django 之 用户忘记密码的解决办法
编程思路:
1.发送修改密码的链接到用户邮箱
2.链接指向密码修改model
3.通过sesson 取得用户对应数据库记录
4.调用修改密码界面,修改密码及保存
5.修改urls.py
附:相关代码
在 view.py
对应思路编号 1
class ContactForm(forms.Form): #修改密码 username = forms.CharField(label='用户名',max_length=100) email = forms.EmailField(label='邮箱',max_length=50) class Meta: model = Person fields = ('username','email') def contacts(request): if request.method == 'POST': form = ContactForm(request.POST) if form.is_valid(): username = form.cleaned_data['username'] email = form.cleaned_data['email'] user_list_mod = Person.objects.filter(email__exact = email , username__exact = username) if user_list_mod: user1 = Person.objects.get(email__exact = email) code = user1.mailkey send_check_email(email, code) else: return render(request,'register/error.html') return render(request,'register/rg_success.html') else: form = ContactForm() return render(request,'contacts.html', {'form':form})
对应思路编号 2
class ModifyUserView(View): def get(self, request, modify_code): # 用code在数据库中过滤处信息 code_ck = modify_code code_records_ck = Person.objects.filter(mailkey=modify_code) if code_records_ck: # 通过邮箱查找到对应的用户 user = Person.objects.get(mailkey=modify_code) # 激活用户 #user.is_active = True #把获取表单的用户名传递给session对象 request.session['code_ck'] = code_ck #return render(request, "register/modifypwd.html",{"msg":"用户激活成功"}) # content = {'user':user} # user.save() else: return render(request, "register/active_fail.html") #return render(request,'contacts_ck.html') return HttpResponseRedirect('/run_mod_pwd')
对应思路编号 3
见以上代码:request.session['code_ck'] = code_ck
对应思路编号 4
def run_mod_pwd(request): #开始修改密码 if request.method == "POST": form = ContactFormCk(request.POST) if form.is_valid(): password = form.cleaned_data['password'] password2 = form.cleaned_data['password2'] if password == password2: user = Person() mailkey = request.session.get('code_ck','') #取得sesson中的邮箱注册码 user = Person.objects.get(mailkey__exact = mailkey) user.password = make_password(password) # 明文密码经过加密处理 user.is_active = True user.save() return render(request,'register/rg_success.html') else: form = ContactFormCk() #表单类实例化 else: #Get 请求 form = ContactFormCk() #表单类实例化 #return render_to_response('register.html',{'form':form}) return render(request,'contacts_ck.html',{'form':form})
对应思路编号 5
urlpatterns = [ url(r'^django-admin/', include(admin.site.urls)), url(r'^admin/', include(wagtailadmin_urls)), url(r'^documents/', include(wagtaildocs_urls)), url(r'^search/$', search_views.search, name='search'), url(r'^contacts/$', rg_views.contacts, name='contacts'), url(r'^run_mod_pwd/$', rg_views.run_mod_pwd, name='run_mod_pwd'), url(r'^active/(?P<active_code>.*)/$', ActiveUserView.as_view(), name="user_active"), #修改密码 url(r'^modify/(?P<modify_code>.*)/$', ModifyUserView.as_view(), name="user_modify"), # 提取出active后的所有字符赋给active_code #url(r'^login/$', include('login.urls')), url(r'', include(wagtail_urls)),
有待思考:
1.取得用户当前记录,目前是采用核对数据库用户邮件中的随机码与邮件传递的随机码;是否合理?
2.数据传递过程中,是否存在安全性不足?