I am on a development server (no CSRF protection), sending over login data to Django via a web form (Django: 127.0.0.1:8000). HTML:
<!DOCTYPE html>
<html>
<head>
<title>Log In</title>
<meta charset="utf-8">
</head>
<body>
<script src="https://code.jquery.com/jquery-3.6.0.js" integrity="sha256-H+K7U5CnXl1h5ywQfKtSj8PCmoN9aaq30gDh27Xc0jk=" crossorigin="anonymous"></script>
<header>
</header>
<script>
$("document").ready(function () {
$("header").load("static/header.html");
})
</script>
<div id="loginbox">
<h3>Log In</h3>
<form action="http://127.0.0.1:8000" method="post">
<input type="text" id="uname"><br>
<input type="password" id="pass"><br>
<button id="login" type="submit">Log In</button></br>
</form>
<a href="signup.html">Sign Up</a><br>
<a href="forgotCredentials.html">Forgot Username/Password?</a>
</div>
</body>
</html>
Django:
from django.shortcuts import render
# Create your views here.
from django.contrib.auth import authenticate, login
from django.views.decorators.csrf import csrf_exempt
from django.http import HttpResponse
@csrf_exempt
def index(request):
uname = request.POST.get("uname")
passwd = request.POST.get("pass")
print(uname + " pass " + passwd)
user = authenticate(username=uname, password=passwd)
if user is not None:
login(request, user)
return render(request, "taxnow/index.html")
return render(request, "taxnow/Login.html")
I’m pretty sure that the POST data is not being transmitted (TypeError: unsupported operand type(s) for +: ‘NoneType’ and ‘str’) in the print statement, but I can’t figure out why. (The HTML is on localhost and the django is on 127.0.0.1:8000 as mentioned previously.) Is there any reason for this?
Advertisement
Answer
In request.POST you don’t have keys from id attribute, but from name. Add it to inputs and you’re fine.
<input type="text" id="uname" name="uname"><br> <input type="password" id="pass" name="pass"><br>