Changeset 8877 for django/branches/0.95-bugfixes/django
- Timestamp:
- 09/02/08 16:10:00 (4 months ago)
- Files:
Legend:
- Unmodified
- Added
- Removed
- Modified
- Copied
- Moved
django/branches/0.95-bugfixes/django/contrib/admin/templates/admin/login.html
r3415 r8877 20 20 <label for="id_password">{% trans 'Password:' %}</label> <input type="password" name="password" id="id_password" /> 21 21 <input type="hidden" name="this_is_the_login_form" value="1" /> 22 <input type="hidden" name="post_data" value="{{ post_data }}" /> {% comment %}<span class="help">{% trans 'Have you <a href="/password_reset/">forgotten your password</a>?' %}</span>{% endcomment %}23 22 </div> 24 23 <div class="submit-row"> django/branches/0.95-bugfixes/django/contrib/admin/views/decorators.py
r7528 r8877 6 6 from django.utils.html import escape 7 7 from django.utils.translation import gettext_lazy 8 import base64, datetime, md5 9 import cPickle as pickle 8 import base64, datetime 10 9 11 10 ERROR_MESSAGE = gettext_lazy("Please enter a correct username and password. Note that both fields are case-sensitive.") … … 14 13 def _display_login_form(request, error_message=''): 15 14 request.session.set_test_cookie() 16 if request.POST and request.POST.has_key('post_data'):17 # User has failed login BUT has previously saved post data.18 post_data = request.POST['post_data']19 elif request.POST:20 # User's session must have expired; save their post data.21 post_data = _encode_post_data(request.POST)22 else:23 post_data = _encode_post_data({})24 15 return render_to_response('admin/login.html', { 25 16 'title': _('Log in'), 26 17 'app_path': escape(request.path), 27 'post_data': post_data,28 18 'error_message': error_message 29 19 }, context_instance=template.RequestContext(request)) 30 31 def _encode_post_data(post_data):32 pickled = pickle.dumps(post_data)33 pickled_md5 = md5.new(pickled + settings.SECRET_KEY).hexdigest()34 return base64.encodestring(pickled + pickled_md5)35 36 def _decode_post_data(encoded_data):37 encoded_data = base64.decodestring(encoded_data)38 pickled, tamper_check = encoded_data[:-32], encoded_data[-32:]39 if md5.new(pickled + settings.SECRET_KEY).hexdigest() != tamper_check:40 from django.core.exceptions import SuspiciousOperation41 raise SuspiciousOperation, "User may have tampered with session cookie."42 return pickle.loads(pickled)43 20 44 21 def staff_member_required(view_func): … … 50 27 if request.user.is_authenticated() and request.user.is_staff: 51 28 # The user is valid. Continue to the admin page. 52 if request.POST.has_key('post_data'):53 # User must have re-authenticated through a different window54 # or tab.55 request.POST = _decode_post_data(request.POST['post_data'])56 29 return view_func(request, *args, **kwargs) 57 30 … … 61 34 if not request.POST.has_key(LOGIN_FORM_KEY): 62 35 if request.POST: 63 message = _("Please log in again, because your session has expired. Don't worry: Your submission has been saved.")36 message = _("Please log in again, because your session has expired.") 64 37 else: 65 38 message = "" … … 94 67 user.last_login = datetime.datetime.now() 95 68 user.save() 96 if request.POST.has_key('post_data'): 97 post_data = _decode_post_data(request.POST['post_data']) 98 if post_data and not post_data.has_key(LOGIN_FORM_KEY): 99 # overwrite request.POST with the saved post_data, and continue 100 request.POST = post_data 101 request.user = user 102 return view_func(request, *args, **kwargs) 103 else: 104 request.session.delete_test_cookie() 105 return http.HttpResponseRedirect(request.path) 69 return http.HttpResponseRedirect(request.path) 106 70 else: 107 71 return _display_login_form(request, ERROR_MESSAGE)
