想实现一个登陆登出和注册功能的简易网站,但是遇到了csrf forbidden错误,是因为set的cookie和网站的cookie对应不上,查了好多博客以及csrf攻击的一些知识,也是云里雾里的.
https://www.cnblogs.com/freely/p/6928822.html解决了我的问题
首先
Django2.1.1+pycharm
直接上代码.
view.py
from django.shortcuts import render_to_response,render
from django import forms
from django.views.decorators.csrf import csrf_exempt
from article.models import User
from django.http import HttpResponseRedirect,HttpResponse
#my database forms
class UserForm(forms.Form):
username=forms.CharField(label='用户名',max_length=20)
password=forms.CharField(label='密_码',max_length=20)
@csrf_exempt
def register(request):
Method=request.method
if Method=='POST':
usermess=UserForm(request.POST)
print(usermess)
print(usermess.is_valid())
if usermess.is_valid():
username=usermess.cleaned_data['username']
password=usermess.cleaned_data['password']
print(password)
try:
reg=User.objects.filter(username=username).get().username
print(reg)
return render(request,'register.html',{'reg':reg})
except:
regadd=User.objects.create(username=username,passwprd=password)
print(regadd)
return render(request,'register.html',{'regadd':regadd})
else:
usermess=UserForm()
return render(request,'register.html',{'usermess':usermess,'Method':Method})
@csrf_exempt
def login(request):
Method=request.method
if Method=='POST':
usermess=UserForm(request.POST)
print(usermess)
print(usermess.is_valid())
if usermess.is_valid():
username=usermess.cleaned_data['username']
password=usermess.cleaned_data['password']
print(password)
userPassJude=User.objects.filter(username__exact=username,passwprd__exact=password)
print(userPassJude)
if userPassJude:
response=HttpResponseRedirect('/index')
response.set_cookie('cookie_username',username,8000)
return response
else:
return render(request,'login.html')
else:
usermess=UserForm()
return render(request,'login.html',{'usermess':usermess})
def index(request):
username=request.COOKIES.get('cookie_username','')
return render(request,'index.html',{'username':username})
def logout(request):
response=HttpResponse('logout<br><a href="http://127.0.0.1/8000/register">register</a>')
#Sresponse.delete_cookie('cookies_username')
return response
@csrf_exempt之前没加,加上就好了
取消当前函数防跨站请求伪造功能,即便settings中设置了全局中间件。这个虽然不安全,但是木有办法了...csrf_token也加了,但是就是不对...
#register.html
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="UTF-8">
<title>Register</title>
</head>
<body>
{% if Method == 'GET' %}
<form method="post">
{%csrf_token%}
<table>
{{ usermess.as_p }}
</table>
<input type="submit" value="register" name="register">
</form>
{% else %}
{% if regadd %}
{{ username}} is register success
<br>
<a href="http://127.0.0.1:8000/login/">登录</a>
{% else %}
{{ reg }} is exits
<br>
<a href="">注册</a>
{% endif %}
{% endif %}
</body>