以form来做,因为form没有写入能力,比较安全
from django.shortcuts import render, HttpResponse, redirect
from app01 import models
from django import forms
from app01.utils.encrypt import md5
#form需自己定义“字段”
class LoginForm(forms.Form):
name = forms.CharField(
label="用户名",
widget = forms.TextInput(attrs={
"class": "form-control"})
)
pwd = forms.CharField(
label="密码",
widget=forms.PasswordInput(attrs={
"class": "form-control"})
)
#数据库中密码md5加密,此处将输入的密码md5化,便于对比
def clean_password(self):
pwd = self.cleaned_data.get("pwd")
return md5(pwd)
def login(request):
"""登录"""
if request.method == "GET":
form = LoginForm()
return render(request, 'login.html', {
'form': form})
form = LoginForm(data=request.POST)
if form.is_valid():
#print(form.cleaned_data)
admin_object = models.Admin.objects.filter(**form.cleaned_data).first()
#form.cleaned_data为字典且键名与数据库中字段命名一致
if not admin_object: #判断语句,添加错误
form.add_error("pwd", "