这里我们要进行开发一个发布会系统来了解Django框架,来看第一部分。
目录:
-
一、登录功能
-
二、Cookie和Session
-
三、Django认证系统
一、登录功能 返回目录
在上一章,我们已经简单用了html模板,在它基础上继续开发:
1、修改index.html文件为发布会html:
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="UTF-8">
<title>Django Page</title>
</head>
<body>
<h1>发布会系统</h1>
<form>
<input name="username" type="text" placeholder="输入用户名"/>
<br/>
<input name="password" type="password" placeholder="输入密码"/>
<br/>
<button id="btn" type="submit">登录</button>
{% csrf_token %}
</form>
</body>
</html>
2、GET、POST请求
(1)GET请求
form标签中加入:method="get"
<form method="get">
<input name="username" type="text" placeholder="输入用户名"/>
<br/>
<input name="password" type="password" placeholder="输入密码"/>
<br/>
<button id="btn" type="submit">登录</button>
</form>
在页面输入用户名密码之后,提交表单,URL地址会添加用户名、密码
(2)POST请求
提交表单后,页面报错:
大概意思是Django对CSRF有保护措施,表单会自动生成令牌,通过令牌判断POST是否来自同一个网站,只需添加令牌即可,form添加{% csrf_token %}#}
<form method="post">
<input name="username" type="text" placeholder="输入用户名"/>
<br/>
<input name="password" type="password" placeholder="输入密码"/>
<br/>
<button id="btn" type="submit">登录</button>
# 添加令牌
{% csrf_token %}
</form>
再次刷新提交,就不报错了。
3、处理登录请求
修改index.html,添加action="/login_action/":
<form method="post" action="/login_action/">
再打开guest/urls.py文件,添加路径:
urlpatterns = [
...
url(r‘^login_action/$‘, views.login_action)
]
再在sign/views.py下添加login_action()函数
def login_action(request):
if request.method == "POST":
username = request.POST.get("username","")
password = request.POST.get("password","")
if username == "123" and password == "1":
return HttpResponse("Django good!")
else:
return render(request,"index.html",{"error" : "Django login is error!"})
最后再在templates/index.html中添加error错误提示:
<form method="post" action="/login_action/">
<input name="username" type="text" placeholder="输入用户名"/>
<br/>
<input name="password" type="password" placeholder="输入密码"/>
<br/>
<button id="btn" type="submit">登录</button>
<br/> # 提示信息
{{ error }}
{% csrf_token %}
</form>
{ { error } }:对应render返回字典中的key。
如果用户名密码正确则:
否则的话,提示报错信息:
4、登陆成功页面
但是,不能只是通过文字展示登录成功信息,必须需要替换为登录成功页面。
添加templates/enent_manage.html文件:
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="UTF-8">
<title>Event Manage</title>
</head>
<body>
<h1>Login success!</h1>
</body>
</html>
修改sign/views.py
def login_action(request):
if request.method == "POST": # "username"和"password"为name属性值,很重要
username = request.POST.get("username","")
password = request.POST.get("password","")
if username == "123" and password == "1":
# HttpResponseRedirect:这个类可以重定向指定页面
return HttpResponseRedirect("/event_manage/")
else:
return render(request,"index.html",{"error" : "Django login is error!"})
# 登陆成功页面
def event_action(request):
return render(request,"event_manage.html")
修改guest/urls.py:
urlpatterns = [
...
url(r‘^event_manage/$‘, views.event_action),
]
再进行登录:
二、Cookie和Session 返回目录
1、Cookie的使用
首先修改sign/views.py:
def login_action(request):
if request.method == "POST":
username = request.POST.get("username","")
password = request.POST.get("password","")
if username == "123" and password == "1":
# 添加浏览器cookie
response = HttpResponseRedirect("/event_manage/")
# "user":cookie名;username获取登录用户名;3600cookie再浏览器保持时间
response.set_cookie("user",username,3600)
return response
else:
return render(request,"index.html",{"error" : "Django login is error!"})
def event_action(request):
# "user":读取cookie名
username = request.COOKIES.get("user","")
return render(request,"event_manage.html",{"cookie":username})
修改templates/event_manage.html:
<div style="float: left">
<a>欢迎{{ username }}到来!</a>
</div>
页面登录成功后:
通过谷歌浏览器查看Cookie信息:
2、Session的使用
但是考虑到安全问题,还是Session靠谱。
修改sign/views.py:
def login_action(request):
if request.method == "POST":
username = request.POST.get("username","")
password = request.POST.get("password","")
if username == "123" and password == "1":
# HttpResponseRedirect:这个类可以重定向指定页面
response = HttpResponseRedirect("/event_manage/")
# "user":cookie名;username获取登录用户名;3600cookie再浏览器保持时间
# response.set_cookie("user",username,3600) # 添加浏览器cookie
request.session["user"] = username # 将session信息记录到浏览器中
return response
else:
return render(request,"index.html",{"error" : "Django login is error!"})
def event_action(request):
# username = request.COOKIES.get("user","") # "user":读取cookie名
username = request.session.get("user","") #读取浏览器session
return render(request,"event_manage.html",{"username":username})
进行登录操作,但是报错:
提示:no such table: django_session,是因为session必须要有存储的地方才可以,我们需要创建django_session
再项目guest下,输入命令行:
# 输入命令python manage.py migrate
Operations to perform:
Apply all migrations: admin, auth, contenttypes, sessions
Running migrations:
Applying contenttypes.0001_initial... OK
Applying auth.0001_initial... OK
Applying admin.0001_initial... OK
Applying admin.0002_logentry_remove_auto_add... OK
Applying contenttypes.0002_remove_content_type_name... OK
Applying auth.0002_alter_permission_name_max_length... OK
Applying auth.0003_alter_user_email_max_length... OK
Applying auth.0004_alter_user_username_opts... OK
Applying auth.0005_alter_user_last_login_null... OK
Applying auth.0006_require_contenttypes_0002... OK
Applying auth.0007_alter_validators_add_error_messages... OK
Applying auth.0008_alter_user_username_max_length... OK
Applying sessions.0001_initial... OK
再进行登录,并查看session信息。
三、Django认证系统 返回目录
1、登录Admin后台
首先需要创建管理员账号,再终端输入:
test:guest zhan$ python manage.py createsuperuser Username (leave blank to use ‘zhan‘): admin # 输入用户名 Email address: xxx@xxx.com # 输入邮箱 Password: # 输入密码 Password (again): # 再次输入密码 This password is too short. It must contain at least 8 characters. # 密码太短,并且不到8位 This password is too common. # 密码太简单 This password is entirely numeric. # 密码是数字 Password: Password (again): Error: Your passwords didn‘t match. # 密码不匹配 Password: Password (again): Superuser created successfully. test:guest zhan$
登录网址:http://127.0.0.1:8000/admin/
输入用户名密码后登录:
2、引用Django认证登录
修改sign/views.py
def login_action(request):
if request.method == "POST":
username = request.POST.get("username","")
password = request.POST.get("password","")
# authenticate()函数接受用户名密码两个参数,并判断如果窜在返回user,不存在返回None
user = auth.authenticate(username=username,password=password)
if user != None:
auth.login(request,user) # 登录
# HttpResponseRedirect:这个类可以重定向指定页面
response = HttpResponseRedirect("/event_manage/")
request.session["user"] = username # 将session信息记录到浏览器中
return response
else:
return render(request,"index.html",{"error" : "Django login is error!"})
修改完成之后,通过跟后台系统用户名密码相关联,进行验证登录。
3、关上窗户
为什么要单独讲这一节呢,因为有一个现象时,直接登录成功页面:http://127.0.0.1:8000/event_manage/,发现直接就可以登录成功,但是这个往往是不行的,应该必须通过登录操作才可以进入登陆成功页面,所以我们只需要简单加个东西就好了。
修改sign/views.py:
from django.contrib.auth.decorators import login_required
......
# 限制
@login_required
def event_action(request):
username = request.session.get("user","") #读取浏览器session
return render(request,"event_manage.html",{"username":username})
只需要加入@login_required,即可。
注意:需要清理缓存。
但是,地址指向让它指向登录页面就更好啦。
修改guest/urls.py,增加新的路径:
urlpatterns = [
......
url(r‘^$‘, views.index), # 8080地址也可以访问登录页面
......
url(r‘^accounts/login/$‘, views.index), # 访问登陆成功页面,自动跳转登录页面
]
此时访问:
http://127.0.0.1:8000/
http://127.0.0.1:8000/index/
http://127.0.0.1:8000/event_manage/
都可以访问登录页面。
本部分完结, 下一章将会介绍Django模型(二),操作数据库的。
原文地址:https://www.cnblogs.com/Owen-ET/p/9776842.html