django框架自带用户权限功能,在django.contrib.auth模块下,使用时需要导入该模块。
1、在app下创建一个中间件middleware.py文件,用户拦截并判断用户是否登录,内容如下:
class UserAuthModdleware(object):
def process_request(self, request):
path = request.path
if path == '/userLogin/' or path == '/check_code/' :#不拦截
return None
elif not request.user.is_authenticated():#验证不通过进入登录界面
return render(request,'login.html')
return None
2、在views.py中写用户登录注销函数
from django.contrib.auth import authenticate,login,logout
#用户登录
def userLogin(request):
try:
if request.method == 'POST':
req = request.POST.copy()
username = req.get('username')
password = req.get('password')
checkCode = req.get('check_code')
if checkCode.upper() == request.session['checkCode'].upper():
if username != None and password != None:
#authenticate是django.contrib.auth中验证函数
**newUser = authenticate(username=username, password=password)**
if newUser:
login(request, newUser)
request.session.set_expiry(30 * 60)
return HttpRes