Using Python to implement web user login and registration functions-Python Tutorial-php.cn

Home

Backend Development

Python Tutorial

Using Python to implement web user login and registration functions

不言

Apr 09, 2018 pm 05:28 PM

python web register

This article mainly introduces the tutorial of using Python to implement web-side user login and registration functions. Friends who need it can refer to it

User management is a problem that most Web websites need to solve. User management involves user registration and login.

User registration is relatively simple. We can first implement the user registration function through the API:

_RE_MD5 = re.compile(r&#39;^[0-9a-f]{32}$&#39;)

@api
@post(&#39;/api/users&#39;)
def register_user():
 i = ctx.request.input(name=&#39;&#39;, email=&#39;&#39;, password=&#39;&#39;)
 name = i.name.strip()
 email = i.email.strip().lower()
 password = i.password
 if not name:
  raise APIValueError(&#39;name&#39;)
 if not email or not _RE_EMAIL.match(email):
  raise APIValueError(&#39;email&#39;)
 if not password or not _RE_MD5.match(password):
  raise APIValueError(&#39;password&#39;)
 user = User.find_first(&#39;where email=?&#39;, email)
 if user:
  raise APIError(&#39;register:failed&#39;, &#39;email&#39;, &#39;Email is already in use.&#39;)
 user = User(name=name, email=email, password=password, image=&#39;http://www.gravatar.com/avatar/%s?d=mm&s=120&#39; % hashlib.md5(email).hexdigest())
 user.insert()
 return user

Copy after login

Note that the user password is passed by the client The 32-bit Hash string calculated by MD5, so the server does not know the user's original password.

Next, you can create a registration page, let users fill in the registration form, and then submit the data to the registered user's API:

{% extends &#39;__base__.html&#39; %}

{% block title %}注册{% endblock %}

{% block beforehead %}

<script>
function check_form() {
 $(&#39;#password&#39;).val(CryptoJS.MD5($(&#39;#password1&#39;).val()).toString());
 return true;
}
</script>

{% endblock %}

{% block content %}

<p class="uk-width-2-3">
 <h1>欢迎注册！</h1>
 <form id="form-register" class="uk-form uk-form-stacked" onsubmit="return check_form()">
  <p class="uk-alert uk-alert-danger uk-hidden"></p>
  <p class="uk-form-row">
   <label class="uk-form-label">名字:</label>
   <p class="uk-form-controls">
    <input name="name" type="text" class="uk-width-1-1">
   </p>
  </p>
  <p class="uk-form-row">
   <label class="uk-form-label">电子邮件:</label>
   <p class="uk-form-controls">
    <input name="email" type="text" class="uk-width-1-1">
   </p>
  </p>
  <p class="uk-form-row">
   <label class="uk-form-label">输入口令:</label>
   <p class="uk-form-controls">
    <input id="password1" type="password" class="uk-width-1-1">
    <input id="password" name="password" type="hidden">
   </p>
  </p>
  <p class="uk-form-row">
   <label class="uk-form-label">重复口令:</label>
   <p class="uk-form-controls">
    <input name="password2" type="password" maxlength="50" placeholder="重复口令" class="uk-width-1-1">
   </p>
  </p>
  <p class="uk-form-row">
   <button type="submit" class="uk-button uk-button-primary"><i class="uk-icon-user"></i> 注册</button>
  </p>
 </form>
</p>

{% endblock %}
Try

Copy after login

This way We have completed the user registration function:

2015430102634859.jpg (560×753)

User login is more complicated than user registration. Since the HTTP protocol is a stateless protocol, and the server wants to track the user status, it can only be achieved through cookies. Most web frameworks provide Session functionality to encapsulate cookies that save user state.

The advantage of Session is that it is simple and easy to use, and user login information can be retrieved directly from Session.

The disadvantage of Session is that the server needs to maintain a mapping table in memory to store user login information. If there are more than two servers, Session needs to be clustered. Therefore, Web App using Session is difficult to expand.

We use the method of directly reading cookies to verify user login. Every time a user accesses any URL, the cookie will be verified. The advantage of this method is to ensure that the server processes any URL in a stateless manner. Can be expanded to multiple servers.

Since the server generates a cookie and sends it to the browser after successful login, it is necessary to ensure that this cookie will not be forged by the client.

The key to realizing anti-forgery cookies is through a one-way algorithm (such as MD5), for example:

When the user enters the correct password and logs in successfully, the server can retrieve the user from the database id, and calculate a string as follows:

"User id" "Expiration time" MD5("User id" "User password" "Expiration time" "SecretKey")

When the browser sends the cookie to the server, the information the server can get includes:

User ID
Expiration time
MD5 value

If the expiration time has not expired, the server searches for the user password based on the user ID and calculates:

MD5(" User id" "User password" "Expiration time" "SecretKey")

and compare it with the MD5 in the browser cookie. If they are equal, it means the user has logged in. Otherwise, the cookie is forged.

The key to this algorithm is that MD5 is a one-way algorithm, that is, MD5 can be calculated from the original string, but the original string cannot be deduced through MD5.

So the login API can be implemented as follows:

@api
@post(&#39;/api/authenticate&#39;)
def authenticate():
  i = ctx.request.input()
  email = i.email.strip().lower()
  password = i.password
  user = User.find_first(&#39;where email=?&#39;, email)
  if user is None:
    raise APIError(&#39;auth:failed&#39;, &#39;email&#39;, &#39;Invalid email.&#39;)
  elif user.password != password:
    raise APIError(&#39;auth:failed&#39;, &#39;password&#39;, &#39;Invalid password.&#39;)
  max_age = 604800
  cookie = make_signed_cookie(user.id, user.password, max_age)
  ctx.response.set_cookie(_COOKIE_NAME, cookie, max_age=max_age)
  user.password = &#39;******&#39;
  return user

# 计算加密cookie:
def make_signed_cookie(id, password, max_age):
  expires = str(int(time.time() + max_age))
  L = [id, expires, hashlib.md5(&#39;%s-%s-%s-%s&#39; % (id, password, expires, _COOKIE_KEY)).hexdigest()]
  return &#39;-&#39;.join(L)

对于每个URL处理函数，如果我们都去写解析cookie的代码，那会导致代码重复很多次。

利用拦截器在处理URL之前，把cookie解析出来，并将登录用户绑定到ctx.request对象上，这样，后续的URL处理函数就可以直接拿到登录用户：

@interceptor(&#39;/&#39;)
def user_interceptor(next):
  user = None
  cookie = ctx.request.cookies.get(_COOKIE_NAME)
  if cookie:
    user = parse_signed_cookie(cookie)
  ctx.request.user = user
  return next()

# 解密cookie:
def parse_signed_cookie(cookie_str):
  try:
    L = cookie_str.split(&#39;-&#39;)
    if len(L) != 3:
      return None
    id, expires, md5 = L
    if int(expires) < time.time():
      return None
    user = User.get(id)
    if user is None:
      return None
    if md5 != hashlib.md5(&#39;%s-%s-%s-%s&#39; % (id, user.password, expires, _COOKIE_KEY)).hexdigest():
      return None
    return user
  except:
    return None
Try

Copy after login

In this way, we have completed the user registration and login functions.

Related recommendations:

Summary of several methods of string connection in python

Detailed explanation of the use of sort method in python

The above is the detailed content of Using Python to implement web user login and registration functions. For more information, please follow other related articles on the PHP Chinese website!

Statement of this Website

The content of this article is voluntarily contributed by netizens, and the copyright belongs to the original author. This site does not assume corresponding legal responsibility. If you find any content suspected of plagiarism or infringement, please contact admin@php.cn

Hot AI Tools

Undresser.AI Undress

AI-powered app for creating realistic nude photos

AI Clothes Remover

Online AI tool for removing clothes from photos.

Undress AI Tool

Undress images for free

Clothoff.io

AI clothes remover

Video Face Swap

Swap faces in any video effortlessly with our completely free AI face swap tool!

Hot Article

How to fix KB5055523 fails to install in Windows 11?

4 weeks ago By DDD

How to fix KB5055518 fails to install in Windows 10?

4 weeks ago By DDD

Roblox: Grow A Garden - Complete Mutation Guide

3 weeks ago By DDD

Roblox: Bubble Gum Simulator Infinity - How To Get And Use Royal Keys

3 weeks ago By 尊渡假赌尊渡假赌尊渡假赌

How to fix KB5055612 fails to install in Windows 10?

3 weeks ago By DDD

Hot Tools

Notepad++7.3.1

Easy-to-use and free code editor

SublimeText3 Chinese version

Chinese version, very easy to use

Zend Studio 13.0.1

Powerful PHP integrated development environment

Dreamweaver CS6

Visual web development tools

SublimeText3 Mac version

God-level code editing software (SublimeText3)

Hot Topics

Java Tutorial

1664

CakePHP Tutorial

1422

Laravel Tutorial

1316

PHP Tutorial

1267

C# Tutorial

1239

Related knowledge

PHP and Python: Different Paradigms Explained Apr 18, 2025 am 12:26 AM

PHP is mainly procedural programming, but also supports object-oriented programming (OOP); Python supports a variety of paradigms, including OOP, functional and procedural programming. PHP is suitable for web development, and Python is suitable for a variety of applications such as data analysis and machine learning.

Choosing Between PHP and Python: A Guide Apr 18, 2025 am 12:24 AM

PHP is suitable for web development and rapid prototyping, and Python is suitable for data science and machine learning. 1.PHP is used for dynamic web development, with simple syntax and suitable for rapid development. 2. Python has concise syntax, is suitable for multiple fields, and has a strong library ecosystem.

PHP and Python: A Deep Dive into Their History Apr 18, 2025 am 12:25 AM

PHP originated in 1994 and was developed by RasmusLerdorf. It was originally used to track website visitors and gradually evolved into a server-side scripting language and was widely used in web development. Python was developed by Guidovan Rossum in the late 1980s and was first released in 1991. It emphasizes code readability and simplicity, and is suitable for scientific computing, data analysis and other fields.

Python vs. JavaScript: The Learning Curve and Ease of Use Apr 16, 2025 am 12:12 AM

Python is more suitable for beginners, with a smooth learning curve and concise syntax; JavaScript is suitable for front-end development, with a steep learning curve and flexible syntax. 1. Python syntax is intuitive and suitable for data science and back-end development. 2. JavaScript is flexible and widely used in front-end and server-side programming.

How to run sublime code python Apr 16, 2025 am 08:48 AM

To run Python code in Sublime Text, you need to install the Python plug-in first, then create a .py file and write the code, and finally press Ctrl B to run the code, and the output will be displayed in the console.

Golang vs. Python: Performance and Scalability Apr 19, 2025 am 12:18 AM

Golang is better than Python in terms of performance and scalability. 1) Golang's compilation-type characteristics and efficient concurrency model make it perform well in high concurrency scenarios. 2) Python, as an interpreted language, executes slowly, but can optimize performance through tools such as Cython.

Where to write code in vscode Apr 15, 2025 pm 09:54 PM

Writing code in Visual Studio Code (VSCode) is simple and easy to use. Just install VSCode, create a project, select a language, create a file, write code, save and run it. The advantages of VSCode include cross-platform, free and open source, powerful features, rich extensions, and lightweight and fast.

How to run python with notepad Apr 16, 2025 pm 07:33 PM

Running Python code in Notepad requires the Python executable and NppExec plug-in to be installed. After installing Python and adding PATH to it, configure the command "python" and the parameter "{CURRENT_DIRECTORY}{FILE_NAME}" in the NppExec plug-in to run Python code in Notepad through the shortcut key "F6".

See all articles