diff --git a/templates/base.html b/templates/base.html
index 05a0c58436010ae579663265fbe3bb2271de8088..d34e131f7bed438d0494b269a079ddcb39c25aed 100644
--- a/templates/base.html
+++ b/templates/base.html
@@ -17,15 +17,16 @@
}
</style>
<link rel="icon" type="image/x-icon" href="{% static 'images/favicon.ico' %}">
+ <script src="https://cdnjs.cloudflare.com/ajax/libs/dompurify/3.0.9/purify.min.js"></script>
</head>
<body>
{% include 'components/navbar.html' %}
- <div class="container mx-auto pt-32 min-h-screen flex flex-col justify-between">
+ <div class="pt-32 min-h-screen flex flex-col justify-between w-full">
{% block content %}
{% endblock %}
- <footer class="bg-gray-100 text-center py-3 mt-4">
+ <footer class="bg-gray-100 text-center py-3 mt-4 w-full">
<p>© 2025 Andrew Devito Aryo - 2306152494</p>
</footer>
</div>
diff --git a/user/models.py b/user/models.py
index f955b1803536ca4e9f9b990e84e5a26b15242352..b0cbf0d5aa82a9aed8d167bde56cd80a6b54261a 100644
--- a/user/models.py
+++ b/user/models.py
@@ -5,6 +5,16 @@ from django.utils import timezone
from django.core.exceptions import ValidationError
class ExtendedUser(AbstractUser):
+
+ def clean_tanggal_lahir(value):
+ age = (timezone.now().date() - value).days / 365.25
+ print(age)
+ if age < 12:
+ print('Usia pengguna minimal 12 tahun.')
+ raise ValidationError('Usia pengguna minimal 12 tahun.')
+
+
+
enum_kategori = {
'Elektronik': 'Elektronik',
'Fashion': 'Fashion',
@@ -37,7 +47,8 @@ class ExtendedUser(AbstractUser):
RegexValidator(
regex=r'^\d{4}-\d{2}-\d{2}$',
message='Tanggal lahir harus dalam format YYYY-MM-DD.'
- )
+ ),
+ clean_tanggal_lahir
]
)
nomor_hp = models.CharField(
@@ -46,7 +57,7 @@ class ExtendedUser(AbstractUser):
RegexValidator(
regex=r'^62\d{6,13}$',
message='Nomor HP harus dalam format (kode negara - nomor telepon) dengan panjang minimal 8 dan maksimal 15. Contoh: 62123456, bukan +62123456 dan 62-12345.'
- )
+ ),
]
)
email = models.CharField(
@@ -63,7 +74,15 @@ class ExtendedUser(AbstractUser):
MaxLengthValidator(1000)
]
)
- id_penjual = models.IntegerField()
+ id_penjual = models.CharField(
+ max_length=10,
+ validators=[
+ RegexValidator(
+ regex=r'^S-\d{8}$',
+ message='ID Penjual harus diawali dengan "S-" diikuti oleh 8 angka.'
+ )
+ ]
+ )
kategori_produk = models.CharField(
max_length=50,
choices=[(tag, tag) for tag in enum_kategori.keys()]
@@ -79,11 +98,3 @@ class ExtendedUser(AbstractUser):
related_name="extendeduser_permissions", # Custom related_name
blank=True
)
-
- def clean(self):
- super().clean()
- if self.tanggal_lahir:
- age = (timezone.now().date() - self.tanggal_lahir).days / 365.25
- if age < 12:
- raise ValidationError('Usia pengguna minimal 12 tahun.')
-
diff --git a/user/templates/login.html b/user/templates/login.html
index 81fa9c3714916a9010503f60b30bf13453c564c1..a6e83bae71256697b97399a97aa8c1578d673988 100644
--- a/user/templates/login.html
+++ b/user/templates/login.html
@@ -16,7 +16,23 @@
{% endfor %}
{% endif %}
+ <a href="/user/register"><p class="text-xs text-blue-700 mt-2">Don't have an account? Register here</p></a>
+
{% include 'components/button.html' with text='Login' type='submit' %}
</form>
</div>
+ <script>
+ document.addEventListener('DOMContentLoaded', function () {
+ const form = document.querySelector('form')
+
+ form.addEventListener('submit', function (event) {
+ // Select all input fields
+ const inputs = form.querySelectorAll('input, textarea, select')
+
+ inputs.forEach((input) => {
+ input.value = DOMPurify.sanitize(input.value) // Clean input before sending
+ })
+ })
+ })
+ </script>
{% endblock %}
diff --git a/user/templates/register.html b/user/templates/register.html
index c06d44c828565b12bf3f2daa3c50a4b01931e4af..d7fc24010a4deefee6ce541988790e8b8606600b 100644
--- a/user/templates/register.html
+++ b/user/templates/register.html
@@ -32,12 +32,23 @@
</div>
{% endfor %}
- {% comment %} Map Messages {% endcomment %}
- {% for message in messages %}
- {{message}}
- {% endfor %}
+ <a href="/user/login"><p class="text-xs text-blue-700 mt-2">Already have an account? Login here</p></a>
{% include 'components/button.html' with type='submit' text='Register' %}
</form>
</div>
+ <script>
+ document.addEventListener('DOMContentLoaded', function () {
+ const form = document.querySelector('form')
+
+ form.addEventListener('submit', function (event) {
+ // Select all input fields
+ const inputs = form.querySelectorAll('input, textarea, select')
+
+ inputs.forEach((input) => {
+ input.value = DOMPurify.sanitize(input.value) // Clean input before sending
+ })
+ })
+ })
+ </script>
{% endblock %}
diff --git a/user/views.py b/user/views.py
index 7134cb47d3bcad5ecae0e498c50dc33fe2eeaeb9..d8a5728f46bd0d84add3269d2f95ed7e75d0059c 100644
--- a/user/views.py
+++ b/user/views.py
@@ -38,6 +38,7 @@ def register_view(request):
if form.is_valid() :
print(form.cleaned_data)
form.save()
+ request.session.flush()
messages.success(request, "Account created successfully. Please log in.")
return redirect("login") # Redirect to login page
else: