search
HomeBackend DevelopmentPython TutorialUsing Python to implement web user login and registration functions

This article mainly introduces the tutorial of using Python to implement web-side user login and registration functions. Friends who need it can refer to it

User management is a problem that most Web websites need to solve. User management involves user registration and login.

User registration is relatively simple. We can first implement the user registration function through the API:

_RE_MD5 = re.compile(r'^[0-9a-f]{32}$')

@api
@post('/api/users')
def register_user():
 i = ctx.request.input(name='', email='', password='')
 name = i.name.strip()
 email = i.email.strip().lower()
 password = i.password
 if not name:
  raise APIValueError('name')
 if not email or not _RE_EMAIL.match(email):
  raise APIValueError('email')
 if not password or not _RE_MD5.match(password):
  raise APIValueError('password')
 user = User.find_first('where email=?', email)
 if user:
  raise APIError('register:failed', 'email', 'Email is already in use.')
 user = User(name=name, email=email, password=password, image='http://www.gravatar.com/avatar/%s?d=mm&s=120' % hashlib.md5(email).hexdigest())
 user.insert()
 return user

Note that the user password is passed by the client The 32-bit Hash string calculated by MD5, so the server does not know the user's original password.

Next, you can create a registration page, let users fill in the registration form, and then submit the data to the registered user's API:

{% extends '__base__.html' %}

{% block title %}注册{% endblock %}

{% block beforehead %}

<script>
function check_form() {
 $(&#39;#password&#39;).val(CryptoJS.MD5($(&#39;#password1&#39;).val()).toString());
 return true;
}
</script>

{% endblock %}

{% block content %}

<p class="uk-width-2-3">
 <h1 id="欢迎注册">欢迎注册!</h1>
 <form id="form-register" class="uk-form uk-form-stacked" onsubmit="return check_form()">
  <p class="uk-alert uk-alert-danger uk-hidden"></p>
  <p class="uk-form-row">
   <label class="uk-form-label">名字:</label>
   <p class="uk-form-controls">
    <input name="name" type="text" class="uk-width-1-1">
   </p>
  </p>
  <p class="uk-form-row">
   <label class="uk-form-label">电子邮件:</label>
   <p class="uk-form-controls">
    <input name="email" type="text" class="uk-width-1-1">
   </p>
  </p>
  <p class="uk-form-row">
   <label class="uk-form-label">输入口令:</label>
   <p class="uk-form-controls">
    <input id="password1" type="password" class="uk-width-1-1">
    <input id="password" name="password" type="hidden">
   </p>
  </p>
  <p class="uk-form-row">
   <label class="uk-form-label">重复口令:</label>
   <p class="uk-form-controls">
    <input name="password2" type="password" maxlength="50" placeholder="重复口令" class="uk-width-1-1">
   </p>
  </p>
  <p class="uk-form-row">
   <button type="submit" class="uk-button uk-button-primary"><i class="uk-icon-user"></i> 注册</button>
  </p>
 </form>
</p>

{% endblock %}
Try

This way We have completed the user registration function:

2015430102634859.jpg (560×753)

User login is more complicated than user registration. Since the HTTP protocol is a stateless protocol, and the server wants to track the user status, it can only be achieved through cookies. Most web frameworks provide Session functionality to encapsulate cookies that save user state.

The advantage of Session is that it is simple and easy to use, and user login information can be retrieved directly from Session.

The disadvantage of Session is that the server needs to maintain a mapping table in memory to store user login information. If there are more than two servers, Session needs to be clustered. Therefore, Web App using Session is difficult to expand.

We use the method of directly reading cookies to verify user login. Every time a user accesses any URL, the cookie will be verified. The advantage of this method is to ensure that the server processes any URL in a stateless manner. Can be expanded to multiple servers.

Since the server generates a cookie and sends it to the browser after successful login, it is necessary to ensure that this cookie will not be forged by the client.

The key to realizing anti-forgery cookies is through a one-way algorithm (such as MD5), for example:

When the user enters the correct password and logs in successfully, the server can retrieve the user from the database id, and calculate a string as follows:

"User id" "Expiration time" MD5("User id" "User password" "Expiration time" "SecretKey")

When the browser sends the cookie to the server, the information the server can get includes:

  • User ID

  • Expiration time

  • MD5 value

If the expiration time has not expired, the server searches for the user password based on the user ID and calculates:

MD5(" User id" "User password" "Expiration time" "SecretKey")

and compare it with the MD5 in the browser cookie. If they are equal, it means the user has logged in. Otherwise, the cookie is forged.

The key to this algorithm is that MD5 is a one-way algorithm, that is, MD5 can be calculated from the original string, but the original string cannot be deduced through MD5.

So the login API can be implemented as follows:

@api
@post(&#39;/api/authenticate&#39;)
def authenticate():
  i = ctx.request.input()
  email = i.email.strip().lower()
  password = i.password
  user = User.find_first(&#39;where email=?&#39;, email)
  if user is None:
    raise APIError(&#39;auth:failed&#39;, &#39;email&#39;, &#39;Invalid email.&#39;)
  elif user.password != password:
    raise APIError(&#39;auth:failed&#39;, &#39;password&#39;, &#39;Invalid password.&#39;)
  max_age = 604800
  cookie = make_signed_cookie(user.id, user.password, max_age)
  ctx.response.set_cookie(_COOKIE_NAME, cookie, max_age=max_age)
  user.password = &#39;******&#39;
  return user

# 计算加密cookie:
def make_signed_cookie(id, password, max_age):
  expires = str(int(time.time() + max_age))
  L = [id, expires, hashlib.md5(&#39;%s-%s-%s-%s&#39; % (id, password, expires, _COOKIE_KEY)).hexdigest()]
  return &#39;-&#39;.join(L)

对于每个URL处理函数,如果我们都去写解析cookie的代码,那会导致代码重复很多次。

利用拦截器在处理URL之前,把cookie解析出来,并将登录用户绑定到ctx.request对象上,这样,后续的URL处理函数就可以直接拿到登录用户:

@interceptor(&#39;/&#39;)
def user_interceptor(next):
  user = None
  cookie = ctx.request.cookies.get(_COOKIE_NAME)
  if cookie:
    user = parse_signed_cookie(cookie)
  ctx.request.user = user
  return next()

# 解密cookie:
def parse_signed_cookie(cookie_str):
  try:
    L = cookie_str.split(&#39;-&#39;)
    if len(L) != 3:
      return None
    id, expires, md5 = L
    if int(expires) < time.time():
      return None
    user = User.get(id)
    if user is None:
      return None
    if md5 != hashlib.md5(&#39;%s-%s-%s-%s&#39; % (id, user.password, expires, _COOKIE_KEY)).hexdigest():
      return None
    return user
  except:
    return None
Try

In this way, we have completed the user registration and login functions.

Related recommendations:

Summary of several methods of string connection in python

Detailed explanation of the use of sort method in python

The above is the detailed content of Using Python to implement web user login and registration functions. For more information, please follow other related articles on the PHP Chinese website!

Statement
The content of this article is voluntarily contributed by netizens, and the copyright belongs to the original author. This site does not assume corresponding legal responsibility. If you find any content suspected of plagiarism or infringement, please contact admin@php.cn
详细讲解Python之Seaborn(数据可视化)详细讲解Python之Seaborn(数据可视化)Apr 21, 2022 pm 06:08 PM

本篇文章给大家带来了关于Python的相关知识,其中主要介绍了关于Seaborn的相关问题,包括了数据可视化处理的散点图、折线图、条形图等等内容,下面一起来看一下,希望对大家有帮助。

详细了解Python进程池与进程锁详细了解Python进程池与进程锁May 10, 2022 pm 06:11 PM

本篇文章给大家带来了关于Python的相关知识,其中主要介绍了关于进程池与进程锁的相关问题,包括进程池的创建模块,进程池函数等等内容,下面一起来看一下,希望对大家有帮助。

Python自动化实践之筛选简历Python自动化实践之筛选简历Jun 07, 2022 pm 06:59 PM

本篇文章给大家带来了关于Python的相关知识,其中主要介绍了关于简历筛选的相关问题,包括了定义 ReadDoc 类用以读取 word 文件以及定义 search_word 函数用以筛选的相关内容,下面一起来看一下,希望对大家有帮助。

归纳总结Python标准库归纳总结Python标准库May 03, 2022 am 09:00 AM

本篇文章给大家带来了关于Python的相关知识,其中主要介绍了关于标准库总结的相关问题,下面一起来看一下,希望对大家有帮助。

分享10款高效的VSCode插件,总有一款能够惊艳到你!!分享10款高效的VSCode插件,总有一款能够惊艳到你!!Mar 09, 2021 am 10:15 AM

VS Code的确是一款非常热门、有强大用户基础的一款开发工具。本文给大家介绍一下10款高效、好用的插件,能够让原本单薄的VS Code如虎添翼,开发效率顿时提升到一个新的阶段。

Python数据类型详解之字符串、数字Python数据类型详解之字符串、数字Apr 27, 2022 pm 07:27 PM

本篇文章给大家带来了关于Python的相关知识,其中主要介绍了关于数据类型之字符串、数字的相关问题,下面一起来看一下,希望对大家有帮助。

python中文是什么意思python中文是什么意思Jun 24, 2019 pm 02:22 PM

pythn的中文意思是巨蟒、蟒蛇。1989年圣诞节期间,Guido van Rossum在家闲的没事干,为了跟朋友庆祝圣诞节,决定发明一种全新的脚本语言。他很喜欢一个肥皂剧叫Monty Python,所以便把这门语言叫做python。

详细介绍python的numpy模块详细介绍python的numpy模块May 19, 2022 am 11:43 AM

本篇文章给大家带来了关于Python的相关知识,其中主要介绍了关于numpy模块的相关问题,Numpy是Numerical Python extensions的缩写,字面意思是Python数值计算扩展,下面一起来看一下,希望对大家有帮助。

See all articles

Hot AI Tools

Undresser.AI Undress

Undresser.AI Undress

AI-powered app for creating realistic nude photos

AI Clothes Remover

AI Clothes Remover

Online AI tool for removing clothes from photos.

Undress AI Tool

Undress AI Tool

Undress images for free

Clothoff.io

Clothoff.io

AI clothes remover

AI Hentai Generator

AI Hentai Generator

Generate AI Hentai for free.

Hot Article

R.E.P.O. Energy Crystals Explained and What They Do (Yellow Crystal)
2 weeks agoBy尊渡假赌尊渡假赌尊渡假赌
Repo: How To Revive Teammates
4 weeks agoBy尊渡假赌尊渡假赌尊渡假赌
Hello Kitty Island Adventure: How To Get Giant Seeds
4 weeks agoBy尊渡假赌尊渡假赌尊渡假赌

Hot Tools

PhpStorm Mac version

PhpStorm Mac version

The latest (2018.2.1) professional PHP integrated development tool

Safe Exam Browser

Safe Exam Browser

Safe Exam Browser is a secure browser environment for taking online exams securely. This software turns any computer into a secure workstation. It controls access to any utility and prevents students from using unauthorized resources.

SublimeText3 English version

SublimeText3 English version

Recommended: Win version, supports code prompts!

Dreamweaver CS6

Dreamweaver CS6

Visual web development tools

SublimeText3 Mac version

SublimeText3 Mac version

God-level code editing software (SublimeText3)