def login_view(request): ''' The view of the login page. ''' ANONYMOUS_SESSION = request.session.get('ANONYMOUS_SESSION', False) page_name = "Login Page" redirect_to = request.REQUEST.get('next', reverse('homepage')) if (request.user.is_authenticated() and not ANONYMOUS_SESSION) or (ANONYMOUS_SESSION and request.user.username != ANONYMOUS_USERNAME): return HttpResponseRedirect(redirect_to) form = LoginForm(request.POST or None) if form.is_valid(): username_or_email = form.cleaned_data['username_or_email'] password = form.cleaned_data['password'] username = None if username == ANONYMOUS_USERNAME: return red_ext(request, MESSAGES['ANONYMOUS_DENIED']) temp_user = None try: temp_user = User.objects.get(username=username_or_email) username = username_or_email except User.DoesNotExist: try: temp_user = User.objects.get(email=username_or_email) username = User.objects.get(email=username_or_email).username except User.DoesNotExist: form.errors['__all__'] = form.error_class(["Invalid username/password combination. Please try again."]) if temp_user is not None: if temp_user.is_active: user = authenticate(username=username, password=password) if user is not None: login(request, user) if ANONYMOUS_SESSION: request.session['ANONYMOUS_SESSION'] = True return HttpResponseRedirect(redirect_to) else: reset_url = request.build_absolute_uri(reverse('reset_pw')) messages.add_message(request, messages.INFO, MESSAGES['RESET_MESSAGE'].format(reset_url=reset_url)) form.errors['__all__'] = form.error_class([MESSAGES['INVALID_LOGIN']]) time.sleep(1) # Invalid login - delay 1 second as rudimentary security against brute force attacks else: form.errors['__all__'] = form.error_class(["Your account is not active. Please contact the site administrator to activate your account."]) return render_to_response('login.html', { 'page_name': page_name, 'form': form, 'oauth_providers': _get_oauth_providers(), 'redirect_to': redirect_to, }, context_instance=RequestContext(request))