0

I try to make a web service that is to the login of a user. I want the web pages are dynamic, so I work with javascript jquery html and the problem if I filled username and password in the correct values then passing to another

127.0.0.1 - - [12/Apr/2015 08:54:42] "GET /login HTTP/1.1" 200 -

127.0.0.1 - - [12/Apr/2015 08:54:51] "POST /login HTTP/1.1" 405 -

this /loginuser

@APP.route('/loginuser', methods=['POST'])
def login():

    error = None
    con = mdb.connect('localhost','testuser', 'test623', 'test') 
    cur = con.cursor()
    cur.execute("SELECT * FROM ADMIN")
    rows = cur.fetchall()
    login=False
    for row in rows:
             if request.form['username'] == row[0] and  request.form['password'] == row[1]:
                login=True
                print request.form['username']
                print request.form['password']
           
    
    if login ==False:
             error = 'Invalid Credentials. Please try again.'
             response.result == error
    else:
             
             response.result == "success"
    con.close

and this /login

@APP.route('/login')
def login1():

      return render_template('login1.html')

script.js

function loginAndRedirect (){
	var user = $('#txtUsername').val();
	var pass = $('#txtPassword').val();
	$.ajax({
		url: '/loginuser',
		data: $('form').serialize(),
		type: 'POST',
		dataType: 'json',
		success: function(response){

			if (response.result == "success") {
				alert("You have been logged in!");
				window.location.href="hello.html";
			} else {
				alert(result.details);          
			}
		},
		error: function(error){
			console.log(error);
		}
	});	
}

and login:

<!DOCTYPE html>
<!--[if (gte IE 9)|!(IE)]><!--> <html lang="en"> <!--<![endif]-->
<head>
<meta charset="utf-8">
<title>MONOTORING_LAN</title>
<link href="static/css/style.css" rel="stylesheet">
<script src="static/js/jquery-1.9.0.js"></script>
<script src="static/js/script.js"></script>
 
</head>
<body>
<div class="container">
	<section id="content">
		<form method="POST" class="form-signin" role="form">
			<h1>Login Form</h1>
			<div> 
                             
				<input type="text" id="txtUsername" placeholder="Username" name="username"  required autofocus>
                                <input type="password" id="txtPassword" placeholder="Password" name="password" required autofocus>
                               <input class="btn btn-default" id = "submitButton" type="submit" value="Login">
  
                      </div>
		</form><!-- form -->
		{% if error %}
                    <p class="error"><strong>Error:</strong> {{ error }}
                {% endif %}
	</section><!-- content -->

</div><!-- container -->
</body>
 <script src="static/js/script.js>
      $(".form-signin").on("submit", function(e) {
       e.preventDefault();
        loginAndRedirect();});
 </script>
</html>

Improve this question
1
  • 1
    Can you show the /loginuser and /login handlers and how you are invoking them that results in the exception? Commented Apr 11, 2015 at 14:19

2 Answers 2

Reset to default
1

The issue is that you never actually hook your script up to the form's submit event, and so the form is submitted by the browser. However, since you don't specify an action attribute, so the form submits itself to the URL it's currently on (/login) resulting in the 405 you are seeing now. Hook up your loginAndRedirect to the form's submit event, and you will no longer POST to the /login endpoint:

<script>
$(".form-signin").on("submit", function(e) {
  e.preventDefault();
  loginAndRedirect();
});
</script>

Some tips:

  • Add an action pointing at the /loginAndRedirect endpoint so even if your JavaScript fails the user can still log in (unless you are planning on building a Single-Page App)
  • Rather than looking up all of the users and walking through them in the application, add a WHERE clause to your SQL lookup and look the user up by username and password. Don't concatenate the user-provided values with your SQL, but instead use a parameterized query.
  • You need to return a response, not assign to the response object (Flask doesn't provide one, so it's something local to your project).
Improve this answer
Sign up to request clarification or add additional context in comments.

2 Comments

thank you sir I am sorry for the inconvenience, I am a beginner in jquery, could you still explain more the script or I have to put in the html page right? and for the points you have me speak especially the last item I did not quite understand @Sean Vieira
Yes, put the script just before the </body> tag and it will work. As for the need for return in your Flask method for /loginAndRedirect - Flask will throw an error if you don't return some_response to the client.
0

There are few problems seen by me in your login() function:

  1. you don't return the response object, and where did you get it from anyway?

  2. con.close should be con.close(), but I supose you should close cursor too:

    cur.close()
con.close()
Improve this answer

2 Comments

For response I will use in script.js for return the page hello.htm if (response.result == "success") { alert("You have been logged in!"); window.location.href="hello.html"; } else { alert(result.details); }
I change like you said but the same result :( The method is not allowed for the requested URL.

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.