def register(request, template_name="registration/register.html"):
redirect_to = request.REQUEST.get(REDIRECT_FIELD_NAME, '')
initial = {"email": request.GET["email"]} if "email" in request.GET else None
user_form = RegistrationForm(initial=initial, data=(request.POST or None))
profile_form = RegistrationProfileForm(request.POST or None)
if user_form.is_valid() and profile_form.is_valid():
new_user = user_form.save()
if hasattr(profile_form, 'location'):
profile = new_user.get_profile()
profile.location = profile_form.location
profile.save()
user = auth.authenticate(username=new_user.email, password=user_form.cleaned_data["password1"])
logged_in.send(sender=None, request=request, user=user, is_new_user=True)
auth.login(request, user)
save_queued_POST(request)
# Light security check -- make sure redirect_to isn't garbage.
if not redirect_to or ' ' in redirect_to:
redirect_to = settings.LOGIN_REDIRECT_URL
# Heavier security check -- redirects to http://example.com should
# not be allowed, but things like /view/?param=http://example.com
# should be allowed. This regex checks if there is a '//' *before* a
# question mark.
elif '//' in redirect_to and re.match(r'[^\?]*//', redirect_to):
redirect_to = settings.LOGIN_REDIRECT_URL
return HttpResponseRedirect(redirect_to)
return render_to_response(template_name, {
'form': user_form,
'profile_form': profile_form,
REDIRECT_FIELD_NAME: redirect_to,
}, context_instance=RequestContext(request))
def login(request,
template_name='registration/login.html',
redirect_field_name=REDIRECT_FIELD_NAME,
authentication_form=AuthenticationForm):
"""Displays the login form and handles the login action."""
redirect_to = request.REQUEST.get(redirect_field_name, '')
if request.method == "POST":
form = authentication_form(data=request.POST)
if form.is_valid():
# Light security check -- make sure redirect_to isn't garbage.
if not redirect_to or ' ' in redirect_to:
redirect_to = settings.LOGIN_REDIRECT_URL
# Heavier security check -- redirects to http://example.com should
# not be allowed, but things like /view/?param=http://example.com
# should be allowed. This regex checks if there is a '//' *before* a
# question mark.
elif '//' in redirect_to and re.match(r'[^\?]*//', redirect_to):
redirect_to = settings.LOGIN_REDIRECT_URL
# Okay, security checks complete. Log the user in.
user = form.get_user()
logged_in.send(sender=None,
request=request,
user=user,
is_new_user=False)
auth.login(request, user)
save_queued_POST(request)
messages.add_message(request, GA_TRACK_PAGEVIEW, '/login/success')
if request.session.test_cookie_worked():
request.session.delete_test_cookie()
return HttpResponseRedirect(redirect_to)
else:
form = authentication_form(request)
request.session.set_test_cookie()
if Site._meta.installed:
current_site = Site.objects.get_current()
else:
current_site = RequestSite(request)
return render_to_response(template_name, {
'login_form': form,
'register_form': RegistrationForm(),
redirect_field_name: redirect_to,
'site': current_site,
'site_name': current_site.name,
},
context_instance=RequestContext(request))
def login(request, template_name='registration/login.html',
redirect_field_name=REDIRECT_FIELD_NAME,
authentication_form=AuthenticationForm):
"""Displays the login form and handles the login action."""
nav_selected = "users"
redirect_to = request.REQUEST.get(redirect_field_name, '')
if request.method == "POST":
form = authentication_form(data=request.POST)
if form.is_valid():
# Light security check -- make sure redirect_to isn't garbage.
if not redirect_to or ' ' in redirect_to:
redirect_to = settings.LOGIN_REDIRECT_URL
# Heavier security check -- redirects to http://example.com should
# not be allowed, but things like /view/?param=http://example.com
# should be allowed. This regex checks if there is a '//' *before* a
# question mark.
elif '//' in redirect_to and re.match(r'[^\?]*//', redirect_to):
redirect_to = settings.LOGIN_REDIRECT_URL
# Okay, security checks complete. Log the user in.
user = form.get_user()
logged_in.send(sender=None, request=request, user=user, is_new_user=False)
auth.login(request, user)
save_queued_POST(request)
messages.add_message(request, GA_TRACK_PAGEVIEW, '/login/success')
if request.session.test_cookie_worked():
request.session.delete_test_cookie()
return HttpResponseRedirect(redirect_to)
else:
form = authentication_form(request)
request.session.set_test_cookie()
if Site._meta.installed:
current_site = Site.objects.get_current()
else:
current_site = RequestSite(request)
return render_to_response(template_name, {
'login_form': form,
'register_form': RegistrationForm(),
redirect_field_name: redirect_to,
'site': current_site,
'site_name': current_site.name,
'nav_selected': nav_selected,
}, context_instance=RequestContext(request))
def register(request, template_name="registration/register.html"):
redirect_to = request.REQUEST.get(REDIRECT_FIELD_NAME, '')
initial = {
"email": request.GET["email"]
} if "email" in request.GET else None
user_form = RegistrationForm(initial=initial, data=(request.POST or None))
profile_form = RegistrationProfileForm(request.POST or None)
if user_form.is_valid() and profile_form.is_valid():
new_user = user_form.save()
if hasattr(profile_form, 'location'):
profile = new_user.get_profile()
profile.location = profile_form.location
profile.save()
user = auth.authenticate(username=new_user.email,
password=user_form.cleaned_data["password1"])
logged_in.send(sender=None,
request=request,
user=user,
is_new_user=True)
auth.login(request, user)
save_queued_POST(request)
# Light security check -- make sure redirect_to isn't garbage.
if not redirect_to or ' ' in redirect_to:
redirect_to = settings.LOGIN_REDIRECT_URL
# Heavier security check -- redirects to http://example.com should
# not be allowed, but things like /view/?param=http://example.com
# should be allowed. This regex checks if there is a '//' *before* a
# question mark.
elif '//' in redirect_to and re.match(r'[^\?]*//', redirect_to):
redirect_to = settings.LOGIN_REDIRECT_URL
return HttpResponseRedirect(redirect_to)
return render_to_response(template_name, {
'form': user_form,
'profile_form': profile_form,
REDIRECT_FIELD_NAME: redirect_to,
},
context_instance=RequestContext(request))