i have an error when ever i try to login by any User
error
Unknown password hashing algorithm 'sahar'. Did you specify it in the
PASSWORD_HASHERS setting?
Views.Py
def Login(request):
state = "Please log in below..."
username = password = ''
if request.method == 'POST':
username = request.POST['username']
password = request.POST['password']
user = authenticate(username=username, password=password)
if user is not None:
if user.is_active:
login(request, user)
return HttpResponseRedirect('/profile/')
else:
return render_to_response('auth.html',RequestContext(request))
else:
return render_to_response('auth.html',RequestContext(request))
else:
return render_to_response('auth.html',RequestContext(request)
It means there is a plain text 'sahar' stored as the password of the account of a user who tries to log in.
Update the password of the user in Admin or in manage.py shell
user = User.objects.get(username=username)
# use set_password method
user.set_password('sahar')
user.save()
# INSTEAD OF
user.password = 'sahar'
user.save()
Also check your other views to correct the user.password = '...' and User.objects.create(password='...') usages.
This is the best way to save log in details
you can create an object from the form
as
user = form.save(commit=False)
then clean the data to remove any scripts entered in the form fields.
username = form.cleaned_data['username']
password = form.cleaned_data['password']
user.set_password(password)
user.save()
Related
Is there anyways I can change django custom user login from Username to Email? I have try using this method but it does not work:
def login(request):
if request.method == 'POST':
email = request.POST['email']
password = request.POST['password']
user = auth.authenticate(request, email=email, password=password)
if user is not None:
auth.login(request, user)
return redirect('Home')
else:
messages.info(request, 'Invalid Credential')
return redirect('login')
else:
return render(request, 'login.html')
I want to allow user to login using Email not Username.
I'm using Django's authenticate function to let users register (create an account) and sign in (login after creating an account). Authenticate works fine for registration, but when I try signing the user in after logging out, it doesn't work.
Registration Method:
if request.method == 'POST':
form = SignUpForm(request.POST)
if form.is_valid():
form.save()
username = form.cleaned_data['username']
raw_password = form.cleaned_data['password1']
user = authenticate(username=username, password=raw_password) #returns user object
login(request, user) #works
Sign in Method:
if request.method == 'POST':
form = AuthenticationForm(request=request, data=request.POST)
if form.is_valid():
username = form.cleaned_data['username']
password = form.cleaned_data['password']
user = authenticate(user=username, password=password) #returns None
login(request, user) #doesn't work
I looked at a few other threads that reported a similar issue and added the following code to my settings.py file. However, authenticate still returns none when I try signing in.
settings.py code
AUTHENTICATION_BACKENDS = (
'django.contrib.auth.backends.ModelBackend',
)
As per Django documentation for authenticate method, the valid keyword arguments are username and password. Thus, I would recommend changing the following in "Sign In" method:
user = authenticate(user=username, password=password)
to
user = authenticate(request=request, username=username, password=password)
I was creating a login and registration page for my project and was using the Django MySQL database for login and creating users the signup was done correctly but the login function is not working for me.
PS: The is_active is Set True but still this is not working
With all correct info, it shows None. I have given all the necessary parts of the file and codes
I tried everything but nothing seems to work also tried some of the solutions listed on StackOverflow but still, nothing worked for me.
from django.shortcuts import render, redirect
from .models import Description
from django.http import HttpResponse
from django.contrib.auth.models import User
from django.contrib.auth import authenticate, login
# Create your views here.
def index(request):
d = Description.objects.all()
return render(request,'index.html',{'des':d})
def signup(request):
if request.method == 'POST':
first_name = request.POST['first']
last_name = request.POST['last']
user_name = request.POST['user']
email = request.POST['email']
pass1 = request.POST['password1']
pass2 = request.POST['password2']
if pass1 == pass2:
if User.objects.filter(email=email).exists():
print("Email taken")
elif User.objects.filter(username=user_name).exists():
print("Username taken")
else:
user = User.objects.create_user(username = user_name, first_name=first_name,last_name=last_name, password=pass1, email=email)
user.save()
print("User created")
else:
print("Password Not Matching")
return redirect('/')
else:
return render(request,'signup.html')
def login(request):
if request.method == 'POST':
email = request.POST['email']
password = request.POST['password']
print(email,password)
user = authenticate(request, email=email, password=password)
print(user)
if user is not None:
login(request, user)
print("Logged in")
else:
print("not logged in")
return redirect('/')
else:
return HttpResponse("Invalid")
Django authenticate method allows for authenticating using only username.
You can get the user's username from the User model using the user's email
username = User.objects.get(email=email).username
password = request.POST.get('password')
Replace this user = authenticate(request, email=email, password=password)
with this user = authenticate(request, username=username, password=password)
The problem is django's default authentication mechanism don't allow you authenticate using email, you can only authenticate user using username .
either way, you can get the user's username from the User model using his email and then you can authenticate user.
def login(request):
if request.method == 'POST':
email = request.POST['email']
password = request.POST['password']
username = ''
try:
username = User.objects.get(email=email).username
except User.DoesNotExist:
return HttpResponse("Invalid")
user = authenticate(request, username=username, password=password)
if user is not None:
login(request, user)
print("Logged in")
else:
print("not logged in")
return redirect('/')
else:
return HttpResponse("Invalid")
Also dont store password directly, always user standard set_password() function of django
if User.objects.filter(email=email).exists():
print("Email taken")
elif User.objects.filter(username=user_name).exists():
print("Username taken")
else:
user = User.objects.create_user(username = user_name, first_name=first_name,last_name=last_name, email=email)
user.set_password(pass1)
user.save()
print("User created")
The problem is your signup method. You should not give password to the init function. You should use User's set_password method.
In your sign_up view remove password=pass1 at the line where you are creating User object. And after that before saving the user, add user.set_password(pass1).
Hope this helps!
def login_page(request):
form = LoginForm(request.POST or None)
context = {
"form" : form
}
print("User logged in")
print(request.user.is_authenticated())
if form.is_valid():
print(form.cleaned_data)
username = form.cleaned_data.get('username')
password = form.cleaned_data.get('password')
user = authenticate(request, username = 'username', password = 'password')
print(user)
if user is not None:
print(request.user.is_authenticated())
login(request, user)
# Recirect to a success page.
# context['form'] = LoginForm()
return redirect("/contact")
else:
# Return an 'invalid login' error message.
print("Error")
return render(request, "auth/login.html", context)
I try to create a login page but I get value of 'user' None so I took error everytime. I use Django 1.11.
You are trying to authenticate with constant credentials but need to authenticate with data from form.
username = form.cleaned_data.get('username')
password = form.cleaned_data.get('password')
user = authenticate(request, username=username, password=password)
# ^ ^
# changed from 'username' and 'password' to variables
If your user provided wrong credentials, then authenticate return None, since no user can be authenticated with those.
I'm doing a project with django and mongoengine.
I want to do a basic sign in on my project.
I did a basic form asking for username, password and email.
I thought password hashing was automatic but it isn't, it save what I have wrote.
Here's is my view:
def signin(request):
if request.method == 'POST':
form = UserForm(request.POST)
if form.is_valid():
username = form.cleaned_data['username']
email = form.cleaned_data['email']
password = form.cleaned_data['password']
user = User(username=username, password=password, email=email)
user.save()
else:
form = UserForm()
return render(request, 'myapp/index.html', locals())
Everything is saved but the password is not hash. What have I missing?
You should call set_password() method of the User instance:
user = User(username=username, email=email)
user.set_password(password)
user.save()