django 之 用户忘记密码的解决办法

编程思路:

1.发送修改密码的链接到用户邮箱

2.链接指向密码修改model

3.通过sesson 取得用户对应数据库记录

4.调用修改密码界面,修改密码及保存

5.修改urls.py

附:相关代码

在 view.py 

对应思路编号 1

class ContactForm(forms.Form):            #修改密码
    username = forms.CharField(label='用户名',max_length=100)
    email = forms.EmailField(label='邮箱',max_length=50)
    
    class Meta:
        model = Person
        fields = ('username','email')


def contacts(request):
    if request.method == 'POST':
        form = ContactForm(request.POST)
        if form.is_valid():
            username = form.cleaned_data['username']
            email = form.cleaned_data['email'] 
            user_list_mod = Person.objects.filter(email__exact = email , username__exact = username)
            if user_list_mod:
                user1 = Person.objects.get(email__exact = email)
                code =  user1.mailkey
                send_check_email(email, code)  
            else:
                 return render(request,'register/error.html')
            return render(request,'register/rg_success.html')
    else:
        form = ContactForm()
    return render(request,'contacts.html', {'form':form})

对应思路编号 2

class ModifyUserView(View):
    def get(self, request, modify_code):
    # 用code在数据库中过滤处信息
        code_ck = modify_code

        code_records_ck = Person.objects.filter(mailkey=modify_code)
        if code_records_ck:
          # 通过邮箱查找到对应的用户
            user = Person.objects.get(mailkey=modify_code)
                # 激活用户
                #user.is_active = True
#把获取表单的用户名传递给session对象  
            request.session['code_ck'] = code_ck  
            #return render(request, "register/modifypwd.html",{"msg":"用户激活成功"})

           # content = {'user':user}
               # user.save()
        else:
            return render(request, "register/active_fail.html")
        
        #return render(request,'contacts_ck.html')
        return HttpResponseRedirect('/run_mod_pwd') 

对应思路编号 3

 见以上代码:request.session['code_ck'] = code_ck  


对应思路编号 4
def run_mod_pwd(request):          #开始修改密码
    if request.method == "POST":
        form = ContactFormCk(request.POST)
       

        if form.is_valid():
            password = form.cleaned_data['password'] 
            password2 = form.cleaned_data['password2'] 
            if password == password2:
                user = Person()

                mailkey = request.session.get('code_ck','')   #取得sesson中的邮箱注册码
                user = Person.objects.get(mailkey__exact = mailkey)
                user.password = make_password(password)  # 明文密码经过加密处理
                user.is_active = True
                user.save()
                return render(request,'register/rg_success.html')
            else:
                form = ContactFormCk()  #表单类实例化
    else: #Get 请求
        form = ContactFormCk()  #表单类实例化
   #return render_to_response('register.html',{'form':form})
    return render(request,'contacts_ck.html',{'form':form})

对应思路编号 5

urlpatterns = [
    url(r'^django-admin/', include(admin.site.urls)),

    url(r'^admin/', include(wagtailadmin_urls)),
    url(r'^documents/', include(wagtaildocs_urls)),

    url(r'^search/$', search_views.search, name='search'),


    url(r'^contacts/$', rg_views.contacts, name='contacts'),

 
    url(r'^run_mod_pwd/$', rg_views.run_mod_pwd, name='run_mod_pwd'),



    url(r'^active/(?P<active_code>.*)/$', ActiveUserView.as_view(), name="user_active"), 
#修改密码
    url(r'^modify/(?P<modify_code>.*)/$', ModifyUserView.as_view(), name="user_modify"), 
     # 提取出active后的所有字符赋给active_code

  #url(r'^login/$', include('login.urls')),
    url(r'', include(wagtail_urls)),
    

 

有待思考:

  1.取得用户当前记录,目前是采用核对数据库用户邮件中的随机码与邮件传递的随机码;是否合理?

  2.数据传递过程中,是否存在安全性不足?

 

posted on 2018-02-17 15:47  筱箃  阅读(388)  评论(0编辑  收藏  举报

导航