Please use SQLFORM(db.table).process() instead of crud.create(db.table)
If you do not require login on file upload, your app is vulnerable to
denial of service attacks.
Anyway, assuming you have some other mechanism to prevent DoS, you can do
what you ask:
db.define_table('data',Field('filename','upload',requires=IS_NOT_EMPTY()),Field('email',requires=IS_EMAIL()),Field('approved','boolean',default=False,writable=False))
def upload_page():
form = SQLFORM(db.data).process()
if form.accepted:
user = auth.get_or_create_user(dict(email=form.vars.email))
if not user.password:
auth.email_reset_password(user)
else:
db.data[form.vars.id].update_record(approved=True)
redirect(URL('show_page',args=form.vars.id))
return locals()
def show_page():
data = db.data(request.args(0)) or redirect(URL('error_page'))
if data.approved:
link = IMG(_src = URL('download',args=data.filename))
else:
link = None
return locals()
On Monday, 8 October 2012 14:31:36 UTC-5, Lamps902 wrote:
>
> Hi, web2py experts. The task I'm trying to accomplish is the following:
>
> -permit a person browsing my site to upload a file to my site through a
> form (implemented through crud.create())
>
> -the visitor is not required to establish an account or log in to
> upload a file
>
> -the user is required to provide an email address in order for
> the file to be uploaded
>
> -after the user uploads a file, the file is held in escrow/limbo, and a
> validation/verification email is sent to the user
>
> -once the user clicks on the link in the validation email, the file is
> posted to the page, and is made publicly available for download
>
> What's the best way to go about doing this? Thanks!
>
--
