Question

我正在尝试为用户提供一个小功能来请求帐户，并且他输入的信息会发送给将要创建帐户的人。我主要关注这个例子http://djangosnippets.org/snippets/261/，但它已经很老了，可能因为我有不准确而因此我遇到了问题。

我目前有这个代码：

帐户/ models.py

from django import forms
from django.core.mail import send_mail, BadHeaderError

# A simple contact form with four fields.
class NewAccountForm(forms.Form):
    first_name = forms.CharField()
    last_name = forms.CharField()
    email = forms.EmailField()

帐户/ views.py

from django.http import HttpResponse
from django.http import HttpResponseRedirect
from django.shortcuts import render_to_response
from django.template import RequestContext
from account.models import NewAccountForm
from django import forms
from django.core.mail import send_mail, BadHeaderError

def request_account_view(request):
        first_name = request.POST.get('first_name', '')
        last_name = request.POST.get('last_name', '')
        email = request.POST.get('email', '')
        message = (first_name + ' ' + last_name + '  has requested a new account for the email ' + email)
        if first_name and last_name and email:
                try:
                    send_mail('Request for Account', message, email, ['example@example.com'])
                except BadHeaderError:
                        return HttpResponse('Invalid header found.')
                return HttpResponseRedirect('/thankyou/')
        else:
            return render_to_response('new_account.html', {'form': NewAccountForm()})

        return render_to_response('new_account.html', {'form': NewAccountForm()},
            RequestContext(request))

def thankyou(request):
        return render_to_response('thankyou.html')

urls.py

(r'^thankyou/$', 'account.views.thankyou'),
(r'^new_account/$', 'account.views.request_account_view'),

模板/ new_account.html

{% extends "base.html" %}
{% block content %}
<form action="/new_account/" method="post">
{% csrf_token %}
    <label id="id_first_name">First Name:</label>
    <input type="text" name="first_name" value="" id="first_name" />
    <label id="id_last_name">Last Name:</label>
    <input type="text" name="last_name" value="" id="last_name" />
    <label id="id_email">Email:</label>
    <input type="text" name="email" value="" id="email" />
    <input type="submit" value="Submit Request"/>
</form>
{% endblock %}

我收到错误：

Forbidden (403)
CSRF verification failed. Request aborted.

在输入名称和密码后单击“提交”。我的电子邮件主机工作正常，因为我之前正在处理“忘记密码” 功能。我真的很感激帮助。谢谢。

Answer 1

RequestContext(request)需要used。在下面的代码中，第二个返回将永远不会被命中，因此您不会将RequestContext传递给模板。

    else:
        return render_to_response('new_account.html', {'form': NewAccountForm()})

    return render_to_response('new_account.html', {'form': NewAccountForm()},
        RequestContext(request))

Answer 2

您是否将django.middleware.csrf.CsrfViewMiddleware添加到中间件类MIDDLEWARE_CLASSES列表中？（它应该出现在假设已经处理了CSRF攻击的任何视图中间件之前。）

您可以在此处了解有关Django CSRF保护的更多信息： https://docs.djangoproject.com/en/dev/ref/contrib/csrf/

通过电子邮件Django请求新用户帐户

帐户/ models.py

帐户/ views.py

urls.py

模板/ new_account.html

2 个答案: