Thanks so much for the tip!
I had part of the solution there from our other friend but I will add that
extra protection when I can!
Are you familiar with CSRF? And your solution what the issue you fix is?
Any other insight into the reason for the code would be great!
Thanks again,
JJ
On Wednesday, July 11, 2012 8:31:20 AM UTC-4, skhohlov wrote:
>
> problem in view also :
>
> def about(request):
> if request.method == 'POST':
> return HttpResponseRedirect('/about/')
> elif request.method == 'GET':
> return render_to_response('about.html',
> context_instance=RequestContext(request))
> else:
> raise Http404()
>
> this one should be converted to :
>
> def about(request):
> if request.method == 'POST':
> return HttpResponseRedirect('/about/')
> elif request.method == 'GET':
> protectedbycsrf= {}
> protectedbycsrf.update(csrf(request))
> return render_to_response('about.html',
> context_instance=RequestContext(protectedbycsrf))
> else:
> raise Http404()
>
>
>
> 2012/7/11 Сергей Фурсов <geyse...@gmail.com>:
> > oops)
> >
> >
> > 2012/7/11 Сергей Фурсов <geyse...@gmail.com>
> >>
> >> Some notes about your models:
> >> 1. why do you create id field manually? Django will do it for you ;)
> >> 2. why do you explicitly set db_table and db_column? Do you have some
> >> legacy database? If not, django will do it for you ;)
> >> 3. move your vision from tables to objects
> >> 4. call your models in CamelCase notation and in singular form
> >> 5. try to understand related_name parameter
> >>
> https://docs.djangoproject.com/en/dev/ref/models/fields/#django.db.models.ForeignKey.related_name
>
> >>
> >> in my opinion your models should looks like:
> >> from django.db import models
> >>
> >> class Owner(models.Model):
> >> num = models.IntegerField()
> >>
> >> def __unicode__(self):
> >> return unicode(self.num)
> >>
> >>
> >> class Vehicle(models.Model):
> >> plate = models.CharField(max_length=80, unique=True)
> >> owner1 = models.ForeignKey('Owner', null=True,
> >> related_name='vehicles1', blank=True)
> >> owner2 = models.ForeignKey('Owner', null=True,
> >> related_name='vehicles2', blank=True)
> >>
> >> def __unicode__(self):
> >> return self.plate
> >>
> >>
> >> class WebRequest(models.Model):
> >> owner = models.ForeignKey('Owner')
> >> vehicle1 = models.ForeignKey(Vehicle, related_name='web_requests1')
> >> vehicle2 = models.ForeignKey(Vehicle, null=True,
> >> related_name='web_requests2', blank=True)
> >>
> >>
> >>
> >> 2012/7/11 Сергей Фурсов <geyse...@gmail.com>
> >>>
> >>> Ok, I tried your code, just added in models.py fake owners model to
> >>> correct foreign key
> >>>
> >>> class Owners(models.Model):
> >>> num = models.IntegerField()
> >>>
> >>> def __unicode__(self):
> >>> return unicode(self.num)
> >>>
> >>> and create views.py with three lines of code:
> >>>
> >>> def page(request):
> >>> form = WebrequestsForm(own_id=1)
> >>> return render_to_response('page.html', {'form': form})
> >>>
> >>> and it works!
> >>> May be problem in your views.py?
> >>>
> >>>
> >>> 2012/7/10 Сергей Фурсов <geyse...@gmail.com>
> >>>>
> >>>> as described in error message your view function have to use
> >>>> RequestContext for the template, instead of Context.
> >>>> your view should looks like
> >>>>
> >>>> def about(request):
> >>>> if request.method == 'POST':
> >>>> return HttpResponseRedirect('/about/')
> >>>> elif request.method == 'GET':
> >>>> return render_to_response('about.html',
> >>>> context_instance=RequestContext(request))
> >>>> else:
> >>>> raise Http404()
> >>>>
> >>>> note that you redirect (HttpResponseRedirect) to url, but render
> >>>> (render_to_response) template with context
> >>>>
> >>>> also I changed action for form in tempalte to /about/ to handle POST
> and
> >>>> GET requests in same view
> >>>>
> >>>> hope this helps
> >>>>
> >>>> 2012/7/10 JJ Zolper <codinga...@gmail.com>
> >>>>>
> >>>>> Here is the error I received with debug set to true for Django:
> >>>>>
> >>>>> Forbidden (403)
> >>>>>
> >>>>> CSRF verification failed. Request aborted.
> >>>>>
> >>>>> Help
> >>>>>
> >>>>> Reason given for failure:
> >>>>>
> >>>>> CSRF token missing or incorrect.
> >>>>>
> >>>>>
> >>>>> In general, this can occur when there is a genuine Cross Site
> Request
> >>>>> Forgery, or when Django's CSRF mechanism has not been used
> correctly. For
> >>>>> POST forms, you need to ensure:
> >>>>>
> >>>>> The view function uses RequestContext for the template, instead of
> >>>>> Context.
> >>>>> In the template, there is a {% csrf_token %} template tag inside
> each
> >>>>> POST form that targets an internal URL.
> >>>>> If you are not using CsrfViewMiddleware, then you must use
> csrf_protect
> >>>>> on any views that use the csrf_token template tag, as well as those
> that
> >>>>> accept the POST data.
> >>>>>
> >>>>> You're seeing the help section of this page because you have DEBUG =
> >>>>> True in your Django settings file. Change that to False, and only
> the
> >>>>> initial error message will be displayed.
> >>>>>
> >>>>> You can customize this page using the CSRF_FAILURE_VIEW setting.
> >>>>>
> >>>>>
> >>>>> I'm wondering if this is caused because I don't have a redirect page
> >>>>> for my 'POST' HTML submit.
> >>>>>
> >>>>> Now my code...
> >>>>>
> >>>>> URLCONF:
> >>>>>
> >>>>> from django.conf.urls.defaults import patterns, include, url
> >>>>>
> >>>>> from MadTrak.manageabout.views import about, about_form
> >>>>>
> >>>>>
> >>>>> # Uncomment the next two lines to enable the admin:
> >>>>>
> >>>>> from django.contrib import admin
> >>>>>
> >>>>> admin.autodiscover()
> >>>>>
> >>>>>
> >>>>> urlpatterns = patterns('',
> >>>>>
> >>>>>
> >>>>> (r'^about_form/', about_form),
> >>>>>
> >>>>> (r'^about/', about),
> >>>>>
> >>>>>
> >>>>> # Examples:
> >>>>>
> >>>>> # url(r'^$', 'MadTrak.views.home', name='home'),
> >>>>>
> >>>>> # url(r'^MadTrak/', include('MadTrak.foo.urls')),
> >>>>>
> >>>>>
> >>>>> ## url(r'^$', 'MadTrak.views.home', name='home'), with a view named
> >>>>> home
> >>>>>
> >>>>> ## url(r'^listen/', 'MadTrak.views.home', name='home'), with a view
> >>>>> named home
> >>>>>
> >>>>> ## url(r'^home/', 'MadTrak.views.home', name='home'), with a view
> named
> >>>>> home
> >>>>>
> >>>>>
> >>>>> # Uncomment the admin/doc line below to enable admin
> documentation:
> >>>>>
> >>>>> # url(r'^admin/doc/', include('django.contrib.admindocs.urls')),
> >>>>>
> >>>>>
> >>>>> # Uncomment the next line to enable the admin:
> >>>>>
> >>>>> url(r'^admin/', include(admin.site.urls)),
> >>>>>
> >>>>> )
> >>>>>
> >>>>>
> >>>>> views.py in my manageabout app:
> >>>>>
> >>>>> from django.http import HttpResponseRedirect
> >>>>>
> >>>>> from django.shortcuts import render_to_response
> >>>>>
> >>>>> from MadTrak.manageabout.models import AboutMadtrak
> >>>>>
> >>>>>
> >>>>> def about_form(request):
> >>>>>
> >>>>> return render_to_response('about_form.html')
> >>>>>
> >>>>>
> >>>>> def about(request):
> >>>>>
> >>>>> if request.method == 'POST':
> >>>>>
> >>>>> # do_something_for_post()
> >>>>>
> >>>>> return HttpResponseRedirect('about.html')
> >>>>>
> >>>>> elif request.method == 'GET':
> >>>>>
> >>>>> return render_to_response('/')
> >>>>>
> >>>>> else:
> >>>>>
> >>>>> raise Http404()
> >>>>>
> >>>>>
> >>>>> model where i tried to set up my database to recieve the information
> >>>>> posted:
> >>>>>
> >>>>> from django.db import models
> >>>>>
> >>>>>
> >>>>> class AboutMadtrak(models.Model):
> >>>>>
> >>>>> name = models.CharField(max_length=30)
> >>>>>
> >>>>> title = models.CharField(max_length=60)
> >>>>>
> >>>>> bio = models.CharField(max_length=200)
> >>>>>
> >>>>> website = models.URLField()
> >>>>>
> >>>>>
> >>>>> def __unicode__(self):
> >>>>>
> >>>>> return self.nam
> >>>>>
> >>>>>
> >>>>> my template for the about form submission:
> >>>>>
> >>>>>
> >>>>> <html>
> >>>>>
> >>>>> <title>About-Form</title>
> >>>>>
> >>>>> <head>
> >>>>>
> >>>>>
> >>>>> </head>
> >>>>>
> >>>>> <body>
> >>>>>
> >>>>>
> >>>>> MadTrak About Page, Yo!
> >>>>>
> >>>>>
> >>>>> <p></p>
> >>>>>
> >>>>>
> >>>>> <form action="/about_form/" method="post">
> >>>>>
> >>>>> {% csrf_token %}
> >>>>>
> >>>>> <p>Name: <input type="text" name="name" value=""></p>
> >>>>>
> >>>>> <p>Title: <input type="text" name="title" value=""></p>
> >>>>>
> >>>>> <p>Bio: <textarea name="bio" rows="10"
> >>>>> cols="50"></textarea></p>
> >>>>>
> >>>>> <p>Website: <input type="text" name="website" value=""></p>
> >>>>>
> >>>>> <input type="submit" value="Submit">
> >>>>>
> >>>>> </form>
> >>>>>
> >>>>>
> >>>>> </body>
> >>>>>
> >>>>> </html>
> >>>>>
> >>>>>
> >>>>>
> >>>>>
> >>>>> In conclusion I am fairly new to even 'POST' and 'GET' operations so
> I
> >>>>> apologize haha. Anyways, I see the CSRF error and I was confused
> because i
> >>>>> recall that having to do with security? An open operation from
> submission to
> >>>>> a redirect page? I'm not sure.
> >>>>>
> >>>>> All I wanted to accomplish was to be able to post the data in that
> >>>>> template and see the result in my in my MadTrak database. That's it.
> Just
> >>>>> see the data as an item in my database. Any help is welcomed as I
> try to
> >>>>> iron this out!
> >>>>>
> >>>>> Cheers to all the Django developers out there!
> >>>>>
> >>>>> JJ Zolper
> >>>>>
> >>>>> --
> >>>>> You received this message because you are subscribed to the Google
> >>>>> Groups "Django users" group.
> >>>>> To view this discussion on the web visit
> >>>>> https://groups.google.com/d/msg/django-users/-/DChOPlS2aAsJ.
> >>>>> To post to this group, send email to django-users@googlegroups.com.
> >>>>> To unsubscribe from this group, send email to
> >>>>> django-users+unsubscr...@googlegroups.com.
> >>>>> For more options, visit this group at
> >>>>> http://groups.google.com/group/django-users?hl=en.
> >>>>
> >>>>
> >>>
> >>
> >
> > --
> > You received this message because you are subscribed to the Google
> Groups
> > "Django users" group.
> > To post to this group, send email to django-users@googlegroups.com.
> > To unsubscribe from this group, send email to
> > django-users+unsubscr...@googlegroups.com.
> > For more options, visit this group at
> > http://groups.google.com/group/django-users?hl=en.
>
--
You received this message because you are subscribed to the Google Groups
"Django users" group.
To view this discussion on the web visit
https://groups.google.com/d/msg/django-users/-/Ldo9Q5b2E-wJ.
To post to this group, send email to django-users@googlegroups.com.
To unsubscribe from this group, send email to
django-users+unsubscr...@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/django-users?hl=en.
