django 用户登录及验证

时间:2022-08-31 11:21:03

1、登录页面如下:

{% load staticfiles %}
<!DOCTYPE html>
<html lang="zh-CN">
<head>
<meta charset="utf-8">
<meta http-equiv="X-UA-Compatible" content="IE=edge">
<meta name="viewport" content="width=device-width, initial-scale=1">
<!-- ??3赂枚a卤锚*卤?毛??卯?拢卢?潞?盲??露录*卤?毛煤潞贸-->
<meta name="description" content="">
<meta name="author" content="">
<link rel="icon" href="../../favicon.ico">

<title>Signin Template for Bootstrap</title>

<!-- Bootstrap core CSS -->
<link href="{% static 'bootstrap/css/bootstrap.min.css' %}" rel="stylesheet">
<!--
<link rel="stylesheet" href="https://cdn.bootcss.com/bootstrap/3.3.7/css/bootstrap.min.css" integrity="sha384-BVYiiSIFeK1dGmJRAkycuHAHRg32OmUcww7on3RYdg4Va+PmSTsz/K68vbdEjh4u" crossorigin="anonymous">

<link rel="stylesheet" href="https://cdn.bootcss.com/bootstrap/3.3.7/css/bootstrap-theme.min.css" integrity="sha384-rHyoN1iRsVXV4nD0JutlnGaslCJuC7uwjduW9SVrLvRYooPp2bWYgmgJQIXwl/Sp" crossorigin="anonymous">

<script src="https://cdn.bootcss.com/bootstrap/3.3.7/js/bootstrap.min.js" integrity="sha384-Tc5IQib027qvyjSMfHjOMaLkfuWVxZxUPnCJA7l2mCWNIpG9mGCD8wGNIcPD7Txa" crossorigin="anonymous"></script>
-->
<link href="{% static 'bootstrap/css/signin.css' %}" rel="stylesheet">
</head>

<body>

<div class="container">

<form class="form-signin" action="/signin/" method="post">
<h2 class="form-signin-heading">Please sign in</h2>
<label for="inputUsername" class="sr-only">username</label>
<input type="username" name="username" id="inputUsername" class="form-control" placeholder="username" required autofocus>
<label for="inputPassword" class="sr-only">Password</label>
<input type="password" name="password" id="inputPassword" class="form-control" placeholder="Password" required>
<div class="checkbox">
<label>
<input type="checkbox" value="remember-me"> Remember me
</label>
</div>
<button class="btn btn-lg btn-primary btn-block" type="submit">Sign in</button>
</form>

</div> <!-- /container -->


</body>
</html>

2、登入一个用户

从视图中登入一个用户,请使用login()。它接受一个HttpRequest对象和一个User对象。login()使用Django的会话框架来将用户的ID保存在会话中。

注意任何在匿名会话中设置的数据都会在用户登入后的会话中都会记住。

def signin(request):
username = request.POST.get('username')
password = request.POST.get('password')
log = log_config()
log.debug(request.POST)
log.debug("username:%s password:%s" % (username,password))
user = authenticate(username=username,password=password)
if user is not None:
if user.is_active:
login(request,user)
return redirect('/dashboard/')
else:
return HttpResponse("login.html")
else:
t = loader.get_template("login.html")
return HttpResponse(t.render())

先调用authenticate()

当你是手工登入一个用户时,你必须在调用login()之前通过authenticate()成功地认证该用户。authenticate()User上设置一个属性标识哪种认证后台成功认证了该用户,且该信息在后面登录的过程中是需要的。如果你试图登入一个直接从数据库中取出的用户,将会抛出一个错误。

3、登出一个用户

若要登出一个已经通过django.contrib.auth.login()登入的用户,可以在你的视图中使用django.contrib.auth.logout()。 它接收一个HttpRequest对象且没有返回值

def logout_view(request):
logout(request)
t = loader.get_template("login.html")
return HttpResponse(t.render())

4、只允许登录的用户访问

1)使用is_authenticated()

限制页面访问的简单、原始的方法是检查request.user.is_authenticated()并重定向到一个登陆页面:

def dashboard(request):
if not request.user.is_authenticated():
return redirect('/index/')
else:
t = loader.get_template("dashboard.html")
return HttpResponse(t.render())

2)使用login_required装饰器

@login_required
def dashboard(request):
t = loader.get_template("dashboard.html")
return HttpResponse(t.render())