学习python之路--Day1:制作一个登录接口

本次将学习如何编写一个登录接口小程序。

具体的需求

实现一个登录接口,用户输入账户密码即可看到欢迎语句,当三次输入密码错误时,则该帐号被锁定。
锁定的意义是,下次使用该账户登录时,将无法成功登录。

思路

因为需求有次数限制,所以需要有一个计数变量,同时可能还需要用到whileif语句。
需求提到被锁定的帐号在程序下一次启动时仍然记住,众所周知,python有内存回收机制,程序在结束之后,所有列表、变量会从内存中抹去,这就需要有一个文件来存放这些被锁定的帐号。
我们需要使用python的open方法来写入文件,可以将锁定帐号写入文件,可以命名为blacklist.txt之类的。

blacklist=open("blacklist.txt","w")

此外,需求还需要实现多用户的登录操作,这就需要我们建立一个用户密码的文件,可以命名为admin.txt,每次登录需要从里面校验用户名密码是否正确。

passwd=open("admin.txt","r")

程序逻辑

我们接下来通过流程图来把整个过程先梳理一遍:

学习python之路--Day1:制作一个登录接口_第1张图片
login_port.png

实现

因为涉及到用户密码读取,用户名和用户密码的一个对应。
拉入黑名单需要涉及文件写入的操作,有点复杂。
可以先用list列表把问题简单化。
所以我先用列表代替文件,密码先只有一个,写死的。

初步实现

#owner:houyizhong
#version:demo

admin_name=["houyizhong","test"]
admin_passwd="137010116"
blacklist=["test"]

count = 0
while count < 3:
        username=input("Enter your username:")
        passwd=input("Enter your password:")
        if username not in admin_name:
                print("Sorry,your account is not exist!")
                continue
        elif username in blacklist:
                print ("Sorry you are in blacklist!")
                exit()
        else:
                if passwd != admin_passwd:
                        print("Sorry,enter your password again!")
                        count += 1
                else:
                        print("Welcome! {0}".format(username))
                        break
else:
        print("Sorry you are in blacklist!")
        blacklist.append(username)
        exit()

运行这段代码,可以看到:

[root@houyizhong ~]# python login.py 
Enter your username:houyizhong
Enter your password:137010116
Welcome! houyizhong

然后开始考虑实现文件的读取,写入操作。
最终实现代码:

# -*- coding:utf-8 -*-
#owner:houyizhong
#version1.0

#创建列表
admin_name=[]
admin_passwd=[]
blacklist=[]

#读取用户文件
passwd_file=open("admin.txt","r")
admin_list=passwd_file.readlines()
passwd_file.close()

#提取出用户名,密码,添加进列表
for i in range(len(admin_list)):
        admin_parts=admin_list[i]
        admin_passwd.append(admin_parts.strip())
        admin_part=admin_parts.split(":")
        admin_name.append(admin_part[0])

#读取黑名单文件
blacklist_file=open("blacklist.txt","r")
blacklist_raw=blacklist_file.readlines()
blacklist_file.close()

#提取黑名单用户名
for i in range(len(blacklist_raw)):
        blacklist_value=blacklist_raw[i]
        blacklist.append(blacklist_value.strip())

count = 0

while count < 3:
        username=input("Enter your username:")
        passwd=input("Enter your password:")

        if username not in admin_name:
                print("Sorry,your account is not exist!")
                continue
        elif username in blacklist:
                print ("Sorry you are in blacklist!")
                exit()
        else:
                if ("{0}:{1}".format(username,passwd)) not in admin_passwd:
                        print("Sorry,enter your password again!")
                        count += 1
                else:
                        print("Welcome! {0}".format(username))
                        break
else:
        print("Sorry you are in blacklist!")
        blacklist_file=open("blacklist.txt","a")
        blacklist_file.write("{0}\n".format(username))
        blacklist_file.close()
        exit()

改进

当然这样还不完美,还有一个小漏洞,就是这种判断锁定的是第三次用户输错时的账户,如果有人连续输错两次密码,再第三次输入别人的账户,故意输错,就会导致别人的账户被锁定,存在恶意攻击的漏洞,请看如下演示:

[root@houyizhong pythonprobe]# python login.py
Enter your username:houyizhong
Enter your password:11111
Sorry,enter your password again!
Enter your username:houyizhong
Enter your password:11111
Sorry,enter your password again!
Enter your username:root
Enter your password:1111
Sorry,enter your password again!
Sorry you are in blacklist!
[root@houyizhong pythonprobe]# cat blacklist.txt
root

修正了一下之后,代码是这样的,加了一个while判断,同时把输入密码的操作放在第二个循环里,这样就避免了恶意锁定别人的账户:

# -*- coding:utf-8 -*-
#owner:houyizhong
#version2.0

#创建列表
admin_name=[]
admin_passwd=[]
blacklist=[]

#读取用户文件
passwd_file=open("admin.txt","r")
admin_list=passwd_file.readlines()
passwd_file.close()

#提取出用户名,密码,添加进列表
for i in range(len(admin_list)):
        admin_parts=admin_list[i]
        admin_passwd.append(admin_parts.strip())
        admin_part=admin_parts.split(":")
        admin_name.append(admin_part[0])

#读取黑名单文件
blacklist_file=open("blacklist.txt","r")
blacklist_raw=blacklist_file.readlines()
blacklist_file.close()

#提取黑名单用户名
for i in range(len(blacklist_raw)):
        blacklist_value=blacklist_raw[i]
        blacklist.append(blacklist_value.strip())

count = 0

while count < 3:
        username=input("Enter your username:")

        if username not in admin_name:
                print("Sorry,your account is not exist!")
                continue
        elif username in blacklist:
                print ("Sorry you are in blacklist!")
        else:
                pass

        while count < 3:
                passwd=input("Enter your password:")
                if ("{0}:{1}".format(username,passwd)) not in admin_passwd:
                        print("Sorry,enter your password again!")
                        count += 1
                else:
                        print("Welcome! {0}".format(username))
                        exit()

else:
        print("Sorry you are in blacklist!")
        blacklist_file=open("blacklist.txt","a")
        blacklist_file.write("{0}\n".format(username))
        blacklist_file.close()
        exit()

基本部分完成之后,我们再对程序优化下,目前输入密码是明文的,我们可以用getpass模块来解决这个问题,优化的代码示例如下:

# -*- coding:utf-8 -*-
#owner:houyizhong
#version2.0

import getpass

#创建列表
admin_name=[]
admin_passwd=[]
blacklist=[]

#读取用户文件
passwd_file=open("admin.txt","r")
admin_list=passwd_file.readlines()
passwd_file.close()

#提取出用户名,密码,添加进列表
for i in range(len(admin_list)):
        admin_parts=admin_list[i]
        admin_passwd.append(admin_parts.strip())
        admin_part=admin_parts.split(":")
        admin_name.append(admin_part[0])

#读取黑名单文件
blacklist_file=open("blacklist.txt","r")
blacklist_raw=blacklist_file.readlines()
blacklist_file.close()

#提取黑名单用户名
for i in range(len(blacklist_raw)):
        blacklist_value=blacklist_raw[i]
        blacklist.append(blacklist_value.strip())

count = 0

while count < 3:
        username=input("Enter your username:")

        if username not in admin_name:
                print("Sorry,your account is not exist!")
                continue
        elif username in blacklist:
                print ("Sorry you are in blacklist!")
        else:
                pass

        while count < 3:
                passwd=getpass.getpass("Enter your password:")
                if ("{0}:{1}".format(username,passwd)) not in admin_passwd:
                        print("Sorry,enter your password again!")
                        count += 1
                else:
                        print("Welcome! {0}".format(username))
                        exit()

else:
        print("Sorry you are in blacklist!")
        blacklist_file=open("blacklist.txt","a")
        blacklist_file.write("{0}\n".format(username))
        blacklist_file.close()
        exit()

到目前为止,一个用列表和whileif语句判断的登陆小程序就算完成了。

现在看来用列表来装这些用户名密码什么的还是挺复杂的,要是用字典就更好了,另外写入黑名单的操作可以做成def函数,这样看起来更清晰,还可以重复调用,效率更高。

字典

将源程序中的列表做成字典的形式,用户名对应密码,结构更清晰。可以利用字典 dict[username]=passwd 把用户名的密码存放,用dict[username]调用对应用户的密码,同时加入了一个old_name的变量,用来判断上一次输入的username是否和这一次的一样,不一样则计数变量count重新开始计算。
实现代码:

#-*- coding:utf-8 -*-
#version3.0
#owner:houyizhong

#create the list and dict
#admin_name=[]
admin_passwd={}
blacklist=[]

#read admin file
admin_file=open("admin.txt","r")
admin_list=admin_file.readlines()
admin_file.close()

#read admin username and password
for i in range(len(admin_list)):
    admin_parts=admin_list[i]
    admin_raw=admin_parts.strip()
    admin_part=admin_raw.split(':')
    name=admin_part[0]
    passwd=admin_part[1]
    admin_passwd[name]=passwd

print(admin_passwd)

#read blacklist file
blacklist_file=open("blacklist.txt","r")
blacklist_raw=blacklist_file.readlines()
blacklist_file.close()

#read blacklist username
for i in range(len(blacklist_raw)):
    blacklist_value=blacklist_raw[i]
    blacklist.append(blacklist_value.strip())

count = 0 
old_name=""

while count < 3:
    username=input("username:")
    if username != old_name:
        count = 0
    passwd=input("passwd:")
    old_name=username
    
    if username not in admin_passwd:
        print ("Sorry ,you account is not exist!")
        continue
    elif username in blacklist:
        print ("Sorry ,you are in the blacklist!")
        exit()
    else:
        if passwd != admin_passwd[username]:
            count += 1
            print("Sorry,you password is wrong.")
        else:
            print ("Welcome!{0}".format(username))
            break
else:
    print ("You are in blacklist now!")
    blacklist_file=open("blacklist.txt","a")
    blacklist_file.write("{0}\n".format(username))
    blacklist_file.close()
    exit()

实现效果:

[houyizhong@localhost py]$ python login.py 
username:test
passwd:
Sorry,you password is wrong.
username:test
passwd:
Sorry,you password is wrong.
username:root
passwd:
Sorry,you password is wrong.
username:root
passwd:
Welcome!root

好了,大功告成了,这一阶段的学习就到这里啦~

你可能感兴趣的:(学习python之路--Day1:制作一个登录接口)