基于django开发框架种cookie05-23上
基于代码:
def login(request):
return render(request,"home.html") #给用户一个静态页
@api_view(["POST"])#有页面返回了所以去掉get
def api_login(request):
username = request.POST.get("username")
pwd = request.POST.get("password")
if username is not None and pwd is not None:
if username =='admin'and pwd == "admin":
return render(request,"home.html",context={"username":username})
else:
return render(request, "error.html", context={"msg": "用户名和密码错误"})
else:
return render(request,"error.html",context={"msg":"用户名和密码必填"})
响应回种cookie 请求携带cookie
新内容:响应回种cookie,HttpResponse的方法:
第一个方法:中cookieHttpResponse().set_cookie()#通过响应的cookie回种cookie给请求 这样下次请求就可以带上cookie
需求 登录成功后返回页面 页面携带一个cookie uuid
def login(request):
return render(request,"home.html")
@api_view(["POST"])
def api_login(request):
username = request.POST.get("username")
pwd = request.POST.get("password")
if username is not None and pwd is not None:
if username =='admin'and pwd == "admin":
res = render(request,"home.html",context={"username":username})#返回的url还是login
res.set_cookie('uuid','1')
return res
else:
return render(request, "error.html", context={"msg": "用户名和密码错误"})
else:
return render(request,"error.html",context={"msg":"用户名和密码必填"})
验证效果:127.0.0.1:8000/user/api/login 检查下application-cookies
需求二:登录成功后 实现返回首页 用重定向到首页 引入HttpResponseRedirect
from django.http import HttpResponse,JsonResponse,HttpResponseRedirect(状态码)
user/urls文件增加home.htm页面
from django.urls import path
from users import views
urlpatterns = [
path('hello/', views.hello),
path('login/',views.login),
path('home/',views.home),#增加的页面
path('api/login/',views.api_login),
path('api/logout/',views.api_logout)]
user/views文件增加home请求
def home1(request):
return render(request,'home.html')
@api_view(["POST"])
def api_login(request):
username = request.POST.get("username")
pwd = request.POST.get("password")
if username is not None and pwd is not None:
if username =='admin'and pwd == "admin":
res = HttpResponseRedirect(‘/user/home’)#重定向到首页
res.set_cookid('uid',''1)#种cookie
return res
else:
return render(request, "error.html", context={"msg": "用户名和密码错误"})
else:
return render(request,"error.html",context={"msg":"用户名和密码必填"})
需求三:返回home首页的时候,home接口需要判断登录状态 cookie是否存在;有就在首页 没有就回到登录 未设置cookie失效实际 默认关闭浏览器cookie失效
def home1(request):
if request.COOKIES.get('uid') =='1':
return render(request,'home.html')
else:
return HttpResponseRedirect(‘/user/login’)
@api_view(["POST"])
def api_login(request):
username = request.POST.get("username")
pwd = request.POST.get("password")
if username is not None and pwd is not None:
if username =='admin'and pwd == "admin":
res = HttpResponseRedirect(‘/user/home’)#重定向到首页。 重定向到方法
res.set_cookid('uid',''1)#种cookie
return res
else:
return render(request, "error.html", context={"msg": "用户名和密码错误"})
else:
return render(request,"error.html",context={"msg":"用户名和密码必填"})
需求三:上面cookies没加密
def home1(request):
if request.COOKIES.get('uid') =='1'and request.COOKIE.get('usename')=='admin'and request.COOKIE.get('pwd')=='admin':#因为密码是加密的 所以拿不到密码,只能先解密再加密
return render(request,'home.html')
else:
return HttpResponseRedirect(‘/user/login’)
@api_view(["POST"])
def api_login(request):
username = request.POST.get("username")
pwd = request.POST.get("password")
if username is not None and pwd is not None:
if username =='admin'and pwd == "admin":
res = HttpResponseRedirect(‘/user/home’)#重定向到首页
res.set_cookid('uid','1',httponly=True)#种cookie httponly=True木马程序植入都不会拿到cookie信息
res.set_cookie('username','admin')
#res.set_cookie('pwd','admin')#种的是明文
res.set_signed_cookie('pwd','admin')#种的是加密后的密码 #set_signed_cookie有salt
res.set_signed_cookie('pwd', 'admin','123')#123是盐
return res
else:
return render(request, "error.html", context={"msg": "用户名和密码错误"})
else:
return render(request,"error.html",context={"msg":"用户名和密码必填"})
需求四:数据数据用csv
template文件中增加 是否自动登录
<html lang="en">
<head>
<meta charset="UTF-8">
<title>用户登录</title>
</head>
<body>
<form action="/user/api/login" method="post">#映射到了 api_login
<label>用户名:</label><input name="username">
<br>
<label>用户名:</label><input name="pwd">
<br><br>
<label>自动登录:</label><input name="is_login" type="checkbox">
<br><br>
<button type="submit" name="登录">登录</button>
</form>>
</body>
</html>
项目根目录创建一个data.csv文件,数据存储uid 用户名 密码 安装csv插件 settiings->plugins->搜索csv
views文件内容:
def login(request):
return render(request,'login.html')
def home(request):
if request.COOKIES.get('uid') =='1'and request.COOKIE.get('usename')=='admin'and request.COOKIE.get('pwd')=='admin':#因为密码是加密的 所以拿不到密码,只能先解密再加密
return render(request,'home.html')
else:
return HttpResponseRedirect(‘/user/login’)
@api_view(["POST"])
def api_login(request):
username = request.POST.get("username")
pwd = request.POST.get("password")
if username is not None and pwd is not None:
if username =='admin'and pwd == "admin":
res = HttpResponseRedirect(‘/user/home’)#重定向到首页
res.set_cookid('uid','1',httponly=True)#种cookie httponly=True木马程序植入都不会拿到cookie信息
res.set_cookie('username','admin')
#res.set_cookie('pwd','admin')#种的是明文
res.set_signed_cookie('pwd','admin')#种的是加密后的密码 #set_signed_cookie有salt
res.set_signed_cookie('pwd', 'admin','123')#123是盐
return res
else:
return render(request, "error.html", context={"msg": "用户名和密码错误"})
else:
return render(request,"error.html",context={"msg":"用户名和密码必填"})
路由信息:
from django.urls import path
from users import views
urlpatterns = [
path('hello/', views.hello),
path('login/',views.login),
path('home/',views.home),
path('api/login/',views.api_login),
path('api/logout/',views.api_logout)]
读取csv文件的数据:命名为util.py
import csv
def is_login(username, password):
with open('data.csv')as f: # 打开文件存放在f中
for i in csv.reader(f):
# print(i)
if i[1] == username and pwd == i[2]:
return i[0] # 返回用户id
else:
return None
views文件中引入util文件 import util
def login(request):
return render(request,'login.html')
def home(request):
username = request.COOKIE.get('username')
try:
pwd = request.get_signed_cookie('pwd')
except:
pwd = None
if is_login(username,pwd):
return render(request,'home.html',{'username'=username})
else:
return HttpResponseRedirect(‘/user/login’)
@api_view(["POST"])
def api_login(request):
username = request.POST.get("username")
password= request.POST.get("password")
is_cookie = request.POST.get('is_login')
if username is not None and password is not None:
is_av = is_login(username,password)
if is_av is not None:
res = HttpResponseRedirect(‘/user/home’)#重定向到首页
if is_cookie == on:
res.set_cookid('uid',is_av,httponly=True,max_age=604800)#相对过期时间,expire=’2020-6-30 14:00:00‘绝对过期时间
res.set_cookie('username',username,max_age=604800)
res.set_signed_cookie('pwd',password,max_age=604800)#123是盐
else:
res.set_cookid('uid',is_av,httponly=True,max_age=300)#相对过期时间,expire=’2020-6-30 14:00:00‘绝对过期时间
res.set_cookie('username',username,max_age=300)
res.set_signed_cookie('pwd',password,max_age=300)#123是盐
return res
else:
return render(request, "error.html", context={"msg": "用户名和密码错误"})
else:
return render(request,"error.html",context={"msg":"用户名和密码必填"})
需求 增加注销
template home.html 增加注销
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="UTF-8">
<title>测试平台</title>
</head>
<body>
<h3>欢迎登录测试平台 ,{{ username}}</h3>
<a href="/user/api/logout/">注销</a>>
</body>
</html>
路由urls 增加注销的地址
from django.urls import path
from users import views
urlpatterns = [
path('hello/', views.hello),
path('login/',views.login),
path('home/',views.home),
path('api/login/',views.api_login),
path('api/logout/',views.api_logout)]
views文件中增加 logout接口,目的是删除与登录相关的cookie,跳转到登录页面
@api_view(["POST",”GET“])
def api_logput(request):
res = HttpResponRedirect('user/login')#重定向到登录 然后删除cookie
res.delete_cookie('uid')
res.delete_cookie('username')
res.delete_cookie('pwd')
return res#返回新的登录页面
浙公网安备 33010602011771号