kacper11312
Reputation: 83
Password protect page django
I would like to make a registration page for judges, but I would like to make sure that before entering the registration page you have to enter the password, each judge will have the same one that I will make available to them, he needs a simple page with one window to enter the password previously given by me. If someone would be able to say how I can create such a model and then its form, or if there is any other easier way, I will be grateful for any hints
class PasswordJudges(models.Model):
password = models.CharField(max_length = 11)
def __str__(self):
return self.password
class JudgesPassword(forms.ModelForm):
hasło = forms.CharField(widget = forms.PasswordInput())
class Meta:
model = PasswordJudges
fields = ['password']
but in view a have nothing because everything i wrote was wrong :/
Upvotes: 5
Views: 2633
Answers (1)
bug_spray
Reputation: 1516
I decided to make this a full answer for clarity. You could do something like the following:
In views.py
from django.shortcuts import redirect, render
from .forms import JudgesForm
from .models import JudgeDetail
def home_view(request):
# Initiate your form
judge_form = JudgesForm(request.POST or None)
# Initiate your session variable
request.session['judge_password'] = 'invalid'
if (request.method == 'POST'):
if judge_form.is_valid():
user = judge_form.cleaned_data['user']
password = judge_form.cleaned_data['password']
try:
# get the actual password info from the database
user_object = JudgeDetail.objects.filter(username=user).get()
actual_pw = user_object.password
if (actual_pw == password):
request.session['judge_password'] = 'valid'
return redirect('judge_view')
else:
return redirect('home_view')
except:
# handle exceptions here
home_context = {
# put context stuff here
}
return render(request, "home.html", home_context)
def judge_view(request):
if (request.session['judge_password'] != 'valid'):
return redirect('home_view')
# ...
judge_context = {
# ...
}
return render(request, "judge.html", judge_context)
In models.py
from django.db import models
class JudgeDetail(models.Model):
username = models.CharField(max_length=50)
password = models.CharField(max_length=50)
In forms.py
from django import forms
from .models import JudgeDetail
class JudgesForm(forms.ModelForm):
class Meta:
model = JudgeDetail
widgets = {
'password': forms.PasswordInput(),
}
Optional: You may wish to store a hashed version of passwords in the database for users, instead of storing the actual passwords, so that someone with admin privileges can't see everyone's password. If you do this, simply do
password = hash_function(password) before storing or comparing passwords, where hash_function() is whatever hash function you choose to use.
Upvotes: 4
Related Questions
- Whats the smartest way to password protect an entire Django site for testing purposes
- Check for password before accessing content in django
- Password protect a whole django app
- Password Protect one webpage in Flask app
- Only allowing authenticated users to access certain pages in django
- Django restrict pages to certain users
- How can I secure a Django site
- How to implement a secured page
- how to password protect a website hosted on gunicorn
- Best way to password protect arbitrary pages with arbitrary passwords in a Django site?