django页面渲染具体流程
在django的页面渲染中,下面这段程序
def test1(request):return render(request,'aa.html',{'data':'wusir'})
等同于
from django.template import loader def test1(request):html = loader.get_template('aa.html')html_str = html.render({'data':'wusir'})return HttpResponse(html_str)
django中自定义simple_tag
1、在app目录下创建一个文件夹名字叫templatetags,名字不能改,在该文件夹下随便建一个xxx.py文件,写入以下代码
from django import template register = template.Library() @register.simple_tag def func(a1,a2): #(参数任意多) .......
2、在前端页面的顶部写上{% load xxx %},然后就可以使用后端所定义的函数{% func 1 2 %}
PS:simple_tag不能作为if后面的判断条件,但是参数任意多
django中自定义filter
1、在app目录下创建一个文件夹名字叫templatetags,名字不能改,在该文件夹下随便建一个xxx.py文件,写入以下代码
from django import template register = template.Library() @register.filter def func(a1,a2): #(参数最多两个) .......
2、在前端页面的顶部写上{% load xxx %},然后就可以使用{ { xxx|func:yyy } } ,xxx,yyy对应两个参数 ,如果函数只有一个
参数,func后面的冒号和后面的参数就不用写了。
PS:能作为if后面的判断条件,但是参数最多两个,并且冒号后面不能加空格
基于FBV、CBV的用户认证装饰器
FBV
def login(request):if request.method == 'GET':return render(request,'login.html')if request.method == 'POST':username = request.POST.get('username')password = request.POST.get('password')obj = User.objects.filter(username=username).first()if not obj:return redirect('/app/login/')if password == obj.pwd:res = redirect('/app/index/')res.set_cookie('username',username)return reselse:return redirect('/app/login/')def auth(func):def inner(request,*args,**kwargs):res = request.COOKIES.get('username')if not res:return redirect('/app/login/')return func(request,*args,**kwargs)return inner@auth def index(request):res = request.COOKIES.get('username')return render(request,'index.html',{'data':res})
CBV
def login(request):if request.method == 'GET':return render(request,'login.html')if request.method == 'POST':username = request.POST.get('username')password = request.POST.get('password')obj = User.objects.filter(username=username).first()if not obj:return redirect('/app/login/')if password == obj.pwd:res = redirect('/app/index/')res.set_cookie('username',username)return reselse:return redirect('/app/login/')def auth(func):def inner(request,*args,**kwargs):res = request.COOKIES.get('username')if not res:return redirect('/app/login/')return func(request,*args,**kwargs)return innerfrom django import views from django.utils.decorators import method_decorator #三种方式:在每个函数上加,在dispatch上加,在类上加装饰器 method_decorator(auth,name='dispatch') class Order(views.View):# @method_decorator(auth)# def dispatch(self, request, *args, **kwargs):# return super(Order, self).dispatch(request, *args, **kwargs)# @method_decorator(auth)def get(self,request):res = request.COOKIES.get('username')# if not res:# return redirect('/app/login/')return render(request,'index.html',{'data':res})
django之Form组件
django中的Form一般有两种功能:
- 输入html
- 验证用户输入
from django import forms class FM(forms.Form):user = forms.CharField(error_messages={'required':'用户名不能为空'})email = forms.CharField(error_messages={'required':'邮箱不能为空','invalid':'邮箱格式错误'})pwd = forms.CharField(max_length=12,min_length=6,error_messages={'required':'密码不能为空','max_length':'最大长度不能超过12','min_length':'最小长度不能低于6'})def test_form(request):if request.method == 'GET':obj = FM()return render(request,'test_form.html',{'obj':obj})elif request.method == 'POST':obj = FM(request.POST)r1 = obj.is_valid()if r1:print(obj.cleaned_data)Person.objects.create(**obj.cleaned_data)else:print(obj.errors)# print(obj.errors.as_json())# print(obj.errors['user'][0])return render(request,'test_form.html',{'obj':obj})return render(request,'test_form.html')
<!DOCTYPE html> <html lang="en"> <head><meta charset="UTF-8"><title>Title</title> </head> <body> {#<form action="/app/test_form/" method="post">#} {# {% csrf_token %}#} {# <p><input type="text" name="user">{{ obj.errors.user.0 }}</p>#} {# <p><input type="email" name="email">{{ obj.errors.email.0 }}</p>#} {# <p><input type="password" name="pwd">{{ obj.errors.pwd.0 }}</p>#} {# <input type="submit" value="提交">#} {#</form>#}{#<form action="/app/test_form/" method="post">#} {# {% csrf_token %}#} {# <p>{{ obj.user }}{{ obj.errors.user.0 }}</p>#} {# <p>{{ obj.email }}{{ obj.errors.email.0 }}</p>#} {# <p>{{ obj.pwd }}{{ obj.errors.pwd.0 }}</p>#} {# <input type="submit" value="提交">#} {#</form>#}<form action="/app/test_form/" method="post">{% csrf_token %} {# 方式一#} {# {{ obj.as_p }}#} {# 方式二#} {# {{ obj.as_ul }}#} {# 方式三#}<table>{{ obj.as_table }}</table><input type="submit" value="提交"> </form></body> </html>
PS:以后使用的时候将forms改成fields,fields里面有一个插件widget,可以定制样式
from django import forms from django.forms import fields from django.forms import widgets class FM(forms.Form):user = fields.CharField(error_messages={'required':'用户名不能为空'},widget=widgets.Textarea(attrs={'class':'c1'}))email = fields.CharField(error_messages={'required':'邮箱不能为空','invalid':'邮箱格式错误'},widget=widgets.PasswordInput)pwd = fields.CharField(max_length=12,min_length=6,error_messages={'required':'密码不能为空','max_length':'最大长度不能超过12','min_length':'最小长度不能低于6'})def test_form(request):if request.method == 'GET':obj = FM()return render(request,'test_form.html',{'obj':obj})elif request.method == 'POST':obj = FM(request.POST)r1 = obj.is_valid()if r1:print(obj.cleaned_data)Person.objects.create(**obj.cleaned_data)else:print(obj.errors)# print(obj.errors.as_json())# print(obj.errors['user'][0])return render(request,'test_form.html',{'obj':obj})return render(request,'test_form.html')
详细内容参考:https://www.cnblogs.com/wupeiqi/articles/6144178.html
跨站请求伪造
一、简介
django为用户实现防止跨站请求伪造的功能,通过中间件 django.middleware.csrf.CsrfViewMiddleware 来完成。而对于django中设置防跨站请求伪造功能有分为全局和局部。
全局:
中间件 django.middleware.csrf.CsrfViewMiddleware
局部:
- @csrf_protect,为当前函数强制设置防跨站请求伪造功能,即便settings中没有设置全局中间件。
- @csrf_exempt,取消当前函数防跨站请求伪造功能,即便settings中设置了全局中间件。
注:from django.views.decorators.csrf import csrf_exempt,csrf_protect
二、应用
1、普通表单
html中设置Token:
{% csrf_token %} 2、Ajax请求
<!DOCTYPE html> <html lang="en"> <head><meta charset="UTF-8"><title>Title</title> </head> <body> <form action="/app/test1/" method="post">{% csrf_token %}<input type="text" placeholder="用户名" name="user"><input type="password" placeholder="密码" name="pwd"><input type="submit" value="提交"><input id="btn" type="button" value="按钮"> </form><script src="/static/jquery-1.12.4.js"></script> <script src="/static/jquery.cookie.js"></script> <script>$('#btn').click(function () { {# 给除GET|HEAD|OPTIONS|TRACE几个方法以外的方法全部设置csrftoken#} {# 过滤方法#}var csrftoken = $.cookie('csrftoken');function csrfSafeMethod(method) {return (/^(GET|HEAD|OPTIONS|TRACE)$/.test(method));} {# 设置csrftoken#}$.ajaxSetup({beforeSend: function(xhr, settings) {if (!csrfSafeMethod(settings.type) && !this.crossDomain) {xhr.setRequestHeader("X-CSRFToken", csrftoken);}}});$.ajax({url:'/app/test1/',type:'GET',data:{'user':'alex'}, {# headers: {'X-CSRFtoken': $.cookie('csrftoken')}, 单个ajax请求设置csrftoken#}success:function (res) {}})}) </script></body> </html>
