Sac #25
Sac #25
Conversation
|
Sir, the Login and register new user pull request (8d885b6) was made by mistake. So, please ignore it and review only Register and Login new user. |
|
Sir, for the issue #13 , I have made changes in app.py as was asked in Login and Regiter new user ( b3b89bf ). Login and Register ( 52c2819 ) includes session admin status and email which I forgot earlier. RegisterForm is included in Forms ( c0e6071 ). I have made a new template named dashboard such that the user will be directed to dashboard after logging-in. Since the route of Home is '/', it will be shown before login page.Hence, I have made changes accordingly. Sir, Please review these commits and suggest necessary changes. |
|
Sir, I have made changes as asked. Please review the PR for the issue #13 and suggest further changes. |
|
The current patch of this PR is working fine, you just need a few minor changes |
|
Sir, made the changes for the issue #13 . Please review it and suggest any further changes. |
|
Sir, I've made changes for the issue #13 . Please review the commit and suggest any further changes. |
.gitignore
Outdated
| @@ -0,0 +1,3 @@ | |||
| __pycache__/ | |||
| Make_Tables/__pycache__/ | |||
| .sampleenv | |||
There was a problem hiding this comment.
- gitignore .env instead of .sampleenv and add a newline at the end
app.py
Outdated
| else: | ||
|
|
||
| # Execute query | ||
| mycursor.execute("INSERT INTO Users(userID, email, password, name, admin) VALUES(%s, %s, %s, %s, %s)", (userID, email, password, name, admin)) |
There was a problem hiding this comment.
- check and make sure these variables have no unesscessary special characters, eg. name = "Milind; DROP TABLE USERS;"
There was a problem hiding this comment.
Does this mean SQL Injections?
There was a problem hiding this comment.
Yeah , I guess this has to be done to handle SQL injections
app.py
Outdated
|
|
||
| if request.method == 'POST' and form.validate(): | ||
|
|
||
| if (form.userID.data[0] == 'b' or form.userID.data[0] == 'd' or form.userID.data[0] == 't' or form.userID.data[0] == 's' or form.userID.data[0] == 'v' ) and form.userID.data[1:6].isdecimal : |
There was a problem hiding this comment.
- Move this check to RegisterForm definition, use a custom validator
|
Sir, new commit bd363bb for the issue#13 has the asked changes. Please review it and suggest any further changes. |
Make_Tables/mysqlconnect.py
Outdated
| @@ -5,9 +5,9 @@ | |||
| directory = os.getcwd() | |||
| envindex = directory.find('Make_Tables') | |||
| if envindex!=-1: #If current working directory is Make_Tables | |||
| load_dotenv(directory[:envindex]+"/.env") | |||
| load_dotenv(directory[:envindex]+"/.sampleenv") | |||
There was a problem hiding this comment.
- read from .env only, .sampleenv is so that people know what their .env requires.
(This is so that people don't have to worry about git tracking changes to .env also add a step to readme about creating .env using .sampleenv)
|
Sir, I made asked changes for the issue#13 in commit d7675e5. Please review it and suggest any further changes. |
I created endpoint for Register and Login page. There is one issue that it uses 'register.html' for register() function which has not been created yet. And username is kept of length of 6 characters considering our Roll no. b1XXXX .Email can be any email for now. @Milind712000 please review this issue.