本次将学习如何编写一个登录接口小程序。
具体的需求
实现一个登录接口,用户输入账户密码即可看到欢迎语句,当三次输入密码错误时,则该帐号被锁定。
锁定的意义是,下次使用该账户登录时,将无法成功登录。
思路
因为需求有次数限制,所以需要有一个计数变量,同时可能还需要用到while和if语句。
需求提到被锁定的帐号在程序下一次启动时仍然记住,众所周知,python有内存回收机制,程序在结束之后,所有列表、变量会从内存中抹去,这就需要有一个文件来存放这些被锁定的帐号。
我们需要使用python的open方法来写入文件,可以将锁定帐号写入文件,可以命名为blacklist.txt之类的。
blacklist=open("blacklist.txt","w")
此外,需求还需要实现多用户的登录操作,这就需要我们建立一个用户密码的文件,可以命名为admin.txt,每次登录需要从里面校验用户名密码是否正确。
passwd=open("admin.txt","r")
程序逻辑
我们接下来通过流程图来把整个过程先梳理一遍:
login_port.png
实现
因为涉及到用户密码读取,用户名和用户密码的一个对应。
拉入黑名单需要涉及文件写入的操作,有点复杂。
可以先用list列表把问题简单化。
所以我先用列表代替文件,密码先只有一个,写死的。
初步实现
#owner:houyizhong
#version:demo
admin_name=["houyizhong","test"]
admin_passwd="137010116"
blacklist=["test"]
count = 0
while count < 3:
username=input("Enter your username:")
passwd=input("Enter your password:")
if username not in admin_name:
print("Sorry,your account is not exist!")
continue
elif username in blacklist:
print ("Sorry you are in blacklist!")
exit()
else:
if passwd != admin_passwd:
print("Sorry,enter your password again!")
count += 1
else:
print("Welcome! {0}".format(username))
break
else:
print("Sorry you are in blacklist!")
blacklist.append(username)
exit()
运行这段代码,可以看到:
[root@houyizhong ~]# python login.py
Enter your username:houyizhong
Enter your password:137010116
Welcome! houyizhong
然后开始考虑实现文件的读取,写入操作。
最终实现代码:
# -*- coding:utf-8 -*-
#owner:houyizhong
#version1.0
#创建列表
admin_name=[]
admin_passwd=[]
blacklist=[]
#读取用户文件
passwd_file=open("admin.txt","r")
admin_list=passwd_file.readlines()
passwd_file.close()
#提取出用户名,密码,添加进列表
for i in range(len(admin_list)):
admin_parts=admin_list[i]
admin_passwd.append(admin_parts.strip())
admin_part=admin_parts.split(":")
admin_name.append(admin_part[0])
#读取黑名单文件
blacklist_file=open("blacklist.txt","r")
blacklist_raw=blacklist_file.readlines()
blacklist_file.close()
#提取黑名单用户名
for i in range(len(blacklist_raw)):
blacklist_value=blacklist_raw[i]
blacklist.append(blacklist_value.strip())
count = 0
while count < 3:
username=input("Enter your username:")
passwd=input("Enter your password:")
if username not in admin_name:
print("Sorry,your account is not exist!")
continue
elif username in blacklist:
print ("Sorry you are in blacklist!")
exit()
else:
if ("{0}:{1}".format(username,passwd)) not in admin_passwd:
print("Sorry,enter your password again!")
count += 1
else:
print("Welcome! {0}".format(username))
break
else:
print("Sorry you are in blacklist!")
blacklist_file=open("blacklist.txt","a")
blacklist_file.write("{0}\n".format(username))
blacklist_file.close()
exit()
改进
当然这样还不完美,还有一个小漏洞,就是这种判断锁定的是第三次用户输错时的账户,如果有人连续输错两次密码,再第三次输入别人的账户,故意输错,就会导致别人的账户被锁定,存在恶意攻击的漏洞,请看如下演示:
[root@houyizhong pythonprobe]# python login.py
Enter your username:houyizhong
Enter your password:11111
Sorry,enter your password again!
Enter your username:houyizhong
Enter your password:11111
Sorry,enter your password again!
Enter your username:root
Enter your password:1111
Sorry,enter your password again!
Sorry you are in blacklist!
[root@houyizhong pythonprobe]# cat blacklist.txt
root
修正了一下之后,代码是这样的,加了一个while判断,同时把输入密码的操作放在第二个循环里,这样就避免了恶意锁定别人的账户:
# -*- coding:utf-8 -*-
#owner:houyizhong
#version2.0
#创建列表
admin_name=[]
admin_passwd=[]
blacklist=[]
#读取用户文件
passwd_file=open("admin.txt","r")
admin_list=passwd_file.readlines()
passwd_file.close()
#提取出用户名,密码,添加进列表
for i in range(len(admin_list)):
admin_parts=admin_list[i]
admin_passwd.append(admin_parts.strip())
admin_part=admin_parts.split(":")
admin_name.append(admin_part[0])
#读取黑名单文件
blacklist_file=open("blacklist.txt","r")
blacklist_raw=blacklist_file.readlines()
blacklist_file.close()
#提取黑名单用户名
for i in range(len(blacklist_raw)):
blacklist_value=blacklist_raw[i]
blacklist.append(blacklist_value.strip())
count = 0
while count < 3:
username=input("Enter your username:")
if username not in admin_name:
print("Sorry,your account is not exist!")
continue
elif username in blacklist:
print ("Sorry you are in blacklist!")
else:
pass
while count < 3:
passwd=input("Enter your password:")
if ("{0}:{1}".format(username,passwd)) not in admin_passwd:
print("Sorry,enter your password again!")
count += 1
else:
print("Welcome! {0}".format(username))
exit()
else:
print("Sorry you are in blacklist!")
blacklist_file=open("blacklist.txt","a")
blacklist_file.write("{0}\n".format(username))
blacklist_file.close()
exit()
基本部分完成之后,我们再对程序优化下,目前输入密码是明文的,我们可以用getpass模块来解决这个问题,优化的代码示例如下:
# -*- coding:utf-8 -*-
#owner:houyizhong
#version2.0
import getpass
#创建列表
admin_name=[]
admin_passwd=[]
blacklist=[]
#读取用户文件
passwd_file=open("admin.txt","r")
admin_list=passwd_file.readlines()
passwd_file.close()
#提取出用户名,密码,添加进列表
for i in range(len(admin_list)):
admin_parts=admin_list[i]
admin_passwd.append(admin_parts.strip())
admin_part=admin_parts.split(":")
admin_name.append(admin_part[0])
#读取黑名单文件
blacklist_file=open("blacklist.txt","r")
blacklist_raw=blacklist_file.readlines()
blacklist_file.close()
#提取黑名单用户名
for i in range(len(blacklist_raw)):
blacklist_value=blacklist_raw[i]
blacklist.append(blacklist_value.strip())
count = 0
while count < 3:
username=input("Enter your username:")
if username not in admin_name:
print("Sorry,your account is not exist!")
continue
elif username in blacklist:
print ("Sorry you are in blacklist!")
else:
pass
while count < 3:
passwd=getpass.getpass("Enter your password:")
if ("{0}:{1}".format(username,passwd)) not in admin_passwd:
print("Sorry,enter your password again!")
count += 1
else:
print("Welcome! {0}".format(username))
exit()
else:
print("Sorry you are in blacklist!")
blacklist_file=open("blacklist.txt","a")
blacklist_file.write("{0}\n".format(username))
blacklist_file.close()
exit()
到目前为止,一个用列表和while,if语句判断的登陆小程序就算完成了。
现在看来用列表来装这些用户名密码什么的还是挺复杂的,要是用字典就更好了,另外写入黑名单的操作可以做成def函数,这样看起来更清晰,还可以重复调用,效率更高。
字典
将源程序中的列表做成字典的形式,用户名对应密码,结构更清晰。可以利用字典 dict[username]=passwd 把用户名的密码存放,用dict[username]调用对应用户的密码,同时加入了一个old_name的变量,用来判断上一次输入的username是否和这一次的一样,不一样则计数变量count重新开始计算。
实现代码:
#-*- coding:utf-8 -*-
#version3.0
#owner:houyizhong
#create the list and dict
#admin_name=[]
admin_passwd={}
blacklist=[]
#read admin file
admin_file=open("admin.txt","r")
admin_list=admin_file.readlines()
admin_file.close()
#read admin username and password
for i in range(len(admin_list)):
admin_parts=admin_list[i]
admin_raw=admin_parts.strip()
admin_part=admin_raw.split(':')
name=admin_part[0]
passwd=admin_part[1]
admin_passwd[name]=passwd
print(admin_passwd)
#read blacklist file
blacklist_file=open("blacklist.txt","r")
blacklist_raw=blacklist_file.readlines()
blacklist_file.close()
#read blacklist username
for i in range(len(blacklist_raw)):
blacklist_value=blacklist_raw[i]
blacklist.append(blacklist_value.strip())
count = 0
old_name=""
while count < 3:
username=input("username:")
if username != old_name:
count = 0
passwd=input("passwd:")
old_name=username
if username not in admin_passwd:
print ("Sorry ,you account is not exist!")
continue
elif username in blacklist:
print ("Sorry ,you are in the blacklist!")
exit()
else:
if passwd != admin_passwd[username]:
count += 1
print("Sorry,you password is wrong.")
else:
print ("Welcome!{0}".format(username))
break
else:
print ("You are in blacklist now!")
blacklist_file=open("blacklist.txt","a")
blacklist_file.write("{0}\n".format(username))
blacklist_file.close()
exit()
实现效果:
[houyizhong@localhost py]$ python login.py
username:test
passwd:
Sorry,you password is wrong.
username:test
passwd:
Sorry,you password is wrong.
username:root
passwd:
Sorry,you password is wrong.
username:root
passwd:
Welcome!root
好了,大功告成了,这一阶段的学习就到这里啦~