基于django框架下实现登录注册中密码次数限定和手机验证码失效时间
实现原理:
***通过django下的缓存系统cache 配合redis实现***
- 首先在setting文件里配置 cache
REDIS_URI = "redis://:%s@%s:%s/%s" % (REDIS_PASSWORD, REDIS_HOST, REDIS_PORT, REDIS_DB)
CACHES = {
'default': {
'BACKEND': 'django_redis.cache.RedisCache',
'LOCATION': REDIS_URI,
'TIMEOUT': 86400, # 1 day,0缓存将失效,None永不过期
'OPTIONS': {
"CLIENT_CLASS": "django_redis.client.DefaultClient",
# 'MAX_ENTRIES': 1000,
#'CULL_FREQUENCY': 3,
},
"KEY_PREFIX":"" #缓存key的前缀(默认空)
}
}
- 在views里新建login函数, 以下为部分代码
def login(request):
if request.method == 'POST':
user = authenticate(username=username, password=password) # 验证用户
phone_password_error_num = '_' + username + '.'
if not user and user_type == 1:
num = cache.get(phone_password_error_num, 0)
if num >= 3:
return HttpResponse(json.dumps(dict(message='输入的密码连续错误三次以上'))
tomorrow = datetime.date.today() + datetime.timedelta(days=1)
duration = int(time.mktime(tomorrow.timetuple())) - int(time.time())
cache.set(phone_password_error_num, cache.get(phone_password_error_num, 0) + 1, duration)
return HttpResponse(json.dumps(dict(message='手机号或密码错误'))
cache.delete(phone_password_error_num)
if not user and user_type == 2:
login_error_num = '_' + username + '.'
nums = cache.get(login_error_num, 0)
if nums >= 5:
return HttpResponse(json.dumps(dict((message='该账号当日已被禁用'))
# 当日尝试登陆次数+1
tomorrow = datetime.date.today() + datetime.timedelta(days=1)
duration = int(time.mktime(tomorrow.timetuple())) - int(time.time())
cache.set(username_login_error_num, cache.get(login_error_num, 0) + 1, duration)
return HttpResponse(json.dumps(dict((message='手机号或密码错误'))
request.session.flush() # 清除session缓存
_login(request, user) # 登录
request.session.set_expiry(31536000) # 一年有效期