For this project I won’t be using Django’s built-in user authentication application. It’s a bit restrictive for my taste (but getting better in Django 1.5 from what I can tell).
One common use case is to validate the user’s username and password when logging in. Rather than place this logic within the view, it’s cleaner to override the default is_valid method with some additional logic that checks the password.
Here’s an example form with a username and password field. The username field allows either a username or email address, and I’m using Django’s built-in password hasher.
You can then simply use form.is_valid() in your view: