Skip to content

Denarzai/Manzil.pk

Repository files navigation

MANZIL – Digital Real Estate Platform

Project Overview

MANZIL is a web-based platform for buying, selling, and renting properties. Users can browse listings, filter searches by location, price, and type, view detailed property pages with images, and communicate with sellers or agents.

Screenshots

Home Search & Filters Property Detail
Home Filters Detail

Features

  • User authentication (register, login, logout)
  • Create, edit, and remove property listings with images
  • Search and filtering by multiple criteria
  • Messaging / contact between users and listers
  • Admin views for managing listings and users
  • Responsive UI for desktop and mobile

Tech Stack

  • Backend: Flask, SQLAlchemy
  • Frontend: HTML, CSS, JavaScript
  • Database: SQLite (default)

Dependencies

The application uses the exact packages listed in requirements.txt.

  • blinker==1.9.0
  • click==8.3.0
  • colorama==0.4.6
  • Flask==3.1.2
  • Flask-Login==0.6.3
  • Flask-SQLAlchemy==3.1.1
  • Flask-Migrate (database migrations; installs Alembic)
  • greenlet==3.2.4
  • itsdangerous==2.2.0
  • Jinja2==3.1.6
  • MarkupSafe==3.0.3
  • passlib==1.7.4
  • SQLAlchemy==2.0.44
  • typing_extensions==4.15.0
  • Werkzeug==3.1.3

Install with:

python -m venv venv
# macOS / Linux
source venv/bin/activate
# Windows (PowerShell)
venv\Scripts\Activate.ps1
pip install -r requirements.txt

Configuration

  • The repository includes an instance/ folder for local configuration. Create or update instance/config.py (or set environment variables) to provide secrets and database URLs.
  • The session secret key is read from the SECRET_KEY environment variable, with a development-only fallback. Set a real value in production:
$env:SECRET_KEY = "a-long-random-string"

Note on git history: the initial commit contained a hardcoded placeholder secret key. It was never used in any deployment and is treated as rotated — since the hardening pass, the application only trusts the SECRET_KEY environment variable, and the in-code fallback is a non-secret development placeholder.

  • Typical environment variables used by the app:
    • FLASK_APP=app.py
    • FLASK_ENV=development (for local development)
    • DATABASE_URL (optional; defaults to SQLite if unset)

On Windows PowerShell:

$env:FLASK_APP = "app.py"
$env:FLASK_ENV = "development"
flask run

Database & Migrations

  • This repo includes a migrations/ folder (Alembic). If you need to run or update migrations, install Alembic and run:
pip install alembic
alembic upgrade head

If you prefer Flask-Migrate workflows, you can adapt the migration steps accordingly.

Running the App

  1. Activate your virtual environment
  2. Install dependencies (pip install -r requirements.txt)
  3. Set environment variables (see Configuration)
  4. Initialize or migrate the database if needed
  5. Start the server: flask run

Access the app at: http://127.0.0.1:5000

Team & Credits

This project was developed by a 3-person team as part of a Software Engineering university course.

Team Responsibilities

Sameer Ahmed (Team Lead)

  • Designed overall system architecture
  • Implemented backend using Flask
  • Developed authentication system (Flask-Login)
  • Set up database models and relationships (SQLAlchemy)
  • Managed project structure and integration
  • Coordinated tasks and ensured feature completion

Muhammad Subhan

  • Built the property listing, property detail, add/edit property, favorites, and messaging thread pages
  • Implemented the search and filter UI with multi-criteria inputs (location, price range, property type)
  • Applied responsive CSS layout and styling across all frontend pages
  • Led a post-submission security and hardening pass: added input validation on registration and numeric form fields, restricted image upload types with timestamped filenames, moved the session secret key to an environment variable, enforced suspended-account blocking at login, and fixed the missing Flask-Migrate dependency

Affaf Shahid

  • Assisted in frontend and testing
  • Helped with UI improvements and bug fixes
  • Supported documentation and project refinement

Recent Fixes

A bug-fixing and security-hardening pass after the course submission:

  • Registration now validates empty fields and duplicate usernames instead of crashing with a database IntegrityError
  • Session secret key moved from a hardcoded string to the SECRET_KEY environment variable
  • Property image uploads restricted to image file types, with timestamped filenames to prevent two uploads with the same name overwriting each other
  • Numeric form fields (price, area, bedrooms, bathrooms) no longer crash the server when left empty
  • Message attachment uploads no longer fail when the browser omits the Content-Length header
  • Suspended accounts are now actually blocked at login
  • Flask-Migrate added to requirements.txt (it was imported by the app but missing from the file, so fresh installs failed)

Contributing

Contributions are welcome. Typical workflow:

  1. Fork the repository
  2. Create a feature branch: git checkout -b feature-name
  3. Commit changes: git commit -m "Add feature"
  4. Push and open a pull request

About

A full-stack web platform for buying, selling, and renting properties — built with Flask, SQLAlchemy, and vanilla JS. Features listings, search/filter, messaging, and admin management.

Topics

Resources

License

Code of conduct

Contributing

Security policy

Stars

Watchers

Forks

Packages

 
 
 

Contributors