Jason F. McBrayer wrote:
> Gábor Farkas <[EMAIL PROTECTED]> writes:
>
>> at the end, i did the followin:
>>
>> - no javascript-visibility tricks
>> - the form's submit buttons are written out using document.write
>> - i added a <noscript> tag to warn the user to enable javascript
>>
>> this way, if javascript is disabled, the user cannot submit the form. he
>> can still see it, but cannot submit (so cannot break anything).
>
> Unless they, say, save it to disk, edit it, reopen it, and submit the
> form. Which would be a perfectly logical thing for a user to do when
> presented with a trivially broken form that they legitimately want to
> submit. I know you know that you can't rely on client-side
> validation, but I just want to say, you _really_ can't rely on
> client-side validation.
>
i am not relying on client-side validation... in fact i am not doing any
(well, a little) validation on the client side.
here's the deal:
django, admin interface.
i wanted to have in the user-manager form a way to do the normal
password-thing (2 password fields, check if they are equal, and so on).
so, i created a page-template, put it to the right place so that it
overrides the django-users-manager template,
and started some javascript hacking :)
i added the password fields to that page, and used javascript to:
-when submitting: check if the 2 passwords are equal, and if they are,
calculate the password-has, set it into the password-hash input-field
(which i made hidden), and allow the form to be submitted. otherwise do
not allow the form to be submitted.
but if the user has javascript disabled, then the password-hash will not
be calculated, the hidden password-field will not be populated, and he
gets an error message which he will not understand because it is about a
form field that is not visible :))
i know that this is a hack, but if you know a cleaner and/or simpler way
to have sane password-handling in the admin-interface, tell me :)
ps: (page-template attached. yes, it's quite ugly :)
ps2: i'm only overriding when the user is not superuser. superusers get
the "standard" user-manager page.
best regards,
gabor farkas
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"Django users" group.
To post to this group, send email to django-users@googlegroups.com
To unsubscribe from this group, send email to [EMAIL PROTECTED]
For more options, visit this group at
http://groups.google.com/group/django-users
-~----------~----~----~----~------~----~------~--~---
