之前是使用自定义的类来实现登录逻辑,现在使用django内置的form表单验证,用继承django的view来实现登录页面。
users > views.py 的内容是:
from django.shortcuts import render, redirect from django.contrib.auth import authenticate, login from django.contrib.auth.backends import ModelBackend from .models import UserProfile from django.db.models import Q from django.views.generic.base import View from .forms import LoginForm # Create your views here. def user_login(request): if request.method == 'GET': return render(request, 'login.html', {}) if request.method == 'POST': user_name = request.POST.get('username', '') pass_word = request.POST.get('password', '') # 成功返回user,失败返回None user = authenticate(username=user_name, password=pass_word) if user is not None: login(request, user) # 直接登录 return redirect('home') else: return render(request, 'login.html', {'msg': '用户名或密码错误。'}) # 实现 用户名和邮箱都可以登录 class CustomBackend(ModelBackend): def authenticate(self, request, username=None, password=None, **kwargs): try: user = UserProfile.objects.get(Q(username=username) | Q(email=username)) if user.check_password(password): return user except Exception as e: return None class LoginView(View): def get(self, request): return render(request, 'login.html', {}) def post(self, request): login_form = LoginForm(request.POST) if login_form.is_valid(): user_name = request.POST.get('username', '') pass_word = request.POST.get('password', '') # 成功返回user,失败返回None user = authenticate(username=user_name, password=pass_word) if user is not None: login(request, user) # 直接登录 return redirect('home') else: return render(request, 'login.html', {'msg': '用户名或密码错误。'}) else: return render(request, 'login.html', {'login_form': login_form})
if login_form.is_valid():
是说如果表单验证通过则进入下一层,表单内容验证不通过则跳出
在users模块中添加forms.py文件,对登录输入的内容做数据校验:
from django import forms class LoginForm(forms.Form): username = forms.CharField(required=True) password = forms.CharField(required=True, min_length=8)
from django.views.generic.base import View
django 中的View,有get和post方法,不用自己去判断了。
login_form = LoginForm(request.POST)
使用 django的Form表单验证,把request.POST来的数据进行校验,比如 密码长度少于8位,则直接返回错误,不进行数据库查询。
最后是urls.py的修改:
from django.contrib import admin from django.urls import path import xadmin from django.views.generic import TemplateView from users.views import LoginView urlpatterns = [ path('xadmin/', xadmin.site.urls), path('', TemplateView.as_view(template_name='index.html'), name='home'), # path('login/', TemplateView.as_view(template_name='login.html'), name='login'), # path('login/', user_login, name='login'), path('login/', LoginView.as_view(), name='login'), ]
LoginView.as_view()
使用LoginView的as_view()方法来实现登录验证和登录逻辑。