Django login implement using exisit mssql (MD5 hash password encode).
536 views
Skip to first unread message
gu...@locust.csie.ncku.edu.tw
Mar 17, 2017, 7:28:31 AM3/17/17
to Django users
I am a starter of Django.
I want to get my user profile(login_name and password) to login.
1.How to encode the password and compare the password in mssql db using MD5 ?
2.How to implement login required without using Django build-in login_required ?
forms.py
class LoginForm(forms.Form):
username = forms.CharField(label='帳號', max_length=10)
password = forms.CharField(label='密碼', widget=forms.PasswordInput())
views.py
def login(request):
if request.method == 'POST':
login_form = forms.LoginForm(request.POST)
if login_form.is_valid():
login_name = request.POST['username'].strip()
login_password = request.POST['password']
try:
user = models.UserProfile.get(login_name = login_name)
if user.password == login_password:
response = redirect('/')
request.session['username'] = user.login_name
request.session['useremail'] = user.email
return redirect('/')
else:
messages.add_message(request,messages.INFO, 'login fail')
except:
messages.add_message(request,messages.INFO, 'can't login')
else:
messages.add_message(request,messages.INFO,'check the content')
else:
login_form = forms.LoginForm()
template = get_template('login.html')
request_context = RequestContext(request)
request_context.push(locals())
html = template.render(request_context)
return HttpResponse(html)
My mssql userprofile model (inspectdb)
class UserProfile(models.Model):
user_id = models.AutoField(primary_key=True)
user_name = models.CharField(max_length=50, blank=True, null=True)
password = models.CharField(max_length=50, blank=True, null=True)
nickname = models.CharField(max_length=50, blank=True, null=True)
gender = models.SmallIntegerField(blank=True, null=True)
email = models.CharField(max_length=100, blank=True, null=True)
regtime = models.DateTimeField(db_column='regTime', blank=True, null=True) # Field name made lowercase.
regip = models.CharField(db_column='regIp', max_length=50, blank=True, null=True) # Field name made lowercase.
role = models.CharField(max_length=50, blank=True, null=True)
postlogs = models.IntegerField(db_column='postLogs', blank=True, null=True) # Field name made lowercase.
postcomms = models.IntegerField(db_column='postComms', blank=True, null=True) # Field name made lowercase.
postmessages = models.IntegerField(db_column='postMessages', blank=True, null=True) # Field name made lowercase.
lastvisittime = models.DateTimeField(db_column='lastVisitTime', blank=True, null=True) # Field name made lowercase.
lastvisitip = models.CharField(db_column='lastVisitIP', max_length=50, blank=True, null=True) # Field name made lowercase.
hashkey = models.CharField(db_column='hashKey', max_length=50, blank=True, null=True) # Field name made lowercase.
birthday = models.CharField(max_length=10, blank=True, null=True)
age = models.IntegerField(blank=True, null=True)
user_image = models.TextField(blank=True, null=True)
class Meta:
db_table = 'user_profile'
def __str__(self):
return self.user_name
I always pop out can't login !!
Andréas Kühne
Mar 17, 2017, 8:25:18 AM3/17/17
to django...@googlegroups.com
Hi,
You shouldn't implement this yourself - use the existing authentication methods for this. See https://docs.djangoproject.com/en/1.10/topics/auth/ for more information on the subject.
Also MD5 hashed passwords would be a very bad security decision - it's simply not safe enough. BUT if you still need to use it - set the password hash to md5 - you will probably need to write that part yourself because of the security issues. When you have done that you can just use the built in methods to check if the login is successful - https://docs.djangoproject.com/en/1.10/topics/auth/default/#auth-web-requests
Regards,
Andréas
--
You received this message because you are subscribed to the Google Groups "Django users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to django-users+unsubscribe@googlegroups.com.
To post to this group, send email to django...@googlegroups.com.
Visit this group at https://groups.google.com/group/django-users.
To view this discussion on the web visit https://groups.google.com/d/msgid/django-users/fc17dea1-2511-4c42-a630-337fe89b1f19%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
ludovic coues
Mar 17, 2017, 10:05:28 AM3/17/17
to django...@googlegroups.com
In fact, django provide both salted and non-salted md5 hash for password.
If you want to use the built-in django auth method and have password
hashed with MD5, add that to your settings.py file:
PASSWORD_HASHERS = [
'django.contrib.auth.hashers.MD5PasswordHasher',
]
For the record, a bit of python shell:
>>> from django.contrib.auth import hashers
>>> print(hashers.MD5PasswordHasher.__doc__)
The Salted MD5 password hashing algorithm (not recommended)
>>> print(hashers.UnsaltedMD5PasswordHasher.__doc__)
Incredibly insecure algorithm that you should *never* use;
stores unsalted
MD5 hashes without the algorithm prefix, also accepts MD5 hashes with an
empty salt.
This class is implemented because Django used to store
passwords this way
and to accept such password hashes. Some older Django installs
still have
these values lingering around so we need to handle and upgrade them
properly.
>> email to django-users...@googlegroups.com.
--
Cordialement, Coues Ludovic
+336 148 743 42
If you want to use the built-in django auth method and have password
hashed with MD5, add that to your settings.py file:
PASSWORD_HASHERS = [
'django.contrib.auth.hashers.MD5PasswordHasher',
]
For the record, a bit of python shell:
>>> from django.contrib.auth import hashers
>>> print(hashers.MD5PasswordHasher.__doc__)
The Salted MD5 password hashing algorithm (not recommended)
>>> print(hashers.UnsaltedMD5PasswordHasher.__doc__)
Incredibly insecure algorithm that you should *never* use;
stores unsalted
MD5 hashes without the algorithm prefix, also accepts MD5 hashes with an
empty salt.
This class is implemented because Django used to store
passwords this way
and to accept such password hashes. Some older Django installs
still have
these values lingering around so we need to handle and upgrade them
properly.
>> To post to this group, send email to django...@googlegroups.com.
>> Visit this group at https://groups.google.com/group/django-users.
>> To view this discussion on the web visit
>> https://groups.google.com/d/msgid/django-users/fc17dea1-2511-4c42-a630-337fe89b1f19%40googlegroups.com.
>> For more options, visit https://groups.google.com/d/optout.
>
>
>> Visit this group at https://groups.google.com/group/django-users.
>> To view this discussion on the web visit
>> https://groups.google.com/d/msgid/django-users/fc17dea1-2511-4c42-a630-337fe89b1f19%40googlegroups.com.
>> For more options, visit https://groups.google.com/d/optout.
>
>
> --
> You received this message because you are subscribed to the Google Groups
> "Django users" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to django-users...@googlegroups.com.
> You received this message because you are subscribed to the Google Groups
> "Django users" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> To post to this group, send email to django...@googlegroups.com.
> Visit this group at https://groups.google.com/group/django-users.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/django-users/CAK4qSCck-h0ik5uReJTxV--R0krjWU%2BanzaJx4gP7ee4Z0S1uA%40mail.gmail.com.
> Visit this group at https://groups.google.com/group/django-users.
> To view this discussion on the web visit
--
Cordialement, Coues Ludovic
+336 148 743 42
Reply all
Reply to author
Forward
0 new messages