form used in the form cross-site request forgery
{% Csrf_token%}
dynamically generates an input box, the interior of the random value is refreshed
If you do not want to check csrf
from django.views.decorators.csrf import csrf_exempt, csrf_protect
Then on top I do not want to add decorative function @csrf_exempt
If you want to check a single word in the above function plus @csrf_protect
Add csrf in the CBV is by importing third-party modules
from django.utils.decorators import method_decorator
Then using the above method method_decorator decorated, the first parameter is passed csrf_protect, the second argument to develop a method name
csrf_protect with normal CBV decorators at the same time decoration, but also can be of three ways
csrf_exempt only two ways below
@method_decorator(csrf_exempt, name='dispatch') class Index(View): @method_decorator(csrf_exempt) def dispatch(self, request, *args, **kwargs): super().dispatch(request, *args, **kwargs)
Auth module:
Command line to create a superuser
createsuperuser
Django Auth module is built-in user authentication module
We are developing a site, the inevitable need to design websites to achieve the user's system. At this point we need to achieve, including user registration, user login, user authentication, log off, change passwords and other functions
Django built a powerful user authentication system --auth, it defaults to auth_user table to store user data
auth module commonly used methods:
authenticate()
Provides user authentication function, namely to verify the user name and password are correct, it normally takes username, password two key parameters
If authentication is successful, it will return a User object
authenticate () sets a property on the rear end of the object to identify User has authenticated the user, and the information is needed in the subsequent process of landing
login(HttpRequest,user)
This function takes an HttpRequest object and a User object certified
This function implements a user login function, it will essentially generate relevant session data for the user in the back end
logout(request)
This function has no return value
When the function is called, the current session request is clear. Even if the user is not logged in, do not use this function error
is_authenticated()
It used to determine whether the current request is certified
login_required()
auth provides us with a decorative tool for quick login to add a view to checking function
from django.contrib.auth.decorators import login_required @login_required def my_view(request): ...
If the user is not logged, Django will jump to the default login URL '/ accounts / login /' and pass the current url to access the absolute path (if after a successful landing will be redirected to the path).
If you need to log in to a custom URL, you need to be modified by LOGIN_URL in settings.py file
= LOGIN_URL ' / the Login / ' # here configured to route the login page of your project
create_user()
Way to create a new user auth offer, it is necessary to provide the necessary parameters (username, password), etc.
from django.contrib.auth.models import User user = User.objects.create_user(username='用户名',password='密码',email='邮箱',...)
create_superuser()
Way to create a new user auth offer, it is necessary to provide the necessary parameters (username, password), etc.
from django.contrib.auth.models Import the User the User = User.objects.create_superuser (username = ' username ' , password = ' password ' , Email = ' E-mail ' , ...)
check_password(password)
A check auth password provided is the right approach, you need to provide the password of the current user's request, the correct password returns True, otherwise it returns False
user.check_password = OK ( ' password ' )
set_password(password)
The method of modifying a password provided auth, accept the new password as a parameter to be set
Note: After setting the user must call the object's save method
user.set_password(password='') user.save()
@login_required def set_password(request): user = request.user err_msg = '' if request.method == 'POST': old_password = request.POST.get('old_password', '') new_password = request.POST.get('new_password', '') repeat_password = request.POST.get('repeat_password', ''Check the old password is correct#) IF user.check_password (old_password): IF not new_password: ERR_MSG = ' The new password can not be empty ' elif new_password =! repeat_password: ERR_MSG = ' two passwords do not match ' the else : user.set_password (new_password) user.save () return redirect ( " / Login / " ) the else : ERR_MSG = ' old password input error ' Content = { 'err_msg': err_msg, } return render(request, 'set_password.html', content)
Properties User objects
username、password
is_staff: whether the user has administrative rights website
is_active: whether to allow user login, set to False, you can stop users from logging in without deleting the user's premise
Extend the default table auth_user
Field auth_user table had a few, I did not approach directly used in the project to use, for example, I want to store the phone number of a user's field, the first thought is certainly one to one association between a table and the table
We can inherit the built-in AbstractUser class, from the definition of a Model class, so that both can be flexible according to the needs of the project design user table, Django can use the strong authentication system
from django.contrib.auth.models import AbstractUser class UserInfo(AbstractUser): """ 用户信息表 """ nid = models.AutoField(primary_key=True) phone = models.CharField(max_length=11, null=True, unique=True) def __str__(self): return self.username
After the expansion of the built-in auth_user above table by the way, be sure to tell Django in settings.py, I now use my newly defined UserInfo table to do user authentication,
# Cited Django comes with the User table, you need to set when inheritance using AUTH_USER_MODEL = " App name .UserInfo "
Once we specify the table new authentication system used, we need to re-create the table in the database, but can not continue to use the original default auth_user the table