![](https://images.cnblogs.com/OutliningIndicators/ContractedBlock.gif)
![](https://images.cnblogs.com/OutliningIndicators/ExpandedBlockStart.gif)
知识点概要 - Session - CSRF - Model操作 - Form验证(ModelForm) - 中间件 - 缓存 - 信号 内容详细: 1. Session 基于Cookie做用户验证时:敏感信息不适合放在cookie中 a. Session原理 Cookie是保存在用户浏览器端的键值对 Session是保存在服务器端的键值对 b. Cookie和Session对比 c. Session配置(缺少cache) d. 示例:实现两周自动登陆 - request.session.set_expiry(60*10) - SESSION_SAVE_EVERY_REQUEST = True PS: cookie中不设置超时时间,则表示关闭浏览器自动清除 - session依赖于cookie - 服务器session request.session.get() request.session[x] = x request.session.clear() - 配置文件中设置默认操作(通用配置): SESSION_COOKIE_NAME = "sessionid" # Session的cookie保存在浏览器上时的key,即:sessionid=随机字符串(默认) SESSION_COOKIE_PATH = "/" # Session的cookie保存的路径(默认) SESSION_COOKIE_DOMAIN = None # Session的cookie保存的域名(默认) SESSION_COOKIE_SECURE = False # 是否Https传输cookie(默认) SESSION_COOKIE_HTTPONLY = True # 是否Session的cookie只支持http传输(默认) SESSION_COOKIE_AGE = 1209600 # Session的cookie失效日期(2周)(默认) SESSION_EXPIRE_AT_BROWSER_CLOSE = False # 是否关闭浏览器使得Session过期(默认) # set_cookie('k',123) SESSION_SAVE_EVERY_REQUEST = False # 是否每次请求都保存Session,默认修改之后才保存(默认) - 引擎的配置 2. CSRF a. CSRF原理 b. 无CSRF时存在隐患 c. Form提交(CSRF) d. Ajax提交(CSRF) CSRF请求头 X-CSRFToken 6. 中间件 7. 缓存 5种配置 3种应用: 全局 #a. 全站使用 视图函数 #b. 单独视图缓存 模板 #c、局部视图使用 8. 信号 http://www.cnblogs.com/wupeiqi/articles/5246483.html - 内置信号 - 自定义 - 定义信号 - 触发信号 - 信号中注册函数 3. Model操作 a. 字段类型 + 参数 b. 连表字段 + 参数 c. Meta d. SQL操作: - 基本增删改查 - 进阶操作 - 正反查询 - 其他操作 e. 验证(弱) 4. Form操作 http://www.cnblogs.com/wupeiqi/articles/6144178.html 完成: - 验证用户请求 - 生成HTML (保留上一次提交的数据) 自定义: - 类 - 字段(校验) - 插件(生成HTML) 初始化操作: bj = FM(initial=dic) ============= 作业:xxxoo管理 ============= 用户验证:session 新URL:Form验证 中间件:IP过滤 信号:记录操作 CSRF: a. Form验证用户请求 b. Form生成HTML c. Form字段详细(自定义字段,Model...) + 插件 d. 自定义验证(钩子以及__all__) e. 注册示例: 用户名、密码、邮箱、手机号(RegexValidator或RegexField)、性别、爱好、城市 f. 初始化值 5. ModelForm a. Model+Form功能集合 b. save c. save + save_m2m
![](https://images.cnblogs.com/OutliningIndicators/ContractedBlock.gif)
![](https://images.cnblogs.com/OutliningIndicators/ExpandedBlockStart.gif)
def index(request): # 获取、设置、删除Session中数据 request.session['k1'] request.session.get('k1',None) request.session['k1'] = 123 request.session.setdefault('k1',123) # 存在则不设置 del request.session['k1'] request.session.clear() request.session.delete(request.session.session_key) # 所有 键、值、键值对 request.session.keys() request.session.values() request.session.items() request.session.iterkeys() request.session.itervalues() request.session.iteritems() # 用户session的随机字符串 request.session.session_key # 将所有Session失效日期小于当前日期的数据删除 request.session.clear_expired() # 检查 用户session的随机字符串 在数据库中是否 request.session.exists("session_key") # 删除当前用户的所有Session数据 request.session.delete("session_key") request.session.set_expiry(value) * 如果value是个整数,session会在些秒数后失效。 * 如果value是个datatime或timedelta,session就会在这个时间后失效。 * 如果value是0,用户关闭浏览器session就会失效。 * 如果value是None,session会依赖全局session失效策略 SESSION_ENGINE = 'django.contrib.sessions.backends.db' # 引擎(默认) SESSION_COOKIE_NAME = "sessionid" # Session的cookie保存在浏览器上时的key,即:sessionid=随机字符串(默认) SESSION_COOKIE_PATH = "/" # Session的cookie保存的路径(默认) SESSION_COOKIE_DOMAIN = None # Session的cookie保存的域名(默认) SESSION_COOKIE_SECURE = False # 是否Https传输cookie(默认) SESSION_COOKIE_HTTPONLY = True # 是否Session的cookie只支持http传输(默认) SESSION_COOKIE_AGE = 1209600 # Session的cookie失效日期(2周)(默认) SESSION_EXPIRE_AT_BROWSER_CLOSE = False # 是否关闭浏览器使得Session过期(默认) SESSION_SAVE_EVERY_REQUEST = False # 是否每次请求都保存Session,默认修改之后才保存(默认)
![](https://images.cnblogs.com/OutliningIndicators/ContractedBlock.gif)
![](https://images.cnblogs.com/OutliningIndicators/ExpandedBlockStart.gif)
1 from django.db import models 2 # Create your models here. 3 class UserInf(models.Model): 4 user = models.CharField(max_length=32)
![](https://images.cnblogs.com/OutliningIndicators/ContractedBlock.gif)
![](https://images.cnblogs.com/OutliningIndicators/ExpandedBlockStart.gif)
1 from django.shortcuts import render,redirect,HttpResponse 2 def login(request): 3 # from django.conf import settings 4 # print(settings.CSRF_HEADER_NAME) 5 # HTTP_X_CSRFTOKEN 6 # X-CSRFtoken 7 if request.method == "GET": 8 return render(request,'login.html') 9 elif request.method == "POST": 10 user = request.POST.get('user') 11 pwd = request.POST.get('pwd') 12 if user == 'root' and pwd == "123": 13 # session中设置值 14 request.session['username'] = user #1.生成随机字符串 2.写到用户浏览器cookie 3.保存到session中 4.在随机字符串对应的字典中设置相关内容 15 request.session['is_login'] = True 16 if request.POST.get('rmb',None) == '1': 17 # 超时时间 18 request.session.set_expiry(10) 19 return redirect('/index/') 20 else: 21 return render(request,'login.html') 22 from django.views.decorators.csrf import csrf_exempt,csrf_protect 23 @csrf_protect 24 def index(request): 25 # session中获取值,获取当前用户的随机字符串,根据随机字符串获取对应信息 26 if request.session.get('is_login',None): 27 return render(request,'index.html',{'username': request.session['username']}) 28 else: 29 return HttpResponse('gun') 30 def logout(request): 31 # del request.session['username'] 32 request.session.clear() 33 return redirect('/login/') 34 class Foo: 35 def __init__(self,req,html,dic): 36 self.req = req 37 self.html = html 38 self.dic = dic 39 def render(self): 40 # // 创建钩子 41 return render(self.req,self.html,self.dic) 42 def test(request,nid): 43 print('小姨妈-->没带钱') 44 # return render(request, 'index.html', {...}) 45 return Foo(request, 'index.html', {'k1': 'v1'}) 46 from django.views.decorators.cache import cache_page 47 @cache_page(10) #10秒失效,优先级比300秒高 48 def cache(request): 49 import time 50 ctime = time.time() 51 return render(request, 'cache.html', {'ctime': ctime}) 52 def signal(reuqest): 53 from app01 import models 54 obj = models.UserInf(user='root') 55 print('end') 56 obj.save() 57 obj = models.UserInf(user='root') 58 obj.save() 59 obj = models.UserInf(user='root') 60 obj.save() 61 from sg import pizza_done 62 pizza_done.send(sender="asdfasdf",toppings=123, size=456) 63 return HttpResponse('ok') 64 ######################## Form ##################### 65 from django import forms 66 from django.forms import widgets 67 from django.forms import fields 68 class FM(forms.Form): 69 # 字段本身只做验证 70 user = fields.CharField( 71 error_messages={'required': '用户名不能为空.'}, 72 widget=widgets.Textarea(attrs={'class': 'c1'}), 73 label="用户名", 74 ) 75 pwd = fields.CharField( 76 max_length=12, 77 min_length=6, 78 error_messages={'required': '密码不能为空.', 'min_length': '密码长度不能小于6', "max_length": '密码长度不能大于12'}, 79 widget=widgets.PasswordInput(attrs={'class': 'c2'}) 80 ) 81 email = fields.EmailField(error_messages={'required': '邮箱不能为空.','invalid':"邮箱格式错误"}) 82 f = fields.FileField() 83 # p = fields.FilePathField(path='app01') 84 city1 = fields.ChoiceField( 85 choices=[(0,'上海'),(1,'广州'),(2,'东莞')] 86 ) 87 city2 = fields.MultipleChoiceField( 88 choices=[(0,'上海'),(1,'广州'),(2,'东莞')] 89 ) 90 from app01 import models 91 def fm(request): 92 if request.method == "GET": 93 # 从数据库中吧数据获取到 94 dic = { 95 "user": 'r1', 96 'pwd': '123123', 97 'email': 'sdfsd', 98 'city1': 1, 99 'city2': [1,2] 100 } 101 obj = FM(initial=dic) 102 return render(request,'fm.html',{'obj': obj}) 103 elif request.method == "POST": 104 # 获取用户所有数据 105 # 每条数据请求的验证 106 # 成功:获取所有的正确的信息 107 # 失败:显示错误信息 108 obj = FM(request.POST) 109 r1 = obj.is_valid() 110 if r1: 111 # obj.cleaned_data 112 models.UserInf.objects.create(**obj.cleaned_data) 113 else: 114 # ErrorDict 115 # print(obj.errors.as_json()) 116 # print(obj.errors['user'][0]) 117 return render(request,'fm.html', {'obj': obj}) 118 return render(request,'fm.html')
![](https://images.cnblogs.com/OutliningIndicators/ContractedBlock.gif)
![](https://images.cnblogs.com/OutliningIndicators/ExpandedBlockStart.gif)
1 from django.utils.deprecation import MiddlewareMixin 2 class Row1(MiddlewareMixin): 3 def process_request(self,request): 4 print('王森') 5 def process_view(self, request, view_func, view_func_args, view_func_kwargs): 6 print('张欣彤') 7 def process_response(self, request, response): 8 print('扛把子') 9 return response 10 from django.shortcuts import HttpResponse 11 class Row2(MiddlewareMixin): 12 def process_request(self,request): 13 print('程毅强') 14 # return HttpResponse('走') 15 def process_view(self, request, view_func, view_func_args, view_func_kwargs): 16 print('张需要') 17 def process_response(self, request, response): 18 print('侯雅凡') 19 return response 20 class Row3(MiddlewareMixin): 21 def process_request(self,request): 22 print('刘东') 23 def process_view(self, request, view_func, view_func_args, view_func_kwargs): 24 print('邵林') 25 def process_response(self, request, response): 26 print('连之泪') 27 return response 28 def process_exception(self, request, exception): 29 if isinstance(exception,ValueError): 30 return HttpResponse('出现异常》。。') 31 def process_template_response(self,request,response): 32 # 如果Views中的函数返回的对象中,具有render方法 33 print('-----------------------') 34 return response
![](https://images.cnblogs.com/OutliningIndicators/ContractedBlock.gif)
![](https://images.cnblogs.com/OutliningIndicators/ExpandedBlockStart.gif)
1 import pymysql 2 pymysql.install_as_MySQLdb() 3 import sg
![](https://images.cnblogs.com/OutliningIndicators/ContractedBlock.gif)
![](https://images.cnblogs.com/OutliningIndicators/ExpandedBlockStart.gif)
1 import os 2 3 # Build paths inside the project like this: os.path.join(BASE_DIR, ...) 4 BASE_DIR = os.path.dirname(os.path.dirname(os.path.abspath(__file__))) 5 6 7 # Quick-start development settings - unsuitable for production 8 # See https://docs.djangoproject.com/en/1.10/howto/deployment/checklist/ 9 10 # SECURITY WARNING: keep the secret key used in production secret! 11 SECRET_KEY = 'm1ueaxz!w8cgj%mx&!ol#14i3fxbco&_!_6eg@k^$_f29%t4&^' 12 13 # SECURITY WARNING: don't run with debug turned on in production! 14 DEBUG = True 15 16 ALLOWED_HOSTS = [] 17 18 19 # Application definition 20 21 INSTALLED_APPS = [ 22 'django.contrib.admin', 23 'django.contrib.auth', 24 'django.contrib.contenttypes', 25 'django.contrib.sessions', 26 'django.contrib.messages', 27 'django.contrib.staticfiles', 28 'app01', 29 ] 30 from django.middleware.csrf import CsrfViewMiddleware 31 from django.middleware.cache import FetchFromCacheMiddleware 32 from django.middleware.cache import UpdateCacheMiddleware 33 MIDDLEWARE = [ 34 # 'django.middleware.cache.UpdateCacheMiddleware', 35 'django.middleware.security.SecurityMiddleware', 36 'django.contrib.sessions.middleware.SessionMiddleware', 37 'django.middleware.common.CommonMiddleware', 38 'django.middleware.csrf.CsrfViewMiddleware', 39 'django.contrib.auth.middleware.AuthenticationMiddleware', 40 'django.contrib.messages.middleware.MessageMiddleware', 41 'django.middleware.clickjacking.XFrameOptionsMiddleware', 42 # 'Middle.m1.Row1', 43 # 'Middle.m1.Row2', 44 # 'Middle.m1.Row3', 45 # 'django.middleware.cache.FetchFromCacheMiddleware', 46 47 ] 48 49 ROOT_URLCONF = 's14day22.urls' 50 51 TEMPLATES = [ 52 { 53 'BACKEND': 'django.template.backends.django.DjangoTemplates', 54 'DIRS': [os.path.join(BASE_DIR, 'templates')] 55 , 56 'APP_DIRS': True, 57 'OPTIONS': { 58 'context_processors': [ 59 'django.template.context_processors.debug', 60 'django.template.context_processors.request', 61 'django.contrib.auth.context_processors.auth', 62 'django.contrib.messages.context_processors.messages', 63 ], 64 }, 65 }, 66 ] 67 68 WSGI_APPLICATION = 's14day22.wsgi.application' 69 70 71 # Database 72 # https://docs.djangoproject.com/en/1.10/ref/settings/#databases 73 74 DATABASES = { 75 'default': { 76 'ENGINE': 'django.db.backends.sqlite3', 77 'NAME': os.path.join(BASE_DIR, 'db.sqlite3'), 78 } 79 } 80 81 82 # Password validation 83 # https://docs.djangoproject.com/en/1.10/ref/settings/#auth-password-validators 84 85 AUTH_PASSWORD_VALIDATORS = [ 86 { 87 'NAME': 'django.contrib.auth.password_validation.UserAttributeSimilarityValidator', 88 }, 89 { 90 'NAME': 'django.contrib.auth.password_validation.MinimumLengthValidator', 91 }, 92 { 93 'NAME': 'django.contrib.auth.password_validation.CommonPasswordValidator', 94 }, 95 { 96 'NAME': 'django.contrib.auth.password_validation.NumericPasswordValidator', 97 }, 98 ] 99 100 101 # Internationalization 102 # https://docs.djangoproject.com/en/1.10/topics/i18n/ 103 104 LANGUAGE_CODE = 'en-us' 105 106 TIME_ZONE = 'UTC' 107 108 USE_I18N = True 109 110 USE_L10N = True 111 112 USE_TZ = True 113 114 115 # Static files (CSS, JavaScript, Images) 116 # https://docs.djangoproject.com/en/1.10/howto/static-files/ 117 118 STATIC_URL = '/static/' 119 STATICFILES_DIRS = ( 120 os.path.join(BASE_DIR,'static'), 121 ) 122 123 CACHES = { 124 'default': { 125 'BACKEND': 'django.core.cache.backends.filebased.FileBasedCache', 126 'LOCATION': os.path.join(BASE_DIR,'cache') 127 } 128 }
![](https://images.cnblogs.com/OutliningIndicators/ContractedBlock.gif)
![](https://images.cnblogs.com/OutliningIndicators/ExpandedBlockStart.gif)
1 from django.conf.urls import url 2 from django.contrib import admin 3 from app01 import views 4 urlpatterns = [ 5 url(r'^admin/', admin.site.urls), 6 url(r'^login/$', views.login), 7 url(r'^index/$', views.index), 8 url(r'^logout/$', views.logout), 9 url(r'^test/(?P<nid>\d+)$', views.test), 10 url(r'^cache/$', views.cache), 11 url(r'^signal/$', views.signal), 12 url(r'^fm/$', views.fm), 13 ]
![](https://images.cnblogs.com/OutliningIndicators/ContractedBlock.gif)
![](https://images.cnblogs.com/OutliningIndicators/ExpandedBlockStart.gif)
1 {% load cache %} 2 <!DOCTYPE html> 3 <html lang="en"> 4 <head> 5 <meta charset="UTF-8"> 6 <title></title> 7 </head> 8 <body> 9 <h1>{{ ctime }}</h1> 10 <h1>{{ ctime }}</h1> 11 {% cache 10 c1 %} 12 <h1>{{ ctime }}</h1> {# 只缓存这一个 #} 13 {% endcache %} 14 </body> 15 </html>
![](https://images.cnblogs.com/OutliningIndicators/ContractedBlock.gif)
![](https://images.cnblogs.com/OutliningIndicators/ExpandedBlockStart.gif)
1 <!DOCTYPE html> 2 <html lang="en"> 3 <head> 4 <meta charset="UTF-8"> 5 <title></title> 6 </head> 7 <body> 8 <form action="/fm/" method="POST"> 9 {% csrf_token %} 10 <p>{{ obj.user.label }} {{ obj.user }} {{ obj.errors.user.0 }}</p> 11 <p>{{ obj.pwd }} {{ obj.errors.pwd.0 }}</p> 12 <p>{{ obj.email }}{{ obj.errors.email.0 }}</p> 13 <p>{{ obj.f }}{{ obj.errors.f.0 }}</p> 14 {{ obj.city1 }} 15 {{ obj.city2 }} 16 <input type="submit" value="提交" /> 17 </form> 18 </body> 19 </html>
![](https://images.cnblogs.com/OutliningIndicators/ContractedBlock.gif)
![](https://images.cnblogs.com/OutliningIndicators/ExpandedBlockStart.gif)
1 <!DOCTYPE html> 2 <html lang="en"> 3 <head> 4 <meta charset="UTF-8"> 5 <title></title> 6 </head> 7 <body> 8 <h1>欢迎登录:{{ username }}, {{ request.session.username }}</h1> 9 <a href="/logout/">注销</a> 10 </body> 11 </html>
![](https://images.cnblogs.com/OutliningIndicators/ContractedBlock.gif)
![](https://images.cnblogs.com/OutliningIndicators/ExpandedBlockStart.gif)
1 <!DOCTYPE html> 2 <html lang="en"> 3 <head> 4 <meta charset="UTF-8"> 5 <title></title> 6 </head> 7 <body> 8 <form action="/login/" method="POST"> 9 {% csrf_token %} 10 <input type="text" name="user" /> 11 <input type="text" name="pwd" /> 12 <input type="checkbox" name="rmb" value="1" /> 10秒免登录 13 <input type="submit" value="提交" /> 14 <input id="btn1" type="button" value="按钮" /> 15 <input id="btn2" type="button" value="按钮" /> 16 </form> 17 <script src="/static/jquery-1.12.4.js"></script> 18 <script src="/static/jquery.cookie.js"></script> 19 <script> 20 $(function(){ 21 $.ajaxSetup({ 22 beforeSend: function(xhr,settings){ 23 xhr.setRequestHeader('X-CSRFtoken', $.cookie('csrftoken')); 24 } 25 }); 26 $('#btn1').click(function () { 27 $.ajax({ 28 url: '/login/', 29 type:"GET", 30 data: {'user': 'root', 'pwd': '123'}, 31 // headers: {'X-CSRFtoken': $.cookie('csrftoken')}, 32 success:function(arg){ 33 } 34 }) 35 }); 36 }) 37 </script> 38 </body> 39 </html>
![](https://images.cnblogs.com/OutliningIndicators/ContractedBlock.gif)
![](https://images.cnblogs.com/OutliningIndicators/ExpandedBlockStart.gif)
1 from django.core.signals import request_finished 2 from django.core.signals import request_started 3 from django.core.signals import got_request_exception 4 5 from django.db.models.signals import class_prepared 6 from django.db.models.signals import pre_init, post_init 7 from django.db.models.signals import pre_save, post_save 8 from django.db.models.signals import pre_delete, post_delete 9 from django.db.models.signals import m2m_changed 10 from django.db.models.signals import pre_migrate, post_migrate 11 12 from django.test.signals import setting_changed 13 from django.test.signals import template_rendered 14 15 from django.db.backends.signals import connection_created 16 def f1(sender, **kwargs): 17 print("xxoo_callback") 18 # print(sender,kwargs) 19 pre_save.connect(f1) 20 import django.dispatch 21 pizza_done = django.dispatch.Signal(providing_args=["toppings", "size"]) 22 def callback(sender, **kwargs): 23 print("callback") 24 print(sender,kwargs) 25 pizza_done.connect(callback)