0
我目前正在创建自己的自定义Django登录页面。这是我的观点:自定义Django登录返回“确定”
def login_poster(request):
state = "Verified Posters, please login below..."
username = password = ''
if request.POST:
username = request.POST.get('username')
password = request.POST.get('password')
user = authenticate(username=username, password=password)
if user:
if user.is_active:
login(request, user)
state = "You're successfully logged in!"
else:
state = "You must have a verified Poster account to login."
else:
state = "Your username and/or password were incorrect."
return render_to_response('poster_login.html',{'state':state, 'username': username})
,这是我的模板:
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<title>Log in</title>
<meta http-equiv="Content-type" content="text/html; charset=utf-8" />
<style>
body{
font-family:Arial,Helvetica,sans-serif;
font-size: 12px;
}
</style>
</head>
<body>
{{ state }}
<form action="/login/" method="post">
{% if next %}
<input type="hidden" name="next" value="{{ next }}" />
{% endif %}
username:
<input type="text" name="username" value="{{ username}}" /><br />
password:
<input type="password" name="password" value="" /><br />
<input type="submit" value="Log In" />
</form>
出于某种原因,每当我登录,与错误的用户名和密码,或正确的用户名和密码与空字段,我在我的浏览器中得到以下响应,
OK
无论我输入什么,它都会一直显示正常。它甚至不检查证书是否无效。当我按下提交,无论无论是在田间地头,它仍然会返回“OK”
我跟着这个教程:http://solutoire.com/2009/02/26/django-series-1-a-custom-login-page/
一个如何去修复呢?
@GeorgeOctavianRavanc我会试一试,你在哪里放置csrf_token? – noahandthewhale
您必须在表单标记内的任意位置添加csrf_token:
–