我正在我的网站上实现一个管理页面,但即使我输入正确的凭据,它仍然显示“无法访问”
app.py:
@app.route('/login')
def login():
return render_template('login.html', incorrect=False)
@app.route('/login', methods=['POST'])
def login_post():
creds = dict(request.form)
if creds['username'] == USERNAME and creds['password'] == PASSWORD:
return redirect(url_for('admin', authenticated=1))
else:
return render_template('login.html', incorrect=True)
@app.route('/admin')
def admin(authenticated=0):
conn = sqlite3.connect('articles.db')
cur = conn.cursor()
cur.execute("SELECT * FROM PENDING")
articles = cur.fetchall()
#print(articles)
conn.close()
return render_template('admin.html', authenticated=authenticated, articles=articles)
注意:凭据均为 admin(在 .env 文件中设置)
登录.html:
{% extends "base.html" %}
{% block title %}Login{% endblock %}
{% block content %}
<div class="write container py-3 mx-auto bg-muted text-white" style="width: 60vw;">
<h1 action="{{ url_for('write_post') }}" data-aos="fade-up">Admin Login</h1>
{% if incorrect %}
<div class="alert alert-danger alert-dismissible">
<button type="button" class="btn-close" data-bs-dismiss="alert"></button>
<strong>Incorrect Credentials</strong> Please try again.
</div>
{% endif %}
<form method="POST" enctype=multipart/form-data>
<label data-aos="fade-up" data-aos-delay="50" for="username">Username:</label><br>
<input data-aos="fade-up" data-aos-delay="100" required maxlength="255" id="username" name="username"><br><br>
<label data-aos="fade-up" data-aos-delay="150" for="password">Password:</label><br>
<input data-aos="fade-up" data-aos-delay="200" required maxlength="255" id="password" name="password"><br><br>
<input data-aos="fade-up" data-aos-delay="450" class="btn btn-success" type="submit">
</form>
</div>
{% endblock %}
admin.html:
{% extends "base.html" %}
{% block title %}Admin{% endblock %}
{% block content %}
{% if authenticated %}
<div data-aos="fade-down" class=".container p-5 bg-muted text-white">
<h1>Articles pending review: </h1>
</div>
{% else %}
<div data-aos="fade-down" class=".container p-5 bg-muted text-white">
<h1>No Access</h1>
<p>You are not logged in!</p>
</div>
{% endif %}
{% endblock %}
在 app.py 中,即使我通过了 1,admin.html 中的
if authenticatedflask run --debug --port 5001您正在将经过身份验证的参数传递给管理路由。当您从 login_post 函数重定向时,您没有正确传递经过身份验证的参数。
在您的login_post函数中,成功登录后重定向到管理路由时,您需要将经过身份验证的参数作为URL查询字符串的一部分传递。具体方法如下:
from flask import request, redirect, url_for
@app.route('/login', methods=['POST'])
def login_post():
creds = dict(request.form)
if creds['username'] == USERNAME and creds['password'] == PASSWORD:
return redirect(url_for('admin', authenticated=1)) # Passing authenticated=1
else:
return render_template('login.html', incorrect=True)
这样,登录成功后,会重定向到管理页面,认证参数设置为1。
此外,您似乎在管理路由中使用默认参数进行身份验证。这不是必需的,因为您已经显式传递了它。您可以修改您的管理路线:
@app.route('/admin')
def admin():
authenticated = request.args.get('authenticated', default=0, type=int)
if authenticated:
conn = sqlite3.connect('articles.db')
cur = conn.cursor()
cur.execute("SELECT * FROM PENDING")
articles = cur.fetchall()
conn.close()
return render_template('admin.html', authenticated=authenticated, articles=articles)
else:
return render_template('admin.html', authenticated=authenticated)
这应该有效。