二)django实现md5加密,解密验证
你还在以明文形式存储密码吗?
优点:自我可见
缺点:不安全,不靠谱,不负责
以下讲述使用Md5对密码进行加密,验证,也有可能被暴力破解,大家可以按key…value的形式加密,增加破解难度!
)1 密码加密
我使用的python3+,导入hashlib来操作Md5。
pip install hashlib
register.html
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="UTF-8">
<title>register</title>
<style>
#register{
position: absolute;
top: 0px;
width: 88%;
padding: 18px 6% 60px 6%;
margin: 0 0 35px 0;
background: rgb(247, 247, 247);
border: 1px solid rgba(147, 184, 189,0.8);
box-shadow:
0pt 2px 5px rgba(105, 108, 109, 0.7),
0px 0px 8px 5px rgba(208, 223, 226, 0.4) inset;
border-radius: 5px;
}
#register{
z-index: 22;
}
.btn{
margin-left: 120px;
text-align: center;
width: 4%;
}
label{
font-family: 楷体;
}
</style>
</head>
<body>
<div id="register" class="animate form">
<form action="" method="post">
{% csrf_token %}
<h1 style="font-family: 楷体"> 注 册 </h1>
<p>
<label for="usernamesignup" class="uname" data-icon="u">账 号</label>
<input id="usernamesignup" name="usr" required="required" type="text" />
</p>
<p>
<label for="passwordsignup" class="form-label">密 码</label>
<input id="passwordsignup" name="pwd" required="required" type="password"/>
</p>
<p>
<label for="passwordsignup_confirm" class="form-label">确认密码</label>
<input id="passwordsignup_confirm" name="pwds" required="required" type="password"/>
</p>
<p style="color: red;margin-left: 100px;font-family: 楷体">{{ register_error }}</p>
<p class="signin button">
<input class="btn" type="submit" value="Sign up"/>
</p>
</form>
</div>
</body>
</html>
views
import hashlib
from django.shortcuts import render
def register(request):
if request.method == 'GET':
return render(request, 'register.html')
if request.method == 'POST':
username = request.POST.get('usr')
password = request.POST.get('pwd')
Encry = hashlib.md5() # 实例化md5
Encry.update(password.encode()) # 字符串字节加密
md5_pwd = Encry.hexdigest() # 字符串加密
if username and password and repeat_password:
if password == repeat_password: # 输入密码是否一致
user_project = Users.objects.filter(username=username).first() #库中是否存在此账号
if user_project:
return render(request,'register.html',{'register_error':'账号已存在'})
else:
Users.objects.create(username=username, password=md5_pwd).save() # 保存账号密码
return redirect('/login') # 注册成功,返回登录页
else:
return render(request,'register.html',{'register_error':'两次密码输入不一致'})
注册成功,通过注册账号的案例成功加密,接下来就是验证登录!
)2 登录验证
login.html
<!DOCTYPE html>
<html lang="en">
<head>
<title>登录</title>
</head>
<style>
* {
margin: 0;
padding: 0;
}
html {
height: 100%;
}
body {
height: 100%;
}
.container {
height: 100%;
position:relative;min-height:100vh;padding-top:50px;background-color:#f7f7f7;background-image:url(https://assets.shimonote.com/static/lizard-service-form-sdk/assets/bg.8b0775af.png);background-position:bottom;background-repeat:no-repeat;background-size:100% auto;background-attachment:fixed;box-sizing:border-box;;
}
.login-wrapper {
background-color: #fff;
width: 358px;
height: 588px;
border-radius: 15px;
padding: 0 50px;
position: relative;
left: 50%;
top: 50%;
transform: translate(-50%, -50%);
}
.header {
font-size: 38px;
font-weight: bold;
text-align: center;
line-height: 200px;
}
.input-item {
display: block;
width: 100%;
margin-bottom: 20px;
border: 0;
padding: 10px;
border-bottom: 1px solid rgb(128, 125, 125);
font-size: 15px;
outline: none;
}
.btn {
text-align: center;
padding: 10px;
width: 105%;
margin-top: 40px;
background-image: linear-gradient(to right, #a6c1ee, #fbc2eb);
color: #fff;
}
.msg {
text-align: center;
line-height: 88px;
}
a {
text-decoration-line: none;
color: #abc1ee;
font-family: 楷体;
}
p{
font-family: 楷体;
font-size: medium;
text-align: center;
}
</style>
<body class="login" data-admin-utc-offset="0">
<div class="container">
<div class="login-wrapper">
<form method= 'post' enctype="multipart/form-data">
{% csrf_token %}
<div class="header">Login</div>
<div class="form-wrapper">
<input type="text" placeholder="账 号" class="input-item" id="inputUsername" name="usm">
<input type="password" placeholder="密 码" class="input-item" id="inputPassword" name="pwd">
<p style="color: red">{{ login_error }}</p>
<button class="btn btn-lg btn-primary btn-block" type="submit" >Sign in</button>
</div>
<div class="msg">
Don't have account?
<a href="/register">注册</a>
</div>
</form>
</div>
</div>
<!-- END Container -->
</body>
</html>
views
# 用户登陆
def login(request):
if request.method == "POST":
# 获取用户通过POST提交过来的数据
user = request.POST.get('usm')
pwd = request.POST.get('pwd')
Encry = hashlib.md5() # 实例化md5
Encry.update(pwd.encode()) # 字符串字节加密
password = Encry.hexdigest() # 字符串加密
if Users.objects.filter(username=user): # 是否有此用户
if Users.objects.filter(username=user)[0].password == password: #判断用户密码是否一致
users = Users.objects.filter(username=user, password=password)
return redirect('next_step/?user={}'.format(user))
else:
return render(request,'login.html',{'login_error':'用户名或密码错误'})
else:
return render(request,'login.html',{'login_error':'用户不存在'})
return render(request, 'login.html')
把前端输入的密码通过加密,判断与数据库保存的密码是否一致,一致就返回成功页面!
)3 修改密码
修改密码要注意:因为会输入两个密码,判等的是原密码,修改的是新密码,所以两者都要进行加密!!!
change_pwd.html
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="UTF-8">
<title>register</title>
<style>
#change_pwd{
position: absolute;
top: 0px;
width: 88%;
padding: 18px 6% 60px 6%;
margin: 0 0 35px 0;
background: rgb(247, 247, 247);
border: 1px solid rgba(147, 184, 189,0.8);
box-shadow:
0pt 2px 5px rgba(105, 108, 109, 0.7),
0px 0px 8px 5px rgba(208, 223, 226, 0.4) inset;
border-radius: 5px;
}
#change_pwd{
z-index: 22;
}
.btn{
margin-left: 120px;
text-align: center;
width: 4%;
}
label{
font-family: 楷体;
}
</style>
</head>
<body>
<div id="change_pwd" class="animate form">
<form action="" method="post">
{% csrf_token %}
<h1 style="font-family: 楷体">修改密码</h1>
<p>
<label for="usernamesignup" class="uname" data-icon="u">原 密 码</label>
<input id="usernamesignup" name="pwd" required="required" type="text" />
</p>
<p>
<label for="passwordsignup" class="form-label">新 密 码</label>
<input id="passwordsignup" name="new_pwd" required="required" type="password"/>
</p>
<p>
<label for="passwordsignup_confirm" class="form-label">确认密码</label>
<input id="passwordsignup_confirm" name="new_pwds" required="required" type="password"/>
</p>
<p style="color: red;margin-left: 100px;font-family: 楷体">{{ register_error }}</p>
<p class="signin button">
<input class="btn" type="submit" value="确认"/>
</p>
</form>
</div>
</body>
</html>
views
# 修改密码
def change_pwd(request):
if request.method == 'GET':
return render(request, 'change_pwd.html')
if request.method == 'POST':
password = request.POST.get('pwd')
old_Encry = hashlib.md5() # 实例化md5
old_Encry.update(password.encode()) # 加密旧密码字节
old_pwd = old_Encry.hexdigest() #加密旧密码
new_password = request.POST.get('new_pwd') # 新密码
repeat_password = request.POST.get('repeat_pwd') #再次输入密码
new_Encry = hashlib.md5() # 实例化md5
new_Encry.update(new_password.encode()) # 加密新密码字节
new_pwd = new_Encry.hexdigest() # 加密新密码
if new_password == repeat_password: # 输入密码是否一致
if Users.objects.filter(username=username,password=old_pwd): #账号密码是否一致
Users.objects.filter(username=username,password=old_pwd).update(password=new_pwd)
return redirect('/login')
else:
return render(request, 'change_pwd.html', {'register_error': '两次密码输入不一致!'})
关于安全问题
一定要严格要求自己,不要觉得方便,无所谓,从而以简代繁!