用户认证组件:
功能:用session记录登录验证状态;
前提:用户表,django自带的auth_user
创建超级用户:python manage.py createsuperuser kris的密码是abc123456
基于用户认证组件的登录验证信息储存
views.py
from django.shortcuts import render, HttpResponse, redirect # Create your views here. from django.contrib import auth #from django.contrib.auth.models import User #自己找到那个接口做校验 def login(request): if request.method =="POST": user = request.POST.get("user") pwd = request.POST.get("pwd") #if 验证成功返回user对象,否则返回None user = auth.authenticate(username=user,password=pwd) if user: auth.login(request,user) #request.user:当前登录对象 return redirect("/index/") return render(request, "login.html") def index(request): print("request.user:", request.user.username) print("request.user:", request.user.id) print("request.user:", request.user.is_anonymous) if request.user.is_anonymous: return redirect("/login/") #username = request.user.username #return render(request, "index.html",{"username":username}) return render(request, "index.html")
login.html
<!DOCTYPE html> <html lang="en"> <head> <meta charset="UTF-8"> <title>Title</title> </head> <body> <form action="" method="post"> {% csrf_token %} 用户名<input type="text" name="user"> 密码<input type="text" name="pwd"> <input type="submit" value="submit"> </form> </body> </html>
index.html
<!DOCTYPE html> <html lang="en"> <head> <meta charset="UTF-8"> <title>Title</title> </head> <body> {#<h3> Hello {{ username }}</h3> 可以不给它传值,request.user为全局#} <h3>Hello {{ request.user.username }}</h3> </body> </html>
创建用户kris 和 alex
C:\Users\Administrator\PycharmProjects\authDemo>python manage.py createsuperuser Username (leave blank to use 'administrator'): alex Email address: Password:alex1234 Password (again):alex1234 Superuser created successfully.
更新的时候它不像之前那样子,它把session_key 和session_data数据都更新了,之前都是只更新session_data,现在逻辑跟严谨了。
注册/注销用户功能
views.py
def logout(request): auth.logout(request) return redirect("/login/") def reg(request): if request.method=="POST": user = request.POST.get("user") pwd = request.POST.get("pwd") user = User.objects.create_user(username=user,password=pwd) return redirect("/login/") return render(request,"reg.html")
reg.html
<!DOCTYPE html> <html lang="en"> <head> <meta charset="UTF-8"> <title>Title</title> </head> <body> <h3>注册</h3> <form action="" method="post"> {% csrf_token %} 用户名<input type="text" name="user"> 密码<input type="text" name="pwd"> <input type="submit" value="submit"> </form> </body> </html>
用户认证组件: 功能:用session记录登录验证状态; 前提:用户表,django自带的auth_user 创建超级用户:python manage.py createsuperuser kris的密码是abc123456 API from django.contrib import auth 1 if 验证成功返回user对象,否则返回None user = auth.authenticate(username=user,password=pwd) 2 auth.login(request,user) #request.user:当前登录对象 3 auth.logout(request) from django.contrib.auth.models import User #User==auth_user 4 request.user.is_authenticated: 5 user=User.objects.create_user(username='',password='',email='') 补充: 匿名用户对象 匿名用户 class models.AnonymousUser django.contrib.auth.models.AnonymousUser 类实现了django.contrib.auth.models.User 接口,但具有下面几个不同点: id 永远为None。 username 永远为空字符串。 get_username() 永远返回空字符串。 is_staff 和 is_superuser 永远为False。 is_active 永远为 False。 groups 和 user_permissions 永远为空。 is_anonymous() 返回True 而不是False。 is_authenticated() 返回False 而不是True。 set_password()、check_password()、save() 和delete() 引发 NotImplementedError。 New in Django 1.8: 新增 AnonymousUser.get_username() 以更好地模拟 django.contrib.auth.models.User。 总结: if not:auth.login(request,user) request.user == AnonymousUser() else:request.user==登录对象 request.user是一个全局变量 在任何视图和模板中直接使用