.jpeg)
Within this article we will look at how to permit only authenticated users to a view via the use of a custom login form.
SETTINGS
First of all a few changes need to be made to the settings.py file. Such as
+ 'django.contrib.auth.middleware.AuthenticationMiddleware' to MIDDLEWARE_CLASSES
+ 'django.contrib.auth' and 'django.contrib.contenttypes'to INSTALLED_APPS
Once done update your database by running 'python manage.py syncdb'.
LOGIN TEMPLATE
Next the custom login page is created via another template. In this case we have named it login.html.
Note : the CSS styling is bootstrap based.
{% extends "website-base.html" %}
{% block main %}
<div id="login">
<form class="form-horizontal" name="LoginForm" action="/login/" method="post">
{% csrf_token %}
{% if next %}
<input type="hidden" name="next" value="{{ next }}" />
{% endif %}
<div class="control-group">
<label class="control-label" for="username">Username</label>
<div class="controls">
<input type="text" id="username" name="username" placeholder="Username">
</div>
</div>
<div class="control-group">
<label class="control-label" for="password">Password</label>
<div class="controls">
<input type="password" name="password" id="password" placeholder="Password">
</div>
</div>
<div class="control-group">
<div class="controls">
<button type="submit" class="btn">Login</button>
</div>
</div>
</form>
</div>
{% endblock %}
To output that the user is logged in within your main base template you can use the following syntax,
<p>Welcome, {{ user.username }}.</p>
URLS
Next some simple additions are made to the urls.py file.
from django.conf.urls.defaults import patterns, include, url
urlpatterns = patterns('',
url(r'^main/$', 'example.views.main'),
(r'^login/$', 'example.views.login_user'),
)
VIEWS
Finally we build a new view. This will take the username and password from the POST and test them against the current active users within Django's auth system.
The main point here is that to ensure that only authenticated users can access the view (in this case 'def main(request)') a decorator is used. This decorator also dictates that if the user is not authenticated to send then back to the login page.
Note : The reason 'logout(request)' is added to the top of the view is so that if you ever go to the login.html page directly then the user is logged out. Typically this would be achieved by creating a separate logout page but (in this example) to keep things simple we have included this within the login view.
from django.http import *
from django.shortcuts import render_to_response,redirect
from django.template import RequestContext
from birthdayreminder.models import *
from django.contrib.auth.decorators import login_required
from django.contrib.auth import authenticate, login, logout
def login_user(request):
logout(request)
username = password = ''
if request.POST:
username = request.POST['username']
password = request.POST['password']
user = authenticate(username=username, password=password)
if user is not None:
if user.is_active:
login(request, user)
return HttpResponseRedirect('/main/')
return render_to_response('login.html', context_instance=RequestContext(request))
@login_required(login_url='/login/')
def main(request):
....
i hope you like this article.
