Django——自制登录系统（cookie）

预计实现网站用户注册、登录的功能

Django app中的url如下

urlpatterns = [
    url(r'^login/$', views.login, name='login'),
    url(r'^register/$', views.register, name='register'),
    url(r'^logout/$', views.logout, name='logout')
]
           

一、Model 用户模型

class User(models.Model):
    user_name=models.CharField(max_length=50)
    user_email=models.CharField(max_length=100)
    user_pass_hash=models.CharField(max_length=100)
           

二、表单

在form类中的clean_filename方法可以进行数据的验证，例如下面的

def clean_user_eamil():

排除两次密码不一致

也可以提前检查登录用户的信息是否存在

class LoginForm(forms.Form):
    user_email = forms.CharField(label="邮箱",max_length=)
    user_password = forms.CharField(label="密码",widget=forms.PasswordInput())

class RegisterForm(forms.Form):
    user_name=forms.CharField(label="用户名", max_length=)
    user_email = forms.EmailField(label="邮箱", max_length=,error_messages={'required':u'请填入邮箱'})
    user_password = forms.CharField(label="密码", widget=forms.PasswordInput())
    user_password2 = forms.CharField(label="重复密码", widget=forms.PasswordInput())

    def clean_user_password2(self):
        cleaned_data = super(RegisterForm, self).clean()
        user_password=cleaned_data['user_password']
        user_password2= cleaned_data['user_password2']
        if user_password2 != user_password:
            raise forms.ValidationError('两次密码不一致')
           

三、视图

注册register

1. 获取表单POST的值包含注册的email、username、password
2. 在数据库创建相应用户User.object.create()
3. 密码要避免明文存储
           

登录login

1.获取表单POST的值包含注册的email、password
2.与数据库的信息比较，验证password
3.创建cookie，使用django的set_cookie
4.其他页面可以通过浏览器请求的cookie，验证cookie，解析用户，判断登录状态
           

下面是自己实现的cookie2user，和setcookie方法

def setcookie(response, user_id, user_email, user_pass_hash, secret_key):
    s = '%s-%s-%s' % (user_email, user_pass_hash, secret_key)
    s = hashlib.sha1(s.encode()).hexdigest()
    L = ['UID:' + str(user_id), s]
    cookie = '-'.join(L)
    response.set_cookie('cookie_name', cookie, )
    return response
           

def cookie2user(cookie):
    try:
        uid = cookie.split('-')[].split(':')[]
        u = User.objects.filter(id=int(uid))[]
        s = '%s-%s-%s' % (u.user_email, u.user_pass_hash, SECRET_KEY)
        s = hashlib.sha1(s.encode()).hexdigest()
        if cookie.split('-')[] == s:
            user = u
        else:
            user = None
    except Exception:
        user = None
    return user
           

注销logout

删除cookie

response.delete_cookie('cookiename')

即可

login_required装饰器

使用了这个装饰器的view函数，如果处于登录状态，可以从kw[‘user’]获取到user

def loginrequired(func):
    def decofunc(request, **kw):
        cookie = request.COOKIES.get('algs', '')
        user = cookie2user(cookie)
        if user is not None:
            return func(request, user=user)
        else:
            return HttpResponseRedirect(reverse('authin:login'))
    return decofunc