[web2py] Re: Modifying web2py JS files -- best practices?

[Massimo Di Pierro]

Why do you need to change web2py.js? I have nothing against. I just would 
like to understand if there is something we can do to make it more general.

On Thursday, 6 August 2015 00:41:12 UTC-5, Joe Barnhart wrote:
>
> It seems more and more clear I'm going to be making changes to the 
> included web2py.js file.  I'm worried about keeping current when new 
> versions of web2py come out if I've mucked a lot with this javascript file.
>
> So what does everyone else do?  How do we customize the platform and still 
> keep current with its evolution?  Is there an accepted "best practice" in 
> this area?
>
> -- Joe
>
>

-- 
Resources:
- http://web2py.com
- http://web2py.com/book (Documentation)
- http://github.com/web2py/web2py (Source code)
- https://code.google.com/p/web2py/issues/list (Report Issues)
--- 
You received this message because you are subscribed to the Google Groups 
"web2py-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to web2py+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [web2py] Re: When will we have a "proper" forum ?

[Massimo Di Pierro]

I very much agree with this. How do you propose we do it?

On Wednesday, 5 August 2015 17:37:19 UTC-5, Limedrop wrote:
>
> I hesitate to comment on this as it's one of those topics were there's not 
> "one obvious way to do it" (obviously I'm not Dutch). Essentially, I think 
> google groups does an okay job and the benefits of any change are likely to 
> be outweighed by the heavy cost of that change.
>
> Having said that, I've always thought that we're missing a trick by not 
> integrating forum questions with the web2py book. Imagine having 
> medium.com-style side comments with the book, making it more of a living 
> document. Questions and answers would be right next to the relevant section 
> of the book, providing further explanation and reducing RTFM answers. I 
> guess you'd also add a better search facility, a stack-overflow style 
> 'homepage' and possibly a slight re-structure of the book sections. Ask a 
> question and it gets tagged to a book section.  The book is already built 
> with auth.wiki() - so we would be adding to functionality/infrastructure 
> that has to be maintained anyway.
>
> We can always dream ;-)
>
>

-- 
Resources:
- http://web2py.com
- http://web2py.com/book (Documentation)
- http://github.com/web2py/web2py (Source code)
- https://code.google.com/p/web2py/issues/list (Report Issues)
--- 
You received this message because you are subscribed to the Google Groups 
"web2py-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to web2py+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[web2py] Re: postgresql json getitem function implementation

[Massimo Di Pierro]

Let's bring this up on web2py developers. I will support it. Can you submit 
a patch to pydal?

On Wednesday, 5 August 2015 17:15:54 UTC-5, Manuele wrote:
>
> Hi! 
> I have a table with a json field and I woul like to perform something 
> like: 
>
> db(db.mytable.id>0).select(db.mytable.myjsonfield.getitem('myfield').with_alias("myfield"))
>  
>
>
> the only way I thought is the patch in attachment that works just fine 
> but I don't like to use a patched version of the framework. 
> Is these a way to monkeypath the two classes PostgreSQLAdapter and 
> Expression (I guess before the db definition) in my application? 
>
> On the other hand... do you think it could be a usefull implementation 
> for web2py itself? 
>
> Thanks a lot 
>
> Manuele 
>

-- 
Resources:
- http://web2py.com
- http://web2py.com/book (Documentation)
- http://github.com/web2py/web2py (Source code)
- https://code.google.com/p/web2py/issues/list (Report Issues)
--- 
You received this message because you are subscribed to the Google Groups 
"web2py-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to web2py+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[web2py] Modifying web2py JS files -- best practices?

[Joe Barnhart]

It seems more and more clear I'm going to be making changes to the included 
web2py.js file.  I'm worried about keeping current when new versions of 
web2py come out if I've mucked a lot with this javascript file.

So what does everyone else do?  How do we customize the platform and still 
keep current with its evolution?  Is there an accepted "best practice" in 
this area?

-- Joe

-- 
Resources:
- http://web2py.com
- http://web2py.com/book (Documentation)
- http://github.com/web2py/web2py (Source code)
- https://code.google.com/p/web2py/issues/list (Report Issues)
--- 
You received this message because you are subscribed to the Google Groups 
"web2py-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to web2py+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[web2py] Re: Module is behaving different in web2py

[David]

Running it from the web2py shell by importing the pymssql is returning no 
results. I am not getting an error I just get: 

In [10] : rows = cursor.execute("SELECT * FROM PERSON WHERE 
PERSON.LAST_NAME = 'Palmer'")

In [11] : print len(rows)
Traceback (most recent call last):
  File "/home/www-data/web2py/gluon/contrib/shell.py", line 234, in run
exec compiled in statement_module.__dict__
  File "", line 1, in 
TypeError: object of type 'NoneType' has no len()


As I continued to dig into it I have noticed that when pymssql is being 
called from web2py nothing is hitting the freetds log. However executing 
from the shell does. 




On Wednesday, August 5, 2015 at 5:12:19 PM UTC-4, Anthony wrote:
>
> Can you go into a web2py shell and do some basic things, like import 
> pymssql, establish a connection, and issue a basic SQL command?
>
> Also, shouldn't you close the connection (i.e., call DestroyConnection) 
> *before* returning from the function?
>
> Anthony
>
> On Wednesday, August 5, 2015 at 4:55:14 PM UTC-4, David wrote:
>>
>>
>> I like that idea about the __init__ function and will implement that 
>> Thanks!!!
>>
>> I don't get any errors. I am just getting None returned in both the 
>> controller and shell even when hard codeing a SamAccountName that works 
>> within the Python shell. 
>>  
>>
>> On Wednesday, August 5, 2015 at 4:48:03 PM UTC-4, Anthony wrote:
>>>
>>> How are you using this in web2py (i.e., where/how does get_GetEmployeeID 
>>> get called)? Do you get any errors? When you run the web2py shell, how are 
>>> you starting it, and are you using the same Python interpreter as when you 
>>> use the basic Python shell?
>>>
>>> Also, is the only difference between your two classes the hard-coded 
>>> database connection string? If so, why not using a single class and just 
>>> make the connection string an argument of the __init__ function?
>>>
>>> Anthony
>>>
>>> On Wednesday, August 5, 2015 at 4:17:04 PM UTC-4, David wrote:

 Here is the first part of the module I was reffering to:

 import pymssql


 class HR_DB():
 def __init__(self):
 self.conn = pymssql.connect(DB Connection Info Removed)

 def Execute(self, statement,*args):
 cursor = self.conn.cursor()
 cursor.execute(statement, args)
 result = cursor.fetchall()
 cursor.close()
 return result

 def DestroyConnection(self):
 self.conn.close()

 class Coll_DB():
 def __init__(self):
 self.conn = pymssql.connect(DB Connection Info Removed)

 def Execute(self, statement, *args):
 cursor = self.conn.cursor()
 cursor.execute(statement,args)
 result = cursor.fetchall()
 cursor.close()
 return result

 def DestroyConnection(self):
 self.conn.close()

 def get_GetEmployeeID(SamAccountName):

 conn = Coll_DB()
 rows = conn.Execute(SQL Removed)
 if len(rows) > 0:
 return(rows[0]['collid'])
 conn.DestroyConnection()




 Again this works just fine calling it outside of web2py.

 if I run it from the interpreter on the server I am getting the correct 
 id number. Even using the shell in web2py and issuing the same commands I 
 am getting nothing. I feel like I am missing something simple



-- 
Resources:
- http://web2py.com
- http://web2py.com/book (Documentation)
- http://github.com/web2py/web2py (Source code)
- https://code.google.com/p/web2py/issues/list (Report Issues)
--- 
You received this message because you are subscribed to the Google Groups 
"web2py-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to web2py+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [web2py] Re: When will we have a "proper" forum ?

[Limedrop]

I hesitate to comment on this as it's one of those topics were there's not 
"one obvious way to do it" (obviously I'm not Dutch). Essentially, I think 
google groups does an okay job and the benefits of any change are likely to 
be outweighed by the heavy cost of that change.

Having said that, I've always thought that we're missing a trick by not 
integrating forum questions with the web2py book. Imagine having 
medium.com-style side comments with the book, making it more of a living 
document. Questions and answers would be right next to the relevant section 
of the book, providing further explanation and reducing RTFM answers. I 
guess you'd also add a better search facility, a stack-overflow style 
'homepage' and possibly a slight re-structure of the book sections. Ask a 
question and it gets tagged to a book section.  The book is already built 
with auth.wiki() - so we would be adding to functionality/infrastructure 
that has to be maintained anyway.

We can always dream ;-)

-- 
Resources:
- http://web2py.com
- http://web2py.com/book (Documentation)
- http://github.com/web2py/web2py (Source code)
- https://code.google.com/p/web2py/issues/list (Report Issues)
--- 
You received this message because you are subscribed to the Google Groups 
"web2py-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to web2py+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[web2py] postgresql json getitem function implementation

[Manuele Pesenti]

Hi!
I have a table with a json field and I woul like to perform something like:

db(db.mytable.id>0).select(db.mytable.myjsonfield.getitem('myfield').with_alias("myfield"))

the only way I thought is the patch in attachment that works just fine
but I don't like to use a patched version of the framework.
Is these a way to monkeypath the two classes PostgreSQLAdapter and
Expression (I guess before the db definition) in my application?

On the other hand... do you think it could be a usefull implementation
for web2py itself?

Thanks a lot

Manuele

-- 
Resources:
- http://web2py.com
- http://web2py.com/book (Documentation)
- http://github.com/web2py/web2py (Source code)
- https://code.google.com/p/web2py/issues/list (Report Issues)
--- 
You received this message because you are subscribed to the Google Groups 
"web2py-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to web2py+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
>From 5ad13bcf556cfacd9df59f60bdb8e8b16b95894c Mon Sep 17 00:00:00 2001
From: manuele pesenti 
Date: Thu, 6 Aug 2015 00:00:52 +0200
Subject: [PATCH 1/1] json getitem solution

---
 gluon/dal/adapters/postgres.py | 4 
 gluon/dal/objects.py   | 4 
 2 files changed, 8 insertions(+)

diff --git a/gluon/dal/adapters/postgres.py b/gluon/dal/adapters/postgres.py
index 7e8c32f..0ded855 100644
--- a/gluon/dal/adapters/postgres.py
+++ b/gluon/dal/adapters/postgres.py
@@ -215,6 +215,10 @@ class PostgreSQLAdapter(BaseAdapter):
 return '(%s ~ %s)' % (self.expand(first),
   self.expand(second,'string'))
 
+def GETITEM(self, first, second):
+args = (self.expand(first), self.expand(second,'string'))
+return "%s->>%s" % args
+
 # GIS functions
 
 def ST_ASGEOJSON(self, first, second):
diff --git a/gluon/dal/objects.py b/gluon/dal/objects.py
index 9c22449..61394eb 100644
--- a/gluon/dal/objects.py
+++ b/gluon/dal/objects.py
@@ -1120,6 +1120,10 @@ class Expression(object):
 db = self.db
 return Expression(db, db._adapter.EPOCH, self, None, 'integer')
 
+def getitem(self, what):
+db = self.db
+return Expression(db, db._adapter.GETITEM, self, what, 'string')
+
 def __getslice__(self, start, stop):
 db = self.db
 if start < 0:
-- 
1.8.5.1

[web2py] Re: Bug on DAL OracleAdapter

[Massimo Di Pierro]

In trunk! :-)

On Wednesday, 5 August 2015 13:31:01 UTC-5, Boris Aramis Aguilar Rodríguez 
wrote:
>
> Steps to reproduce:
>
> db.define_table('atable', Field('longtext', 'text'))#this makes longtext 
> to be a clob in oracle database
> for i in range(1, 100):
>   db.atable.insert(longtext=str(i))
>
> rows = db(db.atable.id>0).select()
> for r in rows:
>   print r.longtext #this fails with the following exception
>
> Traceback (most recent call last):
>   File "", line 1, in 
> ProgrammingError: LOB variable no longer valid after subsequent fetch
>
> As I was trying to fix the error I found that LOB variables if not called 
> .read() they can't be accessed afterwards, so this only happened when you 
> selected something that returned more than 1 row. I finally found the issue 
> in 
>
> *OracleAdapter method _fetchall*
> def _fetchall(self):
> if any(x[1]==cx_Oracle.LOB for x in self.cursor.description):
> return [tuple([(c.read() if type(c) == cx_Oracle.LOB else c) \
>for c in r]) for r in self.cursor]
> else:
> return self.cursor.fetchall()
>
> So this method calls the read() method when it detects that the data is 
> cx_Oracle.LOB data type... but as long as the latest version of cx_Oracle 
> CLOB is not the same as LOB so this code fails for CLOB data (text fields 
> in web2py dal and Oracle backend).
>
> So, finally the bugfix is to detect for CLOB and LOB data types and call 
> the read() method
>
> The BugFix
> def _fetchall(self):
> if any(x[1]==cx_Oracle.LOB or x[1]==cx_Oracle.CLOB for x in self.
> cursor.description):
> return [tuple([(c.read() if type(c) == cx_Oracle.LOB else c) \
>for c in r]) for r in self.cursor]
> else:
> return self.cursor.fetchall()
>
>
>
>

-- 
Resources:
- http://web2py.com
- http://web2py.com/book (Documentation)
- http://github.com/web2py/web2py (Source code)
- https://code.google.com/p/web2py/issues/list (Report Issues)
--- 
You received this message because you are subscribed to the Google Groups 
"web2py-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to web2py+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[web2py] Re: Oracle CLOB/text insert adapter issues

[Massimo Di Pierro]

This great. It is a good solution for now and can be used as example of 
similar solutions for other adapters.

On Wednesday, 5 August 2015 12:17:49 UTC-5, Boris Aramis Aguilar Rodríguez 
wrote:
>
> Hi :)
>
> I've just managed to fix my issue by adding/modifying a couple of methods 
> of the *pydal.adapters.oracle.OracleAdapter class*; everything seems to 
> be working for me
>
> def _insert(self, table, fields):
> table_rname = table.sqlsafe
> if fields:
> keys = ','.join(f.sqlsafe_name for f, v in fields)
> r_values = dict()
> def value_man(f, v, r_values):
> if f.type is 'text':
> r_values[':' + f.sqlsafe_name] = self.expand(v, f.type
> )
> return ':' + f.sqlsafe_name
> else:
> return self.expand(v, f.type)
> values = ','.join(value_man(f, v, r_values) for f, v in fields
> )
> return ('INSERT INTO %s(%s) VALUES (%s);' % (table_rname, keys
> , values), r_values)
> else:
> return (self._insert_empty(table), None)
>
> def insert(self, table, fields):
> query, values = self._insert(table,fields)
> try:
> if not values:
> self.execute(query)
> else:
> self.execute(query, values)
> except Exception:
> e = sys.exc_info()[1]
> if hasattr(table,'_on_insert_error'):
> return table._on_insert_error(table,fields,e)
> raise e
> if hasattr(table, '_primarykey'):
> mydict = dict([(k[0].name, k[1]) for k in fields if k[0].name 
> in table._primarykey])
> if mydict != {}:
> return mydict
> id = self.lastrowid(table)
> if hasattr(table, '_primarykey') and len(table._primarykey) == 1:
> id = {table._primarykey[0]: id}
> if not isinstance(id, (int, long)):
> return id
> rid = Reference(id)
> (rid._table, rid._record) = (table, None)
> return rid
>
>
>
> El martes, 4 de agosto de 2015, 1:00:59 (UTC-6), Niphlod escribió:
>>
>> ok, we were discussing the same thing over at pydal's repo to address 
>> another issue, that is closely related . 
>> https://github.com/web2py/pydal/issues/155
>>
>> On Monday, August 3, 2015 at 8:57:44 PM UTC+2, Boris Aramis Aguilar 
>> Rodríguez wrote:
>>>
>>> I've found the following:
>>>
>>> To insert a text using the cx_Oracle driver directly if you do something 
>>> like
>>>
>>> import cx_Oracle
>>> connection = cx_Oracle.connect('connectionstring')
>>>
>>> cursor = connection.cursor()
>>>
>>> p = ''
>>> for i in range(1,1):
>>>   p += str(i)
>>>
>>> sss = "INSERT INTO 
>>> ipvpn_route_table(read_datetime,ip_vpn,route_table,destinations) VALUES 
>>> (NULL,6,'" + p + "','" + p + "')"
>>> cursor.execute(sss)
>>>
>>> It fails with the same error as the web2py traceback
>>>
>>> DatabaseError: ORA-01704: string literal too long
>>>
>>> The correct way to do it is by passing it with parameters (and it works 
>>> with any ammount of characters below 4GB of clob data) as follows:
>>>
>>> import cx_Oracle
>>> connection = cx_Oracle.connect('... connection string')
>>>
>>> cursor = connection.cursor()
>>>
>>> p = ''
>>> for i in range(1,1):
>>>   p += str(i)
>>>
>>> sss = "INSERT INTO 
>>> ipvpn_route_table(read_datetime,ip_vpn,route_table,destinations) VALUES 
>>> (NULL,6,:FOO,:BAR)"
>>> cursor.execute(sss, FOO=p, BAR=p)
>>>
>>>
>>>
>>> El lunes, 3 de agosto de 2015, 9:51:16 (UTC-6), Boris Aramis Aguilar 
>>> Rodríguez escribió:

 Hi,

 I've been currently working with Oracle as a database backend, I have 
 found one issue that I highly suspect has to do with the DAL Adapter; when 
 you use web2py text fields they get mapped into CLOB with oracle database 
 backend (as you can see on the OracleAdapter code) the issue is dealing 
 with text longer than 4k characters. Oracle doesn't support a typical 
 insert with more than 4k characters dealing with a CLOB data type, because 
 it treats it as a string and strings can't be more than 4k characters 
 long. 
 So for example dealing with a table like

 db.define_table('atable', Field('longtext', 'text'))

 db.atable.insert(longtext=somelongtext) #This fails with the following 
 exception

   File "/var/www/web2py/gluon/packages/dal/pydal/objects.py", line 691, in 
 insert
 ret = self._db._adapter.insert(self, self._listify(fields))
   File "/var/www/web2py/gluon/packages/dal/pydal/adapters/base.py", line 
 731, in insert
 raise e
 DatabaseError: ORA-01704: string literal too long

 And reading trough several forums I found that this error appears on CLOB 
 insertion when you do a tipycal insert. 
 https://community.oracle.com/thread/1068414?start=0&tstart=0

 So i guess OracleAdapte

[web2py] Re: Module is behaving different in web2py

[Anthony]

Can you go into a web2py shell and do some basic things, like import 
pymssql, establish a connection, and issue a basic SQL command?

Also, shouldn't you close the connection (i.e., call DestroyConnection) 
*before* returning from the function?

Anthony

On Wednesday, August 5, 2015 at 4:55:14 PM UTC-4, David wrote:
>
>
> I like that idea about the __init__ function and will implement that 
> Thanks!!!
>
> I don't get any errors. I am just getting None returned in both the 
> controller and shell even when hard codeing a SamAccountName that works 
> within the Python shell. 
>  
>
> On Wednesday, August 5, 2015 at 4:48:03 PM UTC-4, Anthony wrote:
>>
>> How are you using this in web2py (i.e., where/how does get_GetEmployeeID 
>> get called)? Do you get any errors? When you run the web2py shell, how are 
>> you starting it, and are you using the same Python interpreter as when you 
>> use the basic Python shell?
>>
>> Also, is the only difference between your two classes the hard-coded 
>> database connection string? If so, why not using a single class and just 
>> make the connection string an argument of the __init__ function?
>>
>> Anthony
>>
>> On Wednesday, August 5, 2015 at 4:17:04 PM UTC-4, David wrote:
>>>
>>> Here is the first part of the module I was reffering to:
>>>
>>> import pymssql
>>>
>>>
>>> class HR_DB():
>>> def __init__(self):
>>> self.conn = pymssql.connect(DB Connection Info Removed)
>>>
>>> def Execute(self, statement,*args):
>>> cursor = self.conn.cursor()
>>> cursor.execute(statement, args)
>>> result = cursor.fetchall()
>>> cursor.close()
>>> return result
>>>
>>> def DestroyConnection(self):
>>> self.conn.close()
>>>
>>> class Coll_DB():
>>> def __init__(self):
>>> self.conn = pymssql.connect(DB Connection Info Removed)
>>>
>>> def Execute(self, statement, *args):
>>> cursor = self.conn.cursor()
>>> cursor.execute(statement,args)
>>> result = cursor.fetchall()
>>> cursor.close()
>>> return result
>>>
>>> def DestroyConnection(self):
>>> self.conn.close()
>>>
>>> def get_GetEmployeeID(SamAccountName):
>>>
>>> conn = Coll_DB()
>>> rows = conn.Execute(SQL Removed)
>>> if len(rows) > 0:
>>> return(rows[0]['collid'])
>>> conn.DestroyConnection()
>>>
>>>
>>>
>>>
>>> Again this works just fine calling it outside of web2py.
>>>
>>> if I run it from the interpreter on the server I am getting the correct 
>>> id number. Even using the shell in web2py and issuing the same commands I 
>>> am getting nothing. I feel like I am missing something simple
>>>
>>>

-- 
Resources:
- http://web2py.com
- http://web2py.com/book (Documentation)
- http://github.com/web2py/web2py (Source code)
- https://code.google.com/p/web2py/issues/list (Report Issues)
--- 
You received this message because you are subscribed to the Google Groups 
"web2py-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to web2py+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [web2py] To display random questions one by one

[Fabiano Almeida]

Hi Sai,

Can you try this:

import  random

## first option to select question
s = number of lines of your table
i = random.randint(0,s)

## second option to select question - best: no broke if delete any record
on table
s = db(db.ins_ques.id > 0).select(db.ins_ques.id)
i = random.sample(s,1)

## how to query your question
question=db(db.ins_ques.id == i).select(db.ins_ques.ALL).first()

[...]


Fabiano.

2015-07-28 5:51 GMT-03:00 Sai Harsh Tondomker :

> I have trying to display random question for every login (Means client get
> different questions for every login).
> Here I gave my db.py and def doing paper. Please help me to solve the
> problem.
>
>
> db.define_table('ins_ques',
> Field('qnum','integer',notnull=True,readable=False,writable=False,label='Question
> Number'),
> Field('qupload','upload',label='Upload Image'),
> Field('question','text',notnull=True,label='Question'),
> Field('op1','string',notnull=True,label='Option A'),
> Field('op2','string',notnull=True,label='Option B'),
> Field('op3','string',notnull=True,label='Option C'),
> Field('op4','string',notnull=True,label='Option D'),
> Field('cor_ans',requires=IS_IN_SET(['A','B','C','D'],multiple=True),label='Correct
> Answer',widget=SQLFORM.widgets.checkboxes.widget)
> )
> db.define_table('ans_ques',
> Field('qdate','date',readable=False,writable=False,label='Date of Paper'),
> Field('qnum','integer',readable=False,writable=False),
> Field('studentid','integer',readable=False,writable=False),
>
> Field('answer','string',requires=IS_IN_SET(['A','B','C','D'],multiple=True),widget=SQLFORM.widgets.checkboxes.widget)
> )
> db.define_table('marks',
> Field('studentid',db.auth_user,requires=IS_IN_DB(db((db.auth_user.id==db.auth_membership.user_id)&(db.auth_membership.group_id==
>db.auth_group.id)&(db.auth_group.role=='students')),'auth_user.id
> ','auth_user.first_name'),readable=False,writable=False),
> Field('marks','integer'))
>
>
>
> def doing_paper():
> pid=auth.user_id
> q_num=int(request.vars.q_num)
> question=db((q_num==db.ins_ques.qnum)).select(db.ins_ques.ALL)
> val=db(db.ins_ques).select(db.ins_ques.ALL)
> rmax=0
> for f in val:
>   rmax+=1
> if (q_num <= 0):
> response.flash='This is the first question'
> q_num=1
> redirect(URL(r=request,f='doing_paper?q_num=%s') % (q_num) )
> elif (len(question) > 0) :
> for i in question:
> if i:
> question=i
> break
> else:
> q_num=q_num-1
> redirect(URL(r=request,f='preprocess?q_num=%s') % (q_num))
> else:
> q_num=q_num-1
> redirect(URL(r=request,f='preprocess?q_num=%s') % (q_num))
> if question:
> form=SQLFORM.factory(db.ans_ques)
> form.vars.qnum=q_num
> form.vars.studentid=pid
>
> answered=db((db.ans_ques.answer!='||')&(db.ans_ques.studentid==pid)).select(db.ans_ques.qnum)
> n=[]
> for k in answered:
> n.append(k['qnum'])
>
> ans_yet=db((db.ans_ques.studentid==pid)&(db.ans_ques.qnum==q_num)).select(db.ans_ques.answer)
> if(ans_yet and ans_yet[0]['answer']!='||'):
> form.vars.answer=ans_yet[0]['answer']
> if form.accepts(request.vars,session):
> if
> db((db.ans_ques.qnum==q_num)&(db.ans_ques.studentid==pid)).select(db.ans_ques.answer):
>
> db((db.ans_ques.qnum==q_num)&(db.ans_ques.studentid==pid)).update(answer=form.vars.answer)
> else:
> db.ans_ques.insert(answer=form.vars.answer,qnum=q_num,studentid=pid)
> q_num=q_num+1
> redirect(URL(r=request,f='doing_paper?q_num=%s') % (q_num))
> return locals()
>
> Regards
> Sai Harsh
>
> --
> Resources:
> - http://web2py.com
> - http://web2py.com/book (Documentation)
> - http://github.com/web2py/web2py (Source code)
> - https://code.google.com/p/web2py/issues/list (Report Issues)
> ---
> You received this message because you are subscribed to the Google Groups
> "web2py-users" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to web2py+unsubscr...@googlegroups.com.
> For more options, visit https://groups.google.com/d/optout.
>

-- 
Resources:
- http://web2py.com
- http://web2py.com/book (Documentation)
- http://github.com/web2py/web2py (Source code)
- https://code.google.com/p/web2py/issues/list (Report Issues)
--- 
You received this message because you are subscribed to the Google Groups 
"web2py-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to web2py+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[web2py] Re: Module is behaving different in web2py

[David]

I like that idea about the __init__ function and will implement that 
Thanks!!!

I don't get any errors. I am just getting None returned in both the 
controller and shell even when hard codeing a SamAccountName that works 
within the Python shell. 
 

On Wednesday, August 5, 2015 at 4:48:03 PM UTC-4, Anthony wrote:
>
> How are you using this in web2py (i.e., where/how does get_GetEmployeeID 
> get called)? Do you get any errors? When you run the web2py shell, how are 
> you starting it, and are you using the same Python interpreter as when you 
> use the basic Python shell?
>
> Also, is the only difference between your two classes the hard-coded 
> database connection string? If so, why not using a single class and just 
> make the connection string an argument of the __init__ function?
>
> Anthony
>
> On Wednesday, August 5, 2015 at 4:17:04 PM UTC-4, David wrote:
>>
>> Here is the first part of the module I was reffering to:
>>
>> import pymssql
>>
>>
>> class HR_DB():
>> def __init__(self):
>> self.conn = pymssql.connect(DB Connection Info Removed)
>>
>> def Execute(self, statement,*args):
>> cursor = self.conn.cursor()
>> cursor.execute(statement, args)
>> result = cursor.fetchall()
>> cursor.close()
>> return result
>>
>> def DestroyConnection(self):
>> self.conn.close()
>>
>> class Coll_DB():
>> def __init__(self):
>> self.conn = pymssql.connect(DB Connection Info Removed)
>>
>> def Execute(self, statement, *args):
>> cursor = self.conn.cursor()
>> cursor.execute(statement,args)
>> result = cursor.fetchall()
>> cursor.close()
>> return result
>>
>> def DestroyConnection(self):
>> self.conn.close()
>>
>> def get_GetEmployeeID(SamAccountName):
>>
>> conn = Coll_DB()
>> rows = conn.Execute(SQL Removed)
>> if len(rows) > 0:
>> return(rows[0]['collid'])
>> conn.DestroyConnection()
>>
>>
>>
>>
>> Again this works just fine calling it outside of web2py.
>>
>> if I run it from the interpreter on the server I am getting the correct 
>> id number. Even using the shell in web2py and issuing the same commands I 
>> am getting nothing. I feel like I am missing something simple
>>
>>

-- 
Resources:
- http://web2py.com
- http://web2py.com/book (Documentation)
- http://github.com/web2py/web2py (Source code)
- https://code.google.com/p/web2py/issues/list (Report Issues)
--- 
You received this message because you are subscribed to the Google Groups 
"web2py-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to web2py+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[web2py] Re: Module is behaving different in web2py

[Anthony]

How are you using this in web2py (i.e., where/how does get_GetEmployeeID 
get called)? Do you get any errors? When you run the web2py shell, how are 
you starting it, and are you using the same Python interpreter as when you 
use the basic Python shell?

Also, is the only difference between your two classes the hard-coded 
database connection string? If so, why not using a single class and just 
make the connection string an argument of the __init__ function?

Anthony

On Wednesday, August 5, 2015 at 4:17:04 PM UTC-4, David wrote:
>
> Here is the first part of the module I was reffering to:
>
> import pymssql
>
>
> class HR_DB():
> def __init__(self):
> self.conn = pymssql.connect(DB Connection Info Removed)
>
> def Execute(self, statement,*args):
> cursor = self.conn.cursor()
> cursor.execute(statement, args)
> result = cursor.fetchall()
> cursor.close()
> return result
>
> def DestroyConnection(self):
> self.conn.close()
>
> class Coll_DB():
> def __init__(self):
> self.conn = pymssql.connect(DB Connection Info Removed)
>
> def Execute(self, statement, *args):
> cursor = self.conn.cursor()
> cursor.execute(statement,args)
> result = cursor.fetchall()
> cursor.close()
> return result
>
> def DestroyConnection(self):
> self.conn.close()
>
> def get_GetEmployeeID(SamAccountName):
>
> conn = Coll_DB()
> rows = conn.Execute(SQL Removed)
> if len(rows) > 0:
> return(rows[0]['collid'])
> conn.DestroyConnection()
>
>
>
>
> Again this works just fine calling it outside of web2py.
>
> if I run it from the interpreter on the server I am getting the correct id 
> number. Even using the shell in web2py and issuing the same commands I am 
> getting nothing. I feel like I am missing something simple
>
>

-- 
Resources:
- http://web2py.com
- http://web2py.com/book (Documentation)
- http://github.com/web2py/web2py (Source code)
- https://code.google.com/p/web2py/issues/list (Report Issues)
--- 
You received this message because you are subscribed to the Google Groups 
"web2py-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to web2py+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[web2py] Re: Module is behaving different in web2py

[David]

Here is the first part of the module I was reffering to:

import pymssql


class HR_DB():
def __init__(self):
self.conn = pymssql.connect(DB Connection Info Removed)

def Execute(self, statement,*args):
cursor = self.conn.cursor()
cursor.execute(statement, args)
result = cursor.fetchall()
cursor.close()
return result

def DestroyConnection(self):
self.conn.close()

class Coll_DB():
def __init__(self):
self.conn = pymssql.connect(DB Connection Info Removed)

def Execute(self, statement, *args):
cursor = self.conn.cursor()
cursor.execute(statement,args)
result = cursor.fetchall()
cursor.close()
return result

def DestroyConnection(self):
self.conn.close()

def get_GetEmployeeID(SamAccountName):

conn = Coll_DB()
rows = conn.Execute(SQL Removed)
if len(rows) > 0:
return(rows[0]['collid'])
conn.DestroyConnection()




Again this works just fine calling it outside of web2py.


On Wednesday, August 5, 2015 at 1:47:41 PM UTC-4, Anthony wrote:
>
> Hard to say without seeing any code or any details about how you have 
> deployed and are testing the web2py code.
>
> On Wednesday, August 5, 2015 at 1:39:14 PM UTC-4, David wrote:
>>
>> Hello,
>>
>> I am porting some of old legacy web apps (very legacy) to web2py. I am 
>> trying to connect to external databases via module we have tested and used 
>> elsewhere but it does not seem to work at all in web2py. For example, if we 
>> try to use a function inside this module to find the employee id of a 
>> person via username it works on the webserver on the command line by 
>> calling: CustomModule.GetEmployeeID('someusername'). However this won't 
>> work in a controller or the shell within web2py. Does anyone have any ideas 
>> what might be causing this?
>>
>> Thanks,
>>
>> David
>>
>>

-- 
Resources:
- http://web2py.com
- http://web2py.com/book (Documentation)
- http://github.com/web2py/web2py (Source code)
- https://code.google.com/p/web2py/issues/list (Report Issues)
--- 
You received this message because you are subscribed to the Google Groups 
"web2py-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to web2py+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[web2py] Re: CSRF Forbidden 403 when POST from mobile device.

[Jon M.]

I'll make good use of your recommendations, will evaluate the session 
persistence variables, in order to distinguish the parameters between 
functions, and/or (will think and test) get rid of session or leave them 
for good, because of the upcoming views that will display in admin 
interface or something like that. When the views are implemented, certainly 
won't erase the CSRF flag, and start to plan a code implementation for the 
right use of web forms.

Will keep in touch!

Jon

¡Buena vibra! :D

-- 
Resources:
- http://web2py.com
- http://web2py.com/book (Documentation)
- http://github.com/web2py/web2py (Source code)
- https://code.google.com/p/web2py/issues/list (Report Issues)
--- 
You received this message because you are subscribed to the Google Groups 
"web2py-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to web2py+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[web2py] Bug on DAL OracleAdapter

[Boris Aramis Aguilar Rodríguez]

Steps to reproduce:

db.define_table('atable', Field('longtext', 'text'))#this makes longtext to 
be a clob in oracle database
for i in range(1, 100):
  db.atable.insert(longtext=str(i))

rows = db(db.atable.id>0).select()
for r in rows:
  print r.longtext #this fails with the following exception

Traceback (most recent call last):
  File "", line 1, in 
ProgrammingError: LOB variable no longer valid after subsequent fetch

As I was trying to fix the error I found that LOB variables if not called 
.read() they can't be accessed afterwards, so this only happened when you 
selected something that returned more than 1 row. I finally found the issue 
in 

*OracleAdapter method _fetchall*
def _fetchall(self):
if any(x[1]==cx_Oracle.LOB for x in self.cursor.description):
return [tuple([(c.read() if type(c) == cx_Oracle.LOB else c) \
   for c in r]) for r in self.cursor]
else:
return self.cursor.fetchall()

So this method calls the read() method when it detects that the data is 
cx_Oracle.LOB data type... but as long as the latest version of cx_Oracle 
CLOB is not the same as LOB so this code fails for CLOB data (text fields 
in web2py dal and Oracle backend).

So, finally the bugfix is to detect for CLOB and LOB data types and call 
the read() method

The BugFix
def _fetchall(self):
if any(x[1]==cx_Oracle.LOB or x[1]==cx_Oracle.CLOB for x in self.
cursor.description):
return [tuple([(c.read() if type(c) == cx_Oracle.LOB else c) \
   for c in r]) for r in self.cursor]
else:
return self.cursor.fetchall()



-- 
Resources:
- http://web2py.com
- http://web2py.com/book (Documentation)
- http://github.com/web2py/web2py (Source code)
- https://code.google.com/p/web2py/issues/list (Report Issues)
--- 
You received this message because you are subscribed to the Google Groups 
"web2py-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to web2py+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [web2py] Re: When will we have a "proper" forum ?

[Anthony]

On Wednesday, August 5, 2015 at 2:08:57 PM UTC-4, Dave S wrote:
>
>
>
> On Wednesday, August 5, 2015 at 10:35:42 AM UTC-7, Richard wrote:
>>
>> I am not pretending that it is the way to go... But, I can much more 
>> easily recall something that I read because it search much better then 
>> google can even when you search in the group with google groups... which 
>> sometimes can't even find the exact post that I can in a snap with gmail...
>>
>>
> If you're searching in GG, you often get better results if you use the 
> tick mark in the search box, rather than the search box itself.   Hovering 
> over the tick mark gives the tool tip "Show search options", and clicking 
> on it gives you the advanced search form, which my experience says is more 
> reliable.  Of course, with a little experience, you can enter the search 
> URL yourself without bother with boxes or forms.
>

Screenshot:
 





 

-- 
Resources:
- http://web2py.com
- http://web2py.com/book (Documentation)
- http://github.com/web2py/web2py (Source code)
- https://code.google.com/p/web2py/issues/list (Report Issues)
--- 
You received this message because you are subscribed to the Google Groups 
"web2py-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to web2py+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [web2py] Google Groups is broken for web2py

[Dave S]

On Friday, July 24, 2015 at 1:54:01 PM UTC-7, Massimo Di Pierro wrote:
>
> Yes there was a google bug. It appear to have been resolved.
>
> One user has also reported messages disappearing with the message 
>
> > Message from the moderator:
>
> > Your message has been rejected.
>
> > Only posts related to web2py are allowed.
>
>
> hopefully this was a one time glitch.
>
>
> Massimo
>

FYI, there was another  "needs application update; reload page" message 
today, but web2py-users is working fine after clicking that!

/dps


> On Thursday, 23 July 2015 14:33:02 UTC-5, Richard wrote:
>>
>> Is that explaining the few post that appears yesterday and today... Group 
>> see very silent... No much activity...
>>
>> Richard
>>
>> On Thu, Jul 23, 2015 at 1:06 PM, Anthony 
>> > wrote:
>>
>>> Note, if you post a question via email or the mobile interface, you can 
>>> then return to the web interface and edit your post.
>>>
>>> Alternatively, if you prefer, you can post questions on Stack Overflow 
>>> (using the web2py tag) and then post a link here.
>>>
>>> Anthony
>>>
>>> --
>>> Resources:
>>> - http://web2py.com
>>> - http://web2py.com/book (Documentation)
>>> - http://github.com/web2py/web2py (Source code)
>>> - https://code.google.com/p/web2py/issues/list (Report Issues)
>>> ---
>>> You received this message because you are subscribed to the Google 
>>> Groups "web2py-users" group.
>>> To unsubscribe from this group and stop receiving emails from it, send 
>>> an email to web2py+un...@googlegroups.com .
>>> For more options, visit https://groups.google.com/d/optout.
>>>
>>
>>

-- 
Resources:
- http://web2py.com
- http://web2py.com/book (Documentation)
- http://github.com/web2py/web2py (Source code)
- https://code.google.com/p/web2py/issues/list (Report Issues)
--- 
You received this message because you are subscribed to the Google Groups 
"web2py-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to web2py+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [web2py] Re: When will we have a "proper" forum ?

[Dave S]

On Wednesday, August 5, 2015 at 10:35:42 AM UTC-7, Richard wrote:
>
> I am not pretending that it is the way to go... But, I can much more 
> easily recall something that I read because it search much better then 
> google can even when you search in the group with google groups... which 
> sometimes can't even find the exact post that I can in a snap with gmail...
>
>
If you're searching in GG, you often get better results if you use the tick 
mark in the search box, rather than the search box itself.   Hovering over 
the tick mark gives the tool tip "Show search options", and clicking on it 
gives you the advanced search form, which my experience says is more 
reliable.  Of course, with a little experience, you can enter the search 
URL yourself without bother with boxes or forms.

/dps

-- 
Resources:
- http://web2py.com
- http://web2py.com/book (Documentation)
- http://github.com/web2py/web2py (Source code)
- https://code.google.com/p/web2py/issues/list (Report Issues)
--- 
You received this message because you are subscribed to the Google Groups 
"web2py-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to web2py+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[web2py] Re: Module is behaving different in web2py

[Anthony]

Hard to say without seeing any code or any details about how you have 
deployed and are testing the web2py code.

On Wednesday, August 5, 2015 at 1:39:14 PM UTC-4, David wrote:
>
> Hello,
>
> I am porting some of old legacy web apps (very legacy) to web2py. I am 
> trying to connect to external databases via module we have tested and used 
> elsewhere but it does not seem to work at all in web2py. For example, if we 
> try to use a function inside this module to find the employee id of a 
> person via username it works on the webserver on the command line by 
> calling: CustomModule.GetEmployeeID('someusername'). However this won't 
> work in a controller or the shell within web2py. Does anyone have any ideas 
> what might be causing this?
>
> Thanks,
>
> David
>
>

-- 
Resources:
- http://web2py.com
- http://web2py.com/book (Documentation)
- http://github.com/web2py/web2py (Source code)
- https://code.google.com/p/web2py/issues/list (Report Issues)
--- 
You received this message because you are subscribed to the Google Groups 
"web2py-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to web2py+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[web2py] Re: CSRF Forbidden 403 when POST from mobile device.

[Anthony]

Note, unless you are sending/receiving cookies, there is no real point to 
using the session, as it will not persist from request to request anyway 
(and you don't appear to be using it for that purpose). Instead, if you 
need some value to be set in one function and then accessed in another 
function, just pass the value as an argument from the first function to the 
second (this also makes testing easier). Another option is to create a 
class and use methods operating on the object.

Anthony
 

> auth.settings.allow_basic_login = True
> @auth.requires_login()
> *def* raw_json_read():
> # The mobile POST hits here first.
> *if* request.env.request_method == 'POST':
> session.processing_frame = request.post_vars['entry_value']
> the_result = frame_reading()
> *return* the_result
> *return* 400
>
> auth.settings.allow_basic_login = True
> @auth.requires_login()
> *def* frame_reading():
> # Then here...
> # Omitted code
> session.persistence_last_reload = 0 # Found that it didn't have the 
> prefix 'session' and the dot of course. Might be the issue, might be not... 
> #Omitted Code
> frame_input = session.processing_frame or redirect(URL('index'))
> status_message = read_frame_validation(frame_input)
>* if* status_message == 210:
> return_value = session.persistence_load_reading
> *return* return_value
> # Omitted code
> *elif* status_message == 245:
> return_value = session.persistence_last_reload
> *return* return_value
> # Omitted code
> *else*:
> *return* status_message
>
> auth.settings.allow_basic_login = True
> @auth.requires_login()
> *def* read_frame_validation(frame_to_split):
> # Omitted validation code...
> *elif* int(string_list[2]) == 7: # Her'es the option that sends 
> back information to mobile device
> time_list = []
> read_list = []
> the_chain = ""
> refill_rows = db((db.DataInformation.request_type == 2) & 
> \
>  (db.DataInformation.id_device == id_device)& \
>  (db.DataInformation.id_user == 
> auth.user_id)).select(db.DataInformation.timestamp_string,
> 
>  db.DataInformation.reading,
>   
>
> orderby =~ db.DataInformation.id,
>   
>
> limitby=(0,6))
> *if* len(refill_rows) == 0:
> *return* 204
> *for* row in refill_rows:
> time_list.append(row['timestamp_string'])
> read_list.append(row['reading'])
> the_chain = "|" + ",".join(map(str, time_list)) + "|" + ",".join(
> map(str, read_list)) + "|"
> session.persistence_last_reload = the_chain
> *return* 245
> # Then, the whole way back to response.
>
> The HTML page that i get is this one:
>
>  http://www.w3.org/TR/html4/loose.dtd";>
>  
>  
>  
>  
>  403 Forbidden
>  
>  html * { padding:0; margin:0; }
>  body * { padding:10px 20px; }
>  body * * { padding:0; }
>  body { font:small sans-serif; background:#eee; }
>  body>div { border-bottom:1px solid #ddd; }
>  h1 { font-weight:normal; margin-bottom:.4em; }
>  h1 span { font-size:60%; color:#666; font-weight:normal; }
>  #info { background:#f6f6f6; }
>  #info ul { margin: 0.5em 4em; }
>  #info p, #summary p { padding-top:10px; }
>  #summary { background: #ffc; }
>  #explanation { background:#eee; border-bottom: 0px none; }
>  
>  
>  
>  
>  Forbidden 
>  CSRF verification failed. Request aborted.
>  You are seeing this message because this HTTPS site requires a 'Referer
>  header' to be sent by your Web browser, but none was sent. This header is
>  required for security reasons, to ensure that your browser is not being
>  hijacked by third parties.
>  If you have configured your browser to disable 'Referer' headers, 
> please
>  re-enable them, at least for this site, or for HTTPS connections, or for
>  'same-origin' requests.
>  
>  
>  More information is available with DEBUG=True.
>  
>  
>  
>
>

-- 
Resources:
- http://web2py.com
- http://web2py.com/book (Documentation)
- http://github.com/web2py/web2py (Source code)
- https://code.google.com/p/web2py/issues/list (Report Issues)
--- 
You received this message because you are subscribed to the Google Groups 
"web2py-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to web2py+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [web2py] Re: CSRF Forbidden 403 when POST from mobile device.

[José Ricardo Borba]

Thanks for clarifying, Anthony.

2015-08-05 14:40 GMT-03:00 Anthony :

> On Wednesday, August 5, 2015 at 11:46:15 AM UTC-4, José Borba wrote:
>>
>> Hi, Jon,
>>
>> Now its more clear to me what you really need. Maybe this slice from
>> Bruno[1] can help you. I think that YES. ;-)
>>
>> [1] - http://www.web2pyslices.com/slice/show/1533/restful-api-with-web2py
>>
>
> Note, this is documented in the book as well (with some additional options
> and details):
> http://web2py.com/books/default/chapter/29/10/services#Restful-Web-Services
>
> Anthony
>
> --
> Resources:
> - http://web2py.com
> - http://web2py.com/book (Documentation)
> - http://github.com/web2py/web2py (Source code)
> - https://code.google.com/p/web2py/issues/list (Report Issues)
> ---
> You received this message because you are subscribed to the Google Groups
> "web2py-users" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to web2py+unsubscr...@googlegroups.com.
> For more options, visit https://groups.google.com/d/optout.
>



-- 
José Ricardo Borba

-- 
Resources:
- http://web2py.com
- http://web2py.com/book (Documentation)
- http://github.com/web2py/web2py (Source code)
- https://code.google.com/p/web2py/issues/list (Report Issues)
--- 
You received this message because you are subscribed to the Google Groups 
"web2py-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to web2py+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [web2py] Re: CSRF Forbidden 403 when POST from mobile device.

[Anthony]

On Wednesday, August 5, 2015 at 11:46:15 AM UTC-4, José Borba wrote:
>
> Hi, Jon,
>
> Now its more clear to me what you really need. Maybe this slice from 
> Bruno[1] can help you. I think that YES. ;-)
>
> [1] - http://www.web2pyslices.com/slice/show/1533/restful-api-with-web2py
>

Note, this is documented in the book as well (with some additional options 
and details): 
http://web2py.com/books/default/chapter/29/10/services#Restful-Web-Services

Anthony

-- 
Resources:
- http://web2py.com
- http://web2py.com/book (Documentation)
- http://github.com/web2py/web2py (Source code)
- https://code.google.com/p/web2py/issues/list (Report Issues)
--- 
You received this message because you are subscribed to the Google Groups 
"web2py-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to web2py+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [web2py] Re: CSRF Forbidden 403 when POST from mobile device.

[Anthony]

On Wednesday, August 5, 2015 at 11:50:32 AM UTC-4, José Borba wrote:
>
> Additionally, this[1] part of web2py book can help you too.
>
> *
>
> *... By default, Auth protects logins against cross-site request forgeries 
> (CSRF). This is actually provided by web2py's standard CSRF protection 
> whenever forms are generated in a session. However, under some 
> circumstances, the overhead of creating a session for login,password 
> request and reset attempts may be undesirable. DOS attacks are 
> theoretically possible. CSRF protection can be disabled for Auth forms (as 
> of v 2.6):*
> *Auth = Auth(..., csrf_prevention = False)*
>
> *Note that doing this purely to avoid session overload on a busy site is 
> not recommended because of the introduced security risk. Instead, see the 
> Deployment chapter for advice on reducing session overheads...*
>
> 
>
> [1] - http://web2py.com/books/default/chapter/29/09/access-control
>

Note, the above is not relevant in this case. web2py only employs CSRF 
protection with forms created via FORM and SQLFORM (including the Auth 
forms), but in this case, no Auth forms are being used, as basic auth is 
being used for login. In fact, with basic auth, CRSF protection is not 
relevant, as the login credentials are being passed on every request (yet, 
you don't want to set csrf_protection=False, in case you are still making 
the default Auth actions available, as they do rely on forms).

Anthony

-- 
Resources:
- http://web2py.com
- http://web2py.com/book (Documentation)
- http://github.com/web2py/web2py (Source code)
- https://code.google.com/p/web2py/issues/list (Report Issues)
--- 
You received this message because you are subscribed to the Google Groups 
"web2py-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to web2py+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[web2py] Module is behaving different in web2py

[David]

Hello,

I am porting some of old legacy web apps (very legacy) to web2py. I am 
trying to connect to external databases via module we have tested and used 
elsewhere but it does not seem to work at all in web2py. For example, if we 
try to use a function inside this module to find the employee id of a 
person via username it works on the webserver on the command line by 
calling: CustomModule.GetEmployeeID('someusername'). However this won't 
work in a controller or the shell within web2py. Does anyone have any ideas 
what might be causing this?

Thanks,

David

-- 
Resources:
- http://web2py.com
- http://web2py.com/book (Documentation)
- http://github.com/web2py/web2py (Source code)
- https://code.google.com/p/web2py/issues/list (Report Issues)
--- 
You received this message because you are subscribed to the Google Groups 
"web2py-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to web2py+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [web2py] Re: When will we have a "proper" forum ?

[Richard Vézina]

I am not pretending that it is the way to go... But, I can much more easily
recall something that I read because it search much better then google can
even when you search in the group with google groups... which sometimes
can't even find the exact post that I can in a snap with gmail...

Richard

On Wed, Aug 5, 2015 at 12:43 PM, António Ramos  wrote:

> That is tooo archaic...
>
> I can have proposals in my email but a CRM is best suited right ?
>
> From a noobie point of view, using a dedicated app he could easily see hot
> topics that he didn't new existed. and this is a big advantage for me.
> We can see the big picture ahead.
> i´m not limited to my limited knowledge because i can only find what i´m
> looking for using only emails.
> There will be a lot of good info that i will never see.
>
>
>
>
>
>
> 2015-08-05 15:13 GMT+01:00 Richard Vézina :
>
>> I like receive all email from the list in a dedicated mail box (gmail), I
>> can then easily search in the question and answer...
>>
>> :)
>>
>> Richard
>>
>> On Wed, Aug 5, 2015 at 9:12 AM, JorgeH  wrote:
>>
>>> I have been using this forum for years, and NEVER EVER have used email.
>>>
>>> I visit the web forum:
>>>
>>> https://groups.google.com/forum/#!forum/web2py
>>>
>>> And in the settings I chosed not to get emails:
>>>
>>>
>>> 
>>>
>>>
>>>
>>> 
>>>
>>>
>>>
>>>
>>>
>>>
>>> On Wednesday, August 5, 2015 at 3:01:00 AM UTC-5, xmarx wrote:


> It does have tags: https://groups.google.com/forum/#!tags/web2py
>
>
 but unfortunatelyit doesn't using effectively. because i think. most
 messages send and replied vie e-mail.


 it would be nice to have the following features in 'new forum' or
 whatever.
 1. transfer or copy all google groups messages to new forum.
 2. auto-tagging or tag-suggesting system.


>>> --
>>> Resources:
>>> - http://web2py.com
>>> - http://web2py.com/book (Documentation)
>>> - http://github.com/web2py/web2py (Source code)
>>> - https://code.google.com/p/web2py/issues/list (Report Issues)
>>> ---
>>> You received this message because you are subscribed to the Google
>>> Groups "web2py-users" group.
>>> To unsubscribe from this group and stop receiving emails from it, send
>>> an email to web2py+unsubscr...@googlegroups.com.
>>> For more options, visit https://groups.google.com/d/optout.
>>>
>>
>> --
>> Resources:
>> - http://web2py.com
>> - http://web2py.com/book (Documentation)
>> - http://github.com/web2py/web2py (Source code)
>> - https://code.google.com/p/web2py/issues/list (Report Issues)
>> ---
>> You received this message because you are subscribed to the Google Groups
>> "web2py-users" group.
>> To unsubscribe from this group and stop receiving emails from it, send an
>> email to web2py+unsubscr...@googlegroups.com.
>> For more options, visit https://groups.google.com/d/optout.
>>
>
> --
> Resources:
> - http://web2py.com
> - http://web2py.com/book (Documentation)
> - http://github.com/web2py/web2py (Source code)
> - https://code.google.com/p/web2py/issues/list (Report Issues)
> ---
> You received this message because you are subscribed to the Google Groups
> "web2py-users" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to web2py+unsubscr...@googlegroups.com.
> For more options, visit https://groups.google.com/d/optout.
>

-- 
Resources:
- http://web2py.com
- http://web2py.com/book (Documentation)
- http://github.com/web2py/web2py (Source code)
- https://code.google.com/p/web2py/issues/list (Report Issues)
--- 
You received this message because you are subscribed to the Google Groups 
"web2py-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to web2py+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[web2py] Re: Oracle CLOB/text insert adapter issues

[Boris Aramis Aguilar Rodríguez]

Hi :)

I've just managed to fix my issue by adding/modifying a couple of methods 
of the *pydal.adapters.oracle.OracleAdapter class*; everything seems to be 
working for me

def _insert(self, table, fields):
table_rname = table.sqlsafe
if fields:
keys = ','.join(f.sqlsafe_name for f, v in fields)
r_values = dict()
def value_man(f, v, r_values):
if f.type is 'text':
r_values[':' + f.sqlsafe_name] = self.expand(v, f.type)
return ':' + f.sqlsafe_name
else:
return self.expand(v, f.type)
values = ','.join(value_man(f, v, r_values) for f, v in fields)
return ('INSERT INTO %s(%s) VALUES (%s);' % (table_rname, keys, 
values), r_values)
else:
return (self._insert_empty(table), None)

def insert(self, table, fields):
query, values = self._insert(table,fields)
try:
if not values:
self.execute(query)
else:
self.execute(query, values)
except Exception:
e = sys.exc_info()[1]
if hasattr(table,'_on_insert_error'):
return table._on_insert_error(table,fields,e)
raise e
if hasattr(table, '_primarykey'):
mydict = dict([(k[0].name, k[1]) for k in fields if k[0].name in 
table._primarykey])
if mydict != {}:
return mydict
id = self.lastrowid(table)
if hasattr(table, '_primarykey') and len(table._primarykey) == 1:
id = {table._primarykey[0]: id}
if not isinstance(id, (int, long)):
return id
rid = Reference(id)
(rid._table, rid._record) = (table, None)
return rid



El martes, 4 de agosto de 2015, 1:00:59 (UTC-6), Niphlod escribió:
>
> ok, we were discussing the same thing over at pydal's repo to address 
> another issue, that is closely related . 
> https://github.com/web2py/pydal/issues/155
>
> On Monday, August 3, 2015 at 8:57:44 PM UTC+2, Boris Aramis Aguilar 
> Rodríguez wrote:
>>
>> I've found the following:
>>
>> To insert a text using the cx_Oracle driver directly if you do something 
>> like
>>
>> import cx_Oracle
>> connection = cx_Oracle.connect('connectionstring')
>>
>> cursor = connection.cursor()
>>
>> p = ''
>> for i in range(1,1):
>>   p += str(i)
>>
>> sss = "INSERT INTO 
>> ipvpn_route_table(read_datetime,ip_vpn,route_table,destinations) VALUES 
>> (NULL,6,'" + p + "','" + p + "')"
>> cursor.execute(sss)
>>
>> It fails with the same error as the web2py traceback
>>
>> DatabaseError: ORA-01704: string literal too long
>>
>> The correct way to do it is by passing it with parameters (and it works with 
>> any ammount of characters below 4GB of clob data) as follows:
>>
>> import cx_Oracle
>> connection = cx_Oracle.connect('... connection string')
>>
>> cursor = connection.cursor()
>>
>> p = ''
>> for i in range(1,1):
>>   p += str(i)
>>
>> sss = "INSERT INTO 
>> ipvpn_route_table(read_datetime,ip_vpn,route_table,destinations) VALUES 
>> (NULL,6,:FOO,:BAR)"
>> cursor.execute(sss, FOO=p, BAR=p)
>>
>>
>>
>> El lunes, 3 de agosto de 2015, 9:51:16 (UTC-6), Boris Aramis Aguilar 
>> Rodríguez escribió:
>>>
>>> Hi,
>>>
>>> I've been currently working with Oracle as a database backend, I have 
>>> found one issue that I highly suspect has to do with the DAL Adapter; when 
>>> you use web2py text fields they get mapped into CLOB with oracle database 
>>> backend (as you can see on the OracleAdapter code) the issue is dealing 
>>> with text longer than 4k characters. Oracle doesn't support a typical 
>>> insert with more than 4k characters dealing with a CLOB data type, because 
>>> it treats it as a string and strings can't be more than 4k characters long. 
>>> So for example dealing with a table like
>>>
>>> db.define_table('atable', Field('longtext', 'text'))
>>>
>>> db.atable.insert(longtext=somelongtext) #This fails with the following 
>>> exception
>>>
>>>   File "/var/www/web2py/gluon/packages/dal/pydal/objects.py", line 691, in 
>>> insert
>>> ret = self._db._adapter.insert(self, self._listify(fields))
>>>   File "/var/www/web2py/gluon/packages/dal/pydal/adapters/base.py", line 
>>> 731, in insert
>>> raise e
>>> DatabaseError: ORA-01704: string literal too long
>>>
>>> And reading trough several forums I found that this error appears on CLOB 
>>> insertion when you do a tipycal insert. 
>>> https://community.oracle.com/thread/1068414?start=0&tstart=0
>>>
>>> So i guess OracleAdapter is trying to achieve a typical insertion when it 
>>> shouldn't as it has to deal with CLOB logic.
>>>
>>> I think I could fix the problem but I'm not really sure if someone can help 
>>> me out with a hint of some kind.
>>>
>>> Thanks!
>>>
>>>
>>>

-- 
Resources:
- http://web2py.com
- http://web2py.com/book (Documentation)
- http://github.com/web2py/web2py (Source code)
- https://cod

Re: [web2py] Re: When will we have a "proper" forum ?

[António Ramos]

That is tooo archaic...

I can have proposals in my email but a CRM is best suited right ?

>From a noobie point of view, using a dedicated app he could easily see hot
topics that he didn't new existed. and this is a big advantage for me.
We can see the big picture ahead.
i´m not limited to my limited knowledge because i can only find what i´m
looking for using only emails.
There will be a lot of good info that i will never see.






2015-08-05 15:13 GMT+01:00 Richard Vézina :

> I like receive all email from the list in a dedicated mail box (gmail), I
> can then easily search in the question and answer...
>
> :)
>
> Richard
>
> On Wed, Aug 5, 2015 at 9:12 AM, JorgeH  wrote:
>
>> I have been using this forum for years, and NEVER EVER have used email.
>>
>> I visit the web forum:
>>
>> https://groups.google.com/forum/#!forum/web2py
>>
>> And in the settings I chosed not to get emails:
>>
>>
>> 
>>
>>
>>
>> 
>>
>>
>>
>>
>>
>>
>> On Wednesday, August 5, 2015 at 3:01:00 AM UTC-5, xmarx wrote:
>>>
>>>
 It does have tags: https://groups.google.com/forum/#!tags/web2py


>>> but unfortunatelyit doesn't using effectively. because i think. most
>>> messages send and replied vie e-mail.
>>>
>>>
>>> it would be nice to have the following features in 'new forum' or
>>> whatever.
>>> 1. transfer or copy all google groups messages to new forum.
>>> 2. auto-tagging or tag-suggesting system.
>>>
>>>
>> --
>> Resources:
>> - http://web2py.com
>> - http://web2py.com/book (Documentation)
>> - http://github.com/web2py/web2py (Source code)
>> - https://code.google.com/p/web2py/issues/list (Report Issues)
>> ---
>> You received this message because you are subscribed to the Google Groups
>> "web2py-users" group.
>> To unsubscribe from this group and stop receiving emails from it, send an
>> email to web2py+unsubscr...@googlegroups.com.
>> For more options, visit https://groups.google.com/d/optout.
>>
>
> --
> Resources:
> - http://web2py.com
> - http://web2py.com/book (Documentation)
> - http://github.com/web2py/web2py (Source code)
> - https://code.google.com/p/web2py/issues/list (Report Issues)
> ---
> You received this message because you are subscribed to the Google Groups
> "web2py-users" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to web2py+unsubscr...@googlegroups.com.
> For more options, visit https://groups.google.com/d/optout.
>

-- 
Resources:
- http://web2py.com
- http://web2py.com/book (Documentation)
- http://github.com/web2py/web2py (Source code)
- https://code.google.com/p/web2py/issues/list (Report Issues)
--- 
You received this message because you are subscribed to the Google Groups 
"web2py-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to web2py+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[web2py] Re: CSRF Forbidden 403 when POST from mobile device.

[Jon M.]

Wow, thanks! I can feel the love here at the forums!

@José, I'll make the Bruno's approach at local PC in order to apply those 
good practices exposed without risk, failure isolation has my attention and 
I'm definitely in favor of isolation, so, will do, and catch up more with 
clients as stated. 

@Anthony, As for the HTTP referrer, I will do that in order to catch the 
information and see if there's something between those two entities. I'm 
not sure if it will be soon (because of showcases and testing stuff here), 
but I'll be keeping up the information feeding about that CSRF Forbidden 
Issue. Thank you for the good practices too, I'll apply the right changes 
at the right time (again, because of showcase stuff, those concept showing 
meetings struggle the dev team, kinda common I guess, so I'll do it in my 
free time).

I'll be in touch, if someone has another thought, idea or opinion, please 
feel free to do it!

-- 
Resources:
- http://web2py.com
- http://web2py.com/book (Documentation)
- http://github.com/web2py/web2py (Source code)
- https://code.google.com/p/web2py/issues/list (Report Issues)
--- 
You received this message because you are subscribed to the Google Groups 
"web2py-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to web2py+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[web2py] Re: CSRF Forbidden 403 when POST from mobile device.

[Anthony]

> @Anthony, the HTTPS protocol is not yet implemented, first we need the 
> transactions fully working, so HTTP protocol is used meanwhile. We're not 
> using web browsers, is the Android App that generates a POST with JSON 
> request, that is:
>
> "{entry_value=}"
>
> As if you were using curl for generating POSTs, the auth is provided with 
> credential, classic username and password strings (for now).
>

Yes, I understand you are not using a browser. Nevertheless, whatever 
client you are using to make the post request, the server is clearly 
requiring you to set the Referer header.
 

> @Anthony, @Dave_S, as said above, the Android sends this vía web with HTTP 
> with JSON, the development is done in a PC connected to local LAN, so, the 
> Android device with it's own native application generates curl like 
> request, and sends it to the PC's IP within the LAN. And in another version 
> of the same native Android app, it communicates to the same web2py project 
> hosted in pythonanywhere. The guys in pythonanywhere told me that the issue 
> has nothing to do with the server provided by them, they said that the CSRF 
> token could be expired.
>

I can't speak for pythonanywhere, but web2py is not generating that HTML 
response (try searching the web2py repo for any of the text contained in 
that response). web2py only uses CSRF tokens with forms created via FORM 
and SQLFORM, and it never reports errors regarding CSRF failures. Something 
in between the Android app and web2py is rejecting the request and 
returning this response. Maybe do some logging and/or inspection of 
requests/responses on the client to help figure out the source of the 
problem (e.g., what are the response headers when you receive this error).
 

> Could the issue be the:
>  
> auth.settings.allow_basic_login = True
> @auth.requires_login()
>

I don't think so. Though you don't need to bother decorating functions that 
are only called by other functions (you only need to decorate actions 
accessible via URL -- internal functions should be made private, which you 
can do by giving them arguments, preceding their names with a double 
underscore, or moving them out of the controller). 


Anthony

-- 
Resources:
- http://web2py.com
- http://web2py.com/book (Documentation)
- http://github.com/web2py/web2py (Source code)
- https://code.google.com/p/web2py/issues/list (Report Issues)
--- 
You received this message because you are subscribed to the Google Groups 
"web2py-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to web2py+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [web2py] Re: CSRF Forbidden 403 when POST from mobile device.

[José Ricardo Borba]

Wow!
The thing is become more clear post after post!
In this case (IoT), I suggest that you, in the FIRST place, starts with a
python client (like suggested in the Bruno slice before).
And ONLY when things go right you turn to implement the Android (or
whatever platform) way. This will isolate your problems and toward you to
the solution, step by step.

I think that the messages of Massimo and Leonel do, in the essence, the
same thing that Bruno's post, but with some more refinement. Try what you
feel more comfortable!

Best regards,

José Ricardo Borba


2015-08-05 13:04 GMT-03:00 Jon M. :

> That was fast, thanks! :D
>
>>
>> *
>>
>> *... By default, Auth protects logins against cross-site request
>> forgeries (CSRF). This is actually provided by web2py's standard CSRF
>> protection whenever forms are generated in a session. However, under some
>> circumstances, the overhead of creating a session for login,password
>> request and reset attempts may be undesirable. DOS attacks are
>> theoretically possible. CSRF protection can be disabled for Auth forms (as
>> of v 2.6):*
>> *Auth = Auth(..., csrf_prevention = False)*
>>
>> *Note that doing this purely to avoid session overload on a busy site is
>> not recommended because of the introduced security risk. Instead, see the
>> Deployment chapter for advice on reducing session overheads...*
>>
>> 
>>
>
> So accurate indeed, I'll look deeply the deployment chapter as stated, now
> that I know the CSRF verification can be bypassed it kinda feels wrong if
> deactivating that security mecanism... So, will look into overhead,
> because... This is a backend prototype for Internet of Things... So,
> overhead, better have the right control. It will be kinda busy as for it's
> role we want to implement (you can imagine because the requests to server
> from embedded devices, if everything goes fine, tons of them). I proposed
> web2py after some noob research, noob because It's a pretty new topic for
> the rush of businesses growing and asking for IoT solutions and for the
> time aI was given to build a functional prototype that can migrate or stay
> at the hosting we have, change from sqlite to MySQL, change from Rocket to
> Apache and eventually secure it and scalate it. So, web2py is the shot.
>
> I trully want to know your opinion! :D
>
> Thanks a lot! Buena vibra!
>
> --
> Resources:
> - http://web2py.com
> - http://web2py.com/book (Documentation)
> - http://github.com/web2py/web2py (Source code)
> - https://code.google.com/p/web2py/issues/list (Report Issues)
> ---
> You received this message because you are subscribed to the Google Groups
> "web2py-users" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to web2py+unsubscr...@googlegroups.com.
> For more options, visit https://groups.google.com/d/optout.
>



-- 
José Ricardo Borba

-- 
Resources:
- http://web2py.com
- http://web2py.com/book (Documentation)
- http://github.com/web2py/web2py (Source code)
- https://code.google.com/p/web2py/issues/list (Report Issues)
--- 
You received this message because you are subscribed to the Google Groups 
"web2py-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to web2py+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [web2py] Re: CSRF Forbidden 403 when POST from mobile device.

[Jon M.]

That was fast, thanks! :D

>
> *
>
> *... By default, Auth protects logins against cross-site request forgeries 
> (CSRF). This is actually provided by web2py's standard CSRF protection 
> whenever forms are generated in a session. However, under some 
> circumstances, the overhead of creating a session for login,password 
> request and reset attempts may be undesirable. DOS attacks are 
> theoretically possible. CSRF protection can be disabled for Auth forms (as 
> of v 2.6):*
> *Auth = Auth(..., csrf_prevention = False)*
>
> *Note that doing this purely to avoid session overload on a busy site is 
> not recommended because of the introduced security risk. Instead, see the 
> Deployment chapter for advice on reducing session overheads...*
>
> 
>
 
So accurate indeed, I'll look deeply the deployment chapter as stated, now 
that I know the CSRF verification can be bypassed it kinda feels wrong if 
deactivating that security mecanism... So, will look into overhead, 
because... This is a backend prototype for Internet of Things... So, 
overhead, better have the right control. It will be kinda busy as for it's 
role we want to implement (you can imagine because the requests to server 
from embedded devices, if everything goes fine, tons of them). I proposed 
web2py after some noob research, noob because It's a pretty new topic for 
the rush of businesses growing and asking for IoT solutions and for the 
time aI was given to build a functional prototype that can migrate or stay 
at the hosting we have, change from sqlite to MySQL, change from Rocket to 
Apache and eventually secure it and scalate it. So, web2py is the shot.

I trully want to know your opinion! :D

Thanks a lot! Buena vibra!

-- 
Resources:
- http://web2py.com
- http://web2py.com/book (Documentation)
- http://github.com/web2py/web2py (Source code)
- https://code.google.com/p/web2py/issues/list (Report Issues)
--- 
You received this message because you are subscribed to the Google Groups 
"web2py-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to web2py+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [web2py] Re: CSRF Forbidden 403 when POST from mobile device.

[Jon M.]

Thanks José! :D

I'm afraid it already does help me... :3

In the implementation of that slice, Leonel Cámara & Massimo came to 
suggest another way of having POST requests for the backend... So, a 
modification of it he suggested in:

https://groups.google.com/d/msg/web2py/wfHtQ6P2Gmo/lrljWW1LBEIJ

What do you think?

Carpe Diem! (^_^ )

-- 
Resources:
- http://web2py.com
- http://web2py.com/book (Documentation)
- http://github.com/web2py/web2py (Source code)
- https://code.google.com/p/web2py/issues/list (Report Issues)
--- 
You received this message because you are subscribed to the Google Groups 
"web2py-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to web2py+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [web2py] Re: CSRF Forbidden 403 when POST from mobile device.

[José Ricardo Borba]

Additionally, this[1] part of web2py book can help you too.

*

*... By default, Auth protects logins against cross-site request forgeries
(CSRF). This is actually provided by web2py's standard CSRF protection
whenever forms are generated in a session. However, under some
circumstances, the overhead of creating a session for login,password
request and reset attempts may be undesirable. DOS attacks are
theoretically possible. CSRF protection can be disabled for Auth forms (as
of v 2.6):*
*Auth = Auth(..., csrf_prevention = False)*

*Note that doing this purely to avoid session overload on a busy site is
not recommended because of the introduced security risk. Instead, see the
Deployment chapter for advice on reducing session overheads...*



[1] - http://web2py.com/books/default/chapter/29/09/access-control


2015-08-05 12:45 GMT-03:00 José Ricardo Borba :

> Hi, Jon,
>
> Now its more clear to me what you really need. Maybe this slice from
> Bruno[1] can help you. I think that YES. ;-)
>
> [1] - http://www.web2pyslices.com/slice/show/1533/restful-api-with-web2py
>
> Best Regards,
>
> José Ricardo Borba
>
>
> 2015-08-05 12:39 GMT-03:00 Jon M. :
>
>> Hi José! Thanks for suporting too! C:
>>
>> I'm learning about this framework, and I have a glimpse of what the
>> browser does in data exchange between web pages and backend stuff... But,
>> in this application, I'm afraid we want to provide the right interface for
>> the backend.
>>
>> So, no web forms, at least not for now, in the upcoming days we'll be
>> implementing bootstrap 3 for the view layout and stuff, but that's only for
>> informative purposes at this phase.
>>
>> That's why I was asking if there was a way of having RESTful, CRUD way of
>> doing the request from something that had no web forms. So...
>>
>> Mobile App -> HTTP stuff -> backend controllers (functions in default) ->
>> database data exchange, CRUD.
>>
>> An then response to the Mobile App in order to show the data it asked
>> for...
>>
>> Indeed we will use and need the view part and web forms, credentials
>> through it and tokens. But for now, we need to implement the request
>> directly from Android native App.
>>
>> If that's not the way  off doin' it, do you or someone knows something
>> about having those tokens in a entity such a mobile device with Android in
>> order to handle sessions, auths, or the usual tools and conventions used in
>> views?
>>
>> Buena vibra! :D
>>
>> --
>> Resources:
>> - http://web2py.com
>> - http://web2py.com/book (Documentation)
>> - http://github.com/web2py/web2py (Source code)
>> - https://code.google.com/p/web2py/issues/list (Report Issues)
>> ---
>> You received this message because you are subscribed to the Google Groups
>> "web2py-users" group.
>> To unsubscribe from this group and stop receiving emails from it, send an
>> email to web2py+unsubscr...@googlegroups.com.
>> For more options, visit https://groups.google.com/d/optout.
>>
>
>
>
> --
> José Ricardo Borba
>
>


-- 
José Ricardo Borba

-- 
Resources:
- http://web2py.com
- http://web2py.com/book (Documentation)
- http://github.com/web2py/web2py (Source code)
- https://code.google.com/p/web2py/issues/list (Report Issues)
--- 
You received this message because you are subscribed to the Google Groups 
"web2py-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to web2py+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [web2py] Re: CSRF Forbidden 403 when POST from mobile device.

[José Ricardo Borba]

Hi, Jon,

Now its more clear to me what you really need. Maybe this slice from
Bruno[1] can help you. I think that YES. ;-)

[1] - http://www.web2pyslices.com/slice/show/1533/restful-api-with-web2py

Best Regards,

José Ricardo Borba


2015-08-05 12:39 GMT-03:00 Jon M. :

> Hi José! Thanks for suporting too! C:
>
> I'm learning about this framework, and I have a glimpse of what the
> browser does in data exchange between web pages and backend stuff... But,
> in this application, I'm afraid we want to provide the right interface for
> the backend.
>
> So, no web forms, at least not for now, in the upcoming days we'll be
> implementing bootstrap 3 for the view layout and stuff, but that's only for
> informative purposes at this phase.
>
> That's why I was asking if there was a way of having RESTful, CRUD way of
> doing the request from something that had no web forms. So...
>
> Mobile App -> HTTP stuff -> backend controllers (functions in default) ->
> database data exchange, CRUD.
>
> An then response to the Mobile App in order to show the data it asked
> for...
>
> Indeed we will use and need the view part and web forms, credentials
> through it and tokens. But for now, we need to implement the request
> directly from Android native App.
>
> If that's not the way  off doin' it, do you or someone knows something
> about having those tokens in a entity such a mobile device with Android in
> order to handle sessions, auths, or the usual tools and conventions used in
> views?
>
> Buena vibra! :D
>
> --
> Resources:
> - http://web2py.com
> - http://web2py.com/book (Documentation)
> - http://github.com/web2py/web2py (Source code)
> - https://code.google.com/p/web2py/issues/list (Report Issues)
> ---
> You received this message because you are subscribed to the Google Groups
> "web2py-users" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to web2py+unsubscr...@googlegroups.com.
> For more options, visit https://groups.google.com/d/optout.
>



-- 
José Ricardo Borba

-- 
Resources:
- http://web2py.com
- http://web2py.com/book (Documentation)
- http://github.com/web2py/web2py (Source code)
- https://code.google.com/p/web2py/issues/list (Report Issues)
--- 
You received this message because you are subscribed to the Google Groups 
"web2py-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to web2py+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [web2py] Re: CSRF Forbidden 403 when POST from mobile device.

[Jon M.]

Hi José! Thanks for suporting too! C:

I'm learning about this framework, and I have a glimpse of what the browser 
does in data exchange between web pages and backend stuff... But, in this 
application, I'm afraid we want to provide the right interface for the 
backend.

So, no web forms, at least not for now, in the upcoming days we'll be 
implementing bootstrap 3 for the view layout and stuff, but that's only for 
informative purposes at this phase. 

That's why I was asking if there was a way of having RESTful, CRUD way of 
doing the request from something that had no web forms. So...

Mobile App -> HTTP stuff -> backend controllers (functions in default) -> 
database data exchange, CRUD.

An then response to the Mobile App in order to show the data it asked for...

Indeed we will use and need the view part and web forms, credentials 
through it and tokens. But for now, we need to implement the request 
directly from Android native App.

If that's not the way  off doin' it, do you or someone knows something 
about having those tokens in a entity such a mobile device with Android in 
order to handle sessions, auths, or the usual tools and conventions used in 
views?

Buena vibra! :D

-- 
Resources:
- http://web2py.com
- http://web2py.com/book (Documentation)
- http://github.com/web2py/web2py (Source code)
- https://code.google.com/p/web2py/issues/list (Report Issues)
--- 
You received this message because you are subscribed to the Google Groups 
"web2py-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to web2py+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [web2py] Re: CSRF Forbidden 403 when POST from mobile device.

[José Ricardo Borba]

Jon,

You MUST have to access the form before send your POST message, to access
the CSRF token sended from web2py. This is a security solution that
disallow other people to send undesired messages to your app.

Best Regards,

José Ricardo Borba

2015-08-05 10:37 GMT-03:00 Jon M. :

> Thanks for the support and figuring it out with the community!
>
> Providing answers in the right order:
>
> @Anthony, the HTTPS protocol is not yet implemented, first we need the
> transactions fully working, so HTTP protocol is used meanwhile. We're not
> using web browsers, is the Android App that generates a POST with JSON
> request, that is:
>
> "{entry_value=}"
>
> As if you were using curl for generating POSTs, the auth is provided with
> credential, classic username and password strings (for now).
>
> @Anthony, @Dave_S, as said above, the Android sends this vía web with HTTP
> with JSON, the development is done in a PC connected to local LAN, so, the
> Android device with it's own native application generates curl like
> request, and sends it to the PC's IP within the LAN. And in another version
> of the same native Android app, it communicates to the same web2py project
> hosted in pythonanywhere. The guys in pythonanywhere told me that the issue
> has nothing to do with the server provided by them, they said that the CSRF
> token could be expired.
>
> Could the issue be the:
>
> auth.settings.allow_basic_login = True
> @auth.requires_login()
>
> In the different functions that exchange or bring the auth credential. Can
> it be lost after certain number of hops between functions? Is that a misuse
> of those two rows of authentication method in the default.py?
>
> Thanks again! :D
>
> --
> Resources:
> - http://web2py.com
> - http://web2py.com/book (Documentation)
> - http://github.com/web2py/web2py (Source code)
> - https://code.google.com/p/web2py/issues/list (Report Issues)
> ---
> You received this message because you are subscribed to the Google Groups
> "web2py-users" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to web2py+unsubscr...@googlegroups.com.
> For more options, visit https://groups.google.com/d/optout.
>



-- 
José Ricardo Borba

-- 
Resources:
- http://web2py.com
- http://web2py.com/book (Documentation)
- http://github.com/web2py/web2py (Source code)
- https://code.google.com/p/web2py/issues/list (Report Issues)
--- 
You received this message because you are subscribed to the Google Groups 
"web2py-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to web2py+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [web2py] Re: When will we have a "proper" forum ?

[Richard Vézina]

I like receive all email from the list in a dedicated mail box (gmail), I
can then easily search in the question and answer...

:)

Richard

On Wed, Aug 5, 2015 at 9:12 AM, JorgeH  wrote:

> I have been using this forum for years, and NEVER EVER have used email.
>
> I visit the web forum:
>
> https://groups.google.com/forum/#!forum/web2py
>
> And in the settings I chosed not to get emails:
>
>
> 
>
>
>
> 
>
>
>
>
>
>
> On Wednesday, August 5, 2015 at 3:01:00 AM UTC-5, xmarx wrote:
>>
>>
>>> It does have tags: https://groups.google.com/forum/#!tags/web2py
>>>
>>>
>> but unfortunatelyit doesn't using effectively. because i think. most
>> messages send and replied vie e-mail.
>>
>>
>> it would be nice to have the following features in 'new forum' or
>> whatever.
>> 1. transfer or copy all google groups messages to new forum.
>> 2. auto-tagging or tag-suggesting system.
>>
>>
> --
> Resources:
> - http://web2py.com
> - http://web2py.com/book (Documentation)
> - http://github.com/web2py/web2py (Source code)
> - https://code.google.com/p/web2py/issues/list (Report Issues)
> ---
> You received this message because you are subscribed to the Google Groups
> "web2py-users" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to web2py+unsubscr...@googlegroups.com.
> For more options, visit https://groups.google.com/d/optout.
>

-- 
Resources:
- http://web2py.com
- http://web2py.com/book (Documentation)
- http://github.com/web2py/web2py (Source code)
- https://code.google.com/p/web2py/issues/list (Report Issues)
--- 
You received this message because you are subscribed to the Google Groups 
"web2py-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to web2py+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[web2py] Re: CSRF Forbidden 403 when POST from mobile device.

[Jon M.]

Thanks for the support and figuring it out with the community!

Providing answers in the right order:

@Anthony, the HTTPS protocol is not yet implemented, first we need the 
transactions fully working, so HTTP protocol is used meanwhile. We're not 
using web browsers, is the Android App that generates a POST with JSON 
request, that is:

"{entry_value=}"

As if you were using curl for generating POSTs, the auth is provided with 
credential, classic username and password strings (for now).

@Anthony, @Dave_S, as said above, the Android sends this vía web with HTTP 
with JSON, the development is done in a PC connected to local LAN, so, the 
Android device with it's own native application generates curl like 
request, and sends it to the PC's IP within the LAN. And in another version 
of the same native Android app, it communicates to the same web2py project 
hosted in pythonanywhere. The guys in pythonanywhere told me that the issue 
has nothing to do with the server provided by them, they said that the CSRF 
token could be expired.

Could the issue be the:
 
auth.settings.allow_basic_login = True
@auth.requires_login()

In the different functions that exchange or bring the auth credential. Can 
it be lost after certain number of hops between functions? Is that a misuse 
of those two rows of authentication method in the default.py?

Thanks again! :D

-- 
Resources:
- http://web2py.com
- http://web2py.com/book (Documentation)
- http://github.com/web2py/web2py (Source code)
- https://code.google.com/p/web2py/issues/list (Report Issues)
--- 
You received this message because you are subscribed to the Google Groups 
"web2py-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to web2py+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[web2py] Re: When will we have a "proper" forum ?

[JorgeH]

I have been using this forum for years, and NEVER EVER have used email. 

I visit the web forum:

https://groups.google.com/forum/#!forum/web2py

And in the settings I chosed not to get emails:











On Wednesday, August 5, 2015 at 3:01:00 AM UTC-5, xmarx wrote:
>
>
>> It does have tags: https://groups.google.com/forum/#!tags/web2py
>>
>>
> but unfortunatelyit doesn't using effectively. because i think. most 
> messages send and replied vie e-mail. 
>
>
> it would be nice to have the following features in 'new forum' or whatever.
> 1. transfer or copy all google groups messages to new forum.
> 2. auto-tagging or tag-suggesting system. 
>
>

-- 
Resources:
- http://web2py.com
- http://web2py.com/book (Documentation)
- http://github.com/web2py/web2py (Source code)
- https://code.google.com/p/web2py/issues/list (Report Issues)
--- 
You received this message because you are subscribed to the Google Groups 
"web2py-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to web2py+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[web2py] Re: When will we have a "proper" forum ?

[xmarx]

>
>
> It does have tags: https://groups.google.com/forum/#!tags/web2py
>
>
but unfortunatelyit doesn't using effectively. because i think. most 
messages send and replied vie e-mail. 


it would be nice to have the following features in 'new forum' or whatever.
1. transfer or copy all google groups messages to new forum.
2. auto-tagging or tag-suggesting system. 

-- 
Resources:
- http://web2py.com
- http://web2py.com/book (Documentation)
- http://github.com/web2py/web2py (Source code)
- https://code.google.com/p/web2py/issues/list (Report Issues)
--- 
You received this message because you are subscribed to the Google Groups 
"web2py-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to web2py+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.