iwillig/gist:538169

## gistfile1.txt
diff --git a/apps/webapp/templates/webapp/login.html b/apps/webapp/templates/webapp/login.html
index 0465077..9942ef4 100644
--- a/apps/webapp/templates/webapp/login.html
+++ b/apps/webapp/templates/webapp/login.html
@@ -16,6 +16,7 @@


 <form method="post" action="{% url webapp.views.login %}">
+  {% csrf_token %}
 <table>
 <tr>
     <td>{{ form.username.label_tag }}</td>
diff --git a/apps/webapp/views.py b/apps/webapp/views.py
index 9d25248..010deff 100644
--- a/apps/webapp/views.py
+++ b/apps/webapp/views.py
@@ -7,6 +7,8 @@ from django.views.decorators.cache import cache_page
 from django.contrib.auth.views import login as django_login
 from django.contrib.auth.views import logout as django_logout
 from django.contrib.auth.decorators import login_required
+from django.views.decorators.csrf import csrf_protect
+

 from rapidsms.webui import settings

@@ -15,7 +17,7 @@ def check_availability(req):

 def dashboard(req):
 	return render_to_response(req, "dashboard.html")
-
+@csrf_protect
 def login(req, template_name="webapp/login.html"):
     '''Login to rapidsms'''
     # this view, and the one below, is overridden because
@@ -27,4 +29,4 @@ def login(req, template_name="webapp/login.html"):
 def logout(req, template_name="webapp/loggedout.html"):
     '''Logout of rapidsms'''
     req.base_template = settings.BASE_TEMPLATE
-    return django_logout(req, **{"template_name" : template_name})
\ No newline at end of file
+    return django_logout(req, **{"template_name" : template_name})
diff --git a/setup.py b/setup.py
index f0a4673..fc69fca 100644
--- a/setup.py
+++ b/setup.py
@@ -22,7 +22,7 @@ setup(
         "setuptools",
         "setuptools-git",
         "pytz",
-        "Django",
+        "Django==1.2",
         ],
     long_description="\n\n".join(
         (open("README.txt").read(), open("CHANGES.txt").read())),
	diff --git a/apps/webapp/templates/webapp/login.html b/apps/webapp/templates/webapp/login.html
	index 0465077..9942ef4 100644
	--- a/apps/webapp/templates/webapp/login.html
	+++ b/apps/webapp/templates/webapp/login.html
	@@ -16,6 +16,7 @@


	<form method="post" action="{% url webapp.views.login %}">
	+ {% csrf_token %}
	<table>
	<tr>
	<td>{{ form.username.label_tag }}</td>
	diff --git a/apps/webapp/views.py b/apps/webapp/views.py
	index 9d25248..010deff 100644
	--- a/apps/webapp/views.py
	+++ b/apps/webapp/views.py
	@@ -7,6 +7,8 @@ from django.views.decorators.cache import cache_page
	from django.contrib.auth.views import login as django_login
	from django.contrib.auth.views import logout as django_logout
	from django.contrib.auth.decorators import login_required
	+from django.views.decorators.csrf import csrf_protect
	+

	from rapidsms.webui import settings

	@@ -15,7 +17,7 @@ def check_availability(req):

	def dashboard(req):
	return render_to_response(req, "dashboard.html")
	-
	+@csrf_protect
	def login(req, template_name="webapp/login.html"):
	'''Login to rapidsms'''
	# this view, and the one below, is overridden because
	@@ -27,4 +29,4 @@ def login(req, template_name="webapp/login.html"):
	def logout(req, template_name="webapp/loggedout.html"):
	'''Logout of rapidsms'''
	req.base_template = settings.BASE_TEMPLATE
	- return django_logout(req, **{"template_name" : template_name})
	\ No newline at end of file
	+ return django_logout(req, **{"template_name" : template_name})
	diff --git a/setup.py b/setup.py
	index f0a4673..fc69fca 100644
	--- a/setup.py
	+++ b/setup.py
	@@ -22,7 +22,7 @@ setup(
	"setuptools",
	"setuptools-git",
	"pytz",
	- "Django",
	+ "Django==1.2",
	],
	long_description="\n\n".join(
	(open("README.txt").read(), open("CHANGES.txt").read())),