在我的pagelogin视图

时间:2015-07-23 12:32:52

标签: python django django-forms django-templates django-views

如何保护成功后登录时重定向的login_dash.html页面。目前我不知道在哪里应用@login_required装饰器,因为我重定向到html页面。非常感谢社区的任何帮助/贡献。

以下是我的观看代码段:

def logins(request):

context =RequestContext(request)

if request.method == 'POST':
    username = request.POST['username']
password = request.POST['password']

user = authenticate(username=username, password=password)
if user is not None:
        # Is the account active? It could have been disabled.
        if user.is_active:
            # If the account is valid and active, we can log the user in.
            # We'll send the user back to the homepage.
            login(request, user)
            return render(request,'login-dash.html')

        #if accounts.accttype == BUSINESS:
            #return render_to_response('business.html')

        #else: 

            #return render_to_response('login-dash.html')           

        else:
            # An inactive account was used - no logging in!
            messages.success(request, "Go to your email and activate the account") 
            return HttpResponse("Your  account is disabled.")
    else:
        # Bad login details were provided. So we can't log the user in.
        print "Invalid login details: {0}, {1}".format(username, password)
        return HttpResponse("Invalid login details supplied.")

# The request is not a HTTP POST, so display the login form.
# This scenario would most likely be a HTTP GET.
else:
    # No context variables to pass to the template system, hence the
    # blank dictionary object...
    #transaction_list = get_list_or_404(transactions)
    messages.success(request, "You have succefully logged in to your quickpay account.") 
    transaction_list ={"transactions": transactions.objects.all()}

    #yes = Picture.objects.filter(vote='yes').count()
    return render(request,'login-dash.html', transaction_list)

1 个答案:

答案 0 :(得分:0)

您只能在只有登录人员才能看到的视图中使用@login_required

例如,您不需要@login_required登录视图,因为您希望人们能够登录,

def user_login(request):
    if request.method == "POST":
        username = request.POST.get('username')
        password = request.POST.get('password')

        user = authenticate(username=username, password=password)

        if user:
            if user.is_active:
                login(request, user)
                return HttpResponseRedirect('/app/')
            else:
                return HttpResponse("Your account is disabled.")
        else:
            print "Invalid login details: {0}, {1}".format(username, password)
            return HttpResponse("Invalid login credentials.")
    else:
        return render(request, 'app/login.html', {})

但是对于注销,您只希望人们只有在他们登录时才能注销。

@login_required
def user_logout(request):
    logout(request)
    return HttpResponseRedirect('/app/')

所以,计划什么需要@login_required,什么不需要。

相关问题
最新问题