>
> I wrote this custom authentication backend:
>
from django.contrib.auth.models import User, check_password
from auth.models import Owners
class AuthBackend(object):
def authenticate(self, username=None, password=None):
try:
user = Owners.objects.get(id=username)
#if user.check_password(password):
if user.password == password:
return user
except User.DoesNotExist:
return None
def get_user(self, user_id):
""" Get a User object from the user_id. """
try:
return User.objects.get(pk=user_id)
except User.DoesNotExist:
return None
but still the decorator doesn't work..even if a user is not logged in he
can access another's page just by modifying the
url(r'^(?P<user_id>\d+)/$', 'auth.views.main', name='main'),(putting his
id)
--
You received this message because you are subscribed to the Google Groups
"Django users" group.
To view this discussion on the web visit
https://groups.google.com/d/msg/django-users/-/HsS1FtrjJ5IJ.
To post to this group, send email to django-users@googlegroups.com.
To unsubscribe from this group, send email to
django-users+unsubscr...@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/django-users?hl=en.
