Django——自制登录系统（cookie）

预计实现网站用户注册、登录的功能

Django app中的url如下

urlpatterns = [    url(r'^login/$', views.login, name='login'),    url(r'^register/$', views.register, name='register'),    url(r'^logout/$', views.logout, name='logout')]

一、Model 用户模型

class User(models.Model):    user_name=models.CharField(max_length=50)    user_email=models.CharField(max_length=100)    user_pass_hash=models.CharField(max_length=100)

二、表单

在form类中的clean_filename方法可以进行数据的验证，例如下面的
def clean_user_eamil():排除两次密码不一致
也可以提前检查登录用户的信息是否存在

class LoginForm(forms.Form):    user_email = forms.CharField(label="邮箱",max_length=100)    user_password = forms.CharField(label="密码",widget=forms.PasswordInput())class RegisterForm(forms.Form):    user_name=forms.CharField(label="用户名", max_length=50)    user_email = forms.EmailField(label="邮箱", max_length=100,error_messages={'required':u'请填入邮箱'})    user_password = forms.CharField(label="密码", widget=forms.PasswordInput())    user_password2 = forms.CharField(label="重复密码", widget=forms.PasswordInput())    def clean_user_password2(self):        cleaned_data = super(RegisterForm, self).clean()        user_password=cleaned_data['user_password']        user_password2= cleaned_data['user_password2']        if user_password2 != user_password:            raise forms.ValidationError('两次密码不一致')

三、视图

注册register

1. 获取表单POST的值包含注册的email、username、password2. 在数据库创建相应用户User.object.create()3. 密码要避免明文存储

登录login

1.获取表单POST的值包含注册的email、password2.与数据库的信息比较，验证password3.创建cookie，使用django的set_cookie4.其他页面可以通过浏览器请求的cookie，验证cookie，解析用户，判断登录状态

下面是自己实现的cookie2user，和setcookie方法

def setcookie(response, user_id, user_email, user_pass_hash, secret_key):    s = '%s-%s-%s' % (user_email, user_pass_hash, secret_key)    s = hashlib.sha1(s.encode()).hexdigest()    L = ['UID:' + str(user_id), s]    cookie = '-'.join(L)    response.set_cookie('cookie_name', cookie, 60)    return response

def cookie2user(cookie):    try:        uid = cookie.split('-')[0].split(':')[1]        u = User.objects.filter(id=int(uid))[0]        s = '%s-%s-%s' % (u.user_email, u.user_pass_hash, SECRET_KEY)        s = hashlib.sha1(s.encode()).hexdigest()        if cookie.split('-')[1] == s:            user = u        else:            user = None    except Exception:        user = None    return user

注销logout

删除cookie response.delete_cookie('cookiename')即可

login_required装饰器

使用了这个装饰器的view函数，如果处于登录状态，可以从kw[‘user’]获取到user

def loginrequired(func):    def decofunc(request, **kw):        cookie = request.COOKIES.get('algs', '')        user = cookie2user(cookie)        if user is not None:            return func(request, user=user)        else:            return HttpResponseRedirect(reverse('authin:login'))    return decofunc