def _checklogin(request, *args, **kwargs):
if not request.user.is_anonymous() and request.user.is_staff:
# The user is valid. Continue to the admin page.
return view_func(request, *args, **kwargs)
assert hasattr(request, 'session'), "The Django admin requires session middleware to be installed. Edit your MIDDLEWARE_CLASSES setting to insert 'django.middleware.sessions.SessionMiddleware'."
# If this isn't already the login page, display it.
if not request.POST.has_key(LOGIN_FORM_KEY):
if request.POST:
message = "Please log in again, because your session has expired. "\
"Don't worry: Your submission has been saved."
else:
message = ""
return _display_login_form(request, message)
# Check that the user accepts cookies.
if not request.session.test_cookie_worked():
message = "Looks like your browser isn't configured to accept cookies. Please enable cookies, reload this page, and try again."
return _display_login_form(request, message)
# Check the password.
username = request.POST.get('username', '')
try:
user = users.get_object(username__exact=username, is_staff__exact=True)
except users.UserDoesNotExist:
message = ERROR_MESSAGE
if '@' in username:
# Mistakenly entered e-mail address instead of username? Look it up.
try:
user = users.get_object(email__exact=username)
except users.UserDoesNotExist:
message = "Usernames cannot contain the '@' character."
else:
message = "Your e-mail address is not your username. Try '%s' instead." % user.username
return _display_login_form(request, message)
# The user data is correct; log in the user in and continue.
else:
if user.check_password(request.POST.get('password', '')):
request.session[users.SESSION_KEY] = user.id
if request.POST.has_key('post_data'):
post_data = _decode_post_data(request.POST['post_data'])
if post_data and not post_data.has_key(LOGIN_FORM_KEY):
# overwrite request.POST with the saved post_data, and continue
request.POST = post_data
request.user = user
return view_func(request, *args, **kwargs)
else:
request.session.delete_test_cookie()
return httpwrappers.HttpResponseRedirect(request.path)
else:
return _display_login_form(request, ERROR_MESSAGE)
def createsuperuser():
"Creates a superuser account."
from django.core import validators
from django.models.auth import users
import getpass
try:
while 1:
username = raw_input('Username (only letters, digits and underscores): ')
if not username.isalnum():
sys.stderr.write("Error: That username is invalid.\n")
continue
try:
users.get_object(username__exact=username)
except users.UserDoesNotExist:
break
else:
sys.stderr.write("Error: That username is already taken.\n")
while 1:
email = raw_input('E-mail address: ')
try:
validators.isValidEmail(email, None)
except validators.ValidationError:
sys.stderr.write("Error: That e-mail address is invalid.\n")
else:
break
while 1:
password = getpass.getpass()
password2 = getpass.getpass('Password (again): ')
if password != password2:
sys.stderr.write("Error: Your passwords didn't match.\n")
continue
if password.strip() == '':
sys.stderr.write("Error: Blank passwords aren't allowed.\n")
continue
break
except KeyboardInterrupt:
sys.stderr.write("\nOperation cancelled.\n")
sys.exit(1)
u = users.create_user(username, email, password)
u.is_staff = True
u.is_active = True
u.is_superuser = True
u.save()
print "User created successfully."
def _get_user(self):
if not hasattr(self, '_user'):
from django.models.auth import users
try:
user_id = self.session[users.SESSION_KEY]
if not user_id:
raise ValueError
self._user = users.get_object(pk=user_id)
except (AttributeError, KeyError, ValueError, users.UserDoesNotExist):
from django.parts.auth import anonymoususers
self._user = anonymoususers.AnonymousUser()
return self._user
def _get_user(This):
if not hasattr(This, '_user'):
from django.models.auth import users
try:
user_id = This.session[users.SESSION_KEY]
if not user_id:
raise ValueError
This._user = users.get_object(pk=user_id)
except (AttributeError, KeyError, ValueError,
users.UserDoesNotExist):
from django.parts.auth import anonymoususers
This._user = anonymoususers.AnonymousUser()
return This._user
def login(request):
try:
user = users.get_object(username__exact=request.POST["username"])
if not user.check_password(request.POST["password"]):
raise users.UserDoesNotExist
# set the session's user active
request.session[users.SESSION_KEY] = user.id
try:
nextpage = request.GET["next"]
except KeyError:
nextpage = "/gappy/"
return HttpResponseRedirect(nextpage)
except KeyError:
return render_to_response("gappy/login")
except users.UserDoesNotExist:
t = loader.get_template("gappy/login")
c = Context({"error":"Some login information was wrong."})
return HttpResponse(t.render(c))
def isValidUser(self, field_data, all_data):
try:
self.user_cache = users.get_object(username__exact=field_data)
except users.UserDoesNotExist:
raise validators.ValidationError, "Please enter a correct username and password. Note that both fields are case-sensitive."
def isValidUserEmail(self, new_data, all_data):
"Validates that a user exists with the given e-mail address"
try:
self.user_cache = users.get_object(email__iexact=new_data)
except users.UserDoesNotExist:
raise validators.ValidationError, "That e-mail address doesn't have an associated user acount. Are you sure you've registered?"