|
一�����、auth組件介紹
可以實(shí)現(xiàn)包括用戶注冊�����、用戶登錄�����、用戶認(rèn)證���、注銷、修改密碼等功能,內(nèi)置了強(qiáng)大的用戶認(rèn)證系統(tǒng)--auth����,它其實(shí)就是一個(gè)app
二、內(nèi)置屬性方法
注意:在用屬性方法前��,必須進(jìn)行數(shù)據(jù)庫遷移��,兩條命令
1. authenticate用戶認(rèn)證
settings.py 基本路徑配置好
urls.py注意每次配好路由
login.html
ps : {% csrf_token %} 用上它不用注釋csrf那個(gè)中間件了
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="UTF-8">
<title>登錄</title>
</head>
<body>
<form action="" method="post">
{% csrf_token %}
<p>用戶名:<input type="text" name="name"></p>
<p>密碼:<input type="password" name="password"></p>
<p><input type="submit" value="提交"></p>
</form>
</body>
</html>
views.py
from django.shortcuts import render, HttpResponse, redirect
#from django.contrib.auth.models import User
from django.contrib import auth
def login(request):
if request.method=='GET':
return render(request,'login.html')
else:
name=request.POST.get('name')
password=request.POST.get('password') # 明文
## 方案行不通���,密碼是密文的��,永遠(yuǎn)匹配不成功
# user=User.objects.filter(username=name,password=password)
## 使用此方案,有兩個(gè)注意點(diǎn)
## 第一個(gè)參數(shù)必須是request對象
##必須用username和password不能用其他名,看源碼
user=auth.authenticate(request,username=name,password=password)
if user:
return HttpResponse('登錄成功')
else:
return HttpResponse('用戶名或密碼錯誤')
2.login
# 調(diào)用auth后,表示用戶登錄了
# 1 存了session
# 2 以后所有的視圖函數(shù)��,都可以使用request.user,它就是當(dāng)前登錄用戶
auth.login(request,user)
代碼:
urls.py略
order.html 這里只是測試下
<body>
{{ request.user.username }}的訂單頁面,買了好多東西
</body>
index.html
<body>
{{ request.user.username }}登錄了
</body>
views.py
from django.shortcuts import render, HttpResponse, redirect
from django.contrib.auth.models import User
# 不管是否登錄�,都能訪問
def index(request):
return render(request, 'index.html')
def order(request):
print(request.user)
return render(request, 'order.html')
## 用戶登錄成功后存session
from django.contrib import auth
def login(request):
if request.method=='GET':
return render(request,'login.html')
else:
name=request.POST.get('name')
password=request.POST.get('password') # 明文
## 此方案行不通,密碼是密文的�����,永遠(yuǎn)匹配不成功
# user=User.objects.filter(username=name,password=password)
## 使用此方案
## 第一個(gè)參數(shù)必須是request對象
##username和password
user=auth.authenticate(request,username=name,password=password)
if user:
# 調(diào)用auth����,表示用戶登錄了
# 1 存了session
# 2 以后所有的視圖函數(shù),都可以使用request.user
auth.login(request,user)
return HttpResponse('登錄成功')
else:
return HttpResponse('用戶名或密碼錯誤')
3.logout
urls.py略
views.py
def logout(request):
# 后續(xù)再訪問視圖函數(shù)���,就沒有當(dāng)前登錄用戶了request.user(匿名用戶AnonymousUser)
auth.logout(request)
return redirect('/index/')
oeder.html
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="UTF-8">
<title>訂單頁面</title>
</head>
<body>
{{ request.user.username }}的訂單頁面���,買了好多東西
<br>
<hr>
<a href="/logout/">點(diǎn)我退出</a>
</body>
</html>
4.is_authenticated
# is_authenticated 返回True或者False,判斷用戶是否登錄
# 用在視圖中views.py
if request.user.is_authenticated:
print('用戶登錄了')
else:
print('用戶沒有登錄�,匿名用戶')
# 用在模板中index.html
{% if request.user.is_authenticated %}
{{ request.user.username }} 登錄了
{% else %}
<a href="/login/">滾去登錄</a>
{% endif %}
5.login_requierd
1 它是個(gè)裝飾器����, 裝飾在視圖函數(shù)上�,只要沒有登錄����,就進(jìn)不來
# 必須登錄后才能訪問
@login_required(login_url='/login/') #意思是如果沒有登錄就重定向到/login/
代碼:
from django.shortcuts import render, HttpResponse, redirect
from django.contrib import auth
from django.contrib.auth.decorators import login_required
def login(request):
if request.method=='GET':
return render(request,'login.html')
else:
name=request.POST.get('name')
password=request.POST.get('password') # 明文
## 方案行不通,密碼是密文的�����,永遠(yuǎn)匹配不成功
# user=User.objects.filter(username=name,password=password)
## 使用此方案
## 第一個(gè)參數(shù)必須是request對象
##username和password
user=auth.authenticate(request,username=name,password=password)
if user:
# 調(diào)用auth��,表示用戶登錄了
# 1 存了session
# 2 以后所有的視圖函數(shù)����,都可以使用request.user
auth.login(request,user)
url=request.GET.get('next')
if url:
return redirect(url)
else:
return redirect('/index/')
else:
return HttpResponse('用戶名或密碼錯誤')
# 必須登錄后才能訪問
@login_required(login_url='/login/')
def order(request):
print(request.user) # 如何實(shí)現(xiàn)的?
print(request.user.username) # AnonymousUser
if request.user.is_authenticated:
print('用戶登錄了')
else:
print('用戶沒有登錄����,匿名用戶')
return render(request, 'order.html')
6.create_user
# 使用內(nèi)置的create_user或者create_superuser方法 superuser權(quán)限跟user不同
user=User.objects.create_user(username=name,password=password)
# user=User.objects.create_superuser(username=name,password=password)
代碼:
views.py
from django.contrib.auth.models import User
def register(request):
if request.method == 'GET':
return render(request, 'register.html')
else:
name = request.POST.get('name')
password = request.POST.get('password')
# 注冊用戶(有問題,密碼是明文)
# user=User.objects.create(username=name,password=password)
# print(user)
# 使用內(nèi)置的create_user或者create_superuser方法
user = User.objects.create_user(username=name, password=password)
# user=User.objects.create_superuser(username=name,password=password)
return redirect('/login/')
register.html
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="UTF-8">
<title>注冊</title>
</head>
<body>
<form action="" method="post">
{% csrf_token %}
<p>用戶名:<input type="text" name="name"></p>
<p>密碼:<input type="password" name="password"></p>
<p>確認(rèn)密碼:<input type="password" name="re_password"></p>
<p><input type="submit" value="提交"></p>
</form>
</body>
</html>
7.check_password 校驗(yàn)密碼
## 有了用戶��,校驗(yàn)密碼是否正確
# 先獲取到用戶對象
user = User.objects.filter(username=name).first()
# 判斷密碼是否正確
flag=user.check_password(password)
代碼:
def login(request):
if request.method == 'GET':
return render(request, 'login.html')
else:
name = request.POST.get('name')
password = request.POST.get('password') # 明文
# 先獲取到用戶對象
user = User.objects.filter(username=name).first()
# 判斷密碼是否正確
flag = user.check_password(password)
if flag:
auth.login(request, user)
url = request.GET.get('next')
if url:
return redirect(url)
else:
return redirect('/index/')
else:
return HttpResponse('用戶名或密碼錯誤')
8.set_password 修改密碼
views.py
from django.contrib.auth.models import User
def change_password(request):
if request.method == 'GET':
return render(request, 'change_pwd.html')
else:
old_pwd = request.POST.get('old_pwd')
new_pwd = request.POST.get('new_pwd')
re_new_pwd = request.POST.get('re_new_pwd')#注意要核驗(yàn)���,不然出bug
if request.user.check_password(old_pwd):
# 密碼正確再修改
request.user.set_password(new_pwd)
# 一定要記住保存(****)
request.user.save()
return redirect('/login/')
else:
return HttpResponse('原來密碼錯誤')
index.html
<body>
{% if request.user.is_authenticated %}
{{ request.user.username }} 登錄了
<br>
<a href="/change_pwd/">修改密碼</a>
{% else %}
<a href="/login/">滾去登錄</a>
{% endif %}
</body>
change_pwd.html
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="UTF-8">
<title>修改密碼</title>
</head>
<body>
<form action="" method="post">
{% csrf_token %}
<p>原密碼:<input type="password" name="old_pwd"></p>
<p>新密碼:<input type="password" name="new_pwd"></p>
<p>確認(rèn)密碼:<input type="password" name="re_new_pwd"></p>
<p><input type="submit" value="提交"></p>
</form>
</body>
</html>
|
