我正在做电子商务,并且我具有结帐视图,该视图有以下三种形式:登录表单,访客登录表单和帐单地址表格,因此基本上,如果用户正常登录或以访客身份登录,我将在模板“ checkout.html”中显示帐单邮寄地址表格,否则,我将显示登录表单和访客登录表单但是这两种形式在不同的视图中处理 checkout_login 和 guest_checkout_login ,所以我的问题是:这样做安全吗?
这是结帐模板:
{% if not billing_profile %}
<form method="post" action="{% url 'login_page' %}"> {% csrf_token %}
<input type="hidden" name="next" value="{{ request.build_absolute_uri }}">
{{ form }}
<button type="submit" class="btn btn-default">Submit</button>
</form>
<form method="post" action="{% url 'guest_login_page' %}"> {% csrf_token %}
<input type="hidden" name="next" value="{{ request.build_absolute_uri }}">
{{ guest_form }}
<button type="submit" class="btn btn-default">Submit</button>
</form>
{% else %}
<h1>checkout</h1>
billing profile:{{billing_profile}} </br>
<form method="post" action=".">{% csrf_token %}
{{ adress_form }}
<button type="submit" class="btn btn-default">Submit</button>
</form>
{% endif %}
{% endblock %}
这是chekout_login视图:
def login_page(request):
form = LoginForm(request.POST or None)
next_ = request.POST.get('next')
if request.method == 'POST':
if form.is_valid():
username = form.cleaned_data.get("username")
password = form.cleaned_data.get("password")
user = authenticate(request, username=username, password=password)
if user is not None:
login(request, user)
if is_safe_url(next_, request.get_host()):
guest_email_id = request.session.get('guest_email_id')
if guest_email_id:
del request.session['guest_email_id']
return redirect(next_)
else:
return redirect("/")
else:
form = LoginForm()
return redirect("/")
如果我有任何错误,请告诉我