Django最强大的部分之一是自动管理界面。它从模型中读取元数据,以提供一个快速的,以模型为中心的界面,受信任的用户可以在其中管理您网站上的内容。管理员的建议用法仅限于组织的内部管理工具。它并非旨在构建您的整个前端。
Django Session
简单的cookie验证 敏感信息不宜使用cookie,我们应该用cookie记录简单配置.
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="UTF-8">
<title>Title</title>
<script src="https://code.jquery.com/jquery-3.4.1.min.js"></script>
<script src="https://cdn.bootcss.com/jquery-cookie/1.4.1/jquery.cookie.min.js"></script>
</head>
<body>
<form action="/" method="post">
<input type="text" name="username" />
<input type="button" value="获取cookie" id="get_cook"/>
<input type="button" value="设置cookie" id="set_cook"/>
<input type="submit" value="提交"/>
</form>
</body>
<script type="text/javascript">
$("#get_cook").bind("click",function(){
var cook = $.cookie("username");
$('input[name="username"]').val(cook);
});
$("#set_cook").bind("click",function(){
var cook = $('input[name="username"]').val(cook);
$.cookie("username","10");
});
</script>
</html>
from django.shortcuts import render,HttpResponse
from django.forms import Form,fields,widgets
def index(request):
if request.method == "GET":
obj = render(request,"index.html")
obj.set_cookie("username", "lyshark") # 设置一个cookie
return obj # 返回页面
else:
cook = request.COOKIES.get("username") # 获取到cookie
print("获取到cookie:{}".format(cook))
return render(request,"index.html")
使用Session进行验证
<!--name:login.html-->
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="UTF-8">
<title>Title</title>
</head>
<body>
<form action="/login/" method="post">
<input type="text" name="username"/>
<input type="password" name="password"/>
<input type="submit" value="用户登录"/>
</form>
</body>
</html>
# name: urls.py
from MyWeb import views
urlpatterns = [
path('login/', views.login),
path('logout/',views.logout),
path('index/',views.index)
]
# name: views.py
from django.shortcuts import render,HttpResponse,redirect
def index(request):
is_login = request.session.get("is_login",False)
if is_login:
cookie_content = request.COOKIES
session_content = request.session.get("username")
return HttpResponse("<b>欢迎用户 {} 你已经是登录状态,SessionID:{}</b>".format(session_content,cookie_content))
else:
return redirect('/login/')
def login(request):
if request.method=="GET":
is_login = request.session.get("is_login", False)
if is_login:
cookie_content = request.COOKIES
session_content = request.session.get("username")
return HttpResponse("<b>欢迎用户 {} 你已经是登录状态,SessionID:{}</b>".format(session_content, cookie_content))
else:
return render(request,"login.html")
elif request.method == "POST":
username = request.POST['username']
password = request.POST['password']
print(username,password)
if username == "admin" and password =="123123":
request.session['is_login'] = "True"
request.session['username'] = username
return redirect('/index/')
return render(request, "login.html")
def logout(request):
try:
del request.session['is_login']
except KeyError:
pass
return redirect("/login/")
默认的session键值对,会存储在django的数据库中,其中的配置settings.py如下
SESSION_ENGINE = 'django.contrib.sessions.backends.db' # 引擎(默认)
SESSION_COOKIE_NAME = "sessionid" # Session的cookie保存在浏览器上时的key,即:sessionid=随机字符串(默认)
SESSION_COOKIE_PATH = "/" # Session的cookie保存的路径(默认)
SESSION_COOKIE_DOMAIN = None # Session的cookie保存的域名(默认)
SESSION_COOKIE_SECURE = False # 是否Https传输cookie(默认)
SESSION_COOKIE_HTTPONLY = True # 是否Session的cookie只支持http传输(默认)
SESSION_COOKIE_AGE = 1209600 # Session的cookie失效日期(2周)(默认)
SESSION_EXPIRE_AT_BROWSER_CLOSE = False # 是否关闭浏览器使得Session过期(默认)
SESSION_SAVE_EVERY_REQUEST = False # 是否每次请求都保存Session,默认修改之后才保存(默认)
使用auth模块实现创建用户 django为我们提供了一套完备的验证机制,如下是简单的用户创建命令.
from django.shortcuts import render,HttpResponse
from MyWeb import models
from django.contrib.auth.models import User,auth
def index(request):
if request.method == "GET":
# -------------------------------------------
# 创建用户操作
User.objects.create_user(username="lyshark",password="123123",email="lyshark@163.com") # 创建用户
User.objects.create_superuser(username="admin", password="123123", email="admin@163.com") # 创建超级用户
# -------------------------------------------
# 修改密码操作
user = User.objects.get(username="lyshark")
user.set_password(raw_password="123456")
user.save()
# -------------------------------------------
# 判断用户名密码是否有效(成功返回用户名,失败返回none)
user = auth.authenticate(username="lyshark",password="123456")
print(user)
return HttpResponse("hello lyshark")
return render(request,"index.html")
使用auth模块完成登录认证 登录失败会自动跳转到/account/login/你可以自定义修改LOGIN_URL=/login/即可.
from django.shortcuts import render,HttpResponse
from MyWeb import models
from django.contrib.auth.models import User,auth
from django.contrib.auth.decorators import login_required
def login(request):
if request.method == "GET":
return HttpResponse("""
<form action="/login/" method="post">
<input type="text" name="username">
<input type="password" name="password">
<input type="submit" value="登陆系统">
</form>
""")
else:
username = request.POST.get("username")
password = request.POST.get("password")
# 判断用户名密码是否有效
user = auth.authenticate(username=username,password=password)
if user:
auth.login(request,user) # 执行登录函数
return HttpResponse("登陆成功.")
else:
#auth.logout(request,user) # 执行登出函数
return HttpResponse("登录失败..")
# 下方的login_required装饰器,用于验证是否登录完成
@login_required
def is_login(request):
return HttpResponse("用户已经登陆完成了...")
# 下方程序用户登出用户
def logout(request):
auth.logout(request) # 执行登出函数
return HttpResponse("用户注销完成..")
来源:https://www.cnblogs.com/LyShark/p/12195428.html