Fatal编程技术网
  • django/
  • Django表单错误赢得';t显示

Django表单错误赢得';t显示

django

Django表单错误赢得';t显示,django,django-templates,django-views,Django,Django Templates,Django Views,我已经建立了一个“防火墙”登录表单,我想把它放在我的 实际生产的网站,而我开发的网站。我们的想法是尝试 让“坏人”远离网站,同时看看会发生什么 他们使用的用户名和密码。我的问题是 如果我输入了无效的用户名/密码对,我的表单将显示错误消息 没有显示。我意识到,就我的目的而言,它可能是 最好不要显示任何错误消息,但我仍然希望 了解问题所在。有人能看出我做错了什么吗 谢谢 # views.py import logging logger = logging.getLogger(__name__) fr

我已经建立了一个“防火墙”登录表单,我想把它放在我的 实际生产的网站,而我开发的网站。我们的想法是尝试 让“坏人”远离网站,同时看看会发生什么 他们使用的用户名和密码。我的问题是 如果我输入了无效的用户名/密码对,我的表单将显示错误消息 没有显示。我意识到,就我的目的而言,它可能是 最好不要显示任何错误消息,但我仍然希望 了解问题所在。有人能看出我做错了什么吗

谢谢

# views.py
import logging
logger = logging.getLogger(__name__)
from django.contrib.auth import authenticate
from django.contrib.auth.forms import AuthenticationForm
from django.contrib.auth.views import login
from django.http import HttpResponseRedirect

def firewall_login(request, *args, **kwargs):
    if request.method == "POST":
        form = AuthenticationForm(request, data=request.POST)
        username = request.POST['username']
        password = request.POST['password']
        if form.is_valid():
            fw_username = form.cleaned_data['username']
            fw_password = form.cleaned_data['password']
            user = authenticate(username=fw_username, password=fw_password)
            if user is not None:
                if user.is_active:
                    login(request, user)
                    logger.info("User '%s' logged in." % fw_username)
                    return HttpResponseRedirect("/accounts/profile/")
                else:
                    logger.info("User '%s' tried to log in to disabled account." % fw_username)
                    return HttpResponseRedirect("/accounts/disabled/")
        else:
            logger.info("User '%s' tried to log in with password '%s'." % (username, password))
            form = AuthenticationForm(request)   # Display bound form
    else:
        form = AuthenticationForm()   # Display unbound form
    return render(request, "registration/login.html", {"form": form,})

# login.html
{% extends "base.html" %}
{% block content %}

    {% if form.errors %}
    <p class="alert alert-error">Sorry, that's not a valid username or password</p>
    {% endif %}

    {% if form.errors %}
        {% for field in form %}
            {% for error in field.errors %}
                <div class="alert alert-error">
                    <strong>{{ error|escape }}</strong>
                </div>
            {% endfor %}
        {% endfor %}
        {% for field in form.non_field_errors %}
            <div class="alert alert-error">
                <strong>{{ error|escape }}</strong>
            </div>
        {% endfor %}
    {% endif %}

    <form action="" method="post">
        {% csrf_token %}
        <p><label for="username">Username:</label>{{ form.username }}</p>
        <p><label for="password">Password:</label>{{ form.password }}</p>
        <input type="hidden" name="next" value="{{ next|escape }}" />
        <input class="btn btn-primary" type="submit" value="login" />
    </form>

{% endblock %}

#views.py
导入日志记录
logger=logging.getLogger(_名称__)
从django.contrib.auth导入验证
从django.contrib.auth.forms导入AuthenticationForm
从django.contrib.auth.views导入登录
从django.http导入HttpResponseRedirect
def防火墙登录(请求、*args、**kwargs):
如果request.method==“POST”:
表单=身份验证表单(请求,数据=request.POST)
username=request.POST['username']
password=request.POST['password']
如果form.is_有效():
fw_username=form.cleaned_数据['username']
fw_password=表单。已清除的_数据['password']
用户=验证(用户名=fw\u用户名,密码=fw\u密码)
如果用户不是无:
如果user.u处于活动状态:
登录(请求、用户)
logger.info(“用户“%s”已登录。”%fw\u用户名)
返回HttpResponseRedirect(“/accounts/profile/”)
其他:
logger.info(“用户“%s”试图登录到禁用的帐户。”%fw\u用户名)
返回HttpResponseRedirect(“/accounts/disabled/”)
其他:
logger.info(“用户“%s”试图使用密码“%s”登录。”%(用户名,密码))
表单=身份验证表单(请求)#显示绑定表单
其他:
表单=AuthenticationForm()#显示未绑定表单
返回呈现(请求,“registration/login.html”,{“form”:form,})
#login.html
{%extends“base.html”%}
{%block content%}
{%if form.errors%}

抱歉,这不是有效的用户名或密码

{%endif%}
{%if form.errors%}
{%形式的字段为%}
{%字段中有错误。错误%}
{{error | escape}}
{%endfor%}
{%endfor%}
{form.non_field_errors%}
{{error | escape}}
{%endfor%}
{%endif%}
{%csrf_令牌%}
用户名:{{form.Username}

密码:{form.Password}}

{%endblock%}
这是因为您传递了新的表单实例。在调用是否有效时进行验证

因此,只需删除
else
块中的
form=AuthenticationForm(request)

def firewall_login(request, *args, **kwargs):
    if request.method == "POST":
        form = AuthenticationForm(request, data=request.POST)
        username = request.POST['username']
        password = request.POST['password']
        if form.is_valid():
            fw_username = form.cleaned_data['username']
            fw_password = form.cleaned_data['password']
            user = authenticate(username=fw_username, password=fw_password)
            if user is not None:
                if user.is_active:
                    login(request, user)
                    logger.info("User '%s' logged in." % fw_username)
                    return HttpResponseRedirect("/accounts/profile/")
                else:
                    logger.info("User '%s' tried to log in to disabled account." % fw_username)
                    return HttpResponseRedirect("/accounts/disabled/")
        else:
            logger.info("User '%s' tried to log in with password '%s'." % (username, password))
    else:
        form = AuthenticationForm()   # Display unbound form
    return render(request, "registration/login.html", {"form": form,})