0

I have this app and its working but i'm confused whether to use form method or POST.get method. with form i'm getting so many challenges like rendering form on custom html

suppose i have this change password screen, for that i need to create form then use this on html template and with custom html it gets more complicated to use form fields.

forms.py:

class ChangePasswordForm(PasswordChangeForm):
    old_password = forms.CharField(label="Old Password", strip=False, widget=forms.PasswordInput(
    attrs={'class': 'formField password-genrInput'}))
    new_password1 = forms.CharField(label="New Password", strip=False, widget=forms.PasswordInput(
    attrs={'class': 'formField password-genrInput'}))
    new_password2 = forms.CharField(label="Confirm Password", strip=False, widget=forms.PasswordInput(
    attrs={'class': 'formField password-genrInput'}))

    class Meta:
        model = User
        fields = ('old_password', 'new_password1', 'new_password2')

views.py:

# Password Change View
def changePassword(request):
    if request.method == 'POST':
        form = ChangePasswordForm(request.user, request.POST)
        print(form)
        if form.is_valid():
            print("form valid")
            user = form.save()
            update_session_auth_hash(request, user)
            messages.success(request, "Password Changed Successfully")
            return redirect('changePassword')
        else:
            messages.error(request, "Something Went Wrong, Please Try Again ")
            return redirect('changePassword')

    else:
        form = ChangePasswordForm(request.user)
    return render(request, 'admin/user_auth/change_password.html', {
        'form': form
    })

html:

    {% extends "admin/layouts/default.html" %}
{% load static %}
{% block content%}
           <div class="row">
               <div class="col">
                   <div class="titleBlock">
                    <a href="{{request.META.HTTP_REFERER|escape}}"><h1><i class="fas fa-chevron-circle-left mr-3"></i>Back</h1></a>
                </div>
                    <div class="card">
                        {% if messages %}
<ul class="messages">
    {% for message in messages %}
    <li  {% if message.tags %} class=" {{ message.tags }} " {% endif %}> {{ message }} </li>
    {% endfor %}
</ul>
{% endif %}

                        <form method="post">
                            {% csrf_token %}

                            <div class="formBlock">
                            <div class="row password-genr mt-5">
                                {% for field in form %}
                                
                                <div class="col-md-7">
                                    <div class="formControl static ">
                                        <label for="" class="formLabel">{{field.label}}</label>
                                        {{field}}
                                    </div>
                                </div>    
                               
                               {%endfor%}
                                <div class="col-md-7">
                                    <div class="btnBlock  mt-5">
                                        <button type="submit"  class="btn btn-md">Save</button>
                                    </div>
                                </div>
                            </div>
                        </div>
                    </form>
                    </div>
                </div>
            </div>


            {%endblock content%}

but with simple method i would have checked first if new password and confirm password are matching then

old_password = request.POST.get('old_password')
new_password = request.POST.get('new_password')

check the old password are matching with db then save the new password on db.

so which method should i use and why?

Improve this question

1 Answer 1

Reset to default
3

TO do This you can do something like this.

from django.contrib.auth.hashers import check_password
current_password = request.user.password
old_password = request.POST.get('old_password')
matchcheck= check_password(old_password, current_password) #this returns True or False
if matchcheck:
    #change your password
else:
    #tell the user the password is wrong.

The method above is useful by example if a user wants to delete his account to do so you can use the idea to check whether he knows his password or not ,if he knows it then he can delete his account.
And if you do not want to implement it by yourself you can use the built-in in Django(i really recommend this method for changing password because it well done and less headache).
Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.