A quickie, and hopefully an easy one. I'm following the docs at http://docs.djangoproject.com/en/dev/topics/auth/ to get just some simple user authentication in place. I don't have any special requirements at all, I just need to know if a user is logged in or not, that's about it. I'm using the login_required decorator, and it's working exactly as I expected. I'm actually using the 'django.contrib.auth.views.login' for my login view, and the exact form they show in the docs:
{% if form.errors %}
<p>Your username and password didn't match. Please try again.</p>
{% endif %}
<form method="post" action=".">
<table>
<tr>
<td>{{ form.username.label_tag }}</td>
<td>{{ form.username }}</td>
</tr>
<tr>
<td>{{ form.password.label_tag }}</td>
<td>{{ form.password }}</td>
</tr>
</table>
<input type="submit" value="login" />
<input type="hidden" name="next" value="{{ next }}" />
</form>
What I guess I don't understand is why I can put whatever I want in the user/pass fields, and I never receive an error for invalid user/pass combo. I can put in non-existant users, correct users with right passwords, whatever I want basically, and it sends me off to whatever is in the 'next' variable. This leads me to believe that it's actually not doing anything whatsoever. I've checked what I'm sending via the request variables after logging in, and I'm always showing as an AnonymousUser, even though I "successfully logged in". Am I overlooking something blatantly obvious here? Seems like I've read that page on authentication 6 or 7 times now.
Also, if I login as a user with "Staff Status", I show as authenticated without any issues. If the user doesn't have that status, then it doesn't work.