To anyone reading this, I want to say that these tutorials are much much better than any paid content on Udemy, etc. Corey, I cannot thank you enough for all your efforts and patience in creating this amazing content. I am currently unemployed and I'm trying hard to learn full stack dev on Python and upskill myself . I promise I will contribute to your channel the moment I receive my first salary. I mean it. Once again, thank you so so so so much for everything you do Corey. May god bless you.

11:43 Corey: "This is the first time we see an error screen like this" Me:*nervous laughing* "Yeah first time"

@9:55 The 2023_c version is: from import app, db app.app_context().push() from .models import User user = User.query.first()

At around (34:00) or so as you are putting in the logout stuff, you could also use: Logout {{current_user.username}} in the layout.html. This will display the userid you are logged with. When you are testing, it's REALLY nice to know who the heck you are logged in as.

These are excellent videos. Its not a step by step as that would be A-Z with no issues. He brings you through all of the concepts, and shows you why things need to be done a certain way by highlighting errors and sometimes making them on purpose. Great teacher

Corey It was great to meet you at Pycon! I really appreciate how you incorporate important knowledge gems throughout the tutorial so that we understand the reasons behind the steps and potential problems that may be encountered. And yet manage to avoid the clutter. Thanks so much! To show my appreciation, I donated via paypal :)

Whenever I think to write a comment on this. I need to think with what words should I grateful to Corey. All things that you explains are much much cleaner and clear. So happy and thankful to you.

28:01 Just wanted to point out a little shortcut: there is no need to add an "else" statement after hitting a "return" statement inside the previous "if" on line 53. Since the function will return, the rest of it will not be evaluated after that point. This is obviously no big deal, but it is a small detail that's useful especially when trying to maintain the length of the lines under 80 characters since you end up with less indentation! Thank you Corey, I'm learning a lot from this series!

These tutorials are so thorough... Covers so many cases that other tutorials just brush over or simply skip. Thank you SO MUCH!

Corey, your tutorials are gold. I'm having real fun following along and it makes me excited to be programming an actual website. The videos are a constant bombardment of useful information. Good pace, good content, good quality. Thanks for the series on flask!

Outstanding video! Thank you so much! I am a high school senior working on an engineering capstone project. We are making a tool to facilitate people's college applications. Since it uses machine learning, we chose Python over PHP for this task, which makes Flask very useful. Your tutorials on the login system and database have been extremely helpful (I originally did some MySQL queries by hand, but this is much cleaner and easier). Cheers!

I wish I could give thousand likes in this videos, these contents are much better than most of the paid contents available. Thanks a ton Corey for making our lives easier thru these awesome tutorials

thank you so much! I'm 15 and I've been struggling with this thinking it's high end programmer ish...but your explanation helped me a lot❤. Everyone deserves a teacher like you💖God bless u Corey

11:42 "This is the first time we've seen an error like this" that actually made me laugh I've had at least 10 different errors page only in those first 6eps.

Once in a while you encounter a page, where afer login, you get thrown of the tracks you have been surfing. Seeing how it's implemented under the hood is really fascinating. Thank you, proud supporter.

Corey, your videos are amazing, thank you! im learning flask ASAP to get ready for a job i got called in to interview for that needs me to know flask! THIS IS HELPING LOTS!!

Corey..Not sure How much research you have done...Excellent presentation

Ive been searching a lot for finding a really helpful education packages to learn the python , thank god one of you videos popped up and yeah im here everyday! as my breakfast im having some Corey !Thank you So much for Making awesome tutorials i got a 10-year Plan, at the end of the plan everyone will meet a new concept of coding, Every time i will Appreciate your helps, i will always be thankful

I haven't finished the series yet, but I hope we can get into user accounts vs admin accounts with different permissions, or if you haven't made a video of that yet, it would be amazing if you did!! Everything clicks so easily the way you teach it!! I really enjoy it!! thank you Corey!!

There is a ton of information in this one video. I am going to have to watch this one over and over while building a site. Some of the things that these classes and functions are doing is confusing and it would be helpful if you explained how they function. Thank you for creating this video series.

just wanna say thank you from Nepal

I bought some python courses on Udemy and some of them were good, others ok. This series is far better than a popular Udemy course on Flask (despite thousands of reviews and 4.7 stars). You should be making more revenue from this - I would suggest mid-roll ads every 15 mins is reasonable (given this content is free) and at the same time users can also take a quick break! Thanks for sharing your knowledge!

44:44 this is a bit neater and safer if next_page and not is_safe_url(next_page): return flask.abort(400) return redirect(next_page or url_for('home')) Anyway, Thanks Corey for this excellent content!

thank you sir for writing this, i'm followed alone and your tutorial really helped me From Taiwan

Corey, I love the whole series. I also started with Mega Tutorial from Miguel, but that one here from you is much easier to follwo. Excellent work!

successfully completed 6 videos during a day! thanks i have target to complete all in a one day

I love when he says "our server is still running so that's good"

by far the best flask explanation out there in youtube

COREY I DONT KNOW HOW TO THANK YOU BRO! you make the best python tutorial ever... Thanks so much

"Hey there how's it going everybody"

This is an awesome tutorial, really clear, well organized, and jargon free!

Best Tutorial in youtube, I don't even found this quality full tutorial in Udemy.

If you notice carefully, you see 127.0.0.1:5000/login?next=%2Faccount in the URL when you are not logged in and visit 127.0.0.1:5000/account. The Flask is making a note of where to take the user once login is done. I originally did using current_user.is_authenticated and was doing manual re-directs. But then saw this and realized why login_required is best to use here. Corey, you are the best!

I don't know why I feel proud when corey's server stops running and mine doesn't

14:10 More information about validate class functions can be found here: stackoverflow.com/questions/54582898/flaskform-validation-code-checking-if-a-user-already-exists-or-not

Saw lots of tutorials, this one (as whole) is by far - the best. Thanks a lot Corey. subscribed.

this tutorial series about flask is great thank you much. you did a great job here.

Well, I'm following this course from the first video and it's always amazing and so valuable information. Thx Corey ! You are amazing ! Just for the record, I've been checking the flask documentation on login (flask-login.readthedocs.io/en/latest/#login-example), and noticed this warning : Warning: You MUST validate the value of the next parameter. If you do not, your application will be vulnerable to open redirects. For an example implementation of is_safe_url see this Flask Snippet. The link to the "spinnet" is unfortunatly broken and after some research I found this very interesting post on Stackoverflow which gives more information on the issue, and also gives the link to the ressource. I don't understand everything, but I got that this is an important issue (maybe for more experienced users so Corey didn't want to put too much information here). Anyway, it looks like an important security issue, and if someone can give me a feedback on it, it would be very appreciated :) ! I actually have two questions : - How to implement the "is_safe_url" solution ? I'm new in code and don't really understand it.. - Given this comment on the snippet page : "Please note that redirecting like this is vulnerable to the Open Redirect Vulnerability (homakov.blogspot.com/2014/01/evolution-of-open-redirect-vulnerability.html) due to the way that python's urlparse module parses URLs", which I don't really understand (neither), I was wondering if the "is_safe_url" solution is relevant, and if not, how to face this security issue. Sorry for the endless comment.. Hope this will be useful for others, and hope someone will come with an answer :) ! One more time, you're a rockstar Corey, great job for these videos !

Excellent series! Really appreciate your clear, concise, explanations! Keep up the awesome work!

best instructor in you tube for python

Awesome tutorial. Super. Very detailed explanation and added the new features also. Thank you so much for making the videos on Flask.

I swear I learned so much from you more than my 3 years in college

I am using pycharm in following these excellent tutorials. Pycharm was complaining about line 42 in routes.py on the line. user = User(username=form.username.data, email=form.email.data, password=hashed_pw) It said that there were unexpected arguments. Yet everything worked fine. What I figured out was: 1. A class does not require an __init__ method. (The User class in models.py does not contain an __init__ method) 2. If I added an __init__ method to the User class, pycharm stops complaining. def __init__(self, username, email, password): self.username = username self.email = email self.password = password I think, I like the change because it makes the code more explicit. I don't like that it adds more code, but I guess you can't have everything. Thanks for all the great content.

11:42 Oh Corey you have so much faith in us!

Excellent Python tutorials, one if the best out there by far, great work Corey

Thank you so much @Corey Schafer for making such educational, easy to understand and follow videos for all of us. I've been following your channel since 2 years and I've learned a lot from you. I do have one minor doubt which I couldn't find a solution for anywhere. My alert boxes are not coming in colored style. They're simple plain texts. I looked up bootstrap docs and they're pretty much same to what you've written. It'd be great if anyone can solve this issue as it gives me a little anxiety that my code is not correct :/ :p

Thanks for this!! Even years after, you are an amazing teacher.

Really a good explanation it was since 2018 and we are 2022 but it is still a good explanation for Flask!

Hi Very interesting tutorial will use elements of this for my own work. One element which you should consider is a remove function. As a curtesy to the user who has been registered, I believe it is mandatory to have a functionality which removes any personal data from the database if this registered user wants to do so. Using the tools you demonstrated it is quite simple but I feel it is an important message to the viewers of your tutorial, and most likely easy forgotten.

I also followed -Miguel Grinberg , but your videos are much better for a beginner.

4:31 : import Bcrypt 8:17 : user registration 17:35 : custom validation for form fields 20:10 : install flask-login 21:01 : setup flask login

45:00 In this case you could just write return redirect(next_page or 'home')

Validation from the form is soo cool feature.

i learned python and flask cuz of you thanks BRO

I've done a Flask course with a well known python training provider that cost 40-50 dollars, this was much better.

Thanks for this course it's very clear and helpful for beginners, as well as to brush up flask skills. Keep posting good content 👌

Great Video! Having a lot of fun in this series.

What a satisfying episode. Thanks Corey! Your content is superb. By the way, is the Django series in the works? Really looking forward to that.

@Corey! This is very great! Easy to follow and understand. I learned a lot from these videos what I had never used before :)

Wow.this is wonderful tutorial and helpful to us

Great tutorial from Corey Schafer, thank's a lot mate. However, it being a bit outdated concerning the flask_wtf and the audience being beginners, I would encourage people to use the html forms, and use the "request" module from flask. You guys should switch out to Tech With Tim and his flask serie for the form part, and go back to corey afterwards (cause I believe corey did a better job overall to lead to a solid blog). + I believe rewriting code that has been made is dumb, but when it comes to validators I think as a dev you should have a perfect control over it, so it's not that dumb to write your own functions for that and send your own messages. If anyone is having trouble with flask forms I would love to help in the comments. Good learning everyone, and thank's again to you corey.

wow! very nicely explained man! Thanks!

Your videos are really good .Best when it comes flask section.Though can I add you a suggestion.It will always be better to summarize the topics within 2min after a long video session

i enjoy your lessons every day!

Please do a video on cookies and session.. plz plz

We can also use dict get function this way, if form.validate_on_submit(): ... next_page = request.args.get('next', 'home') return redirect(next_page) so if next arg doesn't exists it returns home.

Big up YOU mr. Corey Schafer!!!!!!!!

The best flask tutorial on the web. Thanks a lot.

No comment . Respect man ✊

so so happy, please publish more of a python stuff, like commerce games, online accounts etc

Corey: We don't wanna store passwords as a plain text Facebook: Hold my beer

the best guide in the internet!

This video is so helpful for understanding and implementing session management

At 10:41 I wondered why the password wasn't showing. Just figured out it's because of the user class representing a user by only showing username, email and profile picture. Hope to help some folks wondering the same!

This is a great video! POTENTIAL SECURITY ISSUE - when doing the validate_username (or whatever you're tying to validate to protect against duplicates, in my case email address) you should validate against an exact match. For example, someone could register with Corey and corey in your example. For those using email as the username, foo@bar.com would register, but so would Foo@bar.com or fOo@bar.com... This could be a very big security issue... Tricking users, or perhaps signing up with the same email as the 'admin' but changing a letter to be uppercase could result in a password reset. In forms.py - from sqlalchemy import func. Change user = User.query.filter_by(email=email.data).first() TO: user=User.query.filter_by(email=func.lower(email.data)).first())

Didnt know there was a turnarary in python, thanks Corey.

very good sharing

very in-depth tutorial. i can't thank you enough!!!!!!!

Thanks again!! And a heads up to anyone extending this to admin functionality using login_managers @fresh_login_required decorator. If you have a redirect to home for people that are already logged in then if you decorate a route with @fresh_login_required and redirect the user to the login page, because they are already logged in they will be redirected to the home page etc. Caught me out for at least half an hour 🙄

This is a wow video...Thank you so much

Thanks for the wonderful tutorial! I'm not clear for this lesson, we just add two function "validate_username" and "validate_email" for the RegisterForm class, but we didn't even call the two functions. How it can take effect ?

iam getting an error like "sqlite3.OperationalError: no such table: user" can someone help me here ?? edit: corrected, add db.create_all() at top of the routes.py file

at 8:40 Remember to register only after you have run db.create_all() once, otherwise the tables defined in your models have not been intialized yet since at this point we have not included that command in the flask app files yet. If db.create_all() hasn't been run before you register and you try to check for the user you just registered you are going to get an error like the following: Operational error : No such table : user

cleaning screen - you do that in each video but I don't know how. The tip is appreciated. :)

Excellent tutorial, thanks!

These videos are gems.

at this point I'm learning so much that I'm starting to feel guilty not being a Patreon supporter

You deserve a medal

this part 6 packs a bunch for a tutorial, very tough to take it in the first time but 'fake it till we make it' i guess

These videos are so good! Love how Corey explains concepts and builds real-world apps at the same time. I have a question though if anyone's still around to answer (I see most comments are over a year old). I noticed that if the user sets the "next" param to an arbitrary value like "?next=%2Fxyz" and then successfully logs in, the flask app panics and displays a BuildError screen (when run in debug mode). Does anyone know how to handle that gracefully?

Question: at 29:03 , I've checked and double checked but for some reason, while the page is running, I'm not seeing the error flash for when the provided credentials are bad @app.route("/login", methods=['GET', 'POST']) def login(): form = LoginForm() if form.validate_on_submit(): user = User.query.filter_by(email=form.email.data) if user and bcrypt.check_password_hash(user.password, form.password.data): login_user(user, remember=form.remember.data) return redirect(url_for('index')) else: flash('Login Unsuccessful. Please check username and password', 'danger') return render_template('login.html', title='Login', form=form) # we have access to the form instance we created result, while credentials are being taken, no flash warning is showing that they're invalid. any syggestions?

According the the Flask-Login documentation "You MUST validate the value of the next parameter. If you do not, your application will be vulnerable to open redirects." It recommends to use 'is_safe_url' after 'next = flask.request.args.get('next')', as follows: next = flask.request.args.get('next') if not is_safe_url(next): return flask.abort(400) I was wondering why you are not using it?

Good job, your explainations are excellent.

i love you man tnx for the easy to understand explaination

this was a great series

You can also pass in the current_user as an argument to the render_template for each route, then in the layout.html put in a conditional to check if a user is authenticated, if not then show the login and register links, else hide them. Ow you are doing so now, I was too early.

thank you sir

Just one Problem : i did. Fallow ur series , I understand 1000% everything, I did even Code it. 2 times besides -> without ur tutorial I m lost 😞 , can’t do something by my self

so just to clarify w hashed passwords, it basically adds an extra layer of protection bc a hacker who has access to the database would just get a hashed password instead of the actual password...and hackers can even use the check password method you showed on the video, but then that would be an extra step for hackers, and takes more time, so hashing is not entirely safe right?

40:40 I don't quite get the point of login_view thing when you can do the same with simple if current_user.is_authenticated and put nice looking flash message