输入 用户名和密码,点击立即登录,会 报如下错误
禁止访问 (403)
CSRF验证失败. 相应中断.
Help
Reason given for failure:
CSRF token missing or incorrect.
In general, this can occur when there is a genuine Cross Site Request Forgery, or when Django's CSRF mechanism has not been used correctly. For POST forms, you need to ensure:
Your browser is accepting cookies.
The view function passes a request to the template's render method.
In the template, there is a {% csrf_token %} template tag inside each POST form that targets an internal URL.
If you are not using CsrfViewMiddleware, then you must use csrf_protect on any views that use the csrf_token template tag, as well as those that accept the POST data.
You're seeing the help section of this page because you have DEBUG = True in your Django settings file. Change that to False, and only the initial error message will be displayed.
You can customize this page using the CSRF_FAILURE_VIEW setting.
这是django的一种安全机制
解决办法:
TypeError at /login/
authenticate() takes exactly 0 arguments (2 given)
Request Method: POST
Request URL: http://127.0.0.1:8000/login/
Django Version: 1.9
Exception Type: TypeError
Exception Value:
authenticate() takes exactly 0 arguments (2 given)
Exception Location: C:\Users\hlg\PycharmProjects\MxOnline\apps\users\views.py in login, line 13
Python Executable: C:\Users\hlg\Envs\mxonline\Scripts\python.exe
Python Version: 2.7.12
Python Path:
['C:\\Users\\hlg\\PycharmProjects\\MxOnline\\extra_apps',
'C:\\Users\\hlg\\PycharmProjects\\MxOnline\\apps',
'C:/Users/hlg/PycharmProjects/MxOnline',
'C:\\Program Files\\JetBrains\\PyCharm 2017.1.3\\helpers\\pydev',
'C:\\Users\\hlg\\PycharmProjects\\MxOnline',
'C:\\Users\\hlg\\PycharmProjects\\MxOnline\\extra_apps',
'C:\\Users\\hlg\\PycharmProjects\\MxOnline\\apps',
'C:\\Program Files\\JetBrains\\PyCharm 2017.1.3\\helpers\\pydev',
'C:\\Windows\\system32\\python27.zip',
'C:\\Users\\hlg\\Envs\\mxonline\\DLLs',
'C:\\Users\\hlg\\Envs\\mxonline\\lib',
'C:\\Users\\hlg\\Envs\\mxonline\\lib\\plat-win',
'C:\\Users\\hlg\\Envs\\mxonline\\lib\\lib-tk',
'C:\\Users\\hlg\\Envs\\mxonline\\Scripts',
'c:\\python27\\Lib',
'c:\\python27\\DLLs',
'c:\\python27\\Lib\\lib-tk',
'C:\\Users\\hlg\\Envs\\mxonline',
'C:\\Users\\hlg\\Envs\\mxonline\\lib\\site-packages',
'C:\\Users\\hlg\\Envs\\mxonline\\lib\\site-packages\\odf',
'C:\\Users\\hlg\\Envs\\mxonline\\lib\\site-packages\\odf',
'C:\\Users\\hlg\\Envs\\mxonline\\lib\\site-packages\\odf',
'C:\\Users\\hlg\\Envs\\mxonline\\lib\\site-packages\\odf',
'C:\\Users\\hlg\\Envs\\mxonline\\lib\\site-packages\\odf',
'C:\\Users\\hlg\\Envs\\mxonline\\lib\\site-packages\\odf',
'C:\\Users\\hlg\\Envs\\mxonline\\lib\\site-packages\\odf']
Server time: 星期五, 8 六月 2018 19:04:30 +0800
C:\Users\hlg\PycharmProjects\MxOnline\apps\users\views.py
# _*_ encoding:utf-8 _*_
from django.shortcuts import render
from django.contrib.auth import authenticate, login
from django.contrib.auth.backends import ModelBackend #
from django.db.models import Q # 完成并集
# Create your views here.
from .models import UserProfile #
class CustomBackend(ModelBackend):
def authenticate(self, username=None, password=None, **kwargs):
# 完成自己的逻辑
try:
# user = UserProfile.objects.get(username=username)
user = UserProfile.objects.get(Q(username=username)|Q(email=username))
if user.check_password(password):
return user
except Exception as e:
return None
def user_login(request):
if request.method == "POST":
user_name = request.POST.get("username","")
pass_word = request.POST.get("password","")
user = authenticate(username=user_name, password=pass_word)
if user is not None:
login(request, user) # 这个是系统提供的 login
return render(request, "index.html") # 登录成功,跳转到首页
else:
return render(request, "login.html", {"msg":"用户名或密码错误"}) # 登录失败,跳转到登录页面
elif request.method == "GET":
return render(request, "login.html", {})
C:\Users\hlg\PycharmProjects\MxOnline\templates\index.html
C:\Users\hlg\PycharmProjects\MxOnline\MxOnline\urls.py