Question

我创建了一个页面，允许用户编辑他们的个人资料信息。

每当用户更改密码时，它都不会更新数据库并且会破坏密码。

edit_user.html

<form style="display:inline"class="form-signin" action="/edit_user/" method="post" enctype="multipart/form-data">
    {% csrf_token %}
    {{ form.as_p }}
    <button type="submit" class="btn btn-info"> Save Changes</button>
</form>

forms.py

class UserProfileForm(forms.Form): 
    email = forms.EmailField(label='Email', widget=forms.TextInput(attrs={'class' : 'form-control'}))
    firstname = forms.CharField(label='First Name', max_length=15, widget=forms.TextInput(attrs={'class' : 'form-control'}))
    lastname = forms.CharField(label='Last Name', max_length=15, widget=forms.TextInput(attrs={'class' : 'form-control'}))
    #zip = forms.IntegerField(validators=[MinValueValidator(0),MaxValueValidator(99999)], label="Zipcode", widget=forms.TextInput(attrs={'class' : 'form-control'}))
    oldPassword = forms.CharField(required=False, label='Current Password', widget=forms.PasswordInput(attrs={'class' : 'form-control'}))
    password1 = forms.CharField(required=False, label="New Password", widget=forms.PasswordInput(attrs={'class' : 'form-control'}))
    password2 = forms.CharField(required=False, label="Confirm New Password", widget=forms.PasswordInput(attrs={'class' : 'form-control'}))

    def clean_password(self):
        if 'password1' in self.cleaned_data and 'password2' in self.cleaned_data:
            if self.cleaned_data['password1'] != self.cleaned_data['password2']:
                raise forms.ValidationError(_("The two password fields did not match."))
        return self.cleaned_data

views.py

@login_required
def edit_user(request):
    if '_auth_user_id' in request.session:
        u = User.objects.get(id=request.session['_auth_user_id'])

        if request.method == 'POST':
            form = UserProfileForm(request.POST)
            form.fields["email"].initial = u.email
            form.fields["firstname"].initial = u.first_name
            form.fields["lastname"].initial = u.last_name

            if form.is_valid():
                fname = form.cleaned_data['firstname']
                lname = form.cleaned_data['lastname']
                email = form.cleaned_data['email']
                oldPassword = form.cleaned_data['oldPassword']
                pword = form.cleaned_data['password1']

                # if oldPassword != u.password:
                #     #"The current password does not match with your old password!"
                #     return render(request, 'edit_user.html', { 'form': form})

                User.objects.filter(id=u.id).update(first_name = fname, last_name = lname, email = email, password = pword)
                return HttpResponseRedirect('/edit_user/')

        else:
            form = UserProfileForm()
            form.fields["email"].initial = u.email
            form.fields["firstname"].initial = u.first_name
            form.fields["lastname"].initial = u.last_name

        variables = RequestContext(request, {'form': form})
        return render(request, 'edit_user.html', variables, )

当我进入管理员设置并检查用户的密码时，会显示以下信息：

Password:
Invalid password format or unknown hashing algorithm.

Raw passwords are not stored, so there is no way to see this user's password, but you can change the password using this form.

任何帮助都会很棒！

感谢。

Answer 1

这是django保护您不会意外地以纯文本形式存储密码。

要为用户设置密码，请致电：

user.set_password(new_password)

这会将密码存储在correct (hashed) format。

中

值得注意的是，django已经有a pre-built view for changing passwords。

作为旁注，您应该知道这不是必需的......

if '_auth_user_id' in request.session:
    u = User.objects.get(id=request.session['_auth_user_id'])

...因为您可以直接将用户从请求中删除：

u = request.user
if u.is_authenticated():
    ...

Django更新密码不起作用

1 个答案: