Within this article we will look at how to permit only authenticated users to a view via the use of a custom login form.
Table of Contents
SETTINGS
First of all a few changes need to be made to the settings.py file. Such as
+ ‘django.contrib.auth.middleware.AuthenticationMiddleware’ to MIDDLEWARE_CLASSES
+ ‘django.contrib.auth’ and ‘django.contrib.contenttypes’to INSTALLED_APPS
Once done update your database by running ‘python manage.py syncdb’.
LOGIN TEMPLATE
Next the custom login page is created via another template. In this case we have named it login.html.
Note : the CSS styling is bootstrap based.
{% extends "website-base.html" %}
{% block main %}
<div id="login">
<form class="form-horizontal" name="LoginForm" action="/login/" method="post">
{% csrf_token %}
{% if next %}
<input type="hidden" name="next" value="{{ next }}" />
{% endif %}
<div class="control-group">
<label class="control-label" for="username">Username</label>
<div class="controls">
<input type="text" id="username" name="username" placeholder="Username">
</div>
</div>
<div class="control-group">
<label class="control-label" for="password">Password</label>
<div class="controls">
<input type="password" name="password" id="password" placeholder="Password">
</div>
</div>
<div class="control-group">
<div class="controls">
<button type="submit" class="btn">Login</button>
</div>
</div>
</form>
</div>
{% endblock %}To output that the user is logged in within your main base template you can use the following syntax,
<p>Welcome, {{ user.username }}.</p>URLS
Next some simple additions are made to the urls.py file.
from django.conf.urls.defaults import patterns, include, url
urlpatterns = patterns(”,
url(r’^main/$’, ‘example.views.main’),
(r’^login/$’, ‘example.views.login_user’),
)
VIEWS
Finally we build a new view. This will take the username and password from the POST and test them against the current active users within Django’s auth system.
The main point here is that to ensure that only authenticated users can access the view (in this case ‘def main(request)’) a decorator is used. This decorator also dictates that if the user is not authenticated to send then back to the login page.
Note : The reason ‘logout(request)’ is added to the top of the view is so that if you ever go to the login.html page directly then the user is logged out. Typically this would be achieved by creating a separate logout page but (in this example) to keep things simple we have included this within the login view.
from django.http import * from django.shortcuts import render_to_response,redirect from django.template import RequestContext from birthdayreminder.models import * from django.contrib.auth.decorators import login_required from django.contrib.auth import authenticate, login, logout
def login_user(request):
logout(request)
username = password = ”
if request.POST:
username = request.POST[‘username’]
password = request.POST[‘password’]
user = authenticate(username=username, password=password)
if user is not None:
if user.is_active:
login(request, user)
return HttpResponseRedirect(‘/main/’)
return render_to_response(‘login.html’, context_instance=RequestContext(request))
@login_required(login_url=’/login/’)
def main(request):
….
- How to Configure a BIND Server on Ubuntu - March 15, 2018
- What is a BGP Confederation? - March 6, 2018
- Cisco – What is BGP ORF (Outbound Route Filtering)? - March 5, 2018
Want to become a Django expert?
Here is our hand-picked selection of the best courses you can find online:
The Complete Web Development Bootcamp course
Django Practical Guide course
Django Full Stack Developer Bootcamp
and our recommended certification practice exams:
AlphaPrep Practice Tests - Free Trial