Code
Course add a field
is_banner = models.BooleanField('Whether to carousel', default=False)CourseOrg add a field
tag = models.CharField('institution tag',max_length=10,default='nationally well-known')(1) view
class IndexView(View):
'''Homepage'''
def get(self,request):
#Carousel
all_banners = Banner.objects.all().order_by('index')
#course
courses = Course.objects.filter(is_banner=False)[:6]
# Carousel course
banner_courses = Course.objects.filter(is_banner=True)[:3]
#Course organization
course_orgs = Course.objects.all()[:15]
return render(request,'index.html',{
'all_banners':all_banners,
'courses': courses,
'banner_courses': banner_courses,
'course_orgs':course_orgs,
})(2) index.html
{% extends'base.html' %}
{% load staticfiles %}
{% block title %}List of course institutions{% endblock %}
{% block custom_bread %}
{% endblock %}
{% block content %}
<div class="banner">
<div class="wp">
<div class="fl">
<div class="imgslide">
<ul class="imgs">
{% for banner in all_banners %}
<li>
<a href="{{ banner.url }}">
<img width="1200" height="478" src="{{ MEDIA_URL }}{{ banner.image }}"/>
</a>
</li>
{% endfor %}
</ul>
</div>
<div class="unslider-arrow prev"></div>
<div class="unslider-arrow next"></div>
</div>
</div>
</div>
<!--banner end-->
<!--feature start-->
<section>
<div class="wp">
<ul class="feature">
<li class="feature1">
<img class="pic" src="/static/images/feature1.png"/>
<p class="center">Professional authority</p>
</li>
<li class="feature2">
<img class="pic" src="/static/images/feature2.png"/>
<p class="center">The latest course</p>
</li>
<li class="feature3">
<img class="pic" src="/static/images/feature3.png"/>
<p class="center">Lectures by famous teachers</p>
</li>
<li class="feature4">
<img class="pic" src="/static/images/feature4.png"/>
<p class="center">The data is true</p>
</li>
</ul>
</div>
</section>
<!--feature end-->
<!--module1 start-->
<section>
<div class="module">
<div class="wp">
<h1>Open course</h1>
<div class="module1 eachmod">
<div class="module1_1 left">
<img width="228" height="614" src="/static/images/module1_1.jpg"/>
<p class="fisrt_word">Lectures by famous teachers<br/>Professional authority</p>
<a class="more" href="{% url'course:course_list' %}">View more courses></a>
</div>
<div class="right group_list">
<div class="module1_2 box">
<div class="imgslide2">
<ul class="imgs">
{% for banner_course in banner_courses %}
<li>
<a href="{% url'course:course_detail' banner_course.id %}">
<img width="470" height="300" src="{{ MEDIA_URL }}{{ banner_course.image }}"/>
</a>
</li>
{% endfor %}
</ul>
</div>
<div class="unslider-arrow2 prev"></div>
<div class="unslider-arrow2 next"></div>
</div>
{% for course in courses %}
<div class="module1_{{ forloop.counter|add:2 }} box">
<a href="{% url'course:course_detail' course.id %}">
<img width="233" height="190" src="{{ MEDIA_URL }}{{ course.image }}"/>
</a>
<div class="des">
<a href="{% url'course:course_detail' course.id %}">
<h2 title="Introduction to django">{{ course.name }}</h2>
</a>
<span class="fl">Difficulty: <i class="key">{{ course.get_degree_display }}</i></span>
<span class="fr">Number of students: {{ course.students }}</span>
</div>
<div class="bottom">
<span class="fl" title="慕课网">{{ course.course_org.name }}</span>
<span class="star fr">{{ course.fav_nums }}</span>
</div>
</div>
{% endfor %}
</div>
</div>
</div>
</div>
</section>
<section>
<div class="module greybg">
<div class="wp">
<h1>Course institution</h1>
<div class="module3 eachmod">
<div class="module3_1 left">
<img width="228" height="463" src="/static/images/module3_1.jpg"/>
<p class="fisrt_word">The prestigious school strikes<br/>Authentication certification</p>
<a class="more" href="{% url'org:org_list' %}">See more organizations></a>
</div>
<div class="right">
<ul>
{% for org in course_orgs %}
<li class="{% if forloop.counter|divisibleby:5 %}five{% endif %}">
<a href="{% url'org:org_home' org.id %}">
<div class="company">
<img width="184" height="100" src="{{ MEDIA_URL }}{{ org.image }}"/>
<div class="score">
<div class="circle">
<h2>{{ org.tag }}</h2>
</div>
</div>
</div>
<p><span class="key" title="{{ org.name }}">{{ org.name }}</span></p>
</a>
</li>
{% endfor %}
</ul>
</div>
</div>
</div>
</div>
</section>
{% endblock %}
{% block custom_js %}
<script type="text/javascript" src="{% static'js/index.js' %}"></script>
{% endblock %}Description 1: Course
Note 2: Course institution
Description 3: lolgin
class LoginView(View):
'''User login'''
def get(self,request):
return render(request,'login.html')
def post(self,request):
# Instantiation
login_form = LoginForm(request.POST)
if login_form.is_valid():
# Get the username and password submitted by the user
user_name = request.POST.get('username', None)
pass_word = request.POST.get('password', None)
# Return the user object successfully, None on failure
user = authenticate(username=user_name, password=pass_word)
# If it is not null, the verification is successful
if user is not None:
if user.is_active:
# Only register and activate to log in
login(request, user)
return HttpResponseRedirect(reverse('index'))
else:
return render(request,'login.html', {'msg':'User name or password is wrong','login_form': login_form})
# Only when the user name or password does not exist, the error message will be returned to the front end
else:
return render(request,'login.html', {'msg':'Username or password is wrong','login_form':login_form})
# form.is_valid() has been judged to be illegal, so there is no need to return an error message to the front end here
else:
return render(request,'login.html',{'login_form':login_form})(1)MxOnline/urls.py
from MxOnline.settings import STATIC_ROOT
urlpatterns = [
#Static files
re_path(r'^static/(?P<path>.*)', serve, {"document_root": STATIC_ROOT }),
]
# Global 404 page configuration
handler404 ='users.views.pag_not_found'
(2)MxOnline/settings.py
DEBUG = False ALLOWED_HOSTS = ['*'] #Static files STATIC_ROOT = os.path.join(BASE_DIR,'static')
(3)users/views.py
from django.shortcuts import render_to_response
def pag_not_found(request):
# Global 404 processing function
response = render_to_response('404.html', {})
response.status_code = 404
return response
def page_error(request):
# Global 500 processing function
from django.shortcuts import render_to_response
response = render_to_response('500.html', {})
response.status_code = 500
return responseDescription:
The harm of sql injection
sql injection test code
class LoginUnsafeView(View):
def get(self, request):
return render(request, "login.html", {})
def post(self, request):
user_name = request.POST.get("username", "")
pass_word = request.POST.get("password", "")
import MySQLdb
conn = MySQLdb.connect(host='127.0.0.1', user='root', passwd='root', db='mxonline', charset='utf8')
cursor = conn.cursor()
sql_select = "select * from users_userprofile where email='{0}' and password='{1}'".format(user_name, pass_word)
result = cursor.execute(sql_select)
for row in cursor.fetchall():
# Query to the user
pass
print'test'
urls.py
from users.views import LoginUnsafeView
urlpatterns = [
url('^login/', LoginUnsafeView.as_view(), name='login'),
]Enter the user name in the login interface: 'OR 1=1# Password: 123
Found that the user name and password in our database can be obtained.
The harm of xss cross site scripting (Cross Site Scripting)
xss attack process
xss attack protection
The harm of csrf cross-site request forgery (Cross-site request forgery)
CSRF attack process:
CSRF attack prevention:
Add {{csrf_token}} in each form