Hi Anthony,
Thanks for helping me solve this problem!
OK, the problem is that you generate the password twice -- once when
> creating the form and again when processing it.
I don't understand why I generate the password twice, I thought, this line
generates the password:
password=generate_password(name,now)
this line creates the form:
form=SQLFORM.factory(db.auth_user,ignore_rw=True,submit_button='Register',separator='',formstyle='bootstrap')
however, it generates the password and creates the form.
and this line processes the form:
if form.process(keepvalues=False).accepted:
but it generates the password and processes the form. Is that what you mean?
> Because you actually include the password field in the form (as readonly)
By setting ignore_rw, prepopulating it (form.vars.password=password) and
setting form.element('#no_table_password')['_readonly']=True?
the original password gets submitted with the form and inserted in the
> database.
The one that prepopulates the field, is inserted here:
db.auth_user.insert(**db.auth_user._filter_fields(form.vars))?
> However, the password that gets sent in the email is the one generated the
> second time (so, not the one that gets inserted).
Does that mean this line of code:
password=generate_password(name,now)
is being executed again, when I submit the form? I thought that when I
submit the form the function would execute from:
if form.process(keepvalues=False).accepted:
and that only the code after this line was being evaluated. But the form
isn't being re-pre-populated?
> Instead, you can do something like:
>
> password = request.post_vars.password or generate_password(name, now)
>
>
I'll give it a try!
Also, note that by including the password field in the form and simply
> making it readonly, someone can still submit a post request with their own
> custom password. If you don't want to allow that, you might instead
> consider excluding the password field altogether, and instead do something
> like:
>
> if request.post_vars: # indicates a form submission
> db.auth_user.password.default = generate_password(name, now)
> ...
> context = dict(..., password=db.auth_user.password.default)
>
>
The only one who has access to this function is the user with membership
'admin', and that's only me, hence the ignore_rw.
However, I'll take your advise, because in the future I probably won't be
the only admin, does # indicates a form submission mean
that if request.post_vars comes after if
form.process(keepvalues=False).accepted: but before:
db.auth_user.insert(**db.auth_user._filter_fields(form.vars))
Best regards,
Annet
--
---
You received this message because you are subscribed to the Google Groups
"web2py-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
For more options, visit https://groups.google.com/groups/opt_out.
