0

I am trying to do a log in in django/python.

I have this in my views.py:

@csrf_exempt
def Principal(request):
    context = {}
    if request.method != 'GET':
        context = {
            'title': '405 Method Not Allowed',
        }


    if request.user.is_authenticated():
        logged_q = 'Logged in as '+ request.user.username
        logged = True
    else:
        logged_q = 'Not logged in.'
        logged = False

    print (logged_q)

    top_aparcamientos = Aparcamiento.objects.all()
    #top_aparcamientos = Comentario.objects.all().order_by('-aparcamiento__id').unique()[:5]
    pagina_list = Pagina.objects.all()       

    context['top_aparcamientos'] = top_aparcamientos
    context['pagina_list'] = pagina_list
    usuario = request.user.username
    context = {
      'usuario' : usuario,
      'logged' : logged
    }


    return render_to_response('index.html', context

So, for do my template, I take the variable logged in my base.html like that:

{% if logged %}
    <div class ="container_corner">
        <div class="topright">
            <span id="corner_message"><strong>Bienvenido,</strong>&nbsp<span class="oblicuo">{{usuario}}</span></span>
            <a href='logout/'><button id="logged"type="submit">Salir</button></a><br>
        </div>
    </div> {% else %}
    <form id="login_form" action="login/" method ="POST">
        {% csrf_token %}
        <label for="id_username"><span class="login_fields">Nick: </span></label> <input id="id_username" maxlength="254" name="username" type="text" />
        <label for="id_password"><span class="login_fields">Contraseña: </span></label> <input id="id_password" name="password" type="password" />
        <button type="submit">Login</button>
    </form> {% endif %}

But it gives me this error when I try to log in:

Forbidden (403) CSRF verification failed. Request aborted. Help Reason given for failure: CSRF token missing or incorrect.

Do I need anymore {% csrf_token %}? Where?

Thank you!

Improve this question
6
  • What is the code for the view that handles the login form submission? (i.e. the view for the login/ url) Are you using the Django authentication views? Commented May 19, 2017 at 20:15
  • '{% extends 'base.html' %} {% block title %}Login{% endblock %} {% block content %} <h2>Login</h2> <form method="post"> {% csrf_token %} {{ form.as_p }} <button type="submit">zzz</button> </form> {% endblock %}' Commented May 19, 2017 at 20:24
  • That is the template code, what is the view code? Also, you can edit your question using the little edit link beneath your question. Commented May 19, 2017 at 20:30
  • Oh sorry, the views.py code is the first one! Commented May 19, 2017 at 20:31
  • That view is the one that renders the form, it doesn't look like that view handles the form POST. Commented May 19, 2017 at 20:32

1 Answer 1

Reset to default
1

Instead of {% csrf_token %}, you can probably use

<input type='hidden' name='csrfmiddlewaretoken' value='{{ csrf_token }}' />

Or you can also use {{ csrf_input }}.

<form action="login/" method="post">{{ csrf_input }}
Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.