19.-哈希算法&注册登录
一、哈希算法
哈希:
给定明文-计算出一段定长的-不可逆的值
定长输出:不管明文输入多少,哈希都是定长的
不可逆:无法反向计算出对应的明文
雪崩效应:输入改变,输出必然变
md5:32位16进制
场景:
1.密码处理
2.文件完整性
用法: import hashlib
import hashlib m = hashlib.md5() #1.生成哈希算法的计算对象
m.update(b'明文串') #2.传入要转换的字符串,必须声明bytes对象
m.hexdigest() #3.输出对应的hash值,十六进制可视字符
m.digest() #3. 输出不可视的hash值 #如果要算一个新的值,需要生成新的update对象,不然会将前后的明文拼接起来输出哈希值
二、登录交互流程图
三、models/视图简单实现
class User(models.Model):
username = models.CharField('用户名', max_length=30, unique=True)
password = models.CharField('密码', max_length=32)
create_time = models.DateTimeField('创建时间', auto_now_add=True)
updata_time = models.DateTimeField('更新时间', auto_now=True)
def __str__(self):
return f'username:{self.username}'
def register_view(request): if request.method == 'GET': return render(request, 'user/register.html') if request.method == 'POST': username = request.POST.get('username') password = request.POST.get('password') password_verify = request.POST.get('password_verify') # 判断两次密码是否一致 if password != password_verify: return HttpResponse('两次输入密码不一致') # 当前用户名是否可用 old_users = User.objects.filter(username=username) if old_users: return HttpResponse('当前用户名已经注册') # 哈希算法转换密码 hash = hashlib.md5() hash.update(password.encode()) hash_pwd = hash.hexdigest() # 插入数据 try: user = User.objects.create(username=username, password=hash_pwd) except Exception as e: # 有可能报错,重复插入 唯一索引注意并发写入问题,所以有唯一索引一定要try一下 logger.error(f'register create user info {e}') return HttpResponse('当前用户名已经注册') # 存储 session / 免登录一天 request.session['username'] = username request.session['uid'] = user.id # 修改session 有效期为1天 return HttpResponseRedirect('/index') def login_view(request): if request.method == 'GET': # 检查登录状态,如果登录了,显示已登录 if request.session.get('username') and request.session.get('uid'): return HttpResponseRedirect('/index') # 检查cookie c_username = request.COOKIES.get('username') c_uid = request.COOKIES.get('uid') if c_username and c_uid: # 回写session request.session['username'] = c_username request.session['uid'] = c_uid return HttpResponseRedirect('/index') return render(request, 'user/login.html') if request.method == 'POST': # 处理数据 username = request.POST.get('username') password = request.POST.get('password') # 比对用户名 try: user = User.objects.get(username=username) except Exception as e: logger.error(f'longin user {e}') return HttpResponse(f'用户名或密码不正确') # 判断密码 # 哈希算法转换密码 hash = hashlib.md5() hash.update(password.encode()) # 密码比对 if hash.hexdigest() != user.password: return HttpResponse('用户名或密码错误') # 记录会话状态 request.session['username'] = username request.session['uid'] = user.id # 判断用户是否选中了记住当前用户 # -> cookies 存储username.id 3天 resp = HttpResponseRedirect('/index') if 'remember' in request.POST: resp.set_cookie('username', username, 3600 * 24 * 3) resp.set_cookie('uid', user.id, 3600 * 24 * 3) return resp def logout_viwe(request): if 'username' in request.session: del request.session['username'] if 'uid' in request.session: del request.session['uid'] resp = HttpResponseRedirect('/index') if 'username' in request.COOKIES: resp.delete_cookie('username') if 'uid' in request.COOKIES: resp.delete_cookie('uid') return resp
风月都好看,人间也浪漫.
