Home/ Questions/Q 6741203
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-05-26T11:41:49+00:00

I have a simple signup form (in signup.html) <form action=adduser method=post> {% csrf_token %}

  • 0

I have a simple signup form (in signup.html)

<form action="adduser" method="post">
{% csrf_token %}
  Email Address: <input type="email" name="email" required autocomplete="on" placeholder="fr@star.com"/><br/>
  Username: <input type="text" name="username" maxlength=25 required placeholder="JoyfulSophia"/><br/>
  Password: <input type="password" name="password" maxlength=30 required placeholder="**********" /><br/>
  <br/>
  <input type="submit" value="Send" /> <input type="reset">
</form>

This redirects to the addUser view:

def adduser(request):
    u = User.objects.create_user(request.POST['username'], request.POST['email'], password=request.POST['password'])
    u.save()
    a = Accounts(user=u)
    p = Passwords(user=u)
    a.save()
    p.save()
    return HttpResponseRedirect(reverse('OmniCloud_App.views.profile', args=(u.id,)))

Here is the profile: 

@login_required    
def profile(request, User_id):
    u = get_object_or_404(User, pk=User_id)
    a = get_object_or_404(Accounts, pk=User_id)
    return render_to_response('profile.html', context_instance=RequestContext(request))

So they wouldn’t be signed in, but that’s okay because we can send you over to /accounts/login?next=/7/ since they are user 7 (Problems Ahead!)

def login(request):
    username = request.POST['username']
    password = request.POST['password']
    user = auth.authenticate(username=username, password=password)
    if user is not None and user.is_active:
        auth.login(request, user)
        return HttpResponseRedirect("/account/profile/")
    else:
        return HttpResponseRedirect("/account/invalid/")

The request doesn’t contain anything called username, but the one which was submitted to the addUser form does, so how can I shoot that bro over to login? I could have it parse the url (which contains the next=USER_ID) but that wouldn’t work for someone that just types in base_url/login, and the user_id won’t be part of the url forever. So what’s a brother to do?

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    Post data exists only for one request. If you want to use it later you should save it somewhere else.

    You could login the user right after registration, in adduser view, he just entered his username and password, he doesn’t have to do it again.

    And login view is a little off. This is just a “POST” part of the view. You need to check and see if it’s GET request and if it is return template with form containing username and password fields and with target url that points to the same view. Something like this:

    def login(request):
    if request.method == 'GET':
        return render_to_response('login.html', 
                                  { 'form': LoginForm() },
                                  context_instance=RequestContext(request))
    elif request.method == 'POST':
        form = LoginForm(request.POST)
        if form.is_valid():
            username = form.cleaned_data['username']
            password = form.cleaned_data['password']
            user = auth.authenticate(username=username, password=password)
            if user is not None and user.is_active:
                auth.login(request, user)
                return HttpResponseRedirect("/account/profile")
            else:
                return HttpResponseRedirect("/account/invalid/")

    Where login.html is something like this:

    {% extends "base_site.html" %}

{% block content %}
    <form method="post" target="{% url login_view %}">
    {% csrf_token %}
    {{ form.as_p }}
    <input type="submit" value="Login" />
    </form>
{% endblock content %}

    Also, you could return user to the same login form if username and password didn’t match and add some message!

    This is just from the top of my head, didn’t try it, but it should work!

    • 0