自定义Django登录,无法比较密码

Question

我是Django和Python的新手.我阅读了文档,标准登录系统对我来说并不好,因为我想使用电子邮件和密码进行用户登录.

所以,我用视图和模型创建了一个新的应用程序.

这是我的登录功能.

def login(request):

    if request.method == 'POST':
        usermail = request.POST['usermail']
        password = request.POST['password']
        password = hashlib.md5(password).hexdigest()

        if usermail == '' or password == '':
            error = u'All fields should be filled'
            return render(request, 'login.html', {'error': error})

        try:
            sql = "SELECT * FROM users_users WHERE userMail=usermail"
            user = str(Users.objects.raw(sql)[0])
            userInfo = user.split(',')
            if userInfo[2] = password:
                return render(request, 'login.html', {'error': userInfo}, context_instance=RequestContext(request))
            else:
                error = u'Email or password is not valid'
                return render(request, 'login.html', {'error': error}, context_instance=RequestContext(request))
        except:
            error = u'User with an email %s does not exist' %usermail
            return render(request, 'login.html', {'error': error}, context_instance=RequestContext(request))

    return render(request, 'login.html', context_instance=RequestContext(request))

当我尝试比较数据库中的密码和用户提供的密码时,会出现问题.

视图模型:

class Users(models.Model):
    """
    This class is used for user authorization
    """

    userName = models.CharField(max_length=50, unique=True)
    userMail = models.CharField(max_length=50, unique=True)
    userPass = models.CharField(max_length=32)
    userRole = models.CharField(max_length=12, default='user')

    def __unicode__(self):
        # return self.userPass
        return u'%s, %s, %s, %s' % (self.userName, self.userMail, self.userPass, self.userRole)

Answer 1

不要这样做.Django有一个完美的,完整的文档系统,用于替换用户模型,同时保留身份验证系统,该系统已经有几年的时间来测试安全漏洞.你的安全并不安全,你不应该尝试这样做.