密码保护

1.更新User对象，设置对内的_password

2.编写对外的password

3.密码验证方法：

class User(db.Model):
    __tablename__ = 'user'
    id = db.Column(db.Integer, primary_key=True, autoincrement=True)
    username = db.Column(db.String(20), nullable=False)
    _password = db.Column(db.String(200), nullable=False)  # 内部使用
    nickname = db.Column(db.String(50))
    userphone = db.Column(db.String(20), nullable=False)

    @property
    def password(self):  # 外部使用
        return self.password

    @password.setter
    def password(self, row_password):
        self._password = generate_password_hash(row_password)

    def check_password(self, row_password):
        result = check_password_hash(self._password, row_password)
        return result

4.登录验证：

@app.route('/login/', methods=['GET', 'POST'])
def login():
    if request.method == 'GET':
        return render_template('dl.html')
    else:
        username = request.form.get('dlusername')
        password = request.form.get('dlpassword')
        user = User.query.filter(User.username == username).first()
        if user:
            if user.check_password(password):
                session['user'] = username
                session.permanent = True
                return redirect(url_for('base'))
            else:
                return '密码错误'
        else:
            return '用户不存在'