It seems that you are missing the escaping/converting of the got(ten) values. Don't you need something like manipulator.do_html2python(new_data) before saving the user? I think there is a risk of SQL injection[1] in your example.
[1] http://en.wikipedia.org/wiki/Sql_injection Aidas Bendoraitis [aka Archatas] On 7/17/06, patrickk <[EMAIL PROTECTED]> wrote: > > here´s the registration I´ve come up with. I´m using a Custom > Manipulator, because I´ve added some fields to the User Model and > need specific validation. I´ve also added a confirmation mail: > > def registration(request): > > manipulator = RegistrationManipulator() > > if request.POST: > new_data = request.POST.copy() > errors = manipulator.get_validation_errors(new_data) > if not errors: > > ### Send MAIL > date= new_data['date_joined_date'] + " " + > new_data['date_joined_time'] > confirmhash = set_hash(new_data['password'], > date) > link = "http://mysite.com/confirm/?"; + > confirmhash > content = "something in here" + link > toMail = new_data['email'] > send_mail('[mysite.com] Registration: > confirm', content, '[EMAIL PROTECTED]', [toMail], fail_silently=False) > > ### SAVE USER > pw_hash = set_password(new_data['password']) > user = User.objects.create_user(new_data > ['username'], new_data['email'], pw_hash) > user.save() > return HttpResponseRedirect("/") > > else: > errors = new_data = {} > > ... > > > Am 17.07.2006 um 13:35 schrieb Aidas Bendoraitis: > > > > > A few weeks ago I browsed through Django core code to get a basic > > understanding how to create a user registration or any other form > > using generic manipulators and how to fill in some values (such as > > last_login) behind the scene. > > > > I was following the guidelines about manipulators at: > > http://www.djangoproject.com/documentation/forms/ > > > > To create a user you should do something like that: > > > > def add_profile(request): > > from datetime import datetime > > user_manipulator = User.AddManipulator() > > > > if request.POST: > > new_user_data = request.POST.copy() > > > > # fields that have to be left unmodified > > #new_user_data['username'] = user.username > > new_user_data['password'] = new_password_data['new_password'] > > now = datetime.now() > > new_user_data['date_joined_date'] = now.strftime("%Y-%m-%d") > > new_user_data['date_joined_time'] = now.strftime("%H:%M:%S") > > new_user_data['last_login_date'] = "1900-01-01" > > new_user_data['last_login_time'] = "00:00:00" > > new_user_data['is_active'] = 'on' > > new_user_data['is_superuser'] = 'off' > > new_user_data['is_staff'] = 'off' > > user_errors = user_manipulator.get_validation_errors > > (new_user_data) > > if not user_errors: > > user_manipulator.do_html2python(new_user_data) > > user = user_manipulator.save(new_user_data) > > #user = User.objects.create_user( > > # new_user_data['username'], > > # new_user_data['email'], > > # new_user_data['password'] > > #) > > user.set_password(new_user_data['password']) > > user.save() > > ... > > > > I hope this will help you. And if somebody has a better solution how > > to manage filling fields with values automagically, please share that > > wwith everybody. > > > > Good luck! > > Aidas Bendoraitis [aka Archatas] > > > > > > On 7/16/06, patrickk <[EMAIL PROTECTED]> wrote: > >> > >> nice. didn´t see that. > >> > >> Am 15.07.2006 um 18:29 schrieb [EMAIL PROTECTED]: > >> > >>> > >>> There is: > >>> http://code.djangoproject.com/wiki/FormField > >>> > >>> Chris > >>> > >>> > >>>> > >> > >> > >>> > >> > > > > > > > > > > --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Django users" group. To post to this group, send email to django-users@googlegroups.com To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/django-users -~----------~----~----~----~------~----~------~--~---
