预计实现网站用户注册、登录的功能
Django app中的url如下
urlpatterns = [
url(r'^login/$', views.login, name='login'),
url(r'^register/$', views.register, name='register'),
url(r'^logout/$', views.logout, name='logout')
]
一、Model 用户模型
class User(models.Model):
user_name=models.CharField(max_length=50)
user_email=models.CharField(max_length=100)
user_pass_hash=models.CharField(max_length=100)
二、表单
在form类中的clean_filename方法可以进行数据的验证,例如下面的
def clean_user_eamil():
排除两次密码不一致
也可以提前检查登录用户的信息是否存在
class LoginForm(forms.Form):
user_email = forms.CharField(label="邮箱",max_length=)
user_password = forms.CharField(label="密码",widget=forms.PasswordInput())
class RegisterForm(forms.Form):
user_name=forms.CharField(label="用户名", max_length=)
user_email = forms.EmailField(label="邮箱", max_length=,error_messages={'required':u'请填入邮箱'})
user_password = forms.CharField(label="密码", widget=forms.PasswordInput())
user_password2 = forms.CharField(label="重复密码", widget=forms.PasswordInput())
def clean_user_password2(self):
cleaned_data = super(RegisterForm, self).clean()
user_password=cleaned_data['user_password']
user_password2= cleaned_data['user_password2']
if user_password2 != user_password:
raise forms.ValidationError('两次密码不一致')
三、视图
注册register
1. 获取表单POST的值包含注册的email、username、password
2. 在数据库创建相应用户User.object.create()
3. 密码要避免明文存储
登录login
1.获取表单POST的值包含注册的email、password
2.与数据库的信息比较,验证password
3.创建cookie,使用django的set_cookie
4.其他页面可以通过浏览器请求的cookie,验证cookie,解析用户,判断登录状态
下面是自己实现的cookie2user,和setcookie方法
def setcookie(response, user_id, user_email, user_pass_hash, secret_key):
s = '%s-%s-%s' % (user_email, user_pass_hash, secret_key)
s = hashlib.sha1(s.encode()).hexdigest()
L = ['UID:' + str(user_id), s]
cookie = '-'.join(L)
response.set_cookie('cookie_name', cookie, )
return response
def cookie2user(cookie):
try:
uid = cookie.split('-')[].split(':')[]
u = User.objects.filter(id=int(uid))[]
s = '%s-%s-%s' % (u.user_email, u.user_pass_hash, SECRET_KEY)
s = hashlib.sha1(s.encode()).hexdigest()
if cookie.split('-')[] == s:
user = u
else:
user = None
except Exception:
user = None
return user
注销logout
删除cookie
response.delete_cookie('cookiename')
即可
login_required装饰器
使用了这个装饰器的view函数,如果处于登录状态,可以从kw[‘user’]获取到user
def loginrequired(func):
def decofunc(request, **kw):
cookie = request.COOKIES.get('algs', '')
user = cookie2user(cookie)
if user is not None:
return func(request, user=user)
else:
return HttpResponseRedirect(reverse('authin:login'))
return decofunc