def login(request):
if request.method == 'POST':
ip = request.META['REMOTE_ADDR']
# check for banned ip
banned = BannedIP.objects.values_list('ip')
if len(banned)>0 and ip in banned[0]:
return HttpResponseRedirect(settings.LOGIN_URL)
# check for more than 3 failed attempts in the last 5 minutes
dt = datetime.now() - timedelta(minutes=5)
if FailedLogin.objects.filter(added__gt=dt).count() > 2:
b = BannedIP()
b.ip = ip
b.save()
return HttpResponseRedirect(settings.LOGIN_URL)
success_redirect = get_safe_url(request.GET['next'], request.get_host()) if request.GET.get('next') else '/'
return process_login(request, success_redirect, settings.LOGIN_URL)
else:
f = LoginForm()
return render_to_response('login.html', {'form':f.as_p()}, context_instance=RequestContext(request))
