一、
可以实现包括用户注册、用户登录、用户认证、注销、修改密码等功能,内置了强大的用户认证系统--auth,它其实就是一个app
二、
ps : {% csrf_token %} 用上它不用注释csrf那个中间件了
<!DOCTYPE html> <html lang="en"> <head> <meta charset="UTF-8"> <title>登录</title> </head> <body> <form action="" method="post"> {% csrf_token %} <p>用户名:<input type="text" name="name"></p> <p>密码:<input type="password" name="password"></p> <p><input type="submit" value="提交"></p> </form> </body> </html>
views.py
from django.shortcuts import render, HttpResponse, redirect #from django.contrib.auth.models import User from django.contrib import auth def login(request): if request.method=='GET': return render(request,'login.html') else: name=request.POST.get('name') password=request.POST.get('password') # 明文 ## 方案行不通,密码是密文的,永远匹配不成功 # user=User.objects.filter(username=name,password=password) ## 使用此方案,有两个注意点 ## 第一个参数必须是request对象 ##必须用username和password不能用其他名,看源码 user=auth.authenticate(request,username=name,password=password) if user: return HttpResponse('登录成功') else: return HttpResponse('用户名或密码错误')
2.login
# 调用auth后,表示用户登录了 # 1 存了session # 2 以后所有的视图函数,都可以使用request.user,它就是当前登录用户 auth.login(request,user)
代码:
urls.py略
order.html 这里只是测试下
<body> {{ request.user.username }}的订单页面,买了好多东西 </body>
index.html
<body> {{ request.user.username }}登录了 </body>
views.py
from django.shortcuts import render, HttpResponse, redirect from django.contrib.auth.models import User # 不管是否登录,都能访问
def index(request):
return render(request, 'index.html')
def order(request):
print(request.user) return render(request, 'order.html') ## 用户登录成功后存session from django.contrib import auth def login(request): if request.method=='GET': return render(request,'login.html') else: name=request.POST.get('name') password=request.POST.get('password') # 明文 ## 此方案行不通,密码是密文的,永远匹配不成功 # user=User.objects.filter(username=name,password=password) ## 使用此方案 ## 第一个参数必须是request对象 ##username和password user=auth.authenticate(request,username=name,password=password) if user: # 调用auth,表示用户登录了 # 1 存了session # 2 以后所有的视图函数,都可以使用request.user auth.login(request,user)
return HttpResponse('登录成功') else: return HttpResponse('用户名或密码错误')
3.logout
urls.py略
views.py
def logout(request): # 后续再访问视图函数,就没有当前登录用户了request.user(匿名用户AnonymousUser) auth.logout(request) return redirect('/index/')
oeder.html
<!DOCTYPE html> <html lang="en"> <head> <meta charset="UTF-8"> <title>订单页面</title> </head> <body> {{ request.user.username }}的订单页面,买了好多东西 <br> <hr> <a href="/logout/">点我退出</a> </body> </html>
4.
# is_authenticated 返回True或者False,判断用户是否登录 # 用在视图中views.py if request.user.is_authenticated: print('用户登录了') else: print('用户没有登录,匿名用户') # 用在模板中index.html {% if request.user.is_authenticated %} {{ request.user.username }} 登录了 {% else %} <a href="/login/">滚去登录</a> {% endif %}
5.login_requierd
1 它是个装饰器, 装饰在视图函数上,只要没有登录,就进不来 # 必须登录后才能访问 @login_required(login_url='/login/') #意思是如果没有登录就重定向到/login/
代码:
from django.shortcuts import render, HttpResponse, redirect from django.contrib import auth from django.contrib.auth.decorators import login_required def login(request): if request.method=='GET': return render(request,'login.html') else: name=request.POST.get('name') password=request.POST.get('password') # 明文 ## 方案行不通,密码是密文的,永远匹配不成功 # user=User.objects.filter(username=name,password=password) ## 使用此方案 ## 第一个参数必须是request对象 ##username和password user=auth.authenticate(request,username=name,password=password) if user: # 调用auth,表示用户登录了 # 1 存了session # 2 以后所有的视图函数,都可以使用request.user auth.login(request,user) url=request.GET.get('next') if url: return redirect(url) else: return redirect('/index/') else: return HttpResponse('用户名或密码错误') # 必须登录后才能访问 @login_required(login_url='/login/') def order(request): print(request.user) # 如何实现的? print(request.user.username) # AnonymousUser if request.user.is_authenticated: print('用户登录了') else: print('用户没有登录,匿名用户') return render(request, 'order.html')
6.create_user
# 使用内置的create_user或者create_superuser方法 superuser权限跟user不同 user=User.objects.create_user(username=name,password=password) # user=User.objects.create_superuser(username=name,password=password)
代码:
views.py
from django.contrib.auth.models import User def register(request): if request.method == 'GET': return render(request, 'register.html') else: name = request.POST.get('name') password = request.POST.get('password') # 注册用户(有问题,密码是明文) # user=User.objects.create(username=name,password=password) # print(user) # 使用内置的create_user或者create_superuser方法 user = User.objects.create_user(username=name, password=password) # user=User.objects.create_superuser(username=name,password=password) return redirect('/login/')
register.html
<!DOCTYPE html> <html lang="en"> <head> <meta charset="UTF-8"> <title>注册</title> </head> <body> <form action="" method="post"> {% csrf_token %} <p>用户名:<input type="text" name="name"></p> <p>密码:<input type="password" name="password"></p> <p>确认密码:<input type="password" name="re_password"></p> <p><input type="submit" value="提交"></p> </form> </body> </html>
7.check_password 校验密码
## 有了用户,校验密码是否正确 # 先获取到用户对象 user = User.objects.filter(username=name).first() # 判断密码是否正确 flag=user.check_password(password)
代码:
def login(request): if request.method == 'GET': return render(request, 'login.html') else: name = request.POST.get('name') password = request.POST.get('password') # 明文 # 先获取到用户对象 user = User.objects.filter(username=name).first() # 判断密码是否正确 flag = user.check_password(password) if flag: auth.login(request, user) url = request.GET.get('next') if url: return redirect(url) else: return redirect('/index/') else: return HttpResponse('用户名或密码错误')
8.set_password 修改密码
views.py
from django.contrib.auth.models import User
def change_password(request): if request.method == 'GET': return render(request, 'change_pwd.html') else: old_pwd = request.POST.get('old_pwd') new_pwd = request.POST.get('new_pwd') re_new_pwd = request.POST.get('re_new_pwd')#注意要核验,不然出bug if request.user.check_password(old_pwd): # 密码正确再修改 request.user.set_password(new_pwd) # 一定要记住保存(****) request.user.save() return redirect('/login/') else: return HttpResponse('原来密码错误')
index.html
<body> {% if request.user.is_authenticated %} {{ request.user.username }} 登录了 <br> <a href="/change_pwd/">修改密码</a> {% else %} <a href="/login/">滚去登录</a> {% endif %} </body>
change_pwd.html
<!DOCTYPE html> <html lang="en"> <head> <meta charset="UTF-8"> <title>修改密码</title> </head> <body> <form action="" method="post"> {% csrf_token %} <p>原密码:<input type="password" name="old_pwd"></p> <p>新密码:<input type="password" name="new_pwd"></p> <p>确认密码:<input type="password" name="re_new_pwd"></p> <p><input type="submit" value="提交"></p> </form> </body> </html>