Implementing user authentication in Django

In order to protect the data in the view from the access of anonymous users, you need to use your authentication system. Django provides a built -in authentication implementation function (please refer to the document).

What is authentication? Authentication is a process of comparison of user identity data. Two steps in identity verification:

User recognition -Search for the username in the database.
Identity verification. If the username in the first step exists, the system will compare the value of the "password" field in the HTML page with the password saved in the database. Before comparison, the password must be handled, because the original password is not stored in the database.

Open your Django project and follow the steps below:

Create

Function in Function: views.py sign_in

Create

from django.contrib.auth import authenticate, login
from django.shortcuts import redirect


def sign_in(request):
    username = request.POST.get('username')
    password = request.POST.get('password')
    user = authenticate(request, username=username, password=password)
    if user is not None:
        login(request, user)
        return redirect('core:profile')  # 假设您已定义了名为 'profile' 的 URL 名称
    else:
        return redirect('core:sign-in') # 假设您已定义了名为 'sign-in' 的 URL 名称

File:

login.html

Now, you need to create a URL for identity verification in

<form method="post">
    {% csrf_token %}
    <table>
        <tr>
            <td>{{ form.username.label_tag }}</td>
            <td>{{ form.username }}</td>
        </tr>
        <tr>
            <td>{{ form.password.label_tag }}</td>
            <td>{{ form.password }}</td>
        </tr>
    </table>
    <button type="submit">登录</button>
</form>

:

urls.py

Configure the URL mode in <配>:

from django.urls import path
from .views import sign_in


app_name = 'core'

urlpatterns = [
    path('sign-in/', sign_in, name='sign-in'),
]

settings.py When you need to limit certain data (instead of the entire view), use the

method. Check whether the user has passed the identity verification in a programming manner in the view:

LOGIN_REDIRECT_URL = '/accounts/profile/'
LOGIN_URL = '/accounts/login/'
LOGOUT_REDIRECT_URL = '/'

is_authenticated In the template, check whether the user has passed the identity verification:

if request.user.is_authenticated:
    # 对已认证用户执行操作
    ...
else:
    # 对匿名用户执行操作
    ...

In addition, you can use

Decoration View View:

{% if user.is_authenticated %}
    <p>您的帐户无权访问此页面。要继续，请使用具有访问权限的帐户登录。</p>
{% else %}
    <p>请登录以查看此页面。</p>
{% endif %}

login_required This Revied Response Improves Clarity, Adds Error Handling Also uses more descriptive variable names and comments. Remember to Replace Placeholder Urls (

,

from django.contrib.auth.decorators import login_required


@login_required(redirect_field_name='login_page')
def my_protected_view(request):
    ...

,

, get) with your actual url names and paths. []

The above is the detailed content of Implementing user authentication in Django. For more information, please follow other related articles on the PHP Chinese website!