Python 异常值:';QuerySet';对象没有属性';密码';
我收到一个错误查询集对象没有属性“password”。有人能帮我比较用户输入的密码和返回值吗 查询集。 请找到下面的视图.py进行登录Python 异常值:';QuerySet';对象没有属性';密码';,python,django,django-views,Python,Django,Django Views,我收到一个错误查询集对象没有属性“password”。有人能帮我比较用户输入的密码和返回值吗 查询集。 请找到下面的视图.py进行登录 def login(request): if request.method == 'GET': return render (request, 'login.html') else: email = request.POST.get('email') password = request.POST
def login(request):
if request.method == 'GET':
return render (request, 'login.html')
else:
email = request.POST.get('email')
password = request.POST.get('password')
print(email,password)
#Now we will try to match user entered email ID and search it in db(here we Can't use pass because it is in ecrypted mode we can see from admin panel
# to filter result we can use Customer.objects.filter which will return match in list form but we want a single object so better is to use get
# Customer.objects.get(email=email))
#drawback of get is that if result is matched then good else it will give error.
login_customer = Customer.objects.filter(email=email)
print(login_customer)
print('-------')
error = None
if login_customer:
print(email)
flag = check_password(password, login_customer.password)
#if user email ID is exit then we'll Check his password.:)
if flag:
return redirect('home')
else:
print(email, password)
error = 'Entered Email ID OR Password is incorrect'
return render(request, 'login.html',{'error':error})
from django.db import models
##Customer Model Creation.
# Create your models here.
class Customer(models.Model):
first_name = models.CharField(max_length=50)
last_name = models.CharField(max_length=50)
phone = models.CharField(max_length=15)
email = models.EmailField()
password = models.CharField(max_length=250)
def login(request):
if request.method == 'GET':
return render (request, 'login.html')
else:
email = request.POST.get('email')
password = request.POST.get('password')
print(email,password)
#Now we will try to match user entered email ID and search it in db(here we Can't use pass because it is in ecrypted mode we can see from admin panel
# to filter result we can use Customer.objects.filter which will return match in list form but we want a single object so better is to use
# Customer.objects.get(email=email))
#drawback of get is that if result is matched then good else it will give error.so better is to use
login_customer = Customer.objects.get(email=email)
print(login_customer)
print('-------')
error = None
if login_customer:
print(email)
print('+++++')
flag = check_password(password, login_customer.password)
#if user email ID is exit then we'll Check his password.:)
if flag:
return redirect('home')
else:
print(email, password)
error = 'Entered Email ID OR Password is incorrect'
return render(request, 'login.html',{'error':error})
(*flag=check\u password(password,login\u customer.password)*Django version 3.0.2, using settings 'ShaileshShop.settings'
Starting development server at http://127.0.0.1:8000/
Quit the server with CONTROL-C.
sheru@apple.com None
Customer object (42)
-------
sheru@apple.com
+++++
[17/Oct/2020 03:14:26] "POST /login HTTP/1.1" 200 5167
from django.contrib.auth.hashers import make_password,check_password
def signup(request):
if request.method == 'GET':
print(request.method)
return render(request,'signup.html')
else:
postdata=request.POST
first_name = postdata.get('firstname')
last_name = postdata.get('lastname')
phone = postdata.get('PhoneNumber')
email = postdata.get('email')
password = postdata.get('Password')
#Now to store filled data if any error is coming so that User not required to fill it again.####
value={
'first_name' : first_name,
'last_name' : last_name,
'phone' : phone,
'email' : email,
#password not passing :) user need to fill it hahhahaa
}
####Validating above field at server level####
error = None
customer = Customer(first_name=first_name,
last_name=last_name,
phone=phone,
email=email,
password=password)
if not first_name:
error = 'First name is required!!'
elif len(first_name) < 4:
error = 'First Name must be 4 char length'
elif not last_name:
error ='Last Name is required!.'
elif len(last_name) < 4:
error = 'Last Name Must be 4 Character long.'
elif len(phone) < 10:
error ='Mobile number should be of 10 digit.'
elif Customer.objects.filter(phone=phone):
error = "Mobile no is already registered."
elif len(password) < 5:
error ="Password must be 5 Char length."
elif len(email) <6:
error = "Email Id must be more than 6 Character !"
elif Customer.objects.filter(email=email):
error = "Sorry You already have account with this Email ID."
if not error:
print(first_name,last_name,email,password,phone)
customer.password = make_password(customer.password)
customer.save()
#best way is to go into urls.py and define name=hompage because tommorow if we'll upload on production this domain will change.
return redirect('home')
# return redirect('http://127.0.0.1:8000')this is not recommonded
# return render(request,'index.html')#paasing data otherwise product will not shown to us after redirecting to index.
# in this we will not get all product image so we need to check how we can use above data already written code
else:
data = {
'error': error,
'values': value,
}
return render(request,'signup.html', data)
从django.contrib.auth.hasher导入make_密码,检查_密码
def注册(请求):
如果request.method==“GET”:
打印(请求方法)
返回呈现(请求'signup.html')
其他:
postdata=request.POST
first\u name=postdata.get('firstname')
last\u name=postdata.get('lastname')
phone=postdata.get('PhoneNumber')
email=postdata.get('email')
password=postdata.get('password')
#现在,如果出现任何错误,请存储已填充的数据,这样用户就无需再次填充####
价值观={
“名字”:名字,
“姓氏”:姓氏,
“电话”:电话,
“电子邮件”:电子邮件,
#密码未通过:)用户需要填写密码哈哈哈
}
####在服务器级别验证上述字段####
错误=无
客户=客户(名字=名字,
姓氏=姓氏,
电话,
电子邮件=电子邮件,
密码=密码)
如果不是名字:
错误='需要名字!!'
elif len(名字)<4:
错误='名字长度必须为4个字符'
elif非姓氏:
错误=“需要姓氏!”
elif len(姓氏)<4:
错误='姓氏长度必须为4个字符。'
elif len(电话)<10:
错误=“手机号码应为10位。”
elif Customer.objects.filter(电话=电话):
error=“手机号码已注册。”
elif len(密码)<5:
error=“密码长度必须为5个字符。”
elif len(email)您的登录客户
变量是一个查询集,不是您的客户
模型的实例。查询集在概念上类似于列表,在您的情况下,它将是一个客户列表
您已经在第二个视图中对此进行了修复;改用Customer.objects.get
第二个问题是密码管理。如果您查看的文档,您会发现第二个参数需要密码散列,而不是像本例中那样的两个相同字符串
我不给你讲为什么纯文本密码不好。如果您感兴趣,请查看
无论如何,您有两种选择:
(不要这样做!)
使用不安全的纯文本密码,并扔掉检查密码
功能,而不是简单的if/else:
if password == login_customer.password:
return redirect('home')
else:
...
使用django内置的。这需要对代码进行一些重构,但从长远来看,这是一个更好的解决方案
models.py:
from django.contrib.auth.models import AbstractUser
# all other fields are already included in `AbstractUser`
class Customer(AbstractUser):
USERNAME_FIELD = "email"
email = models.EmailField(unique=True, db_index=True)
views.py:
from django.contrib.auth import views
class LoginView(views.LoginView):
template_name = 'login.html'
您还需要更改模板以使用登录表单对象。以下是来自以下方面的示例:
{%csrf_令牌%}
{{form.username.label_tag}
{{form.username}
{{form.password.label_tag}}
{{form.password}}
谢谢!@Elrond支持Monica,在check_password(password,login_customer.password)中,第二个参数仅是来自db的加密参数。如果我使用If password==login\u customer.password:return redirect('home'),我会得到不匹配的密码,因为login\u customer.password是chiper文本形式,密码是用户输入的(纯文本)。@ShaileshYadav您能展示一下如何创建密码哈希吗?我猜您使用的方法与预期的方法不同。@Elrond支持我在django.contrib.auth.hasher中使用的Monica导入make_密码,check_密码例如打印(make_密码('1234'))打印(check_密码('1234','pbkdf2_sha256$180000$gj9Y5muPZKgx$YdcCE+Wvz0AIBwXSa4yNW0piDPJzfJVx46K4uqBCc1c='))在这里,我复制了加密代码,第二次打印时,我们将实现。同时更新注册视图,请检查。它在没有做任何更改的情况下工作,我在Firefox浏览器中尝试过,发现它工作正常,以后在safari中也可以。(这是特定于浏览器的问题,输入密码显示“无”,因此在数据库中存储的“无”=密码之间进行比较)。谢谢!在您的登录视图中,print(login\u customer.password)
?它以加密格式打印给我密码(login\u customer.password)pbkdf2_sha256$180000$BUsJchRCQdo0$S4WD7GNZNMhAT9a7UBu5FX0qra8rHpuZXYG3q+/nniw=(签入数据库也同样通过。)-----------------------------------------------------------------------------------------------------------------------------------------x=生成密码(密码)打印(x)o/p:!Ba41NTEVRFHUpyPu43MHy7ss58a4esWChbIWEp8l
<form method="post" action="{% url 'login' %}">
{% csrf_token %}
<table>
<tr>
<td>{{ form.username.label_tag }}</td>
<td>{{ form.username }}</td>
</tr>
<tr>
<td>{{ form.password.label_tag }}</td>
<td>{{ form.password }}</td>
</tr>
</table>
<input type="submit" value="login">
<input type="hidden" name="next" value="{{ next }}">
</form>