Django Hidden Fields

Quick shortcut for including hidden fields in your forms:

forms.py

class SomeForm(forms.Form):
hidden = forms.CharField(required=False, max_length=50, widget=forms.HiddenInput())

view raw
forms.py
hosted with ❤ by GitHub

template.html

{% for hidden in form.hidden_fields %}
{{ hidden }}
{% endfor %}

view raw
template.html
hosted with ❤ by GitHub

Now you don’t have to worry about each and every hidden field.

Override Django Form.is_valid()

For this project I won’t be using Django’s built-in user authentication application. It’s a bit restrictive for my taste (but getting better in Django 1.5 from what I can tell).

One common use case is to validate the user’s username and password when logging in. Rather than place this logic within the view, it’s cleaner to override the default is_valid method with some additional logic that checks the password.

Here’s an example form with a username and password field. The username field allows either a username or email address, and I’m using Django’s built-in password hasher.

forms/signin.py

from django import forms
from app.models import User
from django.contrib.auth.hashers import check_password
from django.db.models import Q
class SignInForm(forms.Form):
username = forms.CharField(max_length=User._meta.get_field('email').max_length)
password = forms.CharField(min_length=6, max_length=16, widget=forms.PasswordInput())
go = forms.CharField(required=False, max_length=50, widget=forms.HiddenInput())
def is_valid(self):
# run the parent validation first
valid = super(SignInForm, self).is_valid()
# we're done now if not valid
if not valid:
return valid
# so far so good, get this user based on the username or email
try:
user = User.objects.get(
Q(username=self.cleaned_data['username']) | Q(email=self.cleaned_data['username'])
)
# no user with this username or email address
except User.DoesNotExist:
self._errors['no_user'] = 'User does not exist'
return False
# verify the passwords match
if not check_password(self.cleaned_data['password'], user.password):
self._errors['invalid_password'] = 'Password is invalid'
return False
# all good
return True

view raw
signin.py
hosted with ❤ by GitHub

You can then simply use form.is_valid() in your view:

views/signin.py

if form.is_valid():
# … logic to login the user …
# redirect to a protected page
return HttpResponseRedirect(reverse('account'))

view raw
signin.py
hosted with ❤ by GitHub