I want to create a homepage with a header that asks to login with username/password and a login button to login. Currently, how I have my page set up is that pressing login will send me to a login page. I want to simply enter in the information and press "login" to login on the homepage of my site. How can I design my urls.py
and views.py
to perform login on the homepage?
I have a base.html
that is the template for my main page. Within the template, I made a login.html
partial view:
<form action='/accounts/auth/' method='POST'> {% csrf_token %}
<div >
<label for='username'> Username </label>
<input type='text' name='Username' id='username'>
<label for='password'>Password </label>
<input type='password' name='Password' id='password'>
<input type='submit' value='login'>
</div>
</form>
I am a bit confused for the action
attribute as I'm not sure where to send that form data if I wanted to authorize login on the same page.
My views.py
def login(request):
c = {}
c.update(csrf(request))
return render(request, 'login.html', c)
def auth_view(request):
username = request.POST.get('username', '')
password = request.POST.get('password', '')
user = auth.authenticate(username = username, password = password)
if user is not None:
auth.login(request, user)
return HttpResponseRedirect('/accounts/loggedin')
else:
return HttpResponseRedirect('/accounts/invalid')
I'm not sure where to HttpResponseRedirect
as well if logging in is all done on the home page.
Perhaps I can do a render(request,SomePartialView.html)
instead of HttpResponseRedirect
.
Here is my urls.py:
url(r'^$', 'photoblog.views.login'), #displays login.html
url(r'^accounts/auth/$', 'photoblog.views.auth_view'), #authorize login
To start the server, use the following command in the terminal. Now, enter the username and password and click on the login button. After successful login, you will redirect to the home page. In this section, we’ll learn to create a signup page, login page, and logout page without using Django’s in-built feature.
GET and POST are the only HTTP methods to use when dealing with forms. Django’s login form is returned using the POST method, in which the browser bundles up the form data, encodes it for transmission, sends it to the server, and then receives back its response.
In this section, we’ll learn what does login system means in python Django. A login system is a security feature that prevents unauthorized users from accessing resources on a website. There are three parts to the login system: Signup: Signing up is the process of creating a new account.
To make a Django app, use the following command: So, here I build an app named accounts. We’ll need to install a Django app after we’ve created it. To do so, open the settings.py file in your project directory. Now type the name of your application in INSTALLED APPS. To store your HTML files, you’ll need a template folder.
If you just want to have a homepage with static content that handles logins, the Django built-in auth application can handle this with very little effort. You just need to bind a URL to django.contrib.auth.views.login
and probably one to django.contrib.auth.views.logout
, write a login template and a post-logout template, then set a couple of setting variables.
The full setup is documented here: https://docs.djangoproject.com/en/dev/topics/auth/default/#module-django.contrib.auth.views
Here are the relevant bits from a working project of mine:
urls.py
# HomeView is a simple TemplateView that displays post-login options
urlpatterns = patterns('',
...
url(r'^myapp/$', HomeView.as_view(template_name='home.html'), name='home'),
url(r'^accounts/login/$', 'django.contrib.auth.views.login', name='login'),
url(r'^accounts/logout/$', 'django.contrib.auth.views.logout', name='logout'),
...
)
settings.py
from django.core.urlresolvers import reverse_lazy
...
LOGIN_URL = reverse_lazy('login')
LOGIN_REDIRECT_URL = reverse_lazy('home')
login.html
{% extends "base.html" %}
{% block head %}
<title>Login</title>
{% endblock %}
{% block body %}
{% if form.errors %}
<p>Your username and password didn't match. Please try again.</p>
{% endif %}
<form method="post" action="{% url 'django.contrib.auth.views.login' %}">
{% csrf_token %}
<table>
<tr>
<td>{{ form.username.label_tag }}</td>
<td>{{ form.username }}</td>
</tr>
<tr>
<td>{{ form.password.label_tag }}</td>
<td>{{ form.password }}</td>
</tr>
</table>
<input type="submit" value="login" />
<input type="hidden" name="next" value="{{ next }}" />
</form>
{% endblock %}
logged_out.html
{% extends "base.html" %}
{% block head %}
<title>Logged out</title>
{% endblock %}
{% block body %}
<p>You have been logged out. You may <a href="{% url 'login' %}">log back in</a>.</p>
{% endblock %}
I'm not showing my base.html
template but I trust the pattern is obvious. If you want more than a bare login form there's no reason your login.html
template couldn't be fancier. The names are default values, as documented for the views, but you could use other choices if you wanted to.
That's all you need for the basic behavior. If you wrap your views with the login_required
decorator as described in the docs, it will redirect to your login page any time a non-authenticated user tries to access one of your views. Or, if you're using class-based views, use @method_decorator(login_required)
as documented here. Two more snippets from my project:
from django.contrib.auth.decorators import login_required
from django.utils.decorators import method_decorator
class HomeView(TemplateView):
@method_decorator(login_required)
def dispatch(self, *args, **kwargs):
return super(HomeView, self).dispatch(*args, **kwargs)
@login_required
def report_for_group(request, group_id):
...
The docs include discussions of some more complicated setups, should you need them.
I recommend django-registration
it is quite easy. there is an email verification too in it.
you need an addition url
say home:
url(r'^home/$', 'photoblog.views.home',name='home'),
.............
its views
, home
access was limited to only logged-in users
from django.contrib.auth.decorators import login_required
@login_required(login_url='/') #if not logged in redirect to /
def home(request):
return render(request, 'home.html')
you don't need csrf
in login.py
ie:
def login(request):
return render(request, 'login.html')
is enough, as render
will pass csrf token.
from django.core.urlresolvers import reverse
def auth_view(request):
username = request.POST.get('username', '')
password = request.POST.get('password', '')
user = auth.authenticate(username = username, password = password)
if user is not None:
auth.login(request, user)
return HttpResponseRedirect(reverse('home'))
else:
return HttpResponseRedirect('/accounts/invalid')
You can use Django's built in log in form. It is quit easy and efficient.And it will give you some features like form validation check.
in urls.py:
url(r'^login/$',views.loginView,name='login'),
in views.py:
from django.contrib.auth import login
from django.contrib.auth.forms import AuthenticationForm
def loginView(request):
if request.method == 'POST':
form = AuthenticationForm(data=request.POST)
if form.is_valid():
user = form.get_user()
login(request, user)
return redirect('/website/profile/')
else:
form = AuthenticationForm()
return render(request, 'website/login.html', {'form': form})
in html page:
<form method="post">
{% csrf_token %}
{{form.as_p}}
<p><input type="submit" value="Log in"></input></p>
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With