-- Sincerely, Pengfei Xue 已使用 Sparrow (http://www.sparrowmailapp.com/?sig)
已使用 Sparrow (http://www.sparrowmailapp.com/?sig) 在 2012年8月9日星期四,下午2:33,mapapage 写道: > > I wrote this custom authentication backend: > > from django.contrib.auth.models import User, check_password > from auth.models import Owners > class AuthBackend(object): > > > def authenticate(self, username=None, password=None): > > try: > user = Owners.objects.get(id=username) > > what's your definition for user, that's your user model > #if user.check_password(password): > if user.password == password: > > you should user user.check_password instead of simple string comparison, user.password is a encrypted string other than plain text > return user > except User.DoesNotExist: > return None > > def get_user(self, user_id): > """ Get a User object from the user_id. """ > try: > return User.objects.get(pk=user_id) > except User.DoesNotExist: > return None > > but still the decorator doesn't work..even if a user is not logged in he can > access another's page just by modifying the url(r'^(?P<user_id>\d+)/$', > 'auth.views.main', name='main'),(putting his id) have you followed the django's documentation about how to use the login_requried decorator? have you installed the required app in setting ? > > -- > You received this message because you are subscribed to the Google Groups > "Django users" group. > To view this discussion on the web visit > https://groups.google.com/d/msg/django-users/-/HsS1FtrjJ5IJ. > To post to this group, send email to django-users@googlegroups.com > (mailto:django-users@googlegroups.com). > To unsubscribe from this group, send email to > django-users+unsubscr...@googlegroups.com > (mailto:django-users+unsubscr...@googlegroups.com). > For more options, visit this group at > http://groups.google.com/group/django-users?hl=en. -- You received this message because you are subscribed to the Google Groups "Django users" group. To post to this group, send email to django-users@googlegroups.com. To unsubscribe from this group, send email to django-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/django-users?hl=en.