0

I am trying to authenticate users against an existing database. I can authenticate the user with their email and password combination but I cannot save the authorisation, meaning the user is not actually logged in.

I know this because in Template.html, it is not showing the correct options after login when I call {% if user and not user.is_anonymous %}

I believe the fault is coming from this line in views.py

auth_login(request, user)

Views.py

from django.contrib.auth import logout as auth_logout
from django.contrib.auth import login as auth_login
from django.contrib.auth import authenticate

...

def login_email(request):

    if request.method == 'POST':
        email = request.POST.get('email')
        password = hashlib.md5(request.POST.get('password')).hexdigest()

        #db query to check if email and password combination exist
        user = Users.objects.get(email=email,password=password)

        if user is not None:
            user.backend = 'django.contrib.auth.backends.ModelBackend'  
            auth_login(request, user)
            return redirect('/personalised')
        else: #failed to return to login page
            return render(request, 'login.html',{})
    #invalid POST request recieved
    else:
        return render(request,"login.html",{})

login.html

           <form action="/login_email/" method="POST">
                {% csrf_token %}
                <div class="form-group">
                    <label for="email">Email address</label>
                    <input type="email" name="email" class="form-control" id="email" placeholder="Email">
                </div>
                <div class="form-group">
                    <label for="email">Password</label>
                    <input type="password" name="password" class="form-control" id="password" placeholder="Password">
                </div>
                <button type="submit" class="btn btn-info">Submit</button>
            </form>

Models.py

class Users(models.Model):
    visitorid = models.CharField(db_column='visitorID', max_length=80)  # Field name made lowercase.
    name = models.CharField(max_length=255)
    source = models.CharField(max_length=4)
    visits = models.IntegerField()
    last_visit = models.CharField(max_length=10)
    email = models.CharField(max_length=255)
    unsubscribe = models.CharField(max_length=1)
    twitter = models.CharField(max_length=100)
    password = models.TextField()
    .....

template.py

    {% if user and not user.is_anonymous %}
    <li><a href="/personalised">My Feed </a></li>
    <li><a href="/">Trending</a></li>
    <li><a href="/recommendations/{{user.username}}">Your Saves</a></li>
    <li><a href="/logout">Logout </a></li>
    {% else %}
    <a href="/login_email?next={{ request.path }}"><button type="button" class="btn btn-success navbar-btn">Sign in with Email</button></a>
    {% endif %}
Improve this question

1 Answer 1

Reset to default
1

Do not use this code:

    email = request.POST.get('email')
    password = hashlib.md5(request.POST.get('password')).hexdigest()

    #db query to check if email and password combination exist
    user = Users.objects.get(email=email,password=password)

Instead use the authenticate method. It returns a User

user = authenticate(email=email, password=password)

This assumes that you have an appropriate auth backend setup.

Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.