使用post来提交数据
用户名和密码校正
post提交后的处理
简单的登陆验证
从简单的cookie开始
set_cookie设置cookie get_cookie 获取设置好的信息
cookie_secret签名防止伪造
current_user当前用户
self.current_user
模板中可以使用current_user,默认为None
authenticated 装饰器+login_url搭配使用
转换密码
标准库的使用hashlib.md5
next的跳转
跳转回原来正在访问的url
应用session
引入pycket
pip install pycket
pip install redis
pycket={
'engine': 'redis',
'storage': {
'host': 'localhost',
'port': 6379,
# 'password': '',
'db_sessions': 5, #redis db index
'db_notifications': 11,
'max_connections': 2 ** 30,
},
'cookies': {
'expires_days': 30,
},
}
配置认证相关
application的配置
cookie和session的使用补充
安全注意事项
跨站请求伪造 或 xsrf 是所有web应用程序面临的一个主要问题
用户名校正:
class TemplatesHandler(tornado.web.RequestHandler):
def get(self):
msg = self.get_argument('msg', '')
self.render('02template.html', username='', msg=msg)
def post(self):
username = self.get_argument('username', '')
password = self.get_argument('password', '')
if not username.strip() or not password.strip():
self.redirect('/temp?msg=empty password or name')
else:
print('username [{}] response [{}]'.format(username,password))
if (username == 'qq') and (password == 'qq'):
self.redirect('/pic') #匹配成功,跳转新的界面
else:
self.redirect('/temp?msg=password error') #匹配失败,重新登录界面
从简单的cookie开始
class TemplatesHandler(tornado.web.RequestHandler):
def get(self):
username = ''
if not self.get_secure_cookie("tudo_cookie"):
print("Your cookie was not set yet!")
else:
username = self.get_secure_cookie("tudo_cookie")
next_url = self.get_argument('next','')
msg = self.get_argument('msg', '')
self.render('02template.html', username=username, msg=msg,
next_url=next_url)
def post(self):
username = self.get_argument('username', '')
password = self.get_argument('password', '')
next_url = self.get_argument('next','')
print('username [{}] response [{}]'.format(username, password))
print('next url [{}] '.format(next_url))
if not username.strip() or not password.strip():
self.redirect('/temp?msg=empty password or name')
else:
if (username == 'qq') and (password == 'qq'):
self.set_secure_cookie("tudo_cookie","qq")
if next_url:
self.redirect(next_url)
else:
self.redirect('/pic') #匹配成功,跳转新的界面
else:
self.redirect('/temp?msg=password error') #匹配失败,重新登录界面
class Cal(object):
def sum(self, a, b):
return a + b
class ExtendsHandler(tornado.web.RequestHandler):
def get_current_user(self):
return self.get_secure_cookie('tudo_cookie', None)
def haha(self):
return "hahaha wo laila"
@tornado.web.authenticated
def get(self):
self.render('04extends.html', username=self.current_user, haha=self.haha,
cal=Cal)
def make_app():
return tornado.web.Application([
(r"/", MainHandler),
#(r"/index", MainHandler),
(r"/pic", PictureHandler),
(r"/temp", TemplatesHandler),
(r"/extends", ExtendsHandler),
],
debug=True,
template_path='templates',
static_path='static',
# static_url_prefix='/image/',
ui_methods=ui_methods,
ui_modules=uimodules,
cookie_secret="jksdfkaskdfa;drwqeqwe",
login_url='/temp',
)
template.html 界面
<body>
{% if msg%}
msg : {{ msg }} <br>
{% end %}
next : {{ next_url }} <br>
{% if username %}
My name is {{ username }}.<br> my age is
{% else %}
please login
<form action="/temp" enctype="multipart/form-data" method="post">
Username: <input type="text" name="username" /><br>
Password: <input type="text" name="password" /><br>
<input type="text" name="next" hidden="" value="{{ next_url }}"/><br>
<input type="submit" />
</form>
{% end %}
<h1> footer </h1>
</body>
虚拟机 命令:根目录下执行
ps -ef|grep redis 检查运行的数据库
redis -cli 链接数据库