In Django, form validation can be performed both on the client-side (using JavaScript) and on the server-side (using Python). Server-side validation is more secure and reliable because client-side validation can be easily bypassed by attackers.
To perform form validation in Django, you can follow these steps:
- Create a form using Django’s built-in
FormorModelFormclasses. For example:
from django import forms
from django.contrib.auth.forms import AuthenticationForm
class LoginForm(AuthenticationForm):
username = forms.CharField(widget=forms.TextInput(attrs={'class': 'form-control'}))
password = forms.CharField(widget=forms.PasswordInput(attrs={'class': 'form-control'}))This form is a subclass of AuthenticationForm, which is a built-in form for login. It has two fields, username and password, and each field has a widget that specifies the HTML input element to be used for rendering the field.
- Define a view function that handles the form submission. For example:
from django.shortcuts import render
from django.contrib.auth import authenticate, login
from .forms import LoginForm
def login_view(request):
if request.method == 'POST':
form = LoginForm(request, data=request.POST)
if form.is_valid():
username = form.cleaned_data['username']
password = form.cleaned_data['password']
user = authenticate(request, username=username, password=password)
if user is not None:
login(request, user)
return redirect('home')
else:
form.add_error(None, 'Invalid username or password')
else:
form = LoginForm(request)
return render(request, 'login.html', {'form': form})This view function checks if the request method is POST, which means that the form has been submitted. It creates an instance of the LoginForm with the submitted data, and calls its is_valid() method to perform validation. If the form is valid, it uses the authenticate() function to check if the user exists and the password is correct. If authentication succeeds, it logs the user in using the login() function and redirects to the home page. If authentication fails, it adds an error to the form and re-renders the login page with the invalid form.
- Create a template that renders the form. For example:
{% extends 'base.html' %}
{% block content %}
<h2>Login</h2>
<form method="post">
{% csrf_token %}
{{ form.as_p }}
<button type="submit" class="btn btn-primary">Login</button>
</form>
{% endblock %}This template extends a base template and defines a block of content that contains the login form. The form is rendered using the form.as_p template tag, which generates HTML code for each form field wrapped in a paragraph element. The csrf_token template tag is used to add a CSRF token to the form for security purposes.
With these steps, you can perform form validation in Django for a login form.