How can I let users log in to my Django site just by clicking a link?
I send out weekly emails asking my us开发者_开发百科ers to update information, and I would love to let them log in just by clicking a link.
I have seen this on other sites (like Squarespace), but has anyone done this with Django before?
I wouldn't recommend attempting to log users in via a url. The url is unencrypted (unless you're using HTTPS and even that can still be scraped) and easy to intercept or just guess with brute force.
There are two possible solutions I can think of:
Use Django Sessions and Cookies
Take advantage of the fact that in Django the login automatically saves a cookie. Once a user is logged in, they stay logged in until they log out (or the cookie expires, but this can be set to live forever). Then, all you need to do is create a /myprofile/ url of some sort and just send the users there. If the user is logged in, this is where you show their user profile.
Encode with a Hash
However, if you really want to actually pass a url with a username and password, I'd recommend obfuscating their username and password as an MD5 hash, which you can then pass via the url.
import urllib, hexlib
username = 'joeblow'
password = 'password'
url = 'http://www.mysite.com/users/login/'
url += urllib.urlencode({
'username':hashlib.md5(username.lower()).hexdigest(),
'password':hashlib.md5(password.lower()).hexdigest(),
})
# return the url to the user in the email template
return url
Note: I would still highly recommend option 1!
Just log them in in the view. You'll have to compensate for the lack of an authenticate() call, but you can just look at the source and figure out what needs doing.
![Interactive visualization of a graph in python [closed]](https://www.devze.com/res/2023/04-10/09/92d32fe8c0d22fb96bd6f6e8b7d1f457.gif)
加载中,请稍侯......
精彩评论