To anyone reading this, I want to say that these tutorials are much much better than any paid content on Udemy, etc. Corey, I cannot thank you enough for all your efforts and patience in creating this amazing content. I am currently unemployed and I'm trying hard to learn full stack dev on Python and upskill myself . I promise I will contribute to your channel the moment I receive my first salary. I mean it. Once again, thank you so so so so much for everything you do Corey. May god bless you.
Couldn't agree more with Ashwin. This channel is amazing. I've bought quite a few courses as well and they are alright but Corey's contents are more than just one tier better. Far better. I will, of course, contribute when my financial situation is better as well. I feel like such an arse right now by just liking the videos compared with what I gain by watching them.
These are excellent videos. Its not a step by step as that would be A-Z with no issues. He brings you through all of the concepts, and shows you why things need to be done a certain way by highlighting errors and sometimes making them on purpose. Great teacher
At around (34:00) or so as you are putting in the logout stuff, you could also use: Logout {{current_user.username}} in the layout.html. This will display the userid you are logged with. When you are testing, it's REALLY nice to know who the heck you are logged in as.
Corey It was great to meet you at Pycon! I really appreciate how you incorporate important knowledge gems throughout the tutorial so that we understand the reasons behind the steps and potential problems that may be encountered. And yet manage to avoid the clutter. Thanks so much! To show my appreciation, I donated via paypal :)
28:01 Just wanted to point out a little shortcut: there is no need to add an "else" statement after hitting a "return" statement inside the previous "if" on line 53. Since the function will return, the rest of it will not be evaluated after that point. This is obviously no big deal, but it is a small detail that's useful especially when trying to maintain the length of the lines under 80 characters since you end up with less indentation! Thank you Corey, I'm learning a lot from this series!
Whenever I think to write a comment on this. I need to think with what words should I grateful to Corey. All things that you explains are much much cleaner and clear. So happy and thankful to you.
Corey, your tutorials are gold. I'm having real fun following along and it makes me excited to be programming an actual website. The videos are a constant bombardment of useful information. Good pace, good content, good quality. Thanks for the series on flask!
Outstanding video! Thank you so much! I am a high school senior working on an engineering capstone project. We are making a tool to facilitate people's college applications. Since it uses machine learning, we chose Python over PHP for this task, which makes Flask very useful. Your tutorials on the login system and database have been extremely helpful (I originally did some MySQL queries by hand, but this is much cleaner and easier). Cheers!
I wish I could give thousand likes in this videos, these contents are much better than most of the paid contents available. Thanks a ton Corey for making our lives easier thru these awesome tutorials
11:42 "This is the first time we've seen an error like this" that actually made me laugh I've had at least 10 different errors page only in those first 6eps.
thank you so much! I'm 15 and I've been struggling with this thinking it's high end programmer ish...but your explanation helped me a lot❤. Everyone deserves a teacher like you💖God bless u Corey
There is a ton of information in this one video. I am going to have to watch this one over and over while building a site. Some of the things that these classes and functions are doing is confusing and it would be helpful if you explained how they function. Thank you for creating this video series.
Corey, your videos are amazing, thank you! im learning flask ASAP to get ready for a job i got called in to interview for that needs me to know flask! THIS IS HELPING LOTS!!
I haven't finished the series yet, but I hope we can get into user accounts vs admin accounts with different permissions, or if you haven't made a video of that yet, it would be amazing if you did!! Everything clicks so easily the way you teach it!! I really enjoy it!! thank you Corey!!
Once in a while you encounter a page, where afer login, you get thrown of the tracks you have been surfing. Seeing how it's implemented under the hood is really fascinating. Thank you, proud supporter.
Ive been searching a lot for finding a really helpful education packages to learn the python , thank god one of you videos popped up and yeah im here everyday! as my breakfast im having some Corey !Thank you So much for Making awesome tutorials i got a 10-year Plan, at the end of the plan everyone will meet a new concept of coding, Every time i will Appreciate your helps, i will always be thankful
I bought some python courses on Udemy and some of them were good, others ok. This series is far better than a popular Udemy course on Flask (despite thousands of reviews and 4.7 stars). You should be making more revenue from this - I would suggest mid-roll ads every 15 mins is reasonable (given this content is free) and at the same time users can also take a quick break! Thanks for sharing your knowledge!
44:44 this is a bit neater and safer if next_page and not is_safe_url(next_page): return flask.abort(400) return redirect(next_page or url_for('home')) Anyway, Thanks Corey for this excellent content!
If you notice carefully, you see 127.0.0.1:5000/login?next=%2Faccount in the URL when you are not logged in and visit 127.0.0.1:5000/account. The Flask is making a note of where to take the user once login is done. I originally did using current_user.is_authenticated and was doing manual re-directs. But then saw this and realized why login_required is best to use here. Corey, you are the best!
Well, I'm following this course from the first video and it's always amazing and so valuable information. Thx Corey ! You are amazing ! Just for the record, I've been checking the flask documentation on login (flask-login.readthedocs.io/en/latest/#login-example), and noticed this warning : Warning: You MUST validate the value of the next parameter. If you do not, your application will be vulnerable to open redirects. For an example implementation of is_safe_url see this Flask Snippet. The link to the "spinnet" is unfortunatly broken and after some research I found this very interesting post on Stackoverflow which gives more information on the issue, and also gives the link to the ressource. I don't understand everything, but I got that this is an important issue (maybe for more experienced users so Corey didn't want to put too much information here). Anyway, it looks like an important security issue, and if someone can give me a feedback on it, it would be very appreciated :) ! I actually have two questions : - How to implement the "is_safe_url" solution ? I'm new in code and don't really understand it.. - Given this comment on the snippet page : "Please note that redirecting like this is vulnerable to the Open Redirect Vulnerability (homakov.blogspot.com/2014/01/evolution-of-open-redirect-vulnerability.html) due to the way that python's urlparse module parses URLs", which I don't really understand (neither), I was wondering if the "is_safe_url" solution is relevant, and if not, how to face this security issue. Sorry for the endless comment.. Hope this will be useful for others, and hope someone will come with an answer :) ! One more time, you're a rockstar Corey, great job for these videos !
By the way, the syntax for the last redirect can be "improved" taking example on the documentation page. For this blog, it could be something like this : return redirect(next_page or url_for('home')) It looks more simple and clear for me, and we get the same behaviour ;) !
iam getting an error like "sqlite3.OperationalError: no such table: user" can someone help me here ?? edit: corrected, add db.create_all() at top of the routes.py file
I am using pycharm in following these excellent tutorials. Pycharm was complaining about line 42 in routes.py on the line. user = User(username=form.username.data, email=form.email.data, password=hashed_pw) It said that there were unexpected arguments. Yet everything worked fine. What I figured out was: 1. A class does not require an __init__ method. (The User class in models.py does not contain an __init__ method) 2. If I added an __init__ method to the User class, pycharm stops complaining. def __init__(self, username, email, password): self.username = username self.email = email self.password = password I think, I like the change because it makes the code more explicit. I don't like that it adds more code, but I guess you can't have everything. Thanks for all the great content.
I've just spent about 30 minutes trying to figure out why PyCharm was being grumpy about this. I like the IDE a lot, but it does seem to throw warnings on things which then work perfectly well.
Hi Very interesting tutorial will use elements of this for my own work. One element which you should consider is a remove function. As a curtesy to the user who has been registered, I believe it is mandatory to have a functionality which removes any personal data from the database if this registered user wants to do so. Using the tools you demonstrated it is quite simple but I feel it is an important message to the viewers of your tutorial, and most likely easy forgotten.
Question: at 29:03 , I've checked and double checked but for some reason, while the page is running, I'm not seeing the error flash for when the provided credentials are bad @app.route("/login", methods=['GET', 'POST']) def login(): form = LoginForm() if form.validate_on_submit(): user = User.query.filter_by(email=form.email.data) if user and bcrypt.check_password_hash(user.password, form.password.data): login_user(user, remember=form.remember.data) return redirect(url_for('index')) else: flash('Login Unsuccessful. Please check username and password', 'danger') return render_template('login.html', title='Login', form=form) # we have access to the form instance we created result, while credentials are being taken, no flash warning is showing that they're invalid. any syggestions?
Thanks for the wonderful tutorial! I'm not clear for this lesson, we just add two function "validate_username" and "validate_email" for the RegisterForm class, but we didn't even call the two functions. How it can take effect ?
Thank you so much @Corey Schafer for making such educational, easy to understand and follow videos for all of us. I've been following your channel since 2 years and I've learned a lot from you. I do have one minor doubt which I couldn't find a solution for anywhere. My alert boxes are not coming in colored style. They're simple plain texts. I looked up bootstrap docs and they're pretty much same to what you've written. It'd be great if anyone can solve this issue as it gives me a little anxiety that my code is not correct :/ :p
Great tutorial from Corey Schafer, thank's a lot mate. However, it being a bit outdated concerning the flask_wtf and the audience being beginners, I would encourage people to use the html forms, and use the "request" module from flask. You guys should switch out to Tech With Tim and his flask serie for the form part, and go back to corey afterwards (cause I believe corey did a better job overall to lead to a solid blog). + I believe rewriting code that has been made is dumb, but when it comes to validators I think as a dev you should have a perfect control over it, so it's not that dumb to write your own functions for that and send your own messages. If anyone is having trouble with flask forms I would love to help in the comments. Good learning everyone, and thank's again to you corey.
His functions to validate username and email before it hits the server are not working for me. Also I'm confused (more of a general OOP question) how and when do his functions get called? Is it automatically when an instance of a class gets created?
@@ozermfried4836 Hey, it's been a while since i've watched this video, could please quote the timecode like 0:01 of the part that got you confused ? Cheers.
@@Herzfeld10 its from about 11:00 to 19:00 min. Later in the day I found an explanation in the comments to my second question by @bugs from 2 years ago. See my reply to the @hrituja khatavkar from 2 days ago. I was able to work around it. But would still love to find out what the problem is with the function thats its not working correctly. Thanks for your time.
Thanks. I love Miguel's content. I learned a lot about Flask from him. I definitely recommend him to a lot of people, especially when they want a highly detailed lesson that covers more advanced topics.
at 8:40 Remember to register only after you have run db.create_all() once, otherwise the tables defined in your models have not been intialized yet since at this point we have not included that command in the flask app files yet. If db.create_all() hasn't been run before you register and you try to check for the user you just registered you are going to get an error like the following: Operational error : No such table : user
I have a question, at min 19:10, how are these functions working? We are not even calling them, they are just defined. How is possible that they are working without being called pd:sorry for my bad english and thanks for your tutorials
Thank for the answer! Can you help me with this question as well? On min 34:23, where are we passing current_user to the layout.html so it can use it to change the navbars items? We used to pass variables through the render_template function, but now i don't know how it works
Remember that we always extend "layout.html" in our specific templates (i.e. about, home ) to render the rest of the html code. Therefore, when we call the specific template in the routes.py (say home.html) via render_template (i.e. `render_template('home.html', posts=posts)`), then layout.html will also be rendered and can use Jinja syntax to manipulate data (i.e. current_user, etc.).
@@jorjolandes You can also pass variable like that, it's still going to work,. Not sure why though @app.route("/account") @login_required def account(): title = 'Account' return render_template('account.html', title=title, current_user=current_user) HTML is the same.
Your videos are really good .Best when it comes flask section.Though can I add you a suggestion.It will always be better to summarize the topics within 2min after a long video session
How can I display the user's name next to the logout button when s/he's logged in? I've tried {{ user.username }} in the layout.html, but that doesn't work. /e: oops it works with {{ current_user.username }}
around 9:18 I checked my database again and see that nothing was added to the database, although the success flash sign still shows up. can someone help me here? P/s: found out why. My SQLALCHEMY_DATABASE_URI was defaulted to some sqlite memory link because i got a typo in my URI
@@lirachel4021 when you type "from flaskblog import db" -> you can try to read all the errors in the cmd. In the cmd error, it tells me that my URI has defaulted to a random link because I got a typo in my SQLALCHEMY_DATABASE_URI link in __init__
At 10:41 I wondered why the password wasn't showing. Just figured out it's because of the user class representing a user by only showing username, email and profile picture. Hope to help some folks wondering the same!
19:00 I noticed that the validation is case sensitive. Say Example@email.com vs example@email.com vs EXAMPLE@email.com - it allows you to create them all even though they are all the same address. Same problem exists for logging in, I dont think it should care about case for the email. Since its a database query not sure how to solve this without using .lower() on both the creation and query part, would be nice if people can still use uppercase but not create two usernames with the only difference being a uppercase.
Zack Pyle, well you should convert user's email to lowercase right after registration, so you have lowercase email in your database, and also you should lower before user login, so you always compare only lower case strings
40:40 I don't quite get the point of login_view thing when you can do the same with simple if current_user.is_authenticated and put nice looking flash message
According the the Flask-Login documentation "You MUST validate the value of the next parameter. If you do not, your application will be vulnerable to open redirects." It recommends to use 'is_safe_url' after 'next = flask.request.args.get('next')', as follows: next = flask.request.args.get('next') if not is_safe_url(next): return flask.abort(400) I was wondering why you are not using it?
This is a great video! POTENTIAL SECURITY ISSUE - when doing the validate_username (or whatever you're tying to validate to protect against duplicates, in my case email address) you should validate against an exact match. For example, someone could register with Corey and corey in your example. For those using email as the username, foo@bar.com would register, but so would Foo@bar.com or fOo@bar.com... This could be a very big security issue... Tricking users, or perhaps signing up with the same email as the 'admin' but changing a letter to be uppercase could result in a password reset. In forms.py - from sqlalchemy import func. Change user = User.query.filter_by(email=email.data).first() TO: user=User.query.filter_by(email=func.lower(email.data)).first())
Hi Corey. I created the validation functions that you created at 14:22. But when I register with the same username and email I'm still getting the same 'Integrity' error that you got at 11:29. I checked everything, the imports (in the correct order), the code..etc. Please do suggest what could be wrong. If anyone else has/had this problem and fixed it, please do help.
We can also use dict get function this way, if form.validate_on_submit(): ... next_page = request.args.get('next', 'home') return redirect(next_page) so if next arg doesn't exists it returns home.
45:00 When I try to store request.args.get('next') into "next_page" I get the value of None, which always sends the user back to the home page. It does not appear that the request.args.get('next') statement is catching the url arguments from "localhost:5000/login?next=%2Faccount". Any idea what might be wrong here? I've rewatched a few times, but still receiving the same response. P.S. Thank you for the tutorials!
Super late reply, BUT if your form works fine as it seems it does since it takes you the home instead of /account. I had the same issue and I found out that my forms inside the Html were set to a route (login). If you have a linked route to your /login then you should delete it and leave it empty. In your routes.py you can have something like this: next_page = request.args.get('next') return redirect(url_for('account')) if next_page else redirect(url_for('dashboard'))
19:37 When I enter username and email, that have been used before, both errors below username and email input field show the message "That Username is already taken", although the second one obviously should be "email". When I use a different username, but keep the email address, there is no error shown, just a red box around the email input field. This happens both in Chrome and Safari. Triple checked the code already, but can't find a difference in my code. Any idea why this happens?
at 20:45 why do we pass app as argument to class everytime we create an instance of that class? Like: login_manager = LoginManager(app). Please anwser as soon as possible.
so just to clarify w hashed passwords, it basically adds an extra layer of protection bc a hacker who has access to the database would just get a hashed password instead of the actual password...and hackers can even use the check password method you showed on the video, but then that would be an extra step for hackers, and takes more time, so hashing is not entirely safe right?
These videos are so good! Love how Corey explains concepts and builds real-world apps at the same time. I have a question though if anyone's still around to answer (I see most comments are over a year old). I noticed that if the user sets the "next" param to an arbitrary value like "?next=%2Fxyz" and then successfully logs in, the flask app panics and displays a BuildError screen (when run in debug mode). Does anyone know how to handle that gracefully?
if you follow through to the end of the tutorial where he talks about custom error pages, you may be able to set it up such that the user gets directed to a custom error page if arbitrary values are used in the get parameter.
Hello Andrew, the error is because the "next" argument is equal to, "/xyz"(in you example case), but in the url_for() function, we need to provide the function that handles a route, and not the route name, as in, if you want to redirect to "login route", we use url_for("login") and not url_for("/login"). So, since url_for() can't find a function named "/xyz", it is throwing an error. So, a simple solution is to use: next_page = request.args.get("next") if next_page: return redirect(url_for(next_page[1:])) return redirect(url_for("home")) See, that I have sliced the first character ("/") from the string. Hope, you find it useful.
![Python Flask Google Login: [HOW TO] Google Login for Flask (2021)](/img/n.gif)
To anyone reading this, I want to say that these tutorials are much much better than any paid content on Udemy, etc. Corey, I cannot thank you enough for all your efforts and patience in creating this amazing content. I am currently unemployed and I'm trying hard to learn full stack dev on Python and upskill myself . I promise I will contribute to your channel the moment I receive my first salary. I mean it. Once again, thank you so so so so much for everything you do Corey. May god bless you.
Couldn't agree more with Ashwin. This channel is amazing. I've bought quite a few courses as well and they are alright but Corey's contents are more than just one tier better. Far better. I will, of course, contribute when my financial situation is better as well. I feel like such an arse right now by just liking the videos compared with what I gain by watching them.
In India is there demand for full stack python devs?
Did you get a job?
Any updates?
11:43
Corey: "This is the first time we see an error screen like this"
Me:*nervous laughing* "Yeah first time"
good joke boi
I've visited this error screen so many times it's the only part of the course I don't need any guidance from Corey... well almost =)
Oof
Loolll tell me about it!
I Was about to write that.... LOL
@9:55
The 2023_c version is:
from import app, db
app.app_context().push()
from .models import User
user = User.query.first()
You saved me 🥰
Absolute lifesaver! Thank you so much!
i bet many people struggled when following the videos, that was including me! This is a good post to guide people on how to troubleshoot the error
thanks bro you save my time👏👏
you can also flask shell :
flask shell
User = User.query.first()
User
These are excellent videos. Its not a step by step as that would be A-Z with no issues. He brings you through all of the concepts, and shows you why things need to be done a certain way by highlighting errors and sometimes making them on purpose. Great teacher
At around (34:00) or so as you are putting in the logout stuff, you could also use:
Logout {{current_user.username}}
in the layout.html. This will display the userid you are logged with. When you are testing, it's REALLY nice to know who the heck you are logged in as.
Corey It was great to meet you at Pycon! I really appreciate how you incorporate important knowledge gems throughout the tutorial so that we understand the reasons behind the steps and potential problems that may be encountered. And yet manage to avoid the clutter. Thanks so much! To show my appreciation, I donated via paypal :)
Thanks so much! It was nice meeting all of you as well :)
Can u please help me with
Pip install flask-bcrypt
Its giving me error
Latifa Muhammadi make sure pip is in path and it is installed
@@coreyms Bro nice dick
@@latifamuhammadi7663 Hey! I'm getting same error, did you resolve it?
28:01 Just wanted to point out a little shortcut: there is no need to add an "else" statement after hitting a "return" statement inside the previous "if" on line 53. Since the function will return, the rest of it will not be evaluated after that point. This is obviously no big deal, but it is a small detail that's useful especially when trying to maintain the length of the lines under 80 characters since you end up with less indentation!
Thank you Corey, I'm learning a lot from this series!
Whenever I think to write a comment on this. I need to think with what words should I grateful to Corey. All things that you explains are much much cleaner and clear. So happy and thankful to you.
These tutorials are so thorough... Covers so many cases that other tutorials just brush over or simply skip. Thank you SO MUCH!
Corey, your tutorials are gold. I'm having real fun following along and it makes me excited to be programming an actual website. The videos are a constant bombardment of useful information. Good pace, good content, good quality. Thanks for the series on flask!
Outstanding video! Thank you so much! I am a high school senior working on an engineering capstone project. We are making a tool to facilitate people's college applications. Since it uses machine learning, we chose Python over PHP for this task, which makes Flask very useful. Your tutorials on the login system and database have been extremely helpful (I originally did some MySQL queries by hand, but this is much cleaner and easier). Cheers!
Sounds like an awesome project!
I wish I could give thousand likes in this videos, these contents are much better than most of the paid contents available. Thanks a ton Corey for making our lives easier thru these awesome tutorials
11:42 "This is the first time we've seen an error like this"
that actually made me laugh I've had at least 10 different errors page only in those first 6eps.
same
hahaha ikr!!
Lol same
Yes, I have even seen that exact error because I had my image set to unique and so it would fail when creating the 2nd user.
I came here to say this haha.
"Hey there how's it going everybody"
Swear to god that sentence takes him 1 sec!
thank you so much! I'm 15 and I've been struggling with this thinking it's high end programmer ish...but your explanation helped me a lot❤. Everyone deserves a teacher like you💖God bless u Corey
Corey..Not sure How much research you have done...Excellent presentation
There is a ton of information in this one video. I am going to have to watch this one over and over while building a site. Some of the things that these classes and functions are doing is confusing and it would be helpful if you explained how they function. Thank you for creating this video series.
Corey, your videos are amazing, thank you! im learning flask ASAP to get ready for a job i got called in to interview for that needs me to know flask! THIS IS HELPING LOTS!!
Good luck!
I haven't finished the series yet, but I hope we can get into user accounts vs admin accounts with different permissions, or if you haven't made a video of that yet, it would be amazing if you did!! Everything clicks so easily the way you teach it!! I really enjoy it!! thank you Corey!!
Once in a while you encounter a page, where afer login, you get thrown of the tracks you have been surfing. Seeing how it's implemented under the hood is really fascinating. Thank you, proud supporter.
by far the best flask explanation out there in youtube
just wanna say thank you from Nepal
thank you sir for writing this, i'm followed alone and your tutorial really helped me
From Taiwan
Ive been searching a lot for finding a really helpful education packages to learn the python , thank god one of you videos popped up and yeah im here everyday! as my breakfast im having some Corey !Thank you So much for Making awesome tutorials i got a 10-year Plan, at the end of the plan everyone will meet a new concept of coding, Every time i will Appreciate your helps, i will always be thankful
I bought some python courses on Udemy and some of them were good, others ok. This series is far better than a popular Udemy course on Flask (despite thousands of reviews and 4.7 stars). You should be making more revenue from this - I would suggest mid-roll ads every 15 mins is reasonable (given this content is free) and at the same time users can also take a quick break! Thanks for sharing your knowledge!
best instructor in you tube for python
I love when he says "our server is still running so that's good"
44:44 this is a bit neater and safer
if next_page and not is_safe_url(next_page):
return flask.abort(400)
return redirect(next_page or url_for('home'))
Anyway, Thanks Corey for this excellent content!
successfully completed 6 videos during a day! thanks i have target to complete all in a one day
Why
@@anilms30 rager to learn
Corey, I love the whole series. I also started with Mega Tutorial from Miguel, but that one here from you is much easier to follwo. Excellent work!
Miguel's tutorials are some fantastic work as well. I learned a lot about Flask from him over the years.
If you notice carefully, you see 127.0.0.1:5000/login?next=%2Faccount in the URL when you are not logged in and visit 127.0.0.1:5000/account. The Flask is making a note of where to take the user once login is done.
I originally did using current_user.is_authenticated and was doing manual re-directs. But then saw this and realized why login_required is best to use here.
Corey, you are the best!
4:31 : import Bcrypt
8:17 : user registration
17:35 : custom validation for form fields
20:10 : install flask-login
21:01 : setup flask login
Well, I'm following this course from the first video and it's always amazing and so valuable information. Thx Corey ! You are amazing !
Just for the record, I've been checking the flask documentation on login (flask-login.readthedocs.io/en/latest/#login-example), and noticed this warning :
Warning: You MUST validate the value of the next parameter. If you do not, your application will be vulnerable to open redirects. For an example implementation of is_safe_url see this Flask Snippet.
The link to the "spinnet" is unfortunatly broken and after some research I found this very interesting post on Stackoverflow which gives more information on the issue, and also gives the link to the ressource. I don't understand everything, but I got that this is an important issue (maybe for more experienced users so Corey didn't want to put too much information here). Anyway, it looks like an important security issue, and if someone can give me a feedback on it, it would be very appreciated :) ! I actually have two questions :
- How to implement the "is_safe_url" solution ? I'm new in code and don't really understand it..
- Given this comment on the snippet page : "Please note that redirecting like this is vulnerable to the Open Redirect Vulnerability (homakov.blogspot.com/2014/01/evolution-of-open-redirect-vulnerability.html) due to the way that python's urlparse module parses URLs", which I don't really understand (neither), I was wondering if the "is_safe_url" solution is relevant, and if not, how to face this security issue.
Sorry for the endless comment.. Hope this will be useful for others, and hope someone will come with an answer :) ! One more time, you're a rockstar Corey, great job for these videos !
By the way, the syntax for the last redirect can be "improved" taking example on the documentation page. For this blog, it could be something like this :
return redirect(next_page or url_for('home'))
It looks more simple and clear for me, and we get the same behaviour ;) !
Hi, Victor. Could you please follow up on this and could you link to the Stackoverflow post you were referring too as that blog link is dead.
iam getting an error like "sqlite3.OperationalError: no such table: user"
can someone help me here ??
edit: corrected, add db.create_all() at top of the routes.py file
thank you so much, I had the same problem
Thanks, mate
thanks, I got the same error. but solved
Thanks!!!! I was having the same problem! Thanks a lot!
Was having the same problem, but added 'db.create_all()' to the end of the models.py and worked.
Best Tutorial in youtube, I don't even found this quality full tutorial in Udemy.
This is an awesome tutorial, really clear, well organized, and jargon free!
I don't know why I feel proud when corey's server stops running and mine doesn't
Saw lots of tutorials, this one (as whole) is by far - the best. Thanks a lot Corey. subscribed.
Excellent Python tutorials, one if the best out there by far, great work Corey
Excellent series! Really appreciate your clear, concise, explanations! Keep up the awesome work!
Awesome tutorial. Super. Very detailed explanation and added the new features also. Thank you so much for making the videos on Flask.
COREY I DONT KNOW HOW TO THANK YOU BRO! you make the best python tutorial ever... Thanks so much
this tutorial series about flask is great thank you much. you did a great job here.
Please do a video on cookies and session.. plz plz
This!
45:00 In this case you could just write return redirect(next_page or 'home')
I am using pycharm in following these excellent tutorials. Pycharm was complaining about line 42 in routes.py on the line.
user = User(username=form.username.data, email=form.email.data, password=hashed_pw)
It said that there were unexpected arguments. Yet everything worked fine.
What I figured out was:
1. A class does not require an __init__ method. (The User class in models.py does not contain an __init__ method)
2. If I added an __init__ method to the User class, pycharm stops complaining.
def __init__(self, username, email, password):
self.username = username
self.email = email
self.password = password
I think, I like the change because it makes the code more explicit. I don't like that it adds more code, but I guess you can't have everything.
Thanks for all the great content.
registering gives an error of sqlalchemy.exc.OperationalError
im stuck
if you can help me with this it would be grateful ..
I've just spent about 30 minutes trying to figure out why PyCharm was being grumpy about this. I like the IDE a lot, but it does seem to throw warnings on things which then work perfectly well.
11:42 Oh Corey you have so much faith in us!
🤣
Thanks for this!! Even years after, you are an amazing teacher.
Hi
Very interesting tutorial will use elements of this for my own work. One element which you should consider is a remove function. As a curtesy to the user who has been registered, I believe it is mandatory to have a functionality which removes any personal data from the database if this registered user wants to do so. Using the tools you demonstrated it is quite simple but I feel it is an important message to the viewers of your tutorial, and most likely easy forgotten.
Big up YOU mr. Corey Schafer!!!!!!!!
No comment . Respect man ✊
I swear I learned so much from you more than my 3 years in college
Question:
at 29:03 ,
I've checked and double checked but for some reason, while the page is running, I'm not seeing the error flash for when the provided credentials are bad
@app.route("/login", methods=['GET', 'POST'])
def login():
form = LoginForm()
if form.validate_on_submit():
user = User.query.filter_by(email=form.email.data)
if user and bcrypt.check_password_hash(user.password, form.password.data):
login_user(user, remember=form.remember.data)
return redirect(url_for('index'))
else:
flash('Login Unsuccessful. Please check username and password', 'danger')
return render_template('login.html', title='Login', form=form) # we have access to the form instance we created
result, while credentials are being taken, no flash warning is showing that they're invalid.
any syggestions?
Thanks for the wonderful tutorial! I'm not clear for this lesson, we just add two function "validate_username" and "validate_email" for the RegisterForm class, but we didn't even call the two functions. How it can take effect ?
Thank you so much @Corey Schafer for making such educational, easy to understand and follow videos for all of us. I've been following your channel since 2 years and I've learned a lot from you.
I do have one minor doubt which I couldn't find a solution for anywhere. My alert boxes are not coming in colored style. They're simple plain texts. I looked up bootstrap docs and they're pretty much same to what you've written. It'd be great if anyone can solve this issue as it gives me a little anxiety that my code is not correct :/ :p
Great Video! Having a lot of fun in this series.
the best guide in the internet!
Great tutorial from Corey Schafer, thank's a lot mate.
However, it being a bit outdated concerning the flask_wtf and the audience being beginners, I would encourage people to use the html forms, and use the "request" module from flask.
You guys should switch out to Tech With Tim and his flask serie for the form part, and go back to corey afterwards (cause I believe corey did a better job overall to lead to a solid blog).
+ I believe rewriting code that has been made is dumb, but when it comes to validators I think as a dev you should have a perfect control over it, so it's not that dumb to write your own functions for that and send your own messages.
If anyone is having trouble with flask forms I would love to help in the comments.
Good learning everyone, and thank's again to you corey.
His functions to validate username and email before it hits the server are not working for me. Also I'm confused (more of a general OOP question) how and when do his functions get called? Is it automatically when an instance of a class gets created?
@@ozermfried4836 Hey, it's been a while since i've watched this video, could please quote the timecode like 0:01 of the part that got you confused ?
Cheers.
@@Herzfeld10 its from about 11:00 to 19:00 min.
Later in the day I found an explanation in the comments to my second question by @bugs from 2 years ago.
See my reply to the @hrituja khatavkar from 2 days ago. I was able to work around it.
But would still love to find out what the problem is with the function thats its not working correctly.
Thanks for your time.
What a satisfying episode. Thanks Corey! Your content is superb. By the way, is the Django series in the works? Really looking forward to that.
The Django series is done and was just released. You can find it in the latest videos on my channel.
I also followed -Miguel Grinberg , but your videos are much better for a beginner.
Thanks. I love Miguel's content. I learned a lot about Flask from him. I definitely recommend him to a lot of people, especially when they want a highly detailed lesson that covers more advanced topics.
at 8:40
Remember to register only after you have run db.create_all() once, otherwise the tables defined in your models have not been intialized yet since at this point we have not included that command in the flask app files yet. If db.create_all() hasn't been run before you register and you try to check for the user you just registered you are going to get an error like the following:
Operational error : No such table : user
Thank you
i enjoy your lessons every day!
I have a question, at min 19:10, how are these functions working? We are not even calling them, they are just defined. How is possible that they are working without being called
pd:sorry for my bad english and thanks for your tutorials
The FlaskForm class takes care of all of that backend functionality, and we inherit from that class
Thank for the answer! Can you help me with this question as well?
On min 34:23, where are we passing current_user to the layout.html so it can use it to change the navbars items? We used to pass variables through the render_template function, but now i don't know how it works
Remember that we always extend "layout.html" in our specific templates (i.e. about, home ) to render the rest of the html code. Therefore, when we call the specific template in the routes.py (say home.html) via render_template (i.e. `render_template('home.html', posts=posts)`), then layout.html will also be rendered and can use Jinja syntax to manipulate data (i.e. current_user, etc.).
@@jorjolandes You can also pass variable like that, it's still going to work,. Not sure why though @app.route("/account")
@login_required
def account():
title = 'Account'
return render_template('account.html', title=title, current_user=current_user)
HTML is the same.
Your videos are really good .Best when it comes flask section.Though can I add you a suggestion.It will always be better to summarize the topics within 2min after a long video session
wow! very nicely explained man! Thanks!
The best flask tutorial on the web. Thanks a lot.
I've done a Flask course with a well known python training provider that cost 40-50 dollars, this was much better.
Wow.this is wonderful tutorial and helpful to us
Corey: We don't wanna store passwords as a plain text
Facebook: Hold my beer
I don't get it.
Did Facebook really store passwords in plain text? 😮
Lol
How can I display the user's name next to the logout button when s/he's logged in? I've tried {{ user.username }} in the layout.html, but that doesn't work.
/e: oops it works with {{ current_user.username }}
around 9:18 I checked my database again and see that nothing was added to the database, although the success flash sign still shows up. can someone help me here?
P/s: found out why. My SQLALCHEMY_DATABASE_URI was defaulted to some sqlite memory link because i got a typo in my URI
how did you fix it? I have the same problem where when I tried to print out user nothing shows up
@@lirachel4021 when you type "from flaskblog import db" -> you can try to read all the errors in the cmd. In the cmd error, it tells me that my URI has defaulted to a random link because I got a typo in my SQLALCHEMY_DATABASE_URI link in __init__
Thanks a lot, I had a similar error. I used SQL_ALCHEMY_DATABASE_URI instead of SQLALCHEMY_DATABASE_URI as the key.
Thanks for this course it's very clear and helpful for beginners, as well as to brush up flask skills. Keep posting good content 👌
Really a good explanation it was since 2018 and we are 2022 but it is still a good explanation for Flask!
@Corey! This is very great! Easy to follow and understand. I learned a lot from these videos what I had never used before :)
Validation from the form is soo cool feature.
At 10:41 I wondered why the password wasn't showing. Just figured out it's because of the user class representing a user by only showing username, email and profile picture. Hope to help some folks wondering the same!
These videos are gems.
19:00 I noticed that the validation is case sensitive. Say Example@email.com vs example@email.com vs EXAMPLE@email.com - it allows you to create them all even though they are all the same address. Same problem exists for logging in, I dont think it should care about case for the email.
Since its a database query not sure how to solve this without using .lower() on both the creation and query part, would be nice if people can still use uppercase but not create two usernames with the only difference being a uppercase.
yes you should use lower() in both register and login, dunno why it's not mentioned by Corey
@@marzband Where do you use lower() for this?
Zack Pyle, well you should convert user's email to lowercase right after registration, so you have lowercase email in your database, and also you should lower before user login, so you always compare only lower case strings
@@marzband Thanks. I'll give that a shot tomorrow!
@@marzband That worked. Thank you! I added it when defining user right before session.add and session.commit
40:40 I don't quite get the point of login_view thing when you can do the same with simple if current_user.is_authenticated and put nice looking flash message
According the the Flask-Login documentation "You MUST validate the value of the next parameter. If you do not, your application will be vulnerable to open redirects." It recommends to use 'is_safe_url' after 'next = flask.request.args.get('next')', as follows:
next = flask.request.args.get('next')
if not is_safe_url(next):
return flask.abort(400)
I was wondering why you are not using it?
This is a great video!
POTENTIAL SECURITY ISSUE - when doing the validate_username (or whatever you're tying to validate to protect against duplicates, in my case email address) you should validate against an exact match. For example, someone could register with Corey and corey in your example. For those using email as the username, foo@bar.com would register, but so would Foo@bar.com or fOo@bar.com... This could be a very big security issue... Tricking users, or perhaps signing up with the same email as the 'admin' but changing a letter to be uppercase could result in a password reset.
In forms.py - from sqlalchemy import func.
Change user = User.query.filter_by(email=email.data).first() TO: user=User.query.filter_by(email=func.lower(email.data)).first())
big sauce
@@prodweatherman Yahtzee hot sauce!
i learned python and flask cuz of you
thanks BRO
You deserve a medal
so so happy, please publish more of a python stuff, like commerce games, online accounts etc
Excellent tutorial, thanks!
Hi Corey. I created the validation functions that you created at 14:22. But when I register with the same username and email I'm still getting the same 'Integrity' error that you got at 11:29. I checked everything, the imports (in the correct order), the code..etc. Please do suggest what could be wrong. If anyone else has/had this problem and fixed it, please do help.
I have same issue please help
40:23 Where did the message "Please login to access the page" message come from?
it came from the flask_login, login required import
We can also use dict get function this way,
if form.validate_on_submit():
...
next_page = request.args.get('next', 'home')
return redirect(next_page)
so if next arg doesn't exists it returns home.
I think account route is not required if we have redirect(url_for('login')) in logout route , instead of redirect(url_for("home"))at time 32:48
18:42 why just defining these functions/ methods works, no need to call them ??
45:00 When I try to store request.args.get('next') into "next_page" I get the value of None, which always sends the user back to the home page. It does not appear that the request.args.get('next') statement is catching the url arguments from "localhost:5000/login?next=%2Faccount". Any idea what might be wrong here? I've rewatched a few times, but still receiving the same response.
P.S. Thank you for the tutorials!
I have the same issue
Super late reply, BUT if your form works fine as it seems it does since it takes you the home instead of /account. I had the same issue and I found out that my forms inside the Html were set to a route (login). If you have a linked route to your /login then you should delete it and leave it empty.
In your routes.py you can have something like this:
next_page = request.args.get('next')
return redirect(url_for('account')) if next_page else redirect(url_for('dashboard'))
this was a great series
19:37 When I enter username and email, that have been used before, both errors below username and email input field show the message "That Username is already taken", although the second one obviously should be "email". When I use a different username, but keep the email address, there is no error shown, just a red box around the email input field. This happens both in Chrome and Safari. Triple checked the code already, but can't find a difference in my code. Any idea why this happens?
sameee
at 20:45 why do we pass app as argument to class everytime we create an instance of that class? Like: login_manager = LoginManager(app). Please anwser as soon as possible.
This is a wow video...Thank you so much
This video is so helpful for understanding and implementing session management
so just to clarify w hashed passwords, it basically adds an extra layer of protection bc a hacker who has access to the database would just get a hashed password instead of the actual password...and hackers can even use the check password method you showed on the video, but then that would be an extra step for hackers, and takes more time, so hashing is not entirely safe right?
very good sharing
These videos are so good! Love how Corey explains concepts and builds real-world apps at the same time. I have a question though if anyone's still around to answer (I see most comments are over a year old). I noticed that if the user sets the "next" param to an arbitrary value like "?next=%2Fxyz" and then successfully logs in, the flask app panics and displays a BuildError screen (when run in debug mode). Does anyone know how to handle that gracefully?
if you follow through to the end of the tutorial where he talks about custom error pages, you may be able to set it up such that the user gets directed to a custom error page if arbitrary values are used in the get parameter.
Hello Andrew, the error is because the "next" argument is equal to, "/xyz"(in you example case), but in the url_for() function, we need to provide the function that handles a route, and not the route name, as in, if you want to redirect to "login route", we use url_for("login") and not url_for("/login").
So, since url_for() can't find a function named "/xyz", it is throwing an error. So, a simple solution is to use:
next_page = request.args.get("next")
if next_page:
return redirect(url_for(next_page[1:]))
return redirect(url_for("home"))
See, that I have sliced the first character ("/") from the string.
Hope, you find it useful.
Hey, the ValidationError message is not showing when I'm doing it, it's just highlighting that section. How can I print the message?