> > I wrote this custom authentication backend: > from django.contrib.auth.models import User, check_password from auth.models import Owners class AuthBackend(object): def authenticate(self, username=None, password=None): try: user = Owners.objects.get(id=username) #if user.check_password(password): if user.password == password: return user except User.DoesNotExist: return None
def get_user(self, user_id): """ Get a User object from the user_id. """ try: return User.objects.get(pk=user_id) except User.DoesNotExist: return None but still the decorator doesn't work..even if a user is not logged in he can access another's page just by modifying the url(r'^(?P<user_id>\d+)/$', 'auth.views.main', name='main'),(putting his id) -- You received this message because you are subscribed to the Google Groups "Django users" group. To view this discussion on the web visit https://groups.google.com/d/msg/django-users/-/HsS1FtrjJ5IJ. To post to this group, send email to django-users@googlegroups.com. To unsubscribe from this group, send email to django-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/django-users?hl=en.