I am trying to set up the user authentication for the login page using forms and comparing it to database values and my code works but then I realized I was getting login successful if I put any password if it was available in the database. What I want to do is to search for the mail and get the password for that user only not the whole database. My database will contain no duplicate emails so I don't have to worry about that. I have spend too much time trying to figure out how to get the password for same user the email is.
my login.views look like this
def login(request):
if request.method == "POST":
form = Studentlogin(request.POST)
if form.is_valid():
email = form.cleaned_data.get('email')
password = form.cleaned_data.get('password')
user = User.objects.create_user(email, password)
try:
studentemail = students.objects.get(email=email)
studentpass = students.objects.get(password=password)
return render (request, 'subscrap/main.html', {'student': studentemail })
except:
messages.success(request, 'Error, either Email or Password is not correct')
pass
else:
form = Studentlogin()
return render(request, 'subscrap/login.html', {'form': form})
My student model looks like this:
class students(models.Model):
fname = models.CharField(max_length=50)
lname = models.CharField(max_length=50)
password = models.CharField(max_length = 50 , null = True)
passwordrepeat = models.CharField(max_length = 50, null = True)
email = models.EmailField(max_length=150)
class Meta:
db_table = "students"
My form file:
class StudentForm(forms.ModelForm):
class Meta:
model = students
fields = "__all__"
class Studentlogin(forms.Form):
email = forms.EmailField(max_length=150)
password = forms.CharField(max_length = 50, widget=forms.PasswordInput)
CodePudding user response:
You need to make only one query to get the student with the given email and password:
def login(request):
if request.method == "POST":
form = Studentlogin(request.POST)
if form.is_valid():
email = form.cleaned_data.get('email')
password = form.cleaned_data.get('password')
user = User.objects.create_user(email, password)
try:
student = students.objects.get(email=email, password=password)
return render (request, 'subscrap/main.html', {'student': student})
except:
messages.success(request, 'Error, either Email or Password is not correct')
else:
form = Studentlogin()
return render(request, 'subscrap/login.html', {'form': form})
CodePudding user response:
Your query set on the students model students.objects.get(email=email) returns a SINGLE student OBJECT where their email is equal to the email retrieved from the form. A more accurate variable name would be student. Note .get() returns a DoesNotExist error if there isn't a matching record.
From what you have you can then do (not ideal)
try
student = students.objects.get(email=email)
if student.password == password:
return render (request, 'subscrap/main.html', {'student': email}) # (or student.email)
else:
raise Exception()
except:
messages.success(request, 'Error, either Email or Password is not correct')
Building on what RedWheelbarrow wrote. Their query set looks for a student based on who had both the exact email and password. The query set still returns a single student though so if you just want to return the email in your render you need to do
try:
student = students.objects.get(email=email, password=password)
return render (request, 'subscrap/main.html', {'student': email}) # (or student.email)
except:
messages.success(request, 'Error, either Email or Password is not correct')
Read more on qeueryset get method here