To optimize my page I want users to be able to fill out forms without being logged in, but then ask them for their password upon submission. I already know I can use &next= to redirect the user, but then all the POST data of the form is lost. Is there any built in way to have the user login and then resume to where he has been including post data he just sent?
If you have also file in form, then session is not useful for you.
Second solution is save data into models and after login, you can use saved data to link with logged in user as said by #doniyor.
The best way is to use django-formwizard.
Django comes with an optional “form wizard” application that splits forms across multiple Web pages. It maintains state in one of the backends so that the full server-side processing can be delayed until the submission of the final form.
Here the link.
https://docs.djangoproject.com/en/1.7/ref/contrib/formtools/form-wizard/
Related
I have a webapp that allows authenticated as well as anonymous users to start entering some form data. If a user is happy with his/her input, he/she can save that form to the server. This is a very similar problem to a shopping cart application that does not require login until checkout time.
For the authenticated user, implementing a save button is trivial. However for the anonymous user, the form data need to be stored somewhere while authentication is taking place, then correctly retrieved after logged in. Can someone please suggest some general strategies to go about this?
I found this link that is promising but I want to be thorough about this topic.
I think the correct way of doing this is to use django sessions. Basically each user (anonymousUser included) has a session during its stay on the website (or even more).
If you have a form that you want to store for a specific session, you can do it by using
request.session['myform'] = form
you get it by
request.session['myform']
and you can delete it using
del request.session['myform']
Basically Django pickles a dictionary of the session and saves it in a place (typically the database, but can be on other place as explained in django sessions).
I am working on a Django site where people create articles. I'd like for people to be able to create an article as part of the registration process. Here's the steps:
User hits "create article" without being registered or logged in.
User is directed to "create article" page that displays the form for creating the article.
After hitting the "submit" button on the "create article" form, the user is redirected to the registration / login page.
After the registration process or login, the article is saved under the user's ID.
I'm pretty new to Django, so here are the complications so far as I'm concerned:
Do I save the object with an AnonymousUser as the author until after the login process? How would I find the object again so that I can save it to the User after they're logged in or registered? Is there any kind of unique identifier in an AnonymousUser object?
Should I pass the object through the registration process using URLs until the registration has taken place (to then save it)? How does one do that?
There are a couple of ways to do what you're wanting to do. I would exclude the user from your create Article form, and set user to blank=True, null=True.
It's really up to you as to whether or not you just hold the article in session until after you create your user, or persist it to the database and assign the user after.
One benefit of holding it in session is that if the user abandons the registration process, you don't have a record in the database. I would recommend going this way, as it's easy to do, and you don't have to have any logic to clean up your db, should the user abandon the session.
To specifically answer your question about an anonymous user...no, there is not a unique identifier for an anonymous user. You can use sessions in Django to persist objects between views.
"Should I pass the object through the registration process using URLs until the registration has taken place (to then save it)? How does one do that?"
The above suggestion that you have been made is the better solution but don't pass it to url. There are two ways to successfully do that.
You can pass the object through session variable so that no one will ever notice it instead of passing it to url.
You can determine which object you must get throught their IP address.
I'm experimenting with a way of knowing the specific twitter identities of my site's users even though they're not logged in. And would like the help of the community to find out how I could reduce the possibility of impersonation.
The main idea is that a user comes to the main page, fills a form, and clicks on a "tweet this" button as a way to submit the form. That opens up a popup where the user sees a pre-filled message: "I just submitted this form" and tweets it. This popup resides on twitter.com. No oauth is involved here. When the tweet is done, twitter sends back the id of the tweet that was just created to a javascript callback function on the web page. This javascript function ajax POSTs the form fields as well as the tweet id to a handler on the server.
The server then fetches the twitter information of that tweet including the user info and saves the form info with a foreign key to the user.
What I want to avoid is for an impersonator to come to the page, fill up the form with junk, and manually POST the form including a tweet id to an unrelated tweet from another user.
Django, which I'm using, has something called CSRF tokens to avoid impersonators from doing POST calls without loading the page. But I'm not sure if this would also prevent users who load the page (and see the csrf token) to fake the POST.
The main thing I want to avoid is for people to associate a twitter id that is not theirs with a for that they post.
Looking forward to your suggestions of some creative ways to solve this or to poke holes at my thinking.
I need some advice / ideas if someone is inclined to help: I have a javascript interface for manipulating pictures. Basically it's about moving photos around. Once it's done the position of images is saved into a Django form and then saved to database with the owner saved as the current user. Now the trick is that I would like to be able to allow non registered users to play with this interface and then if they like the result they hit save and are redirected to an account registration page and only then the form is actually saved with their user as the owner.
What comes to my mind now is to keep the values of the form in session but I don't know what will happen to the session once the anonymous user registers and becomes another user. I was also thinking of using a 'next' parameter in the registration process with the url filled with get parameters that would be the content of the form but then I don't know if userena is ready to allow that.
Any light on this is welcome.
Well, we did similar thing on our site.
When unregistered user attach photos we save objects to database and assign unique hash which was generated when user came to the page with form. When user hit submit we pass this hash in url and on the next step, when user wants to register, we just get objects from database by this hash and assign user_id to them.
Also we have a cron job which do clean up and removes all lost objects
P.S. Sorry for my english i hope you'll get my point
Save the object without the user and store a reference of that object in the session (or (signed) cookie). If if the user registers, update all the objects with the newly created user.
Another approach would be to store the data in the browser (html5 localstorage and fallbacks, or similar) and only insert it into the database once the user has signed up. You would need to make sure both things happen inside the same browser 'instance', but things would be easier in the server side.
I am new user of Django.
I want to use the built in Django Auth app for secure login. However, once a user logs in, based upon the username, I want to load it's data on the first page (lets call it welcome or home page). If I write my own login, I get stuck with URLs. All my pages become http://127.0.0.0.1:8000/login/..... I don't know where this /login/ comes from (it's written in settings file but who calls it I don't know) so after losing hope, I went for Auth login again.
I am sure there is a nice and easy way to retrieve the username but where should I write this code? in the login view of Auth app? would then that code will become part of my application?
Information about the user that's currently logged in is stored in the request.user object (request being the first parameter of every view function). request.user is an instance of the User class from django.contrib.auth. So, you can pass the user object to your templates and make all the information about the logged in user avalable that way (user.username, user.email, etc).