我已经为我的网站创建了一个登录页面,但是当我手动输入像http://127.0.0.1:8000/home/这样的URL时,即使他们还没有登录,它也会将他们重定向到主页,我如何防止这种情况发生?
Views.py
def login_user(request):
if request.method == "POST":
username = request.POST['username']
password = request.POST['password']
user = authenticate(request, username=username, password=password)
if user is not None and user.is_admin:
login(request, user)
messages.success(request, "You have login to admin page")
return redirect('home')
elif user is not None and user.is_customer: # authenticated if user is a customer service
login(request, user)
return redirect('customer') # redirect the user to the customer service page
elif user is not None and user.is_logistic: # # authenticated if user is a logistic
messages.success(request, "You have login to logistic page")
login(request, user)
return redirect('logistic') # redirect the user to the logistic page
else:
messages.success(request, "try Again")
return redirect('login')
else:
return render(request, 'authenticate/login.html')
urls . py
urlpatterns = [
path('', views.login_user, name='login'),
path('home/', views.home, name='home'),
path('logout/', views.logout_view, name='logout'),
path('register/', views.register_view, name='register'),
path('edit-register/', views.edit_register_view, name='edit_register'),
path('change-password/', views.password_change, name='password_change'),
path('reset-password/', views.PasswordReset.as_view(), name='password_reset'),
path('reset-password-done/', views.PasswordResetDone.as_view(), name='password_reset_done'),
path('reset-password/<uidb64>/<token>/', views.PasswordResetConfirm.as_view(), name='password_reset_confirm'),
path('reset-password-complete/', views.PasswordResetComplete.as_view(), name='password_reset_complete'),
]
forms.py
class LoginForm(forms.Form):
username = forms.CharField(
widget=forms.TextInput(
attrs={
"class": "form-control"
}
)
)
password = forms.CharField(
widget=forms.PasswordInput(
attrs={
"class": "form-control"
}
)
)
Use Login required decorator ->链接
在视图中添加如下内容
from django.contrib.auth.decorators import login_required
@login_required
def your_view(request):
...
要将未经身份验证的用户重定向到登录页面,请像这样更新视图页面
from django.contrib.auth.decorators import login_required
@login_required(login_url='/accounts/login/')
def your_view(request):
...
提示-尝试使用基于类的视图,处理功能会更容易。如果你决定使用基于类的视图,你将使用LoginRequiredMixin ->链接