Django entered a wrong password five times during login to lock the user for 10 minutes, django Password error

Django entered a wrong password five times during login to lock the user for 10 minutes, django Password error

When I learned about django, I tried to lock the user after login failed, cut the lock time, and found a lot of information on the Internet, but I felt that it was not so reliable, I started my design. In fact, I wanted to use redis at the beginning, but I wanted to develop a simple one. After splitting, I went to split it, this is also very close to the problems we encountered in real development.

My thinking is:

Enter the account and password, and check if you have logged on. The system prompts that you have logged on.

Enter the account password, the number of errors is less than 6, the password verification is successful, the logon time is recorded, the number of errors is cleared, and the logon status is recorded

Enter the account password, the error is greater than six times, the system prompts locking, and the number of errors is recorded

Enter the account password, freeze or not, and a message is displayed.

In this way, we will design our database:

Class User (AbstractUser): avatar = models. imageField (upload_to = 'vaatar/% Y/% m', default = 'vaatar/default/pang ') qq = models. charField (u 'qq number', max_length = 20, blank = True) mobile = models. charField (u'cell phone number', max_length = 11, blank = True, null = True, unique = True) login_sta = models. charField (u'logon locked? ', max_length = 2, default = 0) login_suo = models. dateTimeField (u'logon lock Time') pass_errnum = models. integerField (u'user Password Input times', default = 0) is_login = models. booleanField (default = False) class Meta: verbose_name = u'user 'verbose_name_plural = verbose_name ordering = ['-id'] def _ str _ (self): return self. username

 

Here, the user integrates the default django user for design,

Then we will synchronize our database.

After synchronization, let's take a look at our database,

The overall structure has come out. Let's design our Login User View. Here we still use the object-oriented method to design our login view,

The specific implementation is as follows:

From django. contrib. auth. hashers import make_password, check_passwordfrom django. http import Http404, HttpResponseRedirectfrom django. shortcuts import render, redirectfrom django. views. generic. base import Viewclass LoginView (View): def get (self, request): return render (request, 'login.html ') def post (self, request): next = request. META. get ('HTTP _ referer') username = request. POST. get ('username', None) pa Ssword = request. POST. get ('Password', None) try: user = User. objects. get (username = username) if user. is_login = True: return render (request, 'login.html ', {'msg': 'can only log on to one device at the same time! '}) If user. login_sta = True: return render (request, 'login.html', {'msg ':' the account has been frozen! '}) If (datetime. datetime. now ()-user. login_suo ). total_seconds () <600: return render (request, 'login.html ', {'msg': 'The account cannot log on within 10 minutes after it is locked! '}) If user. pass_errnum> 5: user. login_suo = datetime. datetime. now () return render (request, 'login.html ', {'msg': 'The password has been entered more than 5 times, and the user has been locked for 10 minutes '}) if check_password (password, user. password): request. session ['username'] = username if '/logout' or'/reg 'in next: response = HttpResponseRedirect ('/') else: response = HttpResponseRedirect (next) user. last_login = datetime. datetime. now () user. is_login = True user. pass_errnu M = 0 user. save () response. set_cookie ('username', username, 3600) return response user. pass_errnum + = 1 user. save () return render (request, 'login.html ', {'msg': 'incorrect password'}) failed T: return render(request,'login.html ', {'msg': 'user name does not exist! '})

The overall idea and implementation are discussed in this experiment. Here we add that the previously registered password is stored directly according to the original password, which is not safe, we will use the built-in django for password encryption and decryption.

Let's try our program!

The user has logged on. We can log out of our account on another device.

In this way, the account is locked six times and the lock time is recorded.

In fact, the module we launched is designed as follows:

class LogoutView(View):  def get(self,request):    try:      user = User.objects.get(username__exact=request.session['username'])      user.last_login=datetime.datetime.now()      user.is_login=False      user.save()      del request.session['username']      return render(request,'index.html')    except:      return HttpResponseRedirect('/')

After exiting, we will record the exit and change the logon status. This is a simple way to limit the number of passwords entered during user login.

This simple django restricts the number of password input times when a user logs on. I personally feel very convenient.

This may increase the database pressure due to a large number of users in the future. You can optimize this part to our redis server in the future.

The above is all the content of this article. I hope it will be helpful for your learning and support for helping customers.