Django——自制登录系统（cookie）

预计实现网站用户注册、登录的功能

Django app中的url如下

urlpatterns = [
url(r'^login/$', views.login, name='login'),
url(r'^register/$', views.register, name='register'),
url(r'^logout/$', views.logout, name='logout')
]

一、Model 用户模型

class User(models.Model):
user_name=models.CharField(max_length=50)
user_email=models.CharField(max_length=100)
user_pass_hash=models.CharField(max_length=100)

二、表单

在form类中的clean_filename方法可以进行数据的验证，例如下面的

def clean_user_eamil():

排除两次密码不一致

也可以提前检查登录用户的信息是否存在

class LoginForm(forms.Form):
user_email = forms.CharField(label="邮箱",max_length=100)
user_password = forms.CharField(label="密码",widget=forms.PasswordInput())

class RegisterForm(forms.Form):
user_name=forms.CharField(label="用户名", max_length=50)
user_email = forms.EmailField(label="邮箱", max_length=100,error_messages={'required':u'请填入邮箱'})
user_password = forms.CharField(label="密码", widget=forms.PasswordInput())
user_password2 = forms.CharField(label="重复密码", widget=forms.PasswordInput())

def clean_user_password2(self):
cleaned_data = super(RegisterForm, self).clean()
user_password=cleaned_data['user_password']
user_password2= cleaned_data['user_password2']
if user_password2 != user_password:
raise forms.ValidationError('两次密码不一致')

三、视图

注册register

1. 获取表单POST的值包含注册的email、username、password
2. 在数据库创建相应用户User.object.create()
3. 密码要避免明文存储

登录login

1.获取表单POST的值包含注册的email、password
2.与数据库的信息比较，验证password
3.创建cookie，使用django的set_cookie
4.其他页面可以通过浏览器请求的cookie，验证cookie，解析用户，判断登录状态

下面是自己实现的cookie2user，和setcookie方法

def setcookie(response, user_id, user_email, user_pass_hash, secret_key):
s = '%s-%s-%s' % (user_email, user_pass_hash, secret_key)
s = hashlib.sha1(s.encode()).hexdigest()
L = ['UID:' + str(user_id), s]
cookie = '-'.join(L)
response.set_cookie('cookie_name', cookie, 60)
return response

def cookie2user(cookie):
try:
uid = cookie.split('-')[0].split(':')[1]
u = User.objects.filter(id=int(uid))[0]
s = '%s-%s-%s' % (u.user_email, u.user_pass_hash, SECRET_KEY)
s = hashlib.sha1(s.encode()).hexdigest()
if cookie.split('-')[1] == s:
user = u
else:
user = None
except Exception:
user = None
return user

注销logout

删除cookie

response.delete_cookie('cookiename')

即可

login_required装饰器

使用了这个装饰器的view函数，如果处于登录状态，可以从kw[‘user’]获取到user

def loginrequired(func):
def decofunc(request, **kw):
cookie = request.COOKIES.get('algs', '')
user = cookie2user(cookie)
if user is not None:
return func(request, user=user)
else:
return HttpResponseRedirect(reverse('authin:login'))
return decofunc