你还在以明文形式存储密码吗?
优点:自我可见 缺点:不安全,不靠谱,不负责 以下讲述使用Md5对密码进行加密,验证,也有可能被暴力破解,大家可以按key…value的形式加密,增加破解难度!
)1 密码加密我使用的python3+,导入hashlib来操作Md5。
pip install hashlib
register.html
register
#register{
position: absolute;
top: 0px;
width: 88%;
padding: 18px 6% 60px 6%;
margin: 0 0 35px 0;
background: rgb(247, 247, 247);
border: 1px solid rgba(147, 184, 189,0.8);
box-shadow:
0pt 2px 5px rgba(105, 108, 109, 0.7),
0px 0px 8px 5px rgba(208, 223, 226, 0.4) inset;
border-radius: 5px;
}
#register{
z-index: 22;
}
.btn{
margin-left: 120px;
text-align: center;
width: 4%;
}
label{
font-family: 楷体;
}
{% csrf_token %}
注 册
账 号
密 码
确认密码
{{ register_error }}
views
import hashlib
from django.shortcuts import render
def register(request):
if request.method == 'GET':
return render(request, 'register.html')
if request.method == 'POST':
username = request.POST.get('usr')
password = request.POST.get('pwd')
Encry = hashlib.md5() # 实例化md5
Encry.update(password.encode()) # 字符串字节加密
md5_pwd = Encry.hexdigest() # 字符串加密
if username and password and repeat_password:
if password == repeat_password: # 输入密码是否一致
user_project = Users.objects.filter(username=username).first() #库中是否存在此账号
if user_project:
return render(request,'register.html',{'register_error':'账号已存在'})
else:
Users.objects.create(username=username, password=md5_pwd).save() # 保存账号密码
return redirect('/login') # 注册成功,返回登录页
else:
return render(request,'register.html',{'register_error':'两次密码输入不一致'})
注册成功,通过注册账号的案例成功加密,接下来就是验证登录!
login.html
登录
* {
margin: 0;
padding: 0;
}
html {
height: 100%;
}
body {
height: 100%;
}
.container {
height: 100%;
position:relative;min-height:100vh;padding-top:50px;background-color:#f7f7f7;background-image:url(https://assets.shimonote.com/static/lizard-service-form-sdk/assets/bg.8b0775af.png);background-position:bottom;background-repeat:no-repeat;background-size:100% auto;background-attachment:fixed;box-sizing:border-box;;
}
.login-wrapper {
background-color: #fff;
width: 358px;
height: 588px;
border-radius: 15px;
padding: 0 50px;
position: relative;
left: 50%;
top: 50%;
transform: translate(-50%, -50%);
}
.header {
font-size: 38px;
font-weight: bold;
text-align: center;
line-height: 200px;
}
.input-item {
display: block;
width: 100%;
margin-bottom: 20px;
border: 0;
padding: 10px;
border-bottom: 1px solid rgb(128, 125, 125);
font-size: 15px;
outline: none;
}
.btn {
text-align: center;
padding: 10px;
width: 105%;
margin-top: 40px;
background-image: linear-gradient(to right, #a6c1ee, #fbc2eb);
color: #fff;
}
.msg {
text-align: center;
line-height: 88px;
}
a {
text-decoration-line: none;
color: #abc1ee;
font-family: 楷体;
}
p{
font-family: 楷体;
font-size: medium;
text-align: center;
}
{% csrf_token %}
Login
{{ login_error }}
Sign in
Don't have account?
注册
views
# 用户登陆
def login(request):
if request.method == "POST":
# 获取用户通过POST提交过来的数据
user = request.POST.get('usm')
pwd = request.POST.get('pwd')
Encry = hashlib.md5() # 实例化md5
Encry.update(pwd.encode()) # 字符串字节加密
password = Encry.hexdigest() # 字符串加密
if Users.objects.filter(username=user): # 是否有此用户
if Users.objects.filter(username=user)[0].password == password: #判断用户密码是否一致
users = Users.objects.filter(username=user, password=password)
return redirect('next_step/?user={}'.format(user))
else:
return render(request,'login.html',{'login_error':'用户名或密码错误'})
else:
return render(request,'login.html',{'login_error':'用户不存在'})
return render(request, 'login.html')
把前端输入的密码通过加密,判断与数据库保存的密码是否一致,一致就返回成功页面!
)3 修改密码修改密码要注意:因为会输入两个密码,判等的是原密码,修改的是新密码,所以两者都要进行加密!!! change_pwd.html
register
#change_pwd{
position: absolute;
top: 0px;
width: 88%;
padding: 18px 6% 60px 6%;
margin: 0 0 35px 0;
background: rgb(247, 247, 247);
border: 1px solid rgba(147, 184, 189,0.8);
box-shadow:
0pt 2px 5px rgba(105, 108, 109, 0.7),
0px 0px 8px 5px rgba(208, 223, 226, 0.4) inset;
border-radius: 5px;
}
#change_pwd{
z-index: 22;
}
.btn{
margin-left: 120px;
text-align: center;
width: 4%;
}
label{
font-family: 楷体;
}
{% csrf_token %}
修改密码
原 密 码
新 密 码
确认密码
{{ register_error }}
views
# 修改密码
def change_pwd(request):
if request.method == 'GET':
return render(request, 'change_pwd.html')
if request.method == 'POST':
password = request.POST.get('pwd')
old_Encry = hashlib.md5() # 实例化md5
old_Encry.update(password.encode()) # 加密旧密码字节
old_pwd = old_Encry.hexdigest() #加密旧密码
new_password = request.POST.get('new_pwd') # 新密码
repeat_password = request.POST.get('repeat_pwd') #再次输入密码
new_Encry = hashlib.md5() # 实例化md5
new_Encry.update(new_password.encode()) # 加密新密码字节
new_pwd = new_Encry.hexdigest() # 加密新密码
if new_password == repeat_password: # 输入密码是否一致
if Users.objects.filter(username=username,password=old_pwd): #账号密码是否一致
Users.objects.filter(username=username,password=old_pwd).update(password=new_pwd)
return redirect('/login')
else:
return render(request, 'change_pwd.html', {'register_error': '两次密码输入不一致!'})
关于安全问题
一定要严格要求自己,不要觉得方便,无所谓,从而以简代繁!
本文章若对你有帮助,烦请点赞,收藏,关注支持一下! 各位的支持和认可就是我最大的动力!