参考如下:
1. django 自定义用户user模型的三种方法
1.1 创建基于User 的proxy model,就是使用代理模型
1.2 使用abstractuser扩充fields
试验过,但是总是有报错,应该是哪里设置的问题。
复制代码 代码如下:
profiles/models.py
from django.db import models
from django.contrib.auth.models import AbstractUser
from django.utils.translation import ugettext_lazy as _
# Create your models here.
class KarmaUser(AbstractUser):
karma = models.PositiveIntegerField(_("karma"),default=0,blank=True)
settings.py
AUTH_USER_MODEL = 'profiles.KarmaUser'
1.3.使用一对一关系将相关的模型一个个联系起来,扩充原来的User模型
这很像django 1.5之前的方式.很适用于创建第三方扩充包的场景,松耦合,不会破坏之前项目的结构.
需要此方法的场景:
- 在自己的django prj下,希望有多重user拥有各自很不相同的字段.或许希望有些用户组合起来一些用户的类型字段,并且希望能在模型层面上解决这些问题.
例子如下:
profiles/models.py
复制代码 代码如下:
from django.conf import settings from django.db import models from flavors.models import Flavor class EaterProfile(models.Model): # 默认用户资料 user = models.OneToOneField(settings.AUTH_USER_MODEL) favorite_ice_cream = models.ForeignKey(Flavor,null=True,blank=True) class ScooperProfile(models.Model): user = models.OneToOneField(settings.AUTH_USER_MODEL) scoops_scooped = models.IntegerField(default=0) class InventorProfile(models.Model): user = models.OneToOneField(settings.AUTH_USER_MODEL) flavors_invented = models.ManyToManyField(Flavor,null=True,blank=True)
1.4.继承abstractbaseuser来替代原来的User模型
只有当你对usermodel里面的默认字段不满的时候才要使用,这个方法只保留了passwork,last_login,is_active三个字段。
参考官方文档:
https://docs.djangoproject.com/en/1.7/topics/auth/customizing/
个人认为在我的建站场景中,第二种最合适.正在测试是否可以用抽象类简化模型.待续...
以上3种方法各有优劣,大家根据自己的需求,自由选择吧。
2. OneToOneFiled的具体实现记录
1. 需求: 为了防止暴力破解,要求玩家连续登录5次错误之后帐号锁定10分钟(10分钟后自动解除锁定)。管理员可以手动解除锁定。用户登录成功后错误次数清零。
2. 做好的登录app目录如下:
3. 设计数据库 loginapp/models.py如下:
#-*- encoding:utf-8 -*-
from django.contrib.auth.models import AbstractUser
from django.contrib.auth.models import User
from django.db import models
import datetime
import django.utils.timezone as timezone
class Userotherstatus(models.Model):
user=models.OneToOneField(User,on_delete=models.CASCADE)
is_freezed=models.BooleanField(default=False,help_text=u"帐号是否被冻结")
freezed_time=models.DateTimeField(null=True,blank=True,help_text=u"帐号冻结的时间点")
pass_errnum=models.IntegerField(default=0,help_text=u"密码已经错误次数")
注意:通过 python manage.py migrate将models应用导数据库后,创建用户过后,User模型一对一的Userotherstatus模型对应的数据库表里面没有数据。
解决办法使用 django signal。当我们创建和更新用户实例时,Userotherstatus模块也会被自动创建和更新。
4. signal 实现如下:
参考: https://blog.csdn.net/qq_32506555/article/details/53219036
参考: https://yiyibooks.cn/xx/Django_1.11.6/topics/signals.html
loginapp/signals.py
#-*- encoding: utf-8 -*-
from django.db.models.signals import post_save
from django.contrib.auth.models import User
from .models import Userotherstatus
from django.dispatch import receiver
@receiver(post_save, sender=User)
def creat_user_otherstatus(sender,instance,created,**kwargs):
print "use signal creat"
if created:
Userotherstatus.objects.create(user=instance)
@receiver(post_save, sender=User)
def save_user_otherstatus(sender, instance, **kwargs):
print (" use signal save")
instance.userotherstatus.save()
#
signal 信号注册:
loginapp/apps.py
# -*- coding: utf-8 -*-
from __future__ import unicode_literals
from django.apps import AppConfig
class LoginappConfig(AppConfig):
name = 'loginapp'
def ready(self):
import loginapp.signals
loginapp/__init__.py
default_app_config = 'loginapp.apps.LoginappConfig'
5. 后台views的实现 loginapp/views.py:
思路:
帐号是否锁定》锁定》判断是否过了锁定时间》是》解锁并且错误次数设置为0
否》提示处于锁定状态
》没锁定 》判断错误次数
》都不满足进行登录验证
# -*- coding: utf-8 -*- from __future__ import unicode_literals from django.shortcuts import render from django.http import HttpResponse, HttpResponseRedirect from django.contrib.auth import authenticate,login,logout from django.contrib.auth.models import User # from django.contrib.auth.models import BaseUserManager # from django.contrib.auth.hashers import make_password, check_password # from django.views.generic.base import View import datetime from LoginForm import MyLoginForm from loginapp.models import Userotherstatus from django.views.decorators.csrf import csrf_protect,requires_csrf_token # Create your views here. @requires_csrf_token @csrf_protect def MyLogin(request): lock_time=60 pass_error_limit=5 form = MyLoginForm() if request.method=="POST": print request.path #验证表单 form = MyLoginForm(request.POST) if form.is_valid(): username=request.POST["username"] password=request.POST["password"] #验证用户 try: user_id=User.objects.get(username=username).id print 1111111111111111111111 except Exception: return render(request,'loginapp/login.html',{'form':form,'msg':"用户不存在"}) freezed_time=Userotherstatus.objects.get(user_id=user_id).freezed_time pass_errornum=Userotherstatus.objects.get(user_id=user_id).pass_errnum is_freezed=Userotherstatus.objects.get(user_id=user_id).is_freezed print(freezed_time,pass_errornum,is_freezed) if is_freezed==True and freezed_time: print 2222222222222222222222 print ((datetime.datetime.now() - (freezed_time.replace(tzinfo=None))).total_seconds()) if (datetime.datetime.now()-(freezed_time.replace(tzinfo=None))).total_seconds()>lock_time: print("重置") Userotherstatus.objects.filter(user_id=user_id).update(is_freezed=False,pass_errnum=0) # Userotherstatus.objects.filter(user_id=user_id).update() user=authenticate(username=username,password=password) if user is not None and user.is_active: login(request,user) User.last_login=datetime.datetime.now() return HttpResponse("登录成功") else : return render(request,'loginapp/login.html', {'form':form,'msg':'帐号锁定中,请稍后再尝试,需要解锁请联系管理员!'}) if pass_errornum>=5: print 33333333333333333 Userotherstatus.objects.filter(user_id=user_id).update(is_freezed=True,pass_errnum=0) Userotherstatus.objects.filter(user_id=user_id).update(freezed_time=datetime.datetime.now()) return render(request,'loginapp/login.html', {'form':form,'msg':"密码连续错误5次,帐号已经被锁定"}) else: user=authenticate(username=username,password=password) if user is not None and user.is_active: login(request, user) User.last_login = datetime.datetime.now() Userotherstatus.objects.filter(user_id=user_id).update(is_freezed=False,pass_errnum=0) # Userotherstatus.objects.filter(user_id=user_id).update() return HttpResponse("登录成功") else: print 4444444444444444444444 Userotherstatus.objects.filter(user_id=user_id).update(pass_errnum=(int(pass_errornum)+1)) return render(request, 'loginapp/login.html', {'form': form}) else: return render(request,'loginapp/login.html', {'form':form})
6. 附上 表单 loginapp/LoginForm.py
#-*- encoding: utf-8 -*- from django import forms class MyLoginForm(forms.Form): username=forms.CharField(label="inputUser", max_length=20, error_messages={'required':"请输入用户名"}, widget=forms.TextInput( attrs={ 'placeholder':"User Name", 'required':'True', 'class':'form-control' }) ) password=forms.CharField(label="inputPassword", max_length=100, error_messages={'required':"请输入密码"}, widget=forms.PasswordInput( attrs={ 'placeholder': "Password", 'required':"True", 'class':'form-control', }) )
7. 附上 login.html
<!DOCTYPE html> <html lang="zh-CN"> <head> <meta charset="utf-8"> <meta http-equiv="X-UA-Compatible" content="IE=edge"> <meta name="viewport" content="width=device-width, initial-scale=1"> <!-- 上述3个meta标签*必须*放在最前面,任何其他内容都*必须*跟随其后! --> <meta name="description" content=""> <meta name="author" content=""> <link rel="icon" href="../static/favicon.ico"> <title>Signin Page</title> <!-- Bootstrap core CSS --> <link href="https://cdn.bootcss.com/bootstrap/3.3.7/css/bootstrap.min.css" rel="stylesheet"> <!-- IE10 viewport hack for Surface/desktop Windows 8 bug --> <link href="../static/css/ie10-viewport-bug-workaround.css" rel="stylesheet"> <!-- Custom styles for this template --> <link href="../static/css/signin.css" rel="stylesheet"> <!-- Just for debugging purposes. Don't actually copy these 2 lines! --> <!--[if lt IE 9]><script src="../static/js/ie8-responsive-file-warning.js"></script><![endif]--> <script src="../static/js/ie-emulation-modes-warning.js"></script> <!-- HTML5 shim and Respond.js for IE8 support of HTML5 elements and media queries --> <!--[if lt IE 9]> <script src="https://cdn.bootcss.com/html5shiv/3.7.3/html5shiv.min.js"></script> <script src="https://cdn.bootcss.com/respond.js/1.4.2/respond.min.js"></script> <![endif]--> </head> <body> <div class="container"> <form class="form-signin" action="" method="post"> {% csrf_token %} <h2 class="form-signin-heading">Please sign in</h2> {{form.username.errors}} {{form.username.lable_tag}} {{form.username}} {{form.password.errors}} {{form.password.lable_tag}} {{form.password}} <div class="checkbox"> <label> <input type="checkbox" value="remember-me"> Remember me </label> </div> <button class="btn btn-lg btn-primary btn-block" type="submit">Sign in</button> {{msg}} </form> </div> <!-- /container --> <!-- IE10 viewport hack for Surface/desktop Windows 8 bug --> <script src="../static/js/ie10-viewport-bug-workaround.js"></script> </body> </html> <!--<form class="form-signin" action="" method="post">--> <!--<h2 class="form-signin-heading">Please sign in</h2>--> <!--<label for="inputUser" class="sr-only">User</label>--> <!--<input type="text" id="inputUser" class="form-control" placeholder="User Name" required autofocus>--> <!--<label for="inputPassword" class="sr-only">Password</label>--> <!--<input type="password" id="inputPassword" class="form-control" placeholder="Password" required>--> <!--<div class="checkbox">--> <!--<label>--> <!--<input type="checkbox" value="remember-me"> Remember me--> <!--</label>--> <!--</div>--> <!--<button class="btn btn-lg btn-primary btn-block" type="submit">Sign in</button>--> <!--</form>-->