Search code examples
djangoglobal-variablesdjango-contextrequestcontext

How to implement a custom global login / logout feature in django


I am trying to implement a custom login / logout feature. My requirements are a little different than the in-built django log-in feature. So, I have to implement this feature in a way where I can just put a value 0 / 1 in the database to check if the user is logged in or not. I have a boolean for it. The question here really is: How am I supposed to pass a user object / a variable which tells me that my user is logged in (in my case : users.is_logged_in = True) to every html template, so that a user (and my application) knows that its logged in. Also, he should be able to logout by clicking on the link on every html page. Is there any global template that I can create and make a placeholder kind of thing when a user is successfully logged in? My code here is :

def checkIfUserIsValid(request, template_name='appCenter.html'):
email = str(request.POST.get('email','')).strip()
password = str(request.POST.get('password','')).strip()
try:
    users = Users.objects.get(email = email, password = password)
    users.is_logged_in = True
    users.save()
    return direct_to_template(request, template_name, context_instance=RequestContext(request))
except Users.DoesNotExist:
    incorrectUserOrPassError = "Incorrect Username or Password. Please try again."
    return render_to_response('index.html', {'incorrectUserOrPassError':incorrectUserOrPassError},
                                  context_instance=RequestContext(request))

def logOutUser(request, template_name='index.html'):
    return direct_to_template(request, template_name, context_instance=RequestContext(request))

P.S: I have looked into the the render() method..

return render(request,'appCenter.html',{'users':users})

Can I do something like this and make use of the template as a global template or something? but the problem I see is, I have to redirect the user to appCenter.html as soon as he is authenticated.


Solution

  • DO NOT DO THIS.

    You are storing plain-text passwords in the database. THIS IS INSECURE. Really, do not do this.

    You don't show anything that couldn't better be done with Django's built-in authentication system, which already includes the user object in every template (via a context processor). Use that.