions and 574 deletions
Download Patch File Download Diff File Expand all files Collapse all files

934
latest version/web/index.py
View File

File diff suppressed because it is too large Load Diff

22
latest version/web/login.py
View File

@@ -2,7 +2,7 @@
from flask import (Blueprint, flash, g, redirect,
render_template, request, session, url_for)
import functools
import configparser
from setting import Config
bp = Blueprint('login', __name__, url_prefix='/web')
@@ -15,18 +15,12 @@ def login():
password = request.form['password']
error = None
config = configparser.ConfigParser()
path = r'setting.ini'
config.read(path, encoding="utf-8")
USERNAME = config.get('WEB', 'USERNAME')
PASSWORD = config.get('WEB', 'PASSWORD')
if username != USERNAME and password != PASSWORD:
if username != Config.USERNAME or password != Config.PASSWORD:
error = '错误的用户名或密码 Incorrect username or password.'
if error is None:
session.clear()
session['user_id'] = USERNAME + PASSWORD
session['user_id'] = Config.USERNAME + Config.PASSWORD
return redirect(url_for('index.index'))
flash(error)
@@ -48,16 +42,10 @@ def login_required(view):
def wrapped_view(**kwargs):
x = session.get('user_id')
config = configparser.ConfigParser()
path = r'setting.ini'
config.read(path, encoding="utf-8")
USERNAME = config.get('WEB', 'USERNAME')
PASSWORD = config.get('WEB', 'PASSWORD')
if x != USERNAME + PASSWORD:
if x != Config.USERNAME + Config.PASSWORD:
return redirect(url_for('login.login'))
g.user = {'user_id': x, 'username': USERNAME}
g.user = {'user_id': x, 'username': Config.USERNAME}
return view(**kwargs)
return wrapped_view