Friday, March 17, 2017

Re: Django login implement using exisit mssql (MD5 hash password encode).

Hi,

You shouldn't implement this yourself - use the existing authentication methods for this. See https://docs.djangoproject.com/en/1.10/topics/auth/ for more information on the subject.

Also MD5 hashed passwords would be a very bad security decision - it's simply not safe enough. BUT if you still need to use it - set the password hash to md5 - you will probably need to write that part yourself because of the security issues. When you have done that you can just use the built in methods to check if the login is successful - https://docs.djangoproject.com/en/1.10/topics/auth/default/#auth-web-requests

Regards,

Andréas

2017-03-17 10:47 GMT+01:00 <guoya@locust.csie.ncku.edu.tw>:
I am a starter of Django.
I want to get my user profile(login_name and password) to login.
1.How to encode the password and compare the password in mssql db using MD5 ?
2.How to implement login required without using Django build-in login_required ?

forms.py

class LoginForm(forms.Form):
    username = forms.CharField(label='帳號', max_length=10)
    password = forms.CharField(label='密碼', widget=forms.PasswordInput())

views.py

def login(request):
    if request.method == 'POST':
        login_form = forms.LoginForm(request.POST)
        if login_form.is_valid():
            login_name = request.POST['username'].strip()
            login_password = request.POST['password']
            try:
                user = models.UserProfile.get(login_name = login_name)
                if user.password == login_password:
                    response = redirect('/')
                    request.session['username'] = user.login_name
                    request.session['useremail'] = user.email
                    return redirect('/')
                else:
                    messages.add_message(request,messages.INFO, 'login fail')
            except:
                messages.add_message(request,messages.INFO, 'can't login')
        else:
            messages.add_message(request,messages.INFO,'check the content')
    else:
        login_form = forms.LoginForm()
    template = get_template('login.html')
    request_context = RequestContext(request)
    request_context.push(locals())
    html = template.render(request_context)
    return HttpResponse(html)


My mssql userprofile model (inspectdb)

class UserProfile(models.Model):
    user_id = models.AutoField(primary_key=True)
    user_name = models.CharField(max_length=50, blank=True, null=True)
    password = models.CharField(max_length=50, blank=True, null=True)
    nickname = models.CharField(max_length=50, blank=True, null=True)
    gender = models.SmallIntegerField(blank=True, null=True)
    email = models.CharField(max_length=100, blank=True, null=True)
    regtime = models.DateTimeField(db_column='regTime', blank=True, null=True)  # Field name made lowercase.
    regip = models.CharField(db_column='regIp', max_length=50, blank=True, null=True)  # Field name made lowercase.
    role = models.CharField(max_length=50, blank=True, null=True)
    postlogs = models.IntegerField(db_column='postLogs', blank=True, null=True)  # Field name made lowercase.
    postcomms = models.IntegerField(db_column='postComms', blank=True, null=True)  # Field name made lowercase.
    postmessages = models.IntegerField(db_column='postMessages', blank=True, null=True)  # Field name made lowercase.
    lastvisittime = models.DateTimeField(db_column='lastVisitTime', blank=True, null=True)  # Field name made lowercase.
    lastvisitip = models.CharField(db_column='lastVisitIP', max_length=50, blank=True, null=True)  # Field name made lowercase.
    hashkey = models.CharField(db_column='hashKey', max_length=50, blank=True, null=True)  # Field name made lowercase.
    birthday = models.CharField(max_length=10, blank=True, null=True)
    age = models.IntegerField(blank=True, null=True)
    user_image = models.TextField(blank=True, null=True)

    class Meta:
        db_table = 'user_profile'

    def __str__(self):
        return self.user_name


I always pop out can't login !!

--
You received this message because you are subscribed to the Google Groups "Django users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to django-users+unsubscribe@googlegroups.com.
To post to this group, send email to django-users@googlegroups.com.
Visit this group at https://groups.google.com/group/django-users.
To view this discussion on the web visit https://groups.google.com/d/msgid/django-users/fc17dea1-2511-4c42-a630-337fe89b1f19%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

--
You received this message because you are subscribed to the Google Groups "Django users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to django-users+unsubscribe@googlegroups.com.
To post to this group, send email to django-users@googlegroups.com.
Visit this group at https://groups.google.com/group/django-users.
To view this discussion on the web visit https://groups.google.com/d/msgid/django-users/CAK4qSCck-h0ik5uReJTxV--R0krjWU%2BanzaJx4gP7ee4Z0S1uA%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.
Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)