diff --git a/schema.sql b/schema.sql
index 935f81f..3a19b23 100644
--- a/schema.sql
+++ b/schema.sql
@@ -11,10 +11,10 @@ CREATE TABLE IF NOT EXISTS account (
created_date TIMESTAMP DEFAULT CURRENT_TIMESTAMP
);
-CREATE TABLE IF NOT EXISTS session (
+CREATE TABLE IF NOT EXISTS record (
id INT NOT NULL AUTO_INCREMENT PRIMARY KEY,
u_id INT NOT NULL REFERENCES account(id),
- slug VARCHAR(100) NOT NULL UNIQUE,
+ round VARCHAR(100) NOT NULL,
markdown MEDIUMTEXT NOT NULL,
published DATETIME NOT NULL,
updated TIMESTAMP NOT NULL,
diff --git a/src/net/web.py b/src/net/web.py
index 0f1e782..1f6b2f0 100644
--- a/src/net/web.py
+++ b/src/net/web.py
@@ -26,13 +26,16 @@ def executor(self) -> ThreadPoolExecutor:
def data_received(self, chunk):
pass
- # def on_finish(self):
+ def on_finish(self):
# self.session.flush()
+ pass
class WebHandler(BaseHandler):
# @tornado.web.authenticated
def get(self):
+ if not self.get_cookie("_csrf"):
+ self.set_cookie("_csrf", self.xsrf_token)
self.render('poker.html')
@@ -44,8 +47,9 @@ def get(self):
class RegHandler(BaseHandler):
- def get(self):
- email = self.get_argument('email')
+
+ def post(self):
+ email = self.get_argument('email', self.get_argument('username'))
account = self.db.get('SELECT * FROM account WHERE email="%s"', email)
if account:
raise tornado.web.HTTPError(400, "username already taken")
@@ -57,24 +61,28 @@ def get(self):
uid = self.db.insert('INSERT INTO account (email, username, password) VALUES ("%s", "%s", "%s")',
email, username, password)
- self.head('content-type', 'application/json')
+ self.set_secure_cookie("uid", str(account.get('id')))
self.write('ok')
-def auth_login(self):
- account = self.db.get('SELECT * FROM account WHERE email="%s"', self.get_argument('email'))
- password = self.get_argument("password")
- password = bcrypt.hashpw(password.encode('utf8'), account.get('password'))
+class LoginHandler(BaseHandler):
- if password == account.get('password'):
- self.set_secure_cookie("uid", str(account.get('id')))
- self.redirect(self.get_argument("next", "/"))
- return True
- return False
+ def post(self):
+ username = self.get_argument('email')
+ password = self.get_argument("password")
+ account = self.db.get('SELECT * FROM account WHERE email="%s"', self.get_argument('email'))
+ password = bcrypt.hashpw(password.encode('utf8'), account.get('password'))
+
+ self.head('content-type', 'application/json')
+ if password == account.get('password'):
+ self.set_secure_cookie("uid", str(account.get('id')))
+ self.redirect(self.get_argument("next", "/"))
-def auth_logout(self):
- uid = self.get_secure_cookie("uid")
- self.clear_cookie("uid")
- self.session.remove(int(uid))
- self.redirect(self.get_argument("next", "/"))
+class LoginoutHandler(BaseHandler):
+
+ def post(self):
+ uid = self.get_secure_cookie("uid")
+ self.clear_cookie("uid")
+ self.session.remove(int(uid))
+ self.redirect(self.get_argument("next", "/"))
diff --git a/src/static/js/boot.js b/src/static/js/boot.js
index 2a77f9f..9b0e183 100644
--- a/src/static/js/boot.js
+++ b/src/static/js/boot.js
@@ -1,10 +1,16 @@
-PG = {
+PG = {
score: 0,
music: null,
playerInfo: {},
orientated: false
};
+
+PG.getCookie = function(name) {
+ var r = document.cookie.match("\\b" + name + "=([^;]*)\\b");
+ return r ? r[1] : undefined;
+}
+
PG.PW = 90;
PG.PH = 120;
@@ -172,6 +178,7 @@ PG.Login = function (game) {
this.username = null;
this.password = null;
this.passwordAgain = null;
+ this.error = null;
};
PG.Login.prototype = {
@@ -188,26 +195,27 @@ PG.Login.prototype = {
// type: PhaserInput.InputType.password
};
this.game.add.plugin(PhaserInput.Plugin);
+
this.username = this.add.inputField((this.world.width-300)/2, this.world.height/2 - 130, style);
+
style.placeHolder = '密码';
this.password = this.add.inputField((this.world.width-300)/2, this.world.height/2 - 65, style);
+
style.placeHolder = '再次输入密码';
this.passwordAgain = this.add.inputField((this.world.width-300)/2, this.world.height/2, style);
+ var style = {font: "22px Arial", fill: "#f00", align: "center"};
+ this.error = this.add.text(this.world.width/2, this.world.height/2 + 20, '', style);
+
var login = this.add.button(this.world.width/2, this.world.height * 3/4, 'btn', this.onLogin, this, 'register.png', 'register.png', 'register.png');
login.anchor.set(0.5);
},
onLogin: function () {
- var req = {
- email: this.username.value,
- username: this.username.value,
- password: this.password.value,
- password_again: this.passwordAgain.value
- };
- if (!req['username']) { alert('请输入用户名'); }
- if (!req['password']) { alert('请输入密码'); }
- if (!req['password_again']) { alert('请再次输入密码'); }
+ if (!this.username.value) { this.username.startFocus(); return; }
+ if (!this.password.value) { this.password.startFocus(); return; }
+ if (!this.passwordAgain.value) { this.passwordAgain.startFocus(); return; }
+ if (this.password.value != this.passwordAgain.value) { this.error.text="两次输入的密码不一致"; return; }
var httpRequest = new XMLHttpRequest();
httpRequest.onreadystatechange = function(){
@@ -217,18 +225,15 @@ PG.Login.prototype = {
console.log(httpRequest.responseText);
} else {
console.log('Error:' + httpRequest.status);
- alert(httpRequest.responseText);
+ this.error.text = httpRequest.responseText;
}
}
};
httpRequest.open('POST', '/reg', true);
httpRequest.setRequestHeader('Content-Type', 'application/x-www-form-urlencoded');
- httpRequest.send(JSON.stringify(req) + '&_xsrf=' + this.getCookie("_xsrf"));
- },
-
- getCookie: function(name) {
- var r = document.cookie.match("\\b" + name + "=([^;]*)\\b");
- return r ? r[1] : undefined;
- }
+ httpRequest.setRequestHeader('X-Csrftoken', PG.getCookie("_xsrf"))
+ var req = 'username=' + encodeURIComponent(this.username.value) + '&password=' + encodeURIComponent(this.password.value);
+ httpRequest.send(req);
+ }
};
diff --git a/src/static/poker.html b/src/static/poker.html
index 13d5ab0..5e55a21 100644
--- a/src/static/poker.html
+++ b/src/static/poker.html
@@ -18,6 +18,7 @@
+{% module xsrf_form_html() %}