使用post来提交数据
用户名和密码校正
post提交后的处理
简单的登陆验证
从简单的cookie开始
set_cookie设置cookie get_cookie 获取设置好的信息
cookie_secret签名防止伪造
current_user当前用户
self.current_user
模板中可以使用current_user,默认为None
authenticated 装饰器+login_url搭配使用
转换密码
标准库的使用hashlib.md5
next的跳转
跳转回原来正在访问的url
应用session
引入pycket
pip install pycket
pip install redis
pycket={
'engine': 'redis',
'storage': {
'host': 'localhost',
'port': 6379,
# 'password': '',
'db_sessions': 5, #redis db index
'db_notifications': 11,
'max_connections': 2 ** 30,
},
'cookies': {
'expires_days': 30,
},
}
配置认证相关
application的配置
cookie和session的使用补充
安全注意事项
跨站请求伪造 或 xsrf 是所有web应用程序面临的一个主要问题
用户名校正:
class TemplatesHandler(tornado.web.RequestHandler): def get(self): msg = self.get_argument('msg', '') self.render('02template.html', username='', msg=msg) def post(self): username = self.get_argument('username', '') password = self.get_argument('password', '') if not username.strip() or not password.strip(): self.redirect('/temp?msg=empty password or name') else: print('username [{}] response [{}]'.format(username,password)) if (username == 'qq') and (password == 'qq'): self.redirect('/pic') #匹配成功,跳转新的界面 else: self.redirect('/temp?msg=password error') #匹配失败,重新登录界面 从简单的cookie开始 class TemplatesHandler(tornado.web.RequestHandler): def get(self): username = '' if not self.get_secure_cookie("tudo_cookie"): print("Your cookie was not set yet!") else: username = self.get_secure_cookie("tudo_cookie") next_url = self.get_argument('next','') msg = self.get_argument('msg', '') self.render('02template.html', username=username, msg=msg, next_url=next_url) def post(self): username = self.get_argument('username', '') password = self.get_argument('password', '') next_url = self.get_argument('next','') print('username [{}] response [{}]'.format(username, password)) print('next url [{}] '.format(next_url)) if not username.strip() or not password.strip(): self.redirect('/temp?msg=empty password or name') else: if (username == 'qq') and (password == 'qq'): self.set_secure_cookie("tudo_cookie","qq") if next_url: self.redirect(next_url) else: self.redirect('/pic') #匹配成功,跳转新的界面 else: self.redirect('/temp?msg=password error') #匹配失败,重新登录界面class Cal(object): def sum(self, a, b): return a + bclass ExtendsHandler(tornado.web.RequestHandler): def get_current_user(self): return self.get_secure_cookie('tudo_cookie', None) def haha(self): return "hahaha wo laila" @tornado.web.authenticated def get(self): self.render('04extends.html', username=self.current_user, haha=self.haha, cal=Cal)def make_app(): return tornado.web.Application([ (r"/", MainHandler), #(r"/index", MainHandler), (r"/pic", PictureHandler), (r"/temp", TemplatesHandler), (r"/extends", ExtendsHandler), ], debug=True, template_path='templates', static_path='static', # static_url_prefix='/image/', ui_methods=ui_methods, ui_modules=uimodules, cookie_secret="jksdfkaskdfa;drwqeqwe", login_url='/temp', )template.html 界面 <body>{% if msg%}msg : {{ msg }} <br>{% end %}next : {{ next_url }} <br>{% if username %}My name is {{ username }}.<br> my age is{% else %}please login<form action="/temp" enctype="multipart/form-data" method="post"> Username: <input type="text" name="username" /><br> Password: <input type="text" name="password" /><br> <input type="text" name="next" hidden="" value="{{ next_url }}"/><br> <input type="submit" /></form>{% end %}<h1> footer </h1></body>虚拟机 命令:根目录下执行 ps -ef|grep redis 检查运行的数据库 redis -cli 链接数据库
转载于:https://www.cnblogs.com/wdty/p/10795617.html
