fir3net
PPS-Firenetbanner-780.5x190-30-03-17

Django - How do I create a custom login page ?

Within this article we will look at how to permit only authenticated users to a view via the use of a custom login form.

SETTINGS

First of all a few changes need to be made to the settings.py file. Such as

+ 'django.contrib.auth.middleware.AuthenticationMiddleware' to MIDDLEWARE_CLASSES
+ 'django.contrib.auth' and 'django.contrib.contenttypes'to INSTALLED_APPS

Once done update your database by running 'python manage.py syncdb'.

LOGIN TEMPLATE

Next the custom login page is created via another template. In this case we have named it login.html. 

Note : the CSS styling is bootstrap based.

{% extends "website-base.html" %}
{% block main %}
    <div id="login">
        <form class="form-horizontal" name="LoginForm" action="/login/" method="post">
        {% csrf_token %}
        {% if next %}
            <input type="hidden" name="next" value="{{ next }}" />
        {% endif %}
        <div class="control-group">
            <label class="control-label" for="username">Username</label>
            <div class="controls">
                <input type="text" id="username" name="username"  placeholder="Username">
            </div>
        </div>
        <div class="control-group">
            <label class="control-label" for="password">Password</label>
            <div class="controls">
                <input type="password" name="password" id="password" placeholder="Password">
            </div>
        </div>
        <div class="control-group">
            <div class="controls">
                <button type="submit" class="btn">Login</button>
            </div>
        </div>
        </form>
    </div>
{% endblock %}

To output that the user is logged in within your main base template you can use the following syntax,

<p>Welcome, {{ user.username }}.</p>

URLS

Next some simple additions are made to the urls.py file.

from django.conf.urls.defaults import patterns, include, url

urlpatterns = patterns('',
    url(r'^main/$', 'example.views.main'),
    (r'^login/$', 'example.views.login_user'),
)

VIEWS

Finally we build a new view. This will take the username and password from the POST and test them against the current active users within Django's auth system.

The main point here is that to ensure that only authenticated users can access the view (in this case 'def main(request)') a decorator is used. This decorator also dictates that if the user is not authenticated to send then back to the login page.

Note : The reason 'logout(request)' is added to the top of the view is so that if you ever go to the login.html page directly then the user is logged out. Typically this would be achieved by creating a separate logout page but (in this example) to keep things simple we have included this within the login view.

from django.http import *
from django.shortcuts import render_to_response,redirect
from django.template import RequestContext
from birthdayreminder.models import *
from django.contrib.auth.decorators import login_required
from django.contrib.auth import authenticate, login, logout

def login_user(request):
    logout(request)
    username = password = ''
    if request.POST:
        username = request.POST['username']
        password = request.POST['password']

user = authenticate(username=username, password=password)
        if user is not None:
            if user.is_active:
                login(request, user)
                return HttpResponseRedirect('/main/')
    return render_to_response('login.html', context_instance=RequestContext(request))

@login_required(login_url='/login/')
def main(request):
    ....

 

About the Author

RDonato

R Donato

Rick Donato is the Founder and Chief Editor of Fir3net.com. He currently works as a Principal Network Security Engineer and has a keen interest in automation and the cloud.

You can find Rick on Twitter @f3lix001