简单的后台管理:石头管理
1、登陆注册
2 老师管理 班级管理 学员管理
3 增删改查
开发:
1. 定义数据库表结构
2. 登陆、注册
from django.db import models # Create your models here. class Classes(models.Model): caption=models.CharField(max_length=32) class Student(models.Model): name=models.CharField(max_length=32) cls=models.ForeignKey("Classes",on_delete=models.CASCADE) # username=models.CharField(max_length=32) # password=models.CharField(max_length=32) class Teacher(models.Model): name=models.CharField(max_length=32) cls = models.ManyToManyField("Classes") # username = models.CharField(max_length=32) # password = models.CharField(max_length=32) class Administrator(models.Model): username=models.CharField(max_length=32) password=models.CharField(max_length=32)
"""user_manager URL Configuration The `urlpatterns` list routes URLs to views. For more information please see: https://docs.djangoproject.com/en/2.1/topics/http/urls/ Examples: Function views 1. Add an import: from my_app import views 2. Add a URL to urlpatterns: path('', views.home, name='home') Class-based views 1. Add an import: from other_app.views import Home 2. Add a URL to urlpatterns: path('', Home.as_view(), name='home') Including another URLconf 1. Import the include() function: from django.urls import include, path 2. Add a URL to urlpatterns: path('blog/', include('blog.urls')) """ from django.contrib import admin from django.urls import path,re_path from app01 import views urlpatterns = [ path('admin/', admin.site.urls), # path('login.html/',views.login),这一句和下面一行的代码作用等同 re_path("^login.html$",views.login), re_path("^index.html$",views.index), ]
from django.shortcuts import render,redirect # Create your views here. def login(request): message="" if request.method=="POST": user=request.POST.get("user") pwd = request.POST.get("pwd") if user=="root" and pwd=="root": #把用户名放在一个地方 rep= redirect("/index.html") rep.set_cookie("username",user) return rep else: message="用户名或密码错误" return render(request,"login.html",{"msg":message}) def index(request): username=request.COOKIES.get("username") if username: return render(request, "index.html", {"username": username}) else: return redirect("/login.html")
<!DOCTYPE html> <html lang="en"> <head> <meta charset="UTF-8"> <title>Title</title> </head> <body> <form action="/login.html" method="post"> <p>用户名:<input id="user" type="text" name="user"></p> <p>密码:<input id="pwd" type="password" name="pwd"></p> <p><input type="submit" value="登录"></p> <span style="color: red;">{{ msg }}</span> {%csrf_token%} </form> </body> </html>
<!DOCTYPE html> <html lang="en"> <head> <meta charset="UTF-8"> <title>Title</title> </head> <body> <h1>Hello,{{ username }}</h1> </body> </html>
# Static files (CSS, JavaScript, Images) # https://docs.djangoproject.com/en/2.1/howto/static-files/ STATIC_URL = '/static/' STATICFILES_DIRS = ( os.path.join(BASE_DIR,"statices"), )
Cookie:就是保存在浏览器端的键值对,可以用来做登录
1、保存在用户浏览器
2、可以主动清除
3、也可以被伪造
4、跨域名cookie不共享
5、设置浏览器不接受cookie
客户端设置cookie
from django.shortcuts import render,redirect,HttpResponse from app01 import models # Create your views here. #CBV from django import views class Login(views.View): def get(self,request,*args,**kwargs): return render(request, "login.html", {"msg": ""}) def post(self,request,*args,**kwargs): user=request.POST.get('user') pwd=request.POST.get('pwd') c=models.Administrator.objects.filter(username=user,password=pwd).count() if c: request.session["is_login"]=True request.session["username"]=user rep=redirect("/index.html") print("ok") return rep else: message = "用户名或密码错误" return render(request, "login.html", {"msg": message}) def login(request): # models.Administrator.objects.create( # username="yongchang", # password="123123" # ) message="" if request.method=="POST": user=request.POST.get("user") pwd = request.POST.get("pwd") c=models.Administrator.objects.filter(username=user,password=pwd).count() if c: #把用户名放在一个地方 rep= redirect("/index.html") rep.set_cookie("username")#,expires=5 用来设置ie浏览器的超时时间 # rep.set_cookie("username",user,max_age=10)#,expires=5 用来设置ie浏览器的超时时间 rep.set_signed_cookie("email", user+"@live.com") return rep else: message="用户名或密码错误" return render(request,"login.html",{"msg":message}) def index(request): #username=request.COOKIES.get("username") #email=request.get_signed_cookie("email") username=request.session.get("username",None) if username: return render(request, "index.html", {"username": username}) else: return redirect("/login.html")
urlpatterns = [ path('admin/', admin.site.urls), # path('login.html/',views.login),这一句和下面一行的代码作用等同 #re_path("^login.html$",views.login), re_path("^login.html$",views.Login.as_view()),#用来调用CBV 调用类 re_path("^index.html$",views.index), ]
class Login(views.View): def dispatch(self, request, *args, **kwargs): #可以对请求的方法进行一下自定制的操作 #假设不希望执行GET方法 if request.method=="GET": return HttpResponse("对不起,本程序不支持GET方法。") print(111111) #调用父类中方法 ret=super(Login,self).dispatch(request, *args, **kwargs) print(222222222) return ret def get(self,request,*args,**kwargs): return render(request, "login.html", {"msg": ""}) def post(self,request,*args,**kwargs): user=request.POST.get('user') pwd=request.POST.get('pwd') c=models.Administrator.objects.filter(username=user,password=pwd).count() if c: request.session["is_login"]=True request.session["username"]=user rep=redirect("/index.html") return rep else: message = "用户名或密码错误" return render(request, "login.html", {"msg": message})
function bindSubmitModal() { $('#modal_ajax_submit').click(function () { var value=$('.modal input[name="caption"]').val(); $.ajax({ url:"/classes.html", type:'POST', data:{caption:value}, dataType:"JSON", success:function (rep) { {#var data=JSON.parse(data)#} if (!rep.status){ alert(rep.error) }else{ //location.reload(); //通过js在表格最后追加一行数据。追加数据就是当前增加的数据。 var tr=document.createElement('tr'); var td1=document.createElement('td'); //td1====ID td1.innerHTML=rep.data.id var td2=document.createElement('td'); //td2===caption td2.innerHTML=rep.data.caption var td3=document.createElement('td'); td3.innerText="|"; var a1=document.createElement('a'); a1.innerHTML="编辑"; var a2=document.createElement('a'); a2.innerHTML="删除"; a2.className="td-delete"; $(td3).prepend(a1); $(td3).append(a2); $(tr).append(td1); $(tr).append(td2); $(tr).append(td3); $('table tbody').append(tr); $('.modal,.shade').addClass('hide'); } } }) }) }
1 事件委托 2 3 <ul> 4 <li>项目一</li> 5 <li>项目二</li> 6 </ul> 7 8 $('li').click(function(){ 9 .... 10 }) 11 等价于;;; 12 $('li').on('click',function(){ 13 .... 14 }) 15 改进如下 16 17 $('ul').on('click','li',function(){ 18 .... 19 })
$('tbody').on('click','.td-delete',function () { $('.remove,.shade').removeClass('hide'); })
from django.shortcuts import render,redirect,HttpResponse from app01 import models # Create your views here. #CBV from django import views from django.utils.decorators import method_decorator def outer(func): def inner(request,*args,**kwargs): print(request.method) return func(request,*args,**kwargs) return inner # class Login(views.View): # @method_decorator(outer) # def get(self,request,*args,**kwargs): # print(request) # # return render(request, "login.html", {"msg": ""}) # # @method_decorator(outer) # def post(self,request,*args,**kwargs): # user=request.POST.get('user') # pwd=request.POST.get('pwd') # c=models.Administrator.objects.filter(username=user,password=pwd).count() # if c: # request.session["is_login"]=True # request.session["username"]=user # rep=redirect("/index.html") # return rep # else: # message = "用户名或密码错误" # return render(request, "login.html", {"msg": message}) @method_decorator(outer,name='dispatch') class Login(views.View): #@method_decorator(outer) def dispatch(self, request, *args, **kwargs): #可以对请求的方法进行一下自定制的操作 #假设不希望执行GET方法 # if request.method=="GET": # return HttpResponse("对不起,本程序不支持GET方法。") # print(111111) #调用父类中方法 ret=super(Login,self).dispatch(request, *args, **kwargs) # print(222222222) return ret #@method_decorator(outer) def get(self,request,*args,**kwargs): return render(request, "login.html", {"msg": ""}) def post(self,request,*args,**kwargs): user=request.POST.get('user') pwd=request.POST.get('pwd') c=models.Administrator.objects.filter(username=user,password=pwd).count() if c: request.session["is_login"]=True request.session["username"]=user rep=redirect("/index.html") return rep else: message = "用户名或密码错误" return render(request, "login.html", {"msg": message}) def login(request): # models.Administrator.objects.create( # username="yongchang", # password="123123" # ) message="" if request.method=="POST": user=request.POST.get("user") pwd = request.POST.get("pwd") c=models.Administrator.objects.filter(username=user,password=pwd).count() if c: #把用户名放在一个地方 rep= redirect("/index.html") rep.set_cookie("username")#,expires=5 用来设置ie浏览器的超时时间 # rep.set_cookie("username",user,max_age=10)#,expires=5 用来设置ie浏览器的超时时间 rep.set_signed_cookie("email", user+"@live.com") return rep else: message="用户名或密码错误" return render(request,"login.html",{"msg":message}) def logout(request): request.session.clear() return redirect("/login.html") def index(request): #username=request.COOKIES.get("username") #email=request.get_signed_cookie("email") username=request.session.get("username",None) if username: return render(request, "index.html", {"username": username}) else: return redirect("/login.html") def handle_classes(request): if request.method=="GET": username = request.session.get("username", None) # cls_list = models.Classes.objects.create(caption="全栈一班") # cls_list = models.Classes.objects.create(caption="全栈二班") # cls_list = models.Classes.objects.create(caption="全栈三班") # 获取所有的班级列表 cls_list=models.Classes.objects.all() if username: return render(request, "classes.html", {"username": username,"cls_list":cls_list}) else: return redirect("/login.html") elif request.method=="POST": #form表单的提交处理方式 # caption=request.POST.get('caption',None) # if caption: # models.Classes.objects.create(caption=caption) # return redirect('/classes.html') # ajax 的提交处理方式 response_dict={"status":True,'error':None,"data":None} caption = request.POST.get('caption', None) if caption: obj=models.Classes.objects.create(caption=caption) print(obj.id) print(obj.caption) response_dict['data']={"id":obj.id,"caption":obj.caption} else: response_dict['status']=False response_dict['error']="标题不能为空" import json return HttpResponse(json.dumps(response_dict)) else: return HttpResponse("暂时不支持get 和 post 以外的请求方式。") def handle_student(request): username = request.session.get("username", None) if username: return render(request, "student.html", {"username": username}) else: return redirect("/login.html") def handle_teacher(request): username = request.session.get("username", None) if username: return render(request, "teacher.html", {"username": username}) else: return redirect("/login.html")
{% extends "layout.html" %} {% block css %} {% endblock %} {% block content %} <h1>班级列表</h1> <div> <input id="id_add" type="button" value="添加"> </div> <table border="1"> <thead> <tr> <th>ID</th> <th>标题</th> <th>操作</th> </tr> </thead> <tbody> {% for item in cls_list %} <tr> <td>{{ item.id }}</td> <td>{{ item.caption }}</td> <td> <a >编辑</a>|<a class="td-delete">删除</a> </td> </tr> {% endfor %} </tbody> </table> <div class="modal hide"> <input type="text" name="caption" placeholder="标题"> <input id="id_modal_cancel" type="button" value="取消"> <input type="button"id="modal_ajax_submit" value="Ajax确定"> </div> <div class="shade hide"></div> <div class="remove hide"> <input id="id_remove_cancel" type="button" value="取消"> <input type="button" value="确定"> </div> {% endblock %} {% block js %} <script> $(function () { $("#menu_class").addClass('active'); bindAddEvent(); bindCancelEvent() bindTdDeleteEvent() bindSubmitModal() }); function bindAddEvent() { $('#id_add').click(function () { $('.modal,.shade').removeClass('hide'); }) } function bindCancelEvent() { $('#id_modal_cancel,#id_remove_cancel').click(function () { $('.modal,.shade,.remove').addClass('hide'); }) } function bindTdDeleteEvent() { /* $('td .td-delete').click(function () { $('.remove,.shade').removeClass('hide'); }) */ $('tbody').on('click','.td-delete',function () { $('.remove,.shade').removeClass('hide'); }) } function bindSubmitModal() { $('#modal_ajax_submit').click(function () { var value=$('.modal input[name="caption"]').val(); $.ajax({ url:"/classes.html", type:'POST', data:{caption:value}, dataType:"JSON", success:function (rep) { {#var data=JSON.parse(data)#} if (!rep.status){ alert(rep.error) }else{ //location.reload(); //通过js在表格最后追加一行数据。追加数据就是当前增加的数据。 var tr=document.createElement('tr'); var td1=document.createElement('td'); //td1====ID td1.innerHTML=rep.data.id var td2=document.createElement('td'); //td2===caption td2.innerHTML=rep.data.caption var td3=document.createElement('td'); td3.innerText="|"; var a1=document.createElement('a'); a1.innerHTML="编辑"; var a2=document.createElement('a'); a2.innerHTML="删除"; a2.className="td-delete"; $(td3).prepend(a1); $(td3).append(a2); $(tr).append(td1); $(tr).append(td2); $(tr).append(td3); $('table tbody').append(tr); $('.modal,.shade').addClass('hide'); } } }) }) } </script> {% endblock %}
<!DOCTYPE html> <html lang="en"> <head> <meta charset="UTF-8"> <title>Title</title> <style> .hide{ display: none; } .menu .item{ display: block; padding: 5px 10px; border-bottom: 1px solid #dddddd; } .menu .item:hover{ background-color: black; color: white; } .menu .item.active{ background-color: black; color: white; } .modal{ position: fixed; top: 50%; left: 50%; width: 500px; height: 400px; margin-left: -250px; margin-top: -250px; z-index: 100; background-color: white; } .remove{ position: fixed; top: 50%; left: 50%; width: 400px; height: 200px; margin-left: -100px; margin-top: -200px; z-index: 100; background-color: #cc0000; } .shade{ position: fixed; top: 0; bottom: 0; right: 0; left: 0px; background-color: black; opacity: 0.5; z-index: 99; } </style> {% block css %} {% endblock %} </head> <body style="margin: 0"> <div style="height: 48px;background-color: black;color: white;"> <div style="float: right">用户名:{{ username }}| <a href="/logout.html">注销</a> </div> </div> <div> <div class="menu" style="position: absolute;top: 48px;left: 0;bottom: 0;width: 200px;background-color: #eeeeee;"> <a id="menu_class" class="item" href="/classes.html">班级管理</a> <a id="menu_student" class="item" href="/student.html">学生管理</a> <a id="menu_teacher" class="item" href="/teacher.html">老师管理</a> </div> <div class="menu" style="position: absolute;top: 48px;left:200px;bottom: 0;right: 0;overflow: auto"> {% block content %} {% endblock %} </div> </div> <script src="/static/jq/jquery-3.3.1.js"></script> {% block js %} {% endblock %} </body> </html>
"""user_manager URL Configuration The `urlpatterns` list routes URLs to views. For more information please see: https://docs.djangoproject.com/en/2.1/topics/http/urls/ Examples: Function views 1. Add an import: from my_app import views 2. Add a URL to urlpatterns: path('', views.home, name='home') Class-based views 1. Add an import: from other_app.views import Home 2. Add a URL to urlpatterns: path('', Home.as_view(), name='home') Including another URLconf 1. Import the include() function: from django.urls import include, path 2. Add a URL to urlpatterns: path('blog/', include('blog.urls')) """ from django.contrib import admin from django.urls import path,re_path from app01 import views urlpatterns = [ path('admin/', admin.site.urls), # path('login.html/',views.login),这一句和下面一行的代码作用等同 #re_path("^login.html$",views.login), re_path("^login.html$",views.Login.as_view()),#用来调用CBV 调用类 re_path("^index.html$",views.index), re_path("^classes.html$",views.handle_classes), re_path("^student.html$",views.handle_student), re_path("^teacher.html$",views.handle_teacher), re_path("^logout.html$",views.logout) ]
分页
from django.shortcuts import render,redirect,HttpResponse from app01 import models # Create your views here. #CBV from django import views from django.utils.decorators import method_decorator def outer(func): def inner(request,*args,**kwargs): print(request.method) return func(request,*args,**kwargs) return inner # class Login(views.View): # @method_decorator(outer) # def get(self,request,*args,**kwargs): # print(request) # # return render(request, "login.html", {"msg": ""}) # # @method_decorator(outer) # def post(self,request,*args,**kwargs): # user=request.POST.get('user') # pwd=request.POST.get('pwd') # c=models.Administrator.objects.filter(username=user,password=pwd).count() # if c: # request.session["is_login"]=True # request.session["username"]=user # rep=redirect("/index.html") # return rep # else: # message = "用户名或密码错误" # return render(request, "login.html", {"msg": message}) @method_decorator(outer,name='dispatch') class Login(views.View): #@method_decorator(outer) def dispatch(self, request, *args, **kwargs): #可以对请求的方法进行一下自定制的操作 #假设不希望执行GET方法 # if request.method=="GET": # return HttpResponse("对不起,本程序不支持GET方法。") # print(111111) #调用父类中方法 ret=super(Login,self).dispatch(request, *args, **kwargs) # print(222222222) return ret #@method_decorator(outer) def get(self,request,*args,**kwargs): return render(request, "login.html", {"msg": ""}) def post(self,request,*args,**kwargs): user=request.POST.get('user') pwd=request.POST.get('pwd') c=models.Administrator.objects.filter(username=user,password=pwd).count() if c: request.session["is_login"]=True request.session["username"]=user rep=redirect("/index.html") return rep else: message = "用户名或密码错误" return render(request, "login.html", {"msg": message}) def login(request): # models.Administrator.objects.create( # username="yongchang", # password="123123" # ) message="" if request.method=="POST": user=request.POST.get("user") pwd = request.POST.get("pwd") c=models.Administrator.objects.filter(username=user,password=pwd).count() if c: #把用户名放在一个地方 rep= redirect("/index.html") rep.set_cookie("username")#,expires=5 用来设置ie浏览器的超时时间 # rep.set_cookie("username",user,max_age=10)#,expires=5 用来设置ie浏览器的超时时间 rep.set_signed_cookie("email", user+"@live.com") return rep else: message="用户名或密码错误" return render(request,"login.html",{"msg":message}) def logout(request): request.session.clear() return redirect("/login.html") def index(request): #username=request.COOKIES.get("username") #email=request.get_signed_cookie("email") username=request.session.get("username",None) if username: return render(request, "index.html", {"username": username}) else: return redirect("/login.html") class PageHelper: def __init__(self,total_count,current_page): self.total_count=total_count self.current_page=current_page @property def db_start(self): return (self.current_page-1)*10 @property def db_end(self): return self.current_page*10 def pager_str(self): v,a=divmod(self.total_count,10) if a!=0: v+=1 pager_list=[] if self.current_page>1: pager_list.append('<a href="/classes.html?p=%s">上一页</a>'%(self.current_page-1)) else: pager_list.append('<a href="javascript:void(0);">上一页</a>') #6,1----12 #7 2----13 if v<=11: pager_ranger_start = 1 pager_ranger_end = v+1 if v>11: if self.current_page<6: pager_ranger_start =1 pager_ranger_end = 11+1 else: pager_ranger_start = self.current_page - 5 pager_ranger_end=self.current_page+5+1 if pager_ranger_end>v: pager_ranger_end=v+1 pager_ranger_start =v-10 for i in range(pager_ranger_start,pager_ranger_end): if i==self.current_page: pager_list.append('<a class="active" href="/classes.html?p=%s">%s</a>' % (i, i)) else: pager_list.append('<a href="/classes.html?p=%s">%s</a>'%(i,i)) if self.current_page<v: pager_list.append('<a href="/classes.html?p=%s">下一页</a>' % (self.current_page + 1)) else: pager_list.append('<a href="javascript:void(0);">下一页</a>') pager="".join(pager_list) return pager def handle_classes(request): if request.method=="GET": username = request.session.get("username", None) # for i in range(100): # models.Classes.objects.create(caption="全栈一班+%s"%i) # cls_list = models.Classes.objects.create(caption="全栈一班") # cls_list = models.Classes.objects.create(caption="全栈二班") # cls_list = models.Classes.objects.create(caption="全栈三班") current_page=request.GET.get('p',1) print(type(current_page)) current_page=int(current_page) total_count = models.Classes.objects.all().count() obj = PageHelper(total_count, current_page) pager = obj.pager_str() # print(current_page) #1,0,10 #2,10,20 #3,20,30 # start=(current_page-1)*10 # end=current_page*10 # 获取所有的班级列表 # cls_list=models.Classes.objects.all()[start:end] cls_list = models.Classes.objects.all()[obj.db_start:obj.db_end] #代码生成分页 # v,a=divmod(total_count,10) # if a!=0: # v+=1 # pager_list=[] # if current_page>1: # pager_list.append('<a href="/classes.html?p=%s">上一页</a>'%(current_page-1)) # else: # pager_list.append('<a href="javascript:void(0);">上一页</a>') # # #6,1----12 # #7 2----13 # if v<=11: # pager_ranger_start = 1 # pager_ranger_end = v+1 # if v>11: # if current_page<6: # pager_ranger_start =1 # pager_ranger_end = 11+1 # else: # pager_ranger_start = current_page - 5 # pager_ranger_end=current_page+5+1 # if pager_ranger_end>v: # pager_ranger_end=v+1 # pager_ranger_start =v-10 # # for i in range(pager_ranger_start,pager_ranger_end): # if i==current_page: # pager_list.append('<a class="active" href="/classes.html?p=%s">%s</a>' % (i, i)) # else: # pager_list.append('<a href="/classes.html?p=%s">%s</a>'%(i,i)) # if current_page<v: # pager_list.append('<a href="/classes.html?p=%s">下一页</a>' % (current_page + 1)) # else: # pager_list.append('<a href="javascript:void(0);">下一页</a>') # pager="".join(pager_list) #手写的分页 # from django.utils.safestring import mark_safe # # pager=''' # <a href="/classes.html?p=1">1</a> # <a href="/classes.html?p=2">2</a> # ''' if username: return render(request, "classes.html", {"username": username,"cls_list":cls_list,"str_pager":pager}) else: return redirect("/login.html") elif request.method=="POST": #form表单的提交处理方式 # caption=request.POST.get('caption',None) # if caption: # models.Classes.objects.create(caption=caption) # return redirect('/classes.html') # ajax 的提交处理方式 response_dict={"status":True,'error':None,"data":None} caption = request.POST.get('caption', None) if caption: obj=models.Classes.objects.create(caption=caption) print(obj.id) print(obj.caption) response_dict['data']={"id":obj.id,"caption":obj.caption} else: response_dict['status']=False response_dict['error']="标题不能为空" import json return HttpResponse(json.dumps(response_dict)) else: return HttpResponse("暂时不支持get 和 post 以外的请求方式。") def handle_add_classes(request): message = "" if request.method=="GET": return render(request,"add_classes.html",{'msg':message}) elif request.method=="POST": caption=request.POST.get('caption',None) if caption: models.Classes.objects.create(caption=caption) else: message="标题不能为空" return render(request,"add_classes.html",{'msg':message}) return redirect('/classes.html') else: return redirect("/index.html") def handle_student(request): username = request.session.get("username", None) if username: return render(request, "student.html", {"username": username}) else: return redirect("/login.html") def handle_teacher(request): username = request.session.get("username", None) if username: return render(request, "teacher.html", {"username": username}) else: return redirect("/login.html")
1 function bindTdEditEvent() { 2 $('tbody').on('click','.td-edit',function () { 3 $('.modal,.shade').removeClass('hide'); 4 SUBMIT_URL="/up_classes.html"; 5 /* 6 var tds=$(this).parent().prevAll(); 7 console.log(tds) 8 $(".modal input[name='id']").val(tds[1].innerText) 9 $(".modal input[name='caption']").val(tds[0].innerText) 10 */ 11 $(this).parent().prevAll().each(function () { 12 var text=$(this).text(); 13 var name=$(this).attr('tom'); 14 $(".modal input[name='"+name+"']").val(text) 15 }) 16 }) 17 }
{% extends "layout.html" %} {% block css %} {% endblock %} {% block content %} <h1>班级列表</h1> <div> <input id="id_add" type="button" value="添加"> <a href="/add_classes.html">添加</a> </div> <table border="1"> <thead> <tr> <th>ID</th> <th>标题</th> <th>操作</th> </tr> </thead> <tbody> {% for item in cls_list %} <tr> <td tom="id">{{ item.id }}</td> <td tom="caption">{{ item.caption }}</td> <td> <a class="td-edit" >编辑</a>|<a class="td-delete">删除</a> </td> </tr> {% endfor %} </tbody> </table> <div class="pagination"> {{ str_pager|safe }} </div> <div class="modal hide"> <input type="text" name="id" class="hide"> <input type="text" name="caption" placeholder="标题"> <input id="id_modal_cancel" type="button" value="取消"> <input type="button"id="modal_ajax_submit" value="Ajax确定"> </div> <div class="shade hide"></div> <div class="remove hide"> <input id="id_remove_cancel" type="button" value="取消"> <input type="button" value="确定"> </div> {% endblock %} {% block js %} <script> $(function () { $("#menu_class").addClass('active'); bindAddEvent(); bindCancelEvent(); bindTdDeleteEvent(); bindSubmitModal(); bindTdEditEvent(); }); SUBMIT_URL=null; function bindAddEvent() { $('#id_add').click(function () { $('.modal,.shade').removeClass('hide'); SUBMIT_URL="/classes.html" }) } function bindCancelEvent() { $('#id_modal_cancel,#id_remove_cancel').click(function () { $('.modal,.shade,.remove').addClass('hide'); }) } function bindTdEditEvent() { $('tbody').on('click','.td-edit',function () { $('.modal,.shade').removeClass('hide'); SUBMIT_URL="/up_classes.html"; /* var tds=$(this).parent().prevAll(); console.log(tds) $(".modal input[name='id']").val(tds[1].innerText) $(".modal input[name='caption']").val(tds[0].innerText) */ $(this).parent().prevAll().each(function () { var text=$(this).text(); var name=$(this).attr('tom'); $(".modal input[name='"+name+"']").val(text) }) }) } function bindTdDeleteEvent() { /* $('td .td-delete').click(function () { $('.remove,.shade').removeClass('hide'); }) */ $('tbody').on('click','.td-delete',function () { $('.remove,.shade').removeClass('hide'); }) } function bindSubmitModal() { $('#modal_ajax_submit').click(function () { var nid=$('.modal input[name="id"]').val(); var value=$('.modal input[name="caption"]').val(); $.ajax({ url:SUBMIT_URL, type:'POST', data:{caption:value,id:nid}, dataType:"JSON", success:function (rep) { {#var data=JSON.parse(data)#} if (!rep.status){ alert(rep.error) }else{ //location.reload(); //通过js在表格最后追加一行数据。追加数据就是当前增加的数据。 var tr=document.createElement('tr'); var td1=document.createElement('td'); //td1====ID td1.innerHTML=rep.data.id var td2=document.createElement('td'); //td2===caption td2.innerHTML=rep.data.caption var td3=document.createElement('td'); td3.innerText="|"; var a1=document.createElement('a'); a1.innerHTML="编辑"; var a2=document.createElement('a'); a2.innerHTML="删除"; a2.className="td-delete"; $(td3).prepend(a1); $(td3).append(a2); $(tr).append(td1); $(tr).append(td2); $(tr).append(td3); $('table tbody').append(tr); $('.modal,.shade').addClass('hide'); } } }) }) } </script> {% endblock %}
防止XSS攻击
mark_safe()
|safe
from django.shortcuts import render,redirect,HttpResponse from app01 import models # Create your views here. #CBV from django import views from django.utils.decorators import method_decorator def outer(func): def inner(request,*args,**kwargs): print(request.method) return func(request,*args,**kwargs) return inner def auth(func): def inner(request,*args,**kwargs): username = request.session.get("username", None) if username: return func(request,*args,**kwargs) else: pass return inner # class Login(views.View): # @method_decorator(outer) # def get(self,request,*args,**kwargs): # print(request) # # return render(request, "login.html", {"msg": ""}) # # @method_decorator(outer) # def post(self,request,*args,**kwargs): # user=request.POST.get('user') # pwd=request.POST.get('pwd') # c=models.Administrator.objects.filter(username=user,password=pwd).count() # if c: # request.session["is_login"]=True # request.session["username"]=user # rep=redirect("/index.html") # return rep # else: # message = "用户名或密码错误" # return render(request, "login.html", {"msg": message}) @method_decorator(outer,name='dispatch') class Login(views.View): #@method_decorator(outer) def dispatch(self, request, *args, **kwargs): #可以对请求的方法进行一下自定制的操作 #假设不希望执行GET方法 # if request.method=="GET": # return HttpResponse("对不起,本程序不支持GET方法。") # print(111111) #调用父类中方法 ret=super(Login,self).dispatch(request, *args, **kwargs) # print(222222222) return ret #@method_decorator(outer) def get(self,request,*args,**kwargs): return render(request, "login.html", {"msg": ""}) def post(self,request,*args,**kwargs): user=request.POST.get('user') pwd=request.POST.get('pwd') c=models.Administrator.objects.filter(username=user,password=pwd).count() if c: request.session["is_login"]=True request.session["username"]=user rep=redirect("/index.html") return rep else: message = "用户名或密码错误" return render(request, "login.html", {"msg": message}) def login(request): # models.Administrator.objects.create( # username="yongchang", # password="123123" # ) message="" if request.method=="POST": user=request.POST.get("user") pwd = request.POST.get("pwd") c=models.Administrator.objects.filter(username=user,password=pwd).count() if c: #把用户名放在一个地方 rep= redirect("/index.html") rep.set_cookie("username")#,expires=5 用来设置ie浏览器的超时时间 # rep.set_cookie("username",user,max_age=10)#,expires=5 用来设置ie浏览器的超时时间 rep.set_signed_cookie("email", user+"@live.com") return rep else: message="用户名或密码错误" return render(request,"login.html",{"msg":message}) def logout(request): request.session.clear() return redirect("/login.html") def index(request): #username=request.COOKIES.get("username") #email=request.get_signed_cookie("email") username=request.session.get("username",None) if username: return render(request, "index.html", {"username": username}) else: return redirect("/login.html") def handle_classes(request): if request.method=="GET": username = request.session.get("username", None) current_page=request.GET.get('p',1) current_page=int(current_page) total_count = models.Classes.objects.all().count() from utils.page import PageHelper obj = PageHelper(total_count, current_page,"/classes.html",10) pager = obj.pager_str() cls_list = models.Classes.objects.all()[obj.db_start:obj.db_end] if username: return render(request, "classes.html", {"username": username,"cls_list":cls_list,"str_pager":pager}) else: return redirect("/login.html") elif request.method=="POST": #form表单的提交处理方式 # caption=request.POST.get('caption',None) # if caption: # models.Classes.objects.create(caption=caption) # return redirect('/classes.html') # ajax 的提交处理方式 response_dict={"status":True,'error':None,"data":None} caption = request.POST.get('caption', None) if caption: obj=models.Classes.objects.create(caption=caption) print(obj.id) print(obj.caption) response_dict['data']={"id":obj.id,"caption":obj.caption} else: response_dict['status']=False response_dict['error']="标题不能为空" import json return HttpResponse(json.dumps(response_dict)) else: return HttpResponse("暂时不支持get 和 post 以外的请求方式。") def handle_add_classes(request): message = "" if request.method=="GET": return render(request,"add_classes.html",{'msg':message}) elif request.method=="POST": caption=request.POST.get('caption',None) if caption: models.Classes.objects.create(caption=caption) else: message="标题不能为空" return render(request,"add_classes.html",{'msg':message}) return redirect('/classes.html') else: return redirect("/index.html") def edit_classes(request): if request.method=="GET": nid=request.GET.get("nid") obj=models.Classes.objects.filter(id=nid).first() return render(request,"edit_classes.html",{"obj":obj}) elif request.method=="POST": nid=request.POST.get("nid") caption=request.POST.get("caption") models.Classes.objects.filter(id=nid).update(caption=caption) return redirect("/classes.html") else: return redirect("/index.html") def handle_student(request): username = request.session.get("username", None) if username: return render(request, "student.html", {"username": username}) else: return redirect("/login.html") def handle_teacher(request): username = request.session.get("username", None) if username: return render(request, "teacher.html", {"username": username}) else: return redirect("/login.html")
用户认证
from django.shortcuts import render,redirect,HttpResponse from app01 import models # Create your views here. #CBV from django import views from django.utils.decorators import method_decorator def outer(func): def inner(request,*args,**kwargs): print(request.method) return func(request,*args,**kwargs) return inner def auth(func): def inner(request,*args,**kwargs): username = request.session.get("username", None) if not username: return redirect('/login.html') return func(request,*args,**kwargs) return inner @method_decorator(outer,name='dispatch') class Login(views.View): #@method_decorator(outer) def dispatch(self, request, *args, **kwargs): #可以对请求的方法进行一下自定制的操作 #假设不希望执行GET方法 # if request.method=="GET": # return HttpResponse("对不起,本程序不支持GET方法。") # print(111111) #调用父类中方法 ret=super(Login,self).dispatch(request, *args, **kwargs) # print(222222222) return ret #@method_decorator(outer) def get(self,request,*args,**kwargs): return render(request, "login.html", {"msg": ""}) def post(self,request,*args,**kwargs): user=request.POST.get('user') pwd=request.POST.get('pwd') c=models.Administrator.objects.filter(username=user,password=pwd).count() if c: request.session["is_login"]=True request.session["username"]=user rep=redirect("/index.html") return rep else: message = "用户名或密码错误" return render(request, "login.html", {"msg": message}) def login(request): message="" if request.method=="POST": user=request.POST.get("user") pwd = request.POST.get("pwd") c=models.Administrator.objects.filter(username=user,password=pwd).count() if c: #把用户名放在一个地方 rep= redirect("/index.html") rep.set_cookie("username")#,expires=5 用来设置ie浏览器的超时时间 # rep.set_cookie("username",user,max_age=10)#,expires=5 用来设置ie浏览器的超时时间 rep.set_signed_cookie("email", user+"@live.com") return rep else: message="用户名或密码错误" return render(request,"login.html",{"msg":message}) @auth def logout(request): request.session.clear() return redirect("/login.html") @auth def index(request): username=request.session.get("username",None) return render(request, "index.html", {"username": username}) @auth def handle_classes(request): if request.method=="GET": current_page=request.GET.get('p',1) current_page=int(current_page) total_count = models.Classes.objects.all().count() from utils.page import PageHelper obj = PageHelper(total_count, current_page,"/classes.html",10) pager = obj.pager_str() cls_list = models.Classes.objects.all()[obj.db_start:obj.db_end] return render(request, "classes.html", {"cls_list":cls_list,"str_pager":pager}) elif request.method=="POST": #form表单的提交处理方式 # caption=request.POST.get('caption',None) # if caption: # models.Classes.objects.create(caption=caption) # return redirect('/classes.html') # ajax 的提交处理方式 response_dict={"status":True,'error':None,"data":None} caption = request.POST.get('caption', None) if caption: obj=models.Classes.objects.create(caption=caption) print(obj.id) print(obj.caption) response_dict['data']={"id":obj.id,"caption":obj.caption} else: response_dict['status']=False response_dict['error']="标题不能为空" import json return HttpResponse(json.dumps(response_dict)) else: return HttpResponse("暂时不支持get 和 post 以外的请求方式。") @auth def handle_add_classes(request): message = "" if request.method=="GET": return render(request,"add_classes.html",{'msg':message}) elif request.method=="POST": caption=request.POST.get('caption',None) if caption: models.Classes.objects.create(caption=caption) else: message="标题不能为空" return render(request,"add_classes.html",{'msg':message}) return redirect('/classes.html') else: return redirect("/index.html") @auth def edit_classes(request): if request.method=="GET": nid=request.GET.get("nid") obj=models.Classes.objects.filter(id=nid).first() return render(request,"edit_classes.html",{"obj":obj}) elif request.method=="POST": nid=request.POST.get("nid") caption=request.POST.get("caption") models.Classes.objects.filter(id=nid).update(caption=caption) return redirect("/classes.html") else: return redirect("/index.html") @auth def handle_student(request): return render(request, "student.html", ) @auth def handle_teacher(request): return render(request, "teacher.html")