Quantcast

Django login implement using exisit mssql (MD5 hash password encode).

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
3 messages Options
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Django login implement using exisit mssql (MD5 hash password encode).

guoya
I am a starter of Django.
I want to get my user profile(login_name and password) to login.
1.How to encode the password and compare the password in mssql db using MD5 ?
2.How to implement login required without using Django build-in login_required ?

forms.py

class LoginForm(forms.Form):
    username = forms.CharField(label='帳號', max_length=10)
    password = forms.CharField(label='密碼', widget=forms.PasswordInput())

views.py

def login(request):
    if request.method == 'POST':
        login_form = forms.LoginForm(request.POST)
        if login_form.is_valid():
            login_name = request.POST['username'].strip()
            login_password = request.POST['password']
            try:
                user = models.UserProfile.get(login_name = login_name)
                if user.password == login_password:
                    response = redirect('/')
                    request.session['username'] = user.login_name
                    request.session['useremail'] = user.email
                    return redirect('/')
                else:
                    messages.add_message(request,messages.INFO, 'login fail')
            except:
                messages.add_message(request,messages.INFO, 'can't login')
        else:
            messages.add_message(request,messages.INFO,'check the content')
    else:
        login_form = forms.LoginForm()
    template = get_template('login.html')
    request_context = RequestContext(request)
    request_context.push(locals())
    html = template.render(request_context)
    return HttpResponse(html)


My mssql userprofile model (inspectdb)

class UserProfile(models.Model):
    user_id = models.AutoField(primary_key=True)
    user_name = models.CharField(max_length=50, blank=True, null=True)
    password = models.CharField(max_length=50, blank=True, null=True)
    nickname = models.CharField(max_length=50, blank=True, null=True)
    gender = models.SmallIntegerField(blank=True, null=True)
    email = models.CharField(max_length=100, blank=True, null=True)
    regtime = models.DateTimeField(db_column='regTime', blank=True, null=True)  # Field name made lowercase.
    regip = models.CharField(db_column='regIp', max_length=50, blank=True, null=True)  # Field name made lowercase.
    role = models.CharField(max_length=50, blank=True, null=True)
    postlogs = models.IntegerField(db_column='postLogs', blank=True, null=True)  # Field name made lowercase.
    postcomms = models.IntegerField(db_column='postComms', blank=True, null=True)  # Field name made lowercase.
    postmessages = models.IntegerField(db_column='postMessages', blank=True, null=True)  # Field name made lowercase.
    lastvisittime = models.DateTimeField(db_column='lastVisitTime', blank=True, null=True)  # Field name made lowercase.
    lastvisitip = models.CharField(db_column='lastVisitIP', max_length=50, blank=True, null=True)  # Field name made lowercase.
    hashkey = models.CharField(db_column='hashKey', max_length=50, blank=True, null=True)  # Field name made lowercase.
    birthday = models.CharField(max_length=10, blank=True, null=True)
    age = models.IntegerField(blank=True, null=True)
    user_image = models.TextField(blank=True, null=True)

    class Meta:
        db_table = 'user_profile'

    def __str__(self):
        return self.user_name


I always pop out can't login !!

--
You received this message because you are subscribed to the Google Groups "Django users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to [hidden email].
To post to this group, send email to [hidden email].
Visit this group at https://groups.google.com/group/django-users.
To view this discussion on the web visit https://groups.google.com/d/msgid/django-users/fc17dea1-2511-4c42-a630-337fe89b1f19%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Django login implement using exisit mssql (MD5 hash password encode).

Andréas Kühne
Hi,

You shouldn't implement this yourself - use the existing authentication methods for this. See https://docs.djangoproject.com/en/1.10/topics/auth/ for more information on the subject.

Also MD5 hashed passwords would be a very bad security decision - it's simply not safe enough. BUT if you still need to use it - set the password hash to md5 - you will probably need to write that part yourself because of the security issues. When you have done that you can just use the built in methods to check if the login is successful - https://docs.djangoproject.com/en/1.10/topics/auth/default/#auth-web-requests

Regards,

Andréas

2017-03-17 10:47 GMT+01:00 <[hidden email]>:
I am a starter of Django.
I want to get my user profile(login_name and password) to login.
1.How to encode the password and compare the password in mssql db using MD5 ?
2.How to implement login required without using Django build-in login_required ?

forms.py

class LoginForm(forms.Form):
    username = forms.CharField(label='帳號', max_length=10)
    password = forms.CharField(label='密碼', widget=forms.PasswordInput())

views.py

def login(request):
    if request.method == 'POST':
        login_form = forms.LoginForm(request.POST)
        if login_form.is_valid():
            login_name = request.POST['username'].strip()
            login_password = request.POST['password']
            try:
                user = models.UserProfile.get(login_name = login_name)
                if user.password == login_password:
                    response = redirect('/')
                    request.session['username'] = user.login_name
                    request.session['useremail'] = user.email
                    return redirect('/')
                else:
                    messages.add_message(request,messages.INFO, 'login fail')
            except:
                messages.add_message(request,messages.INFO, 'can't login')
        else:
            messages.add_message(request,messages.INFO,'check the content')
    else:
        login_form = forms.LoginForm()
    template = get_template('login.html')
    request_context = RequestContext(request)
    request_context.push(locals())
    html = template.render(request_context)
    return HttpResponse(html)


My mssql userprofile model (inspectdb)

class UserProfile(models.Model):
    user_id = models.AutoField(primary_key=True)
    user_name = models.CharField(max_length=50, blank=True, null=True)
    password = models.CharField(max_length=50, blank=True, null=True)
    nickname = models.CharField(max_length=50, blank=True, null=True)
    gender = models.SmallIntegerField(blank=True, null=True)
    email = models.CharField(max_length=100, blank=True, null=True)
    regtime = models.DateTimeField(db_column='regTime', blank=True, null=True)  # Field name made lowercase.
    regip = models.CharField(db_column='regIp', max_length=50, blank=True, null=True)  # Field name made lowercase.
    role = models.CharField(max_length=50, blank=True, null=True)
    postlogs = models.IntegerField(db_column='postLogs', blank=True, null=True)  # Field name made lowercase.
    postcomms = models.IntegerField(db_column='postComms', blank=True, null=True)  # Field name made lowercase.
    postmessages = models.IntegerField(db_column='postMessages', blank=True, null=True)  # Field name made lowercase.
    lastvisittime = models.DateTimeField(db_column='lastVisitTime', blank=True, null=True)  # Field name made lowercase.
    lastvisitip = models.CharField(db_column='lastVisitIP', max_length=50, blank=True, null=True)  # Field name made lowercase.
    hashkey = models.CharField(db_column='hashKey', max_length=50, blank=True, null=True)  # Field name made lowercase.
    birthday = models.CharField(max_length=10, blank=True, null=True)
    age = models.IntegerField(blank=True, null=True)
    user_image = models.TextField(blank=True, null=True)

    class Meta:
        db_table = 'user_profile'

    def __str__(self):
        return self.user_name


I always pop out can't login !!

--
You received this message because you are subscribed to the Google Groups "Django users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to [hidden email].
To post to this group, send email to [hidden email].
Visit this group at https://groups.google.com/group/django-users.
To view this discussion on the web visit https://groups.google.com/d/msgid/django-users/fc17dea1-2511-4c42-a630-337fe89b1f19%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

--
You received this message because you are subscribed to the Google Groups "Django users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to [hidden email].
To post to this group, send email to [hidden email].
Visit this group at https://groups.google.com/group/django-users.
To view this discussion on the web visit https://groups.google.com/d/msgid/django-users/CAK4qSCck-h0ik5uReJTxV--R0krjWU%2BanzaJx4gP7ee4Z0S1uA%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Django login implement using exisit mssql (MD5 hash password encode).

ludovic coues
In fact, django provide both salted and non-salted md5 hash for password.
If you want to use the built-in django auth method and have password
hashed with MD5, add that to your settings.py file:

    PASSWORD_HASHERS = [
        'django.contrib.auth.hashers.MD5PasswordHasher',
    ]

For the record, a bit of python shell:

    >>> from django.contrib.auth import hashers
    >>> print(hashers.MD5PasswordHasher.__doc__)

        The Salted MD5 password hashing algorithm (not recommended)

    >>> print(hashers.UnsaltedMD5PasswordHasher.__doc__)

        Incredibly insecure algorithm that you should *never* use;
stores unsalted
        MD5 hashes without the algorithm prefix, also accepts MD5 hashes with an
        empty salt.

        This class is implemented because Django used to store
passwords this way
        and to accept such password hashes. Some older Django installs
still have
        these values lingering around so we need to handle and upgrade them
        properly.

2017-03-17 13:24 GMT+01:00 Andréas Kühne <[hidden email]>:

> Hi,
>
> You shouldn't implement this yourself - use the existing authentication
> methods for this. See https://docs.djangoproject.com/en/1.10/topics/auth/
> for more information on the subject.
>
> Also MD5 hashed passwords would be a very bad security decision - it's
> simply not safe enough. BUT if you still need to use it - set the password
> hash to md5 - you will probably need to write that part yourself because of
> the security issues. When you have done that you can just use the built in
> methods to check if the login is successful -
> https://docs.djangoproject.com/en/1.10/topics/auth/default/#auth-web-requests
>
> Regards,
>
> Andréas
>
> 2017-03-17 10:47 GMT+01:00 <[hidden email]>:
>>
>> I am a starter of Django.
>> I want to get my user profile(login_name and password) to login.
>> 1.How to encode the password and compare the password in mssql db using
>> MD5 ?
>> 2.How to implement login required without using Django build-in
>> login_required ?
>>
>> forms.py
>>
>> class LoginForm(forms.Form):
>>     username = forms.CharField(label='帳號', max_length=10)
>>     password = forms.CharField(label='密碼', widget=forms.PasswordInput())
>>
>> views.py
>>
>> def login(request):
>>     if request.method == 'POST':
>>         login_form = forms.LoginForm(request.POST)
>>         if login_form.is_valid():
>>             login_name = request.POST['username'].strip()
>>             login_password = request.POST['password']
>>             try:
>>                 user = models.UserProfile.get(login_name = login_name)
>>                 if user.password == login_password:
>>                     response = redirect('/')
>>                     request.session['username'] = user.login_name
>>                     request.session['useremail'] = user.email
>>                     return redirect('/')
>>                 else:
>>                     messages.add_message(request,messages.INFO, 'login
>> fail')
>>             except:
>>                 messages.add_message(request,messages.INFO, 'can't login')
>>         else:
>>             messages.add_message(request,messages.INFO,'check the
>> content')
>>     else:
>>         login_form = forms.LoginForm()
>>     template = get_template('login.html')
>>     request_context = RequestContext(request)
>>     request_context.push(locals())
>>     html = template.render(request_context)
>>     return HttpResponse(html)
>>
>>
>> My mssql userprofile model (inspectdb)
>>
>> class UserProfile(models.Model):
>>     user_id = models.AutoField(primary_key=True)
>>     user_name = models.CharField(max_length=50, blank=True, null=True)
>>     password = models.CharField(max_length=50, blank=True, null=True)
>>     nickname = models.CharField(max_length=50, blank=True, null=True)
>>     gender = models.SmallIntegerField(blank=True, null=True)
>>     email = models.CharField(max_length=100, blank=True, null=True)
>>     regtime = models.DateTimeField(db_column='regTime', blank=True,
>> null=True)  # Field name made lowercase.
>>     regip = models.CharField(db_column='regIp', max_length=50, blank=True,
>> null=True)  # Field name made lowercase.
>>     role = models.CharField(max_length=50, blank=True, null=True)
>>     postlogs = models.IntegerField(db_column='postLogs', blank=True,
>> null=True)  # Field name made lowercase.
>>     postcomms = models.IntegerField(db_column='postComms', blank=True,
>> null=True)  # Field name made lowercase.
>>     postmessages = models.IntegerField(db_column='postMessages',
>> blank=True, null=True)  # Field name made lowercase.
>>     lastvisittime = models.DateTimeField(db_column='lastVisitTime',
>> blank=True, null=True)  # Field name made lowercase.
>>     lastvisitip = models.CharField(db_column='lastVisitIP', max_length=50,
>> blank=True, null=True)  # Field name made lowercase.
>>     hashkey = models.CharField(db_column='hashKey', max_length=50,
>> blank=True, null=True)  # Field name made lowercase.
>>     birthday = models.CharField(max_length=10, blank=True, null=True)
>>     age = models.IntegerField(blank=True, null=True)
>>     user_image = models.TextField(blank=True, null=True)
>>
>>     class Meta:
>>         db_table = 'user_profile'
>>
>>     def __str__(self):
>>         return self.user_name
>>
>>
>> I always pop out can't login !!
>>
>> --
>> You received this message because you are subscribed to the Google Groups
>> "Django users" group.
>> To unsubscribe from this group and stop receiving emails from it, send an
>> email to [hidden email].
>> To post to this group, send email to [hidden email].
>> Visit this group at https://groups.google.com/group/django-users.
>> To view this discussion on the web visit
>> https://groups.google.com/d/msgid/django-users/fc17dea1-2511-4c42-a630-337fe89b1f19%40googlegroups.com.
>> For more options, visit https://groups.google.com/d/optout.
>
>
> --
> You received this message because you are subscribed to the Google Groups
> "Django users" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to [hidden email].
> To post to this group, send email to [hidden email].
> Visit this group at https://groups.google.com/group/django-users.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/django-users/CAK4qSCck-h0ik5uReJTxV--R0krjWU%2BanzaJx4gP7ee4Z0S1uA%40mail.gmail.com.
>
> For more options, visit https://groups.google.com/d/optout.



--

Cordialement, Coues Ludovic
+336 148 743 42

--
You received this message because you are subscribed to the Google Groups "Django users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to [hidden email].
To post to this group, send email to [hidden email].
Visit this group at https://groups.google.com/group/django-users.
To view this discussion on the web visit https://groups.google.com/d/msgid/django-users/CAEuG%2BTbJy34SgKtajLiXXvJJe4FBGQEj4FR0nU5yUq2dJHQujg%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.
Loading...