I am creating a simple directory with Flask & Pyrebase; I have managed to create the login ok, and the registration form. The user is redirected to their profile page once signed in & registered.
My issue that I have is when I try to add a new entry my existing data is overwritten. When I create a new db entry I use set() instead of push() I am thinking this could be why?
I have shortened the code us much as possible
creating account & registering business:
#app.route('/register', methods=['GET', 'POST'])
def register():
unsuccessful = 'Please check your credentials'
successful = 'Registraion successful'
if request.method == 'POST':
email = request.form.get('email')
confirmEmail = request.form('confirmEmail')
password = request.form.get('pass')
userName = request.form.get('inputName')
businessName = request.form.get('businessName')
startYear = request.form.get('startYear')
selectCategory = request.form.get('selectCategory')
businessDescription = request.form.get('businessDescription')
businessAddress = request.form.get('businessAddress')
businessTown = request.form.get('businessTown')
businessCity = request.form.get('businessCity')
businessPostcode = request.form.get('businessPostcode')
businessNumber = request.form.get('businessNumber')
businessEmail = request.form.get('businessEmail')
bameRegister = dict(
userName = userName,
confirmationEmail = confirmEmail,
businessName = businessName,
businessStartYear = startYear,
businessCategory = selectCategory,
businessDescription = businessDescription,
businessAddress = [businessAddress, businessTown, businessCity, businessPostcode],
businessNumber = businessNumber,
businessEmail = businessEmail,
)
if selectCategory == "arts":
try:
user = auth.create_user_with_email_and_password(email, password)
auth.send_email_verification(user['idToken'])
db.child("Bame_Buisness").child("business").child("arts").set(bameRegister, user['idToken'])
return render_template('homepage.html', x=successful)
except:
return render_template('homepage.html', y=unsuccessful)
elif selectCategory == "food":
try:
user = auth.create_user_with_email_and_password(email, password)
auth.send_email_verification(user['idToken'])
db.child("Bame_Business").child("business").child("food").set(bameRegister, user['idToken'])
return render_template('homepage.html', x=successful)
except:
return render_template('homepage.html', y=unsuccessful)
elif selectCategory == "health":
try:
user = auth.create_user_with_email_and_password(email, password)
auth.send_email_verification(user['idToken'])
db.child("Bame_Business").child("business").child("health").set(bameRegister, user['idToken'])
return render_template('homepage.html', x=successful)
except:
return render_template('homepage.html', y=unsuccessful)
return render_template('homepage.html')
Creating the login:
#app.route('/login', methods=['GET', 'POST'])
def login():
unsuccessful = 'Please check your credentials'
if request.method == 'POST':
try:
user = auth.sign_in_with_email_and_password(email, password)
signed_in_user = auth.get_account_info(user['idToken'])
artCategory = db.child("Bame_Business").child("business").child("arts").get(user['idToken']).val()
foodCategory = db.child("Bame_Business").child("business").child("food").get(user['idToken']).val()
healthCategory = db.child("Bame_Business").child("business").child("health").get(user['idToken']).val()
if signed_in_user['users'][0]['email'] == artCategory['confirmationEmail']:
return render_template('profile.html', artCategory=artCategory)
elif signed_in_user['users'][0]['email'] == foodCategory['confirmationEmail']:
return render_template('profile.html', foodCategory=foodCategory)
elif signed_in_user['users'][0]['email'] == healthCategory['confirmationEmail']:
return render_template('profile.html', healthCategory=heathCategory)
except:
return render_template('homepage.html')
return render_template('homepage.html')
This is the route to create a new business once logged in:
#app.route('newBusiness', methods=['GET', 'POST'])
def newBusiness():
if request.method == 'POST':
email = request.form.get('email')
confirmEmail = request.form.get('confirmEmail')
password = request.form.get('pass')
userName = request.form.get('userName')
businessName = request.form.get('businessName')
startYear = request.form.get('startYear')
selectCategory = request.form.get('selectCategory')
businessDescription = request.form.get('businessDescription')
businessAddress = request.form.get('businessAddress')
businessTown = request.form.get('businessTown')
businessCity = request.form.get('businessCity')
businessPostcode = request.get('businessPostcode')
businessNumber = request.form.get('businessNumber')
businessEmail = request.form.get('businessEmail')
bameRegister = dict(
userName = userName,
confirmationEmail = confirmEmail,
businessName = businessName,
businessStartYear = startYear,
businessCategory = businessCategory,
businessDescription = businessDescription,
businessAddress = [businessAddress, businessTown, businessCity, businessPostcode],
businessNumber = businessNumber,
businessEmail = businessEmail,
)
if selectCategory == "arts":
try:
user = auth.sign_in_with_email_and_password(email, password)
user = auth.refresh(user['refreshToken'])
db.child("Bame_Business").child("business").child("arts").set(bameRegister, user['idToken'])
signed_in_user = auth.get_account_info(user['idToken'])
artCategory = db.child("Bame_Business").child("business").child("arts").get(user['idToken']).val()
if signed_in_user['users'][0]['email'] == artCategory['confirmationEmail']:
return render_template('profile.html', artCategory=artCategory)
except:
return render_template('homepage.html')
elif selectCategory == "food":
try:
user = auth.sign_in_with_email_and_password(email, password)
user = auth.refresh(user['refreshToken'])
db.child("Bame_Business").child("business").child("food").set(bameRegister, user['idToken'])
signed_in_user = auth.get_account_info(user['idToken'])
foodCategory = db.child("Bame_Business").child("business").child("food").get(user['idToken']).val()
if signed_in_user['users'][0]['email'] == foodCategory['confirmationEmail']:
return render_template('profile.html', foodCategory=foodCategory)
except:
return render_template('homepage.html')
elif selectCategory == "health":
try:
user = auth.sign_in_with_emal_and_password(email, password)
user = auth.refresh(user['refreshToken'])
db.child("Bame_Business").child("business").child("health").set(bameRegister, user['idToken'])
signed_in_user = auth.get_account_info(user['idToken'])
healthCategory = db.child("Bame_Business").child("business").child("health").get(user['idToken']).val()
if signed_in_user['users'][0]['email'] == healthCategory['confirmationEmail']:
return render_template('profile.html', healthCategory=healthCategory)
except:
return render_template('homepage.html')
return render_template('homepage.html')
After the user has logged in, lets say they register their 1st business in the arts category, when they register their 2nd different business in the arts category the original collection is overwritten in Firebase. This happens even when selecting a different category. This is definitely not ideal as someone could overwrite someone else's data - which then leads to all sorts of problems!
I understand you can use push & set to create new entries in pyrebase; I chose set because when I used push it creates a unique tag which I found it hard to get individual access from a users account. With the set method it is easy to call out the part of the dictionary I want with artCategory['businessName'] or artCategory['businessDescription'] or artCategory['confirmationEmail'] etc
I just need to create a new business registration after login in without overriding any existing data, if anyone could help me come up with a solution that would be much appreciated.
Kind regards
.set() overrides. .update() updates only the fields that have changed.
Related
Once I get to the verify_token function it keeps executing the except statement instead of returning the value in 'id_user' and I'm not sure why. I am using these libraries. flask-login, sqlalchemy, itsdangerous for jsonwebserializer, and wtforms.
Functions
def get_reset_token(user):
serial = Serializer(app.config['SECRET_KEY'], expires_in=900) # 15 mins in seconds
return serial.dumps({'id_user':user.id}).decode('utf-8')
def verify_token(token):
serial = Serializer(app.config['SECRET_KEY'])
try:
user_id = serial.load(token)['id_user']
except:
return None
return Users.query.get('id_user')
def send_mail(user):
token = get_reset_token(user)
message = Message('Password Reset Request', recipients = [user.email], sender='noreply#gmail.com')
message.body= f'''
To Reset your password, click the following link:
{url_for('reset_token', token = token, _external = True)}
If you did not send this email, please ignore this message.
'''
mail.send(message)
ROUTES
#app.route('/password_reset', methods = ['GET', 'POST'])
def password_reset():
form = Password_request()
if request.method == "POST":
if form.validate_on_submit:
user = Users.query.filter_by(email = form.email.data).first()
send_mail(user)
flash('Check your email. Password change request has been sent')
return redirect(url_for('login'))
else:
flash('Your email was not linked to an account')
return render_template('password_reset.html', form = form)
#app.route('/password_reset/<token>', methods = ['GET', 'POST'])
def reset_token(token):
user = verify_token(token)
if user == None:
flash('The token is invalid or expired')
return redirect(url_for('password_reset'))
form = Password_success()
if form.validate_on_submit:
hashed_password=generate_password_hash(form.password.data, method = 'sha256')
user.password = hashed_password
db.session.commit()
flash('Your password has been updated!')
return redirect(url_for('signup'))
def verify_token(token):
serial = Serializer(app.config['SECRET_KEY'])
try:
user_id = serial.load(token)['id_user']
except:
return None
return Users.query.get('id_user') # this looks wrong
Shouldn't the last line of verify_token be return Users.query.get(user_id)? You're assigning the value of the token to that variable , then ignoring it and telling SQLAlchemy to find a record with the ID of the string value 'id_user' which I doubt is what you're intending to do.
def verify_token(token):
serial = Serializer(app.config['SECRET_KEY'])
try:
user_id = serial.load(token)['id_user']
except:
return None
return Users.query.get(user_id) # What happens when you change this?
This is my signup view:
def signup(request):
next = request.GET.get('next', '')
print(next)
if request.user.is_authenticated:
return redirect('/')
else:
if request.method == "POST":
first_name=request.POST['first_name']
email=request.POST['email']
password=request.POST['password']
cpassword=request.POST['cpassword']
signup_uri = f'/signup?next={next}'
if password==cpassword:
if User.objects.filter(email=email).exists():
messages.info(request,'Email already in use')
return redirect(signup_uri)
elif User.objects.filter(mobile=mobile).exists():
messages.info(request,'Mobile Number already in use')
return redirect(signup_uri)
else:
user=User.objects.create_user(first_name=first_name,email=email,password=password)
user.save();
return redirect(f'/login?next={next}')
else:
messages.info(request,'Passwords not matching')
return redirect('signup_uri')
else:
return render(request,'signup.html')
The problem I am facing is that when I am printing next under def signup it is printing it correctly but when it has to redirect it redirects without showing anything as next in url. That is signup_uri = f'/signup?next={next}' and return redirect(f'/login?next={next}') are showing the {next} as empty.What could be the reason?Any help would be appriciated.
Based on the definition of the signup method, you are only retrieving the value of the next parameter only for the GET request. But when you are trying for a POST request, you do not retrieve the value of the next parameter. For this reason, the value of the next variable is set to "" and hence, the value of the signup_uri variable is being set as "/signup?next=" as well as for the login redirecting url ("/login?next=") too. In order to get rid of this problem, your code should be similar to as follows.
def signup(request):
next = request.GET.get('next', '')
print(next)
if request.user.is_authenticated:
return redirect('/')
else:
if request.method == "POST":
first_name = request.POST['first_name']
email = request.POST['email']
password = request.POST['password']
cpassword = request.POST['cpassword']
next = request.POST.get("next", "")
signup_uri = f'/signup?next={next}'
if password == cpassword:
if User.objects.filter(email=email).exists():
messages.info(request,'Email already in use')
return redirect(signup_uri)
elif User.objects.filter(mobile=mobile).exists():
messages.info(request,'Mobile Number already in use')
return redirect(signup_uri)
else:
user = User.objects.create_user(first_name=first_name, email=email, password=password)
user.save();
return redirect(f'/login?next={next}')
else:
messages.info(request, 'Passwords not matching')
return redirect('signup_uri')
else:
return render(request, 'signup.html')
After authenticating a user, I am having trouble keeping a user logged in as they move through the website I have built. I have tried using cookies and sessions but I can't seem to get it to work.
I am sharing my code for login where I grab data to authenticate a user from an excel sheet that is populated at Sign Up
I locate the names of each team member to have them appear on the Team Page, which is where the user is redirected to after login
#app.route('/login',methods=['POST','GET'])
def login():
# get data from form
try:
username = str(request.form['username2'])
password2 = str(request.form['password2'])
teamname = str(request.form['teamname'])
print(username)
print(password2)
# read excel sheet
data = pd.read_excel("C:\\Users\\290002925\\Documents\\registration.xlsx")
for name in data['Team']:
if name == teamname:
team_info = data.loc[data['Team'] == teamname]
print(team_info)
team_info['FullName'] = team_info['FirstName'] + [' '] + team_info['LastName']
teamroster = team_info[['FullName']].copy()
finalteamroster = pd.DataFrame(teamroster, index=range(5))
print(finalteamroster)
print(len(finalteamroster))
finalteamroster.fillna(value='', inplace=True)
print(finalteamroster)
amember1 = finalteamroster.at[0,'FullName']
print(amember1)
amember2 = finalteamroster.at[1,'FullName']
print(amember2)
amember3 = finalteamroster.at[2,'FullName']
print(amember3)
amember4 = finalteamroster.at[3,'FullName']
print(amember4)
amember5 = finalteamroster.at[4,'FullName']
print(amember5)
This is where the authentication of the user comes in
for user in data['Email']:
#check username
if user == username:
passw = data.loc[data['Email'] == username]
# check password
print(passw)
test2 = passw.iat[0,3]
This is how I wrote out cookies but I think Session might be more useful
if test2 == password2:
# authenticated
print("User is authenticated")
response = render_template('teampage.html', teamname=teamname, member1=amember1, member2=amember2, member3=amember3, member4=amember4, member5=amember5)
response.set_cookie('userID', username)
return response
else:
print("Password is incorrect")
return render_template('login.html')
else:
print("Username is incorrect")
return render_template('index.html')
except:
print("fail")
return render_template('login.html')
Code for Teampage
#app.route('/teampage')
def teampage():
userid = request.cookies.get('userID')
return render_template('teampage.html', userid=userid)
HTML user reference
{{userid}}
It is a bit hard to understand your initial code but what I understand is that you need to maintain a User session-
#app.route('/login', methods=['GET', 'POST'])
def login():
if request.method == 'GET':
return render_template('login.html', title=': Login')
if request.method == 'POST':
if YourMethodToCheckPassword==True:
session['username'] = request.form['user']
return redirect(url_for('home'))
And then use the Session object everywhere like-
#app.route('/home')
def home():
if 'username' in session:
return render_template("index.html", name=session['username'])
Inside your HTML use
{{ name }}
I want to add users in group table, i'm checking user in all group member if and then if he is already in table i flash the message and if not i add user to the group. but it only does for the first user. and the rest the logic evaluate false
#main.route('/join-classroom/<int:classroom_id>/<int:user_id>/')
#login_required
def join_classroom(classroom_id, user_id):
classroom = Classroom.query.filter_by(id=classroom_id).first()
if classroom is None:
flash('Invalid classname')
return redirect(url_for('main.classrooms'))
else:
# check if user aleady added or on request
classroomMembers = ClassroomMember.query.filter_by(user_id=user_id).all()
for classroomMember in classroomMembers:
if (classroomMember.user_id == user_id) and (classroomMember.classroom_id == classroom_id):
flash('You are already in Group ')
return redirect(url_for('main.classrooms'))
elif (classroomMember.user_id != user_id) and (classroomMember.classroom_id != classroom_id):
classroomMember = ClassroomMember(classroom_id=classroom_id, user_id=user_id)
db.session.add(classroomMember)
db.session.commit()
flash('Your request has been sent successfully')
return redirect(url_for('main.classrooms'))
elif classroomMember.user_id is None:
classroomMember = ClassroomMember(classroom_id=classroom_id, user_id=user_id)
db.session.add(classroomMember)
db.session.commit()
flash('Your request has been sent successfully')
return redirect(url_for('main.classrooms'))
When you request
classroomMembers = ClassroomMember.query.filter_by(user_id=user_id).all()
you get in classroomMembers records with user_id=user_id and only such records.
That's way only the first if clause can be True and code in two other elif will never be executed.
So you need to check if a person in a group and add there if not. And if a person does not exist create a new one. For instance like so:
classroomMembers = ClassroomMember.query.filter_by(user_id=user_id).all()
if classroomMembers:
classroomMember = classroomMembers[0]
if classroomMember.classroom_id == classroom_id:
flash('You are already in Group ')
return redirect(url_for('main.classrooms'))
else:
classroomMember.classroom_id = classroom_id
db.session.add(classroomMember)
db.session.commit()
flash('You were added to the Group')
return redirect(url_for('main.classrooms'))
else:
classroomMember = ClassroomMember(classroom_id=classroom_id, user_id=user_id)
db.session.add(classroomMember)
db.session.commit()
flash('Your request has been sent successfully')
return redirect(url_for('main.classrooms'))
I solved the problem with
#main.route('/join-classroom/<int:classroom_id>/<int:user_id>/')
#login_required
def join_classroom(classroom_id, user_id):
classroom = Classroom.query.filter_by(id=classroom_id).first()
if classroom is None:
flash('Invalid classname')
return redirect(url_for('main.classrooms'))
else:
classroomMember = ClassroomMember.query.filter_by(user_id=user_id).filter_by(classroom_id=classroom_id).first()
if classroomMember is None:
classroomMemberUser = ClassroomMember(classroom_id=classroom_id, user_id=user_id)
db.session.add(classroomMemberUser)
db.session.commit()
flash('Your request has been sent successfully')
return redirect(url_for('main.classrooms'))
else:
flash("You are already in the Group")
return redirect(url_for('main.classrooms'))
I am new to django, i am trying to integrate payumoney with my django project. but i am unable to integrate please anyone can give me the steps of payumoney integration.
#app.route('/flaskpayment/<cid>', methods=['GET', 'POST'])
#login_required
def flaskpayment(cid):
try:
with app.app_context():
form = PaymentForm()
if request.method == 'POST':
#read data from previous form
amount = request.form['amount']
firstname = request.form['fname']
email = request.form['email']
phone = request.form['phone']
productinfo = cid
MERCHANT_KEY = "XXXXXXX"
key="XXXXXXX"
SALT = "XXXXXXXX"
PAYU_BASE_URL = "https://test.payu.in/_payment"
posted={}
hash_object = hashlib.sha256(str(random.randint(0,20)))
txnid=hash_object.hexdigest()[0:24]
hashh = ''
posted['txnid']=txnid
hashSequence = key+'|'+txnid+'|'+amount+'|'+productinfo+'|'+firstname+'|'+email+'||||||||||'
posted['key']=key
hash_string = hashSequence
hashVarsSeq=hashSequence.split('|')
'''for i in hashVarsSeq:
try:
hash_string+=str(posted[i])
except Exception:
hash_string+='''''
hash_string+='|'
hash_string+=SALT
hashh=hashlib.sha512(hash_string).hexdigest().lower()
#Payumoney required parameters
form.key.data = MERCHANT_KEY
form.hash_string.data = hash_string
form.hash.data = hashh
form.posted.data = posted
form.firstname.data = firstname
form.email.data = email
form.txnid.data = txnid
form.amount.data = amount
form.phone.data = phone
#service_provider only for secure payment
form.service_provider.data = 'payu_paisa'
form.productinfo.data = cid
form.surl.data = 'https://www.yoursite.com/success/'
form.furl.data = 'https://www.yoursite.com/failure/'
return render_template('paymentform.html',form=form, action = PAYU_BASE_URL)
except Exception as e:
return str(e)
Please refer API documentation ,Integration doc,and website integration
here is an article you can definitely check it out for more information:-
https://makedeveasy.medium.com/payumoney-integration-with-django-rest-framework-and-javascript-19f266a6bad7