请记住,只要你使用CSRF
CSRF verification failed. Request aborted.
,你需要将RequestContext
的实例传回给视图。另外,您的表单需要添加{% csrf_token %}
。
在您的视图代码,你可以使用render
shortcut将incude正确的上下文为您提供:
from django.shortcuts import render
def admin_login(request):
# your normal code
return render(request, 'admin/login.html', {'username': username})
文档的CSRF section有什么,以便需要的清单进行CSRF正常工作。
您还应该使用authenticate()
,而不是写你自己的逻辑:
from django.contrib.auth import authenticate
user = authenticate(username='john', password='secret')
把所有的一起,你的代码是现在:
from django.shortcuts import render
from django.contrib.auth import authenticate
from django.contrib import messages
def admin_login(request):
"""Logs in an admin user, redirecting to the dashboard"""
if request.POST:
username = request.POST.get('username')
password = request.POST.get('password')
user = authenticate(username, password)
if user is not None:
if user.is_active:
login(request, user)
request.session['admin_id'] = user.id
return redirect('dashboard')
else:
# do something because user was not active
messages.add_message(request, messages.ERROR, 'User Inactive')
return render(request, 'admin/login.html')
else:
# password/username combination was wrong
messages.add_message(request, messages.ERROR, 'Invalid Credentials')
return render(request, 'admin/login.html')
else:
return render(request, 'admin/login.html')
我使用的是内置messages framework显示错误消息。
用户名和密码是否正确?没有ü检查这些 – NetStarter 2013-04-30 09:48:38
看到http://stackoverflow.com/questions/10388033/csrf-verification-failed-request-aborted – devnull 2013-04-30 09:56:23