django框架自带用户权限功能,在django.contrib.auth模块下,使用时需要导入该模块。
1、在app下创建一个中间件middleware.py文件,用户拦截并判断用户是否登录,内容如下:
class UserAuthModdleware(object):
def process_request(self, request):
path = request.path
if path == '/userLogin/' or path == '/check_code/' or path == '/admin/' or path == '/sonar/login/' :#不拦截
return None
elif not request.user.is_authenticated():#验证不通过进入登录界面
return render(request,'login.html')
return None
2、在views.py中写用户登录注销函数
from django.contrib.auth import authenticate,login,logout
#用户登录
def userLogin(request):
try:
if request.method == 'POST':
req = request.POST.copy()
username = req.get('username')
password = req.get('password')
checkCode = req.get('check_code')
loginSuccess = ''
loginError = ''
usernameError = ''
passwordError = ''
checkCodeError = ''
if checkCode.upper() == request.session['checkCode'].upper():
if username != None and password != None:
#authenticate是django.contrib.auth中验证函数
**newUser = authenticate(username=username, password=password)**
if newUser:
login(request, newUser)
request.session.set_expiry(30 * 60)
return HttpResponse(simplejson.dumps({'loginSuccess': 'loginSuccess'}, ensure_ascii=False))
else:
loginError = '*用户名和密码不匹配!'
elif username is None:
usernameError = '*用户名不能为空!'
elif password is None:
passwordError = '*密码不能为空!'
else:
checkCodeError = '*验证码不正确!'
else:
return render(request, 'login.html')
validateMsg = {'loginSuccess': loginSuccess, 'username': username, 'password': password,\
'checkCodeError': checkCodeError, 'loginError': loginError, 'usernameError': usernameError,\
'passwordError': passwordError}
return HttpResponse(simplejson.dumps(validateMsg, ensure_ascii=False))
except Exception,e:
logger.error(e)
return
#注销
def userLogout(request):
try:
logout(request)
except Exception,e:
logger.error(e)
return render(request,'login.html')
#验证码
# 代码:生成一张图片,在图片中写文件
# request.session['CheckCode'] = 图片上的内容
# 自动生成图片,并且将图片中的文字保存在session中
# 将图片内容返回给用户
def check_code(request):
try:
stream = io.BytesIO()
# img图片对象,code在图像中写的内容
img, code = **create_validate_code()**
img.save(stream, "png")
# 图片页面中显示,立即把session中的CheckCode更改为目前的随机字符串值
request.session["checkCode"] = code
return HttpResponse(stream.getvalue())
except Exception,e:
logger.error(e)
return
**其中create_validate_code()函数为(写在checkCode.py中):**
#!/usr/bin/env python
#coding:utf-8
import random
from PIL import Image, ImageDraw, ImageFont, ImageFilter
_letter_cases = "abcdefghjkmnpqrstuvwxy" # 小写字母,去除可能干扰的i,l,o,z
_upper_cases = _letter_cases.upper() # 大写字母
_numbers = ''.join(map(str, range(3, 10))) # 数字
init_chars = ''.join((_letter_cases, _upper_cases, _numbers))
def create_validate_code(size=(120, 30),
chars=init_chars,
img_type="GIF",
mode="RGB",
bg_color=(255, 255, 255),
fg_color=(0, 0, 255),
font_size=18,
font_type="Monaco.ttf",
length=4,
draw_lines=True,
n_line=(1, 2),
draw_points=True,
point_chance = 2):
'''
@todo: 生成验证码图片
@param size: 图片的大小,格式(宽,高),默认为(120, 30)
@param chars: 允许的字符集合,格式字符串
@param img_type: 图片保存的格式,默认为GIF,可选的为GIF,JPEG,TIFF,PNG
@param mode: 图片模式,默认为RGB
@param bg_color: 背景颜色,默认为白色
@param fg_color: 前景色,验证码字符颜色,默认为蓝色#0000FF
@param font_size: 验证码字体大小
@param font_type: 验证码字体,默认为 ae_AlArabiya.ttf
@param length: 验证码字符个数
@param draw_lines: 是否划干扰线
@param n_lines: 干扰线的条数范围,格式元组,默认为(1, 2),只有draw_lines为True时有效
@param draw_points: 是否画干扰点
@param point_chance: 干扰点出现的概率,大小范围[0, 100]
@return: [0]: PIL Image实例
@return: [1]: 验证码图片中的字符串
'''
width, height = size # 宽, 高
img = Image.new(mode, size, bg_color) # 创建图形
draw = ImageDraw.Draw(img) # 创建画笔
def get_chars():
'''生成给定长度的字符串,返回列表格式'''
return random.sample(chars, length)
def create_lines():
'''绘制干扰线'''
line_num = random.randint(*n_line) # 干扰线条数
for i in range(line_num):
# 起始点
begin = (random.randint(0, size[0]), random.randint(0, size[1]))
#结束点
end = (random.randint(0, size[0]), random.randint(0, size[1]))
draw.line([begin, end], fill=(0, 0, 0))
def create_points():
'''绘制干扰点'''
chance = min(100, max(0, int(point_chance))) # 大小限制在[0, 100]
for w in range(width):
for h in range(height):
tmp = random.randint(0, 100)
if tmp > 100 - chance:
draw.point((w, h), fill=(0, 0, 0))
def create_strs():
'''绘制验证码字符'''
c_chars = get_chars()
strs = ' %s ' % ' '.join(c_chars) # 每个字符前后以空格隔开
font = ImageFont.truetype(font_type, font_size)
font_width, font_height = font.getsize(strs)
draw.text(((width - font_width) / 3, (height - font_height) / 3),
strs, font=font, fill=fg_color)
return ''.join(c_chars)
if draw_lines:
create_lines()
if draw_points:
create_points()
strs = create_strs()
# 图形扭曲参数
params = [1 - float(random.randint(1, 2)) / 100,
0,
0,
0,
1 - float(random.randint(1, 10)) / 100,
float(random.randint(1, 2)) / 500,
0.001,
float(random.randint(1, 2)) / 500
]
img = img.transform(size, Image.PERSPECTIVE, params) # 创建扭曲
img = img.filter(ImageFilter.EDGE_ENHANCE_MORE) # 滤镜,边界加强(阈值更大)
return img, strs
在项目根目录下引入字体文件Monaco.ttf
3、在settings.py中开启中间件main.views.middleware.UserAuthModdleware
MIDDLEWARE_CLASSES = [
'django.middleware.security.SecurityMiddleware',
'django.contrib.sessions.middleware.SessionMiddleware',
'django.middleware.common.CommonMiddleware',
#'django.middleware.csrf.CsrfViewMiddleware',
'django.contrib.auth.middleware.AuthenticationMiddleware',
'django.contrib.auth.middleware.SessionAuthenticationMiddleware',
'django.contrib.messages.middleware.MessageMiddleware',
'django.middleware.clickjacking.XFrameOptionsMiddleware',
'pagination.middleware.PaginationMiddleware',
**'main.views.middleware.UserAuthModdleware',**
]