输入 用户名和密码,点击立即登录,会 报如下错误
禁止访问 (403) CSRF验证失败. 相应中断. Help Reason given for failure: CSRF token missing or incorrect. In general, this can occur when there is a genuine Cross Site Request Forgery, or when Django's CSRF mechanism has not been used correctly. For POST forms, you need to ensure: Your browser is accepting cookies. The view function passes a request to the template's render method. In the template, there is a {% csrf_token %} template tag inside each POST form that targets an internal URL. If you are not using CsrfViewMiddleware, then you must use csrf_protect on any views that use the csrf_token template tag, as well as those that accept the POST data. You're seeing the help section of this page because you have DEBUG = True in your Django settings file. Change that to False, and only the initial error message will be displayed. You can customize this page using the CSRF_FAILURE_VIEW setting.
这是django的一种安全机制
解决办法:
TypeError at /login/ authenticate() takes exactly 0 arguments (2 given) Request Method: POST Request URL: http://127.0.0.1:8000/login/ Django Version: 1.9 Exception Type: TypeError Exception Value: authenticate() takes exactly 0 arguments (2 given) Exception Location: C:\Users\hlg\PycharmProjects\MxOnline\apps\users\views.py in login, line 13 Python Executable: C:\Users\hlg\Envs\mxonline\Scripts\python.exe Python Version: 2.7.12 Python Path: ['C:\\Users\\hlg\\PycharmProjects\\MxOnline\\extra_apps', 'C:\\Users\\hlg\\PycharmProjects\\MxOnline\\apps', 'C:/Users/hlg/PycharmProjects/MxOnline', 'C:\\Program Files\\JetBrains\\PyCharm 2017.1.3\\helpers\\pydev', 'C:\\Users\\hlg\\PycharmProjects\\MxOnline', 'C:\\Users\\hlg\\PycharmProjects\\MxOnline\\extra_apps', 'C:\\Users\\hlg\\PycharmProjects\\MxOnline\\apps', 'C:\\Program Files\\JetBrains\\PyCharm 2017.1.3\\helpers\\pydev', 'C:\\Windows\\system32\\python27.zip', 'C:\\Users\\hlg\\Envs\\mxonline\\DLLs', 'C:\\Users\\hlg\\Envs\\mxonline\\lib', 'C:\\Users\\hlg\\Envs\\mxonline\\lib\\plat-win', 'C:\\Users\\hlg\\Envs\\mxonline\\lib\\lib-tk', 'C:\\Users\\hlg\\Envs\\mxonline\\Scripts', 'c:\\python27\\Lib', 'c:\\python27\\DLLs', 'c:\\python27\\Lib\\lib-tk', 'C:\\Users\\hlg\\Envs\\mxonline', 'C:\\Users\\hlg\\Envs\\mxonline\\lib\\site-packages', 'C:\\Users\\hlg\\Envs\\mxonline\\lib\\site-packages\\odf', 'C:\\Users\\hlg\\Envs\\mxonline\\lib\\site-packages\\odf', 'C:\\Users\\hlg\\Envs\\mxonline\\lib\\site-packages\\odf', 'C:\\Users\\hlg\\Envs\\mxonline\\lib\\site-packages\\odf', 'C:\\Users\\hlg\\Envs\\mxonline\\lib\\site-packages\\odf', 'C:\\Users\\hlg\\Envs\\mxonline\\lib\\site-packages\\odf', 'C:\\Users\\hlg\\Envs\\mxonline\\lib\\site-packages\\odf'] Server time: 星期五, 8 六月 2018 19:04:30 +0800
C:\Users\hlg\PycharmProjects\MxOnline\apps\users\views.py
# _*_ encoding:utf-8 _*_ from django.shortcuts import render from django.contrib.auth import authenticate, login from django.contrib.auth.backends import ModelBackend # from django.db.models import Q # 完成并集 # Create your views here. from .models import UserProfile # class CustomBackend(ModelBackend): def authenticate(self, username=None, password=None, **kwargs): # 完成自己的逻辑 try: # user = UserProfile.objects.get(username=username) user = UserProfile.objects.get(Q(username=username)|Q(email=username)) if user.check_password(password): return user except Exception as e: return None def user_login(request): if request.method == "POST": user_name = request.POST.get("username","") pass_word = request.POST.get("password","") user = authenticate(username=user_name, password=pass_word) if user is not None: login(request, user) # 这个是系统提供的 login return render(request, "index.html") # 登录成功,跳转到首页 else: return render(request, "login.html", {"msg":"用户名或密码错误"}) # 登录失败,跳转到登录页面 elif request.method == "GET": return render(request, "login.html", {})
C:\Users\hlg\PycharmProjects\MxOnline\templates\index.html
C:\Users\hlg\PycharmProjects\MxOnline\MxOnline\urls.py