django学习
一、session验证
#注册页面
def login(request):
if request.method =='GET':
return render(request,'login.html')
elif request.method == 'POST':
user = request.POST.get('user')
pwd = request.POST.get('pwd')
email = request.POST.get('email')
if user == '_username_' and pwd == 'pwd':
request.session['username'] = user
return redirect('/index')
else:
return redirect('/login')
else:
return redirect('/login')
#session装饰器
def wrapper(func):
def inner(request,*args,**kwargs):
username = request.session.get('username')
print(username)
if username != '_username_':
return redirect('/login')
return func(request,*args,**kwargs)
return inner
#装饰其他页面
@wrapper
def test(request):
return HttpResponse('yes')
#注销时清空session
@wrapper
def logout(request):
request.session.clear()
return HttpResponse('yes')
2、csrf的使用
1、form表单按照post方式提交时代码
<form action="/login" method="post">
{% csrf_token %}
<input type="text" name="user"/>
<input type="password" name="pwd"/>
<input type="text" name="email"/>
<input type="submit" value="提交"/>
</form>
2、ajax按照post方式提交时的csrf设置
方式一:直接在ajax代码中进行添加
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="UTF-8">
<title>Title</title>
</head>
<body>
<form action="/login" method="post">
{% csrf_token %}
<input id='u' type="text" name="user"/>
<input id="p" type="password" name="pwd"/>
<input id="e" type="text" name="email"/>
<input type="submit" value="提交"/>
<input type="button" id="btn" value="按钮">
</form>
<script src="/static/jquery-3.2.1.js"></script>
<script src="/static/jquery.cookie.js"></script>
<script>
$('#btn').click(function () {
user = $('#u').val()
pwd = $('#p').val()
email = $('#e').val()
$.ajax({
url:'/login',
type:'POST',
data:{'user':user,'pwd':pwd,'email':email},
headers:{'X-CSRFtoken':$.cookie('csrftoken')},
success:function (arg) {
location.href='/index'
}
})
})
</script>
</body>
</html>
#方式二:为所有的ajax代码进行添加
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="UTF-8">
<title>Title</title>
</head>
<body>
<form action="/login" method="post">
{% csrf_token %}
<input id='u' type="text" name="user"/>
<input id="p" type="password" name="pwd"/>
<input id="e" type="text" name="email"/>
<input type="submit" value="提交"/>
<input type="button" id="btn" value="按钮">
</form>
<script src="/static/jquery-3.2.1.js"></script>
<script src="/static/jquery.cookie.js"></script>
<script>
$(function(){
{#为所有的ajax发送请求前发送csrf#}
$.ajaxSetup({
beforeSend:function(xhr,settings){
xhr.setRequestHeader('X-CSRFtoken',$.cookie('csrftoken'))
}
});
$('#btn').click(function () {
user = $('#u').val();
pwd = $('#p').val();
email = $('#e').val();
$.ajax({
url:'/login',
type:'POST',
data:{'user':user,'pwd':pwd,'email':email},
{#headers:{'X-CSRFtoken':$.cookie('csrftoken')},#}
success:function (arg) {
location.href='/index'
}
})
})
})
</script>
</body>
</html>
3、针对单个函数取消csrf的使用
from django.views.decorators.csrf import csrf_exempt,csrf_protect
@csrf_protect
def index(request):
# session中获取值
if request.session.get('is_login',None):
return render(request,'index.html',{'username': request.session['username']})
else:
return HttpResponse('gun')
4、form验证
一、views
import re import json from django import forms from django.forms import fields from django.forms import widgets from django.core.exceptions import ValidationError #自定义验证 def mobile_validate(value): mobile_re = re.compile('^(13[0-9]|15[012356789]|17[678]|18[0-9]|14[57])[0-9]{8}$') if not mobile_re.match(value): raise ValidationError('手机号码格式错误') #定义验证类 class PublishForm(forms.Form): user = fields.CharField( error_messages={'required': '用户名不能为空'}, widget=widgets.TextInput(attrs={'placeholder':'请输入用户名','class':'formControl'}) ) pwd = fields.CharField( max_length=12, min_length=6, error_messages={ 'max_length': '最大长度为12', 'min_length': '最小长度为6', 'required':'密码不能为空' }, widget=widgets.PasswordInput(attrs={'class':'formControl'}) ) email = fields.EmailField( error_messages={'required':'请输入邮箱','invalid':'输入的邮箱格式错误'} ) city = fields.ChoiceField( choices = [('0','上海'),('1','北京'),('2','天津')], initial = '2', ) memo = fields.CharField( max_length=256, initial='详细描述', widget=widgets.Textarea ) user_type_choice = ( (0, '普通用户'), (1, '高级用户'), ) user_type = forms.IntegerField(widget=forms.widgets.Select(choices=user_type_choice, attrs={'class': "form-control"})) phone = forms.CharField(validators=[mobile_validate, ], error_messages={'required': '手机不能为空'}, widget=forms.TextInput(attrs={'class': "form-control",'placeholder':'手机号码'})) from app01 import models @wrapper def fm(request): if request.method == "GET": # 从数据库中吧数据获取到 dic = { "user": 'r1', 'pwd': '123123', 'email': 'sdfsd@qq.com', 'city': '1', 'memo':'你是一个好人', 'user_type':'1', 'phone':'13923456789' } obj = PublishForm(initial=dic) return render(request, 'fm.html', {'obj': obj}) elif request.method == "POST": # 获取用户所有数据 # 每条数据请求的验证 # 成功:获取所有的正确的信息 # 失败:显示错误信息 obj = PublishForm(request.POST) r1 = obj.is_valid() if r1: # obj.cleaned_data models.UserInfo.objects.create(**obj.cleaned_data) return HttpResponse('注册成功') else: # ErrorDict # print(obj.errors.as_json()) # print(obj.errors['user'][0]) return render(request, 'fm.html', {'obj': obj})
二、html
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="UTF-8">
<title>Title</title>
</head>
<body>
<form action="/fm" method="post">
{% csrf_token %}
<p>{{ obj.user }}{{ obj.errors.user.0 }}</p>
<p>{{ obj.user_type }}</p>
<p>{{ obj.pwd }}{{ obj.errors.pwd.0 }}</p>
<p>{{ obj.email }}{{ obj.errors.email.0 }}</p>
<p>{{ obj.city }}</p>
<p>{{ obj.memo }}</p>
<p>{{ obj.hobby }}</p>
<p>{{ obj.phone }}{{ obj.errors.phone.0 }}</p>
<input type="submit" value="提交">
</form>
</body>
</html>
三、models
from django.db import models
# Create your models here.
class UserInfo(models.Model):
user = models.CharField(max_length=32)
pwd = models.CharField(max_length=32)
email = models.CharField(max_length=32)
city = models.CharField(max_length=32)
memo = models.CharField(max_length=256)
user_type = models.CharField(max_length=32)
phone = models.CharField(max_length=32)
5、中间件
一、编辑中间件
from django.utils.deprecation import MiddlewareMixin
class Row1(MiddlewareMixin) :
def process_request(self,request):
print('a')
def process_response(self,request,response):
print('b')
return response
def process_exception(self,exception):
if isinstance(exception,ValueError):
print(exception)
class Row2(MiddlewareMixin) :
def process_request(self,request):
print('c')
def process_response(self,request,response):
print('d')
return response
def process_exception(self,exception):
if isinstance(exception,ValueError):
print(exception)
二、注册中间件
MIDDLEWARE = [
'django.middleware.security.SecurityMiddleware',
'django.contrib.sessions.middleware.SessionMiddleware',
'django.middleware.common.CommonMiddleware',
'django.middleware.csrf.CsrfViewMiddleware',
'django.contrib.auth.middleware.AuthenticationMiddleware',
'django.contrib.messages.middleware.MessageMiddleware',
'django.middleware.clickjacking.XFrameOptionsMiddleware',
'middle.middleware.Row1',
'middle.middleware.Row2',
]
浙公网安备 33010602011771号