init

2025-12-08 14:31:21 +08:00
commit ad2c65affb
35 changed files with 3500 additions and 0 deletions
--- a/routes/auth.py
+++ b/routes/auth.py
@@ -0,0 +1,64 @@
+from flask import Blueprint, render_template, request, redirect, url_for, session, jsonify
+import sqlite3
+import hashlib
+import os
+
+auth_bp = Blueprint('auth', __name__)
+
+def get_db_connection():
+    conn = sqlite3.connect('pt_manager.db')
+    conn.row_factory = sqlite3.Row
+    return conn
+
+@auth_bp.route('/login', methods=['GET', 'POST'])
+def login():
+    if request.method == 'POST':
+        username = request.form['username']
+        password = request.form['password']
+        
+        conn = get_db_connection()
+        user = conn.execute('SELECT * FROM users WHERE username = ?', (username,)).fetchone()
+        conn.close()
+        
+        if user and user['password_hash'] == password:  # In production, use proper password hashing
+            session['user_id'] = user['id']
+            session['username'] = user['username']
+            session['role'] = user['role']
+            return redirect(url_for('main.index'))
+        else:
+            return render_template('auth/login.html', error='Invalid credentials')
+    
+    return render_template('auth/login.html')
+
+@auth_bp.route('/logout')
+def logout():
+    session.clear()
+    return redirect(url_for('auth.login'))
+
+@auth_bp.route('/change_password', methods=['GET', 'POST'])
+def change_password():
+    if 'user_id' not in session:
+        return redirect(url_for('auth.login'))
+    
+    if request.method == 'POST':
+        current_password = request.form['current_password']
+        new_password = request.form['new_password']
+        confirm_password = request.form['confirm_password']
+        
+        if new_password != confirm_password:
+            return render_template('auth/change_password.html', error='New passwords do not match')
+        
+        conn = get_db_connection()
+        user = conn.execute('SELECT * FROM users WHERE id = ?', (session['user_id'],)).fetchone()
+        
+        if user and user['password_hash'] == current_password:  # In production, use proper password hashing
+            conn.execute('UPDATE users SET password_hash = ? WHERE id = ?', 
+                         (new_password, session['user_id']))
+            conn.commit()
+            conn.close()
+            return redirect(url_for('main.index'))
+        else:
+            conn.close()
+            return render_template('auth/change_password.html', error='Current password is incorrect')
+    
+    return render_template('auth/change_password.html')