def login(request):
"Displays the login form and handles the login action."
manipulator = AuthenticationForm(request)
redirect_to = request.REQUEST.get(REDIRECT_FIELD_NAME, '')
if request.POST:
errors = manipulator.get_validation_errors(request.POST)
if not errors:
# Light security check -- make sure redirect_to isn't garbage.
if not redirect_to or '://' in redirect_to or ' ' in redirect_to:
redirect_to = '/accounts/profile/'
request.session[users.SESSION_KEY] = manipulator.get_user_id()
request.session.delete_test_cookie()
return HttpResponseRedirect(redirect_to)
else:
errors = {}
request.session.set_test_cookie()
return render_to_response('registration/login', {
'form': formfields.FormWrapper(manipulator, request.POST, errors),
REDIRECT_FIELD_NAME: redirect_to,
'site_name': sites.get_current().name,
}, context_instance=DjangoContext(request))
