please put « > » before the csrf tag
Le 27 août 2019 à 16:30 +0100, Kean <[email protected]>, a écrit : > Hi Ajeet, thanks for code, > however after i press submit i get the > > Forbidden (403) > CSRF verification failed. Request aborted. > Help > Reason given for failure: > CSRF token missing or incorrect. > > In general, this can occur when there is a genuine Cross Site Request > Forgery, or when Django's CSRF mechanism has not been used correctly. For > POST forms, you need to ensure: > > • Your browser is accepting cookies. > • The view function passes a request to the template's render method. > • In the template, there is a {% csrf_token %} template tag inside each POST > form that targets an internal URL. > • If you are not using CsrfViewMiddleware, then you must use csrf_protect on > any views that use the csrf_token template tag, as well as those that accept > the POST data. > • The form has a valid CSRF token. After logging in in another browser tab or > hitting the back button after a login, you may need to reload the page with > the form, because the token is rotated after a login. > > You're seeing the help section of this page because you have DEBUG = True in > your Django settings file. Change that to False, and only the initial error > message will be displayed. > You can customize this page using the CSRF_FAILURE_VIEW setting. > > my template is referencing csrf_token > > template.html > > <!DOCTYPE html> > <html> > <head> > <title>Customer</title> > </head> > <body> > <h8> "Customer register" </h8> > <div> > <div class = "container" > > <form method=« POST"> > {% csrf_token %} > {{ form.as_p }} > <input type="submit" /> > </form> > </div> > </div> > </body> > </html> > > > Am i doing something wrong? > > Best, > K > > On 25 Aug 2019, at 08:57, Ajeet Kumar Gupt <[email protected]> wrote: > > > Hi, > > > > Please use the below code. > > > > views.py > > __________________ > > > > def user_register(request): > > # if this is a POST request we need to process the form data > > template = 'mymodule/register.html' > > # template = 'index.html' > > if request.method == 'POST': > > # create a form instance and populate it with data from the request: > > form = RegisterForm(request.POST) > > # check whether it's valid: > > if form.is_valid(): > > if > > User.objects.filter(username=form.cleaned_data['username']).exists(): > > return render(request, template, { > > 'form': form, > > 'error_message': 'Username already exists.' > > }) > > elif > > User.objects.filter(email=form.cleaned_data['email']).exists(): > > return render(request, template, { > > 'form': form, > > 'error_message': 'Email already exists.' > > }) > > elif form.cleaned_data['password'] != > > form.cleaned_data['password_repeat']: > > return render(request, template, { > > 'form': form, > > 'error_message': 'Passwords do not match.' > > }) > > else: > > # Create the user: > > user = User.objects.create_user( > > form.cleaned_data['username'], > > form.cleaned_data['email'], > > form.cleaned_data['password'] > > ) > > user.first_name = form.cleaned_data['first_name'] > > user.last_name = form.cleaned_data['last_name'] > > user.phone_number = form.cleaned_data['phone_number'] > > user.save() > > return redirect('/login/') > > # Login the user > > #login(request, user) > > #def user_login(request): > > # redirect to accounts page: > > #return render(request, '/login.html') > > # return HttpResponseRedirect(return, '/login.html') > > # No post data availabe, let's just show the page. > > else: > > form = RegisterForm() > > return render(request, template, {'form': form}) > > > > > On Sat, Aug 24, 2019 at 8:34 PM Kean <[email protected]> wrote: > > > > Hi, > > > > > > > > New to Django. > > > > I've created a user registration form, the issue is it does not run > > > > validations or report errors with the data entered. It simply routes to > > > > the redirect url. > > > > Please can I ensure the user sees the correct error in a post case > > > > scenari for both a django form, and customsied django form. > > > > > > > > forms.py > > > > > > > > class UserRegisterForm(UserCreationForm): > > > > email = forms.EmailField() > > > > > > > > class Meta: > > > > model = User > > > > fields = 'username', 'email', 'password1', 'password2' > > > > > > > > Views.py > > > > > > > > def register(request): > > > > if request.method == 'POST': > > > > form = UserRegisterForm(request.POST) > > > > if form.is_valid(): > > > > form.save() > > > > username = form.cleaned_data.get('username') > > > > messages.success(request, f'Account created for {username}') > > > > return HttpResponseRedirect('cprofile') > > > > else: > > > > form = UserRegisterForm() > > > > context = {'form': form} > > > > return render(request, "register.html", context,) > > > > > > > > template.html > > > > > > > > <head> > > > > <title>Registration</title> > > > > </head> > > > > <body> > > > > <br> > > > > <div class = "container"> > > > > <form method = "POST"> > > > > {% csrf_token %} > > > > <fieldset class="form"> > > > > <legend class="border-bottom > > > > mb-2">Register</legend> > > > > {{ form|crispy }} > > > > {% if messages %} > > > > {% for messages in > > > > messages %} > > > > <div > > > > class="alert alert{{ message.tag }}"> > > > > {{ > > > > messages }} > > > > </div> > > > > {% endfor %} > > > > {% endif %} > > > > </fieldset> > > > > <br> > > > > <div class = "form"> > > > > <button class ="btn > > > > btn-outline-info" type="submit">Register</button> > > > > > > > > Any help would be much appreciated > > > > > > > > Best, > > > > > > > > K > > > > > > > > > > > > > > > > -- > > > > You received this message because you are subscribed to the Google > > > > Groups "Django users" group. > > > > To unsubscribe from this group and stop receiving emails from it, send > > > > an email to [email protected]. > > > > To view this discussion on the web visit > > > > https://groups.google.com/d/msgid/django-users/5a003506-de8d-4587-863d-3fc26e4c45c1%40googlegroups.com. > > > > > > -- > > > > > > > > > > > > > > Thanks & Regards > > Ajeet Kumar Gupt > > +91-9311232332 > > -- > You received this message because you are subscribed to the Google Groups > "Django users" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > To view this discussion on the web visit > https://groups.google.com/d/msgid/django-users/EE7F02B6-E358-4378-AD6C-255123EEE33B%40gmail.com. -- You received this message because you are subscribed to the Google Groups "Django users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/django-users/a01e8d1e-7c99-4c26-a569-4ccd08daa12f%40Spark.
