I am using a basic authentication/login scheme in Django 1.1.1 and
Python 2.5.3. It behaves correctly if I login correctly, or if I use
use a correct username but wrong password. It also works for an
unknown username AND any password. However, if I type in a username
that is not in the database with a BLANK password it skips all of my
if:else clauses, even though the user is None. Why?
[code]def login_view(request, user=None):
if request.method == 'POST': # If the form has been submitted...
form = LoginForm(request.POST) # A form bound to the POST data
if form.is_valid():
username = form.cleaned_data['username']
password = form.cleaned_data['password']
user = authenticate(username=username, password=password)
if user is not None:
if user.is_active:
login(request, user)
from userauth.auth.views import userlist
return HttpResponseRedirectView(userlist)
else:
return HttpResponse("Your account is inactive.")
else:
return render_to_response('auth/login.html',
{'error_message': 'You failed to
authenticate.'})
else:
form = LoginForm() # An unbound form
return render_to_response('login.html', {'form': form,
'error_message': 'Login please'})
return HttpResponse("Error in login_view. User: %s" % user)
[/code]
>From the authenticate step, I type in 'jimmy' (not a known user) and
hit enter (password field is blank) and the user it returns is None.
However, this doesn't get caught by the "if user is not None" line and
so it skips all the way to the last line "Error in login_view".
Can someone tell me why?
--
You received this message because you are subscribed to the Google Groups
"Django users" group.
To post to this group, send email to django-us...@googlegroups.com.
To unsubscribe from this group, send email to
django-users+unsubscr...@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/django-users?hl=en.
