Hello Massimo and hello guys, sorry to bother you all.
I got a problem with IS_STRONG and CRYPT(). Richard is trying to help me to
solve it. I posted a new question because the problem is similar to this
one but it regards the user approval from db.auth_user with the STRONG and
CRYPT() activate on the password field.
I am using the framework 2.0.9 on the win 7 (for test). Could you help me
with it?.
Thanks All
Il giorno sabato 14 agosto 2010 17:20:06 UTC+2, mdipierro ha scritto:
>
> This:
>
> <input class="password" id="register_password_two__label"
> name="password2" type="password" value="" />{{if
> form.errors.password2:}}<div class="error">NO MATCH</div>{{pass}}</
> input>
>
> Should have been:
>
> <input class="password" id="register_password_two__label"
> name="password_two" type="password" value="" />{{if
> form.errors.password_two:}}<div class="error">NO MATCH</div>{{pass}}
>
> Make the change and it will work.
>
> There should really be a form.custom.widget.password_two... I will
> think about adding one.
>
> Massimo
>
> On Aug 14, 9:49 am, elfuego1 <[email protected]> wrote:
> > I did as you asked.
> > Message should be at your email box.
> >
> > On 14 Sie, 15:55, mdipierro <[email protected]> wrote:
> >
> > > Please email it to me.
> >
> > > On Aug 14, 8:30 am, elfuego1 <[email protected]> wrote:
> >
> > > > I can't send data from registration form to DB. I'm stuck on the
> same
> > > > page. I'm not redirected to post registration page. Only fields
> > > > password and verify password are being cleaned. Looks like
> > > > registration form is not working.
> >
> > > > Is there a way you could look at my application so I would move on
> > > > with my coding?
> >
> > > > On 14 Sie, 15:11, mdipierro <[email protected]> wrote:
> >
> > > > > My mistake. It is
> >
> > > > > {{=form.custom.submit}}
> >
> > > > > not {{=form.custom.widget.submit}}
> >
> > > > > On Aug 14, 8:02 am, elfuego1 <[email protected]> wrote:
> >
> > > > > > How do I fix that?
> >
> > > > > > On 14 Sie, 15:01, elfuego1 <[email protected]> wrote:
> >
> > > > > > > In user.html I have now:
> >
> > > > > > > {{if request.args(0)=='login':}}{{=auth.login()}}
> >
> > > > > > > {{elif request.args(0)=='register':}}
> > > > > > > {{=form.custom.begin}}
> > > > > > > {{=form.custom.widget.first_name}}
> > > > > > > ...
> > > > > > > {{=form.custom.widget.submit}}
> > > > > > > {{=form.custom.end}}
> >
> > > > > > > I have a submit button only on login page (which is generated
> > > > > > > automatically).
> > > > > > > But on registration page where I have custom form I have only
> "None"
> > > > > > > displayed instead of a button??
> >
> > > > > > > On 14 Sie, 12:07, mdipierro <[email protected]> wrote:
> >
> > > > > > > > In the controller you should ONLY use
> >
> > > > > > > > form=auth.register()
> >
> > > > > > > > DO NOT make the registration form with FORM, SQLFORM,
> accepts, etc.
> >
> > > > > > > > If you need to add fields, define your own db.auth_user
> table
> >
> > > > > > > > If you need to customize presentation use
> >
> > > > > > > > {{=form.custom.begin}}
> > > > > > > > {{=form.custom.widget.first_name}}
> > > > > > > > ....
> > > > > > > > {{=form.custom.widget.submit}}
> > > > > > > > {{=form.custom.end}}
> >
> > > > > > > > insert any HTML you need. Use CSS and jQuery to style it.
> >
> > > > > > > > On Aug 14, 5:03 am, elfuego1 <[email protected]> wrote:
> >
> > > > > > > > > OK. Then can you PLEASE tell me how should I write
> registration part
> > > > > > > > > to use full power of the framework?
> >
> > > > > > > > > In controllers/default.py I have my custom form in def
> register().
> > > > > > > > > I invoke it in views/default/register.html with:
> > > > > > > > > {{=form}}
> >
> > > > > > > > > HOW DO I SAVE IT TO DATABASE???
> > > > > > > > > I just need this information and everything will work just
> fine.
> >
> > > > > > > > > On 14 Sie, 11:48, mdipierro <[email protected]>
> wrote:
> >
> > > > > > > > > > You have two problems:
> >
> > > > > > > > > > 1)
> >
> > > > > > > > > > insert(....request.vars.password...)
> > > > > > > > > > should be
> > > > > > > > > > insert(...form.vars.password...)
> >
> > > > > > > > > > request.vars contains the raw data sent from user,
> form.vars contains
> > > > > > > > > > the same data filtered by validators.
> >
> > > > > > > > > > 2)
> >
> > > > > > > > > > you are bypassing a lot of login that is normally
> performed by auth.
> > > > > > > > > > For example you do not get default groups for new users.
> Eventually
> > > > > > > > > > this will bite you.
> >
> > > > > > > > > > Massimo
> >
> > > > > > > > > > On Aug 14, 4:43 am, elfuego1 <[email protected]>
> wrote:
> >
> > > > > > > > > > > When I look into database I can see the password in a
> readable form.
> > > > > > > > > > > No hash there.
> > > > > > > > > > > I tested registration on a standard cookbook
> application and the hash
> > > > > > > > > > > there works for password field.
> >
> > > > > > > > > > > So I started thinking what am I doing wrong. And then
> it stuck me and
> > > > > > > > > > > I think I found the problem.
> > > > > > > > > > > When I was sending my form NOTHING was stored into
> database. I only
> > > > > > > > > > > got a confirmation message: "Form accepted!".
> > > > > > > > > > > So I thought about a work around and put all my code
> responsible for
> > > > > > > > > > > storing data into database just below this part of my
> form:
> >
> > > > > > > > > > > if form.accepts(request.vars,session):
> > > > > > > > > > > response.flash="Form accepted!"
> > > > > > > > > > >
> db.auth_user.insert(username=request.vars.username,
> >
> > > > > > > > > > > password=request.vars.password,
> >
> > > > > > > > > > > first_name=request.vars.first_name,
> >
> > > > > > > > > > > last_name=request.vars.last_name)
> >
> > > > > > > > > > > So my question is where should I place this part of
> code to have my
> > > > > > > > > > > data stored in DB and have CRYPT() method working?
> > > > > > > > > > > Or maybe there is some other method to save form data
> into database?
> > > > > > > > > > > For now only this worked for me. But it looks like my
> way of saving
> > > > > > > > > > > form data into database backfired on me.
> >
> > > > > > > > > > > On 14 Sie, 10:15, mdipierro <[email protected]>
> wrote:
> >
> > > > > > > > > > > > this confirms that crypt is working. somehow it is
> not being called
> > > > > > > > > > > > for you. I am very puzzled by this.
> > > > > > > > > > > > How do you check the passwords are not hashed?
> > > > > > > > > > > > Can you make a minimalist app to reproduce the
> problem and and email
> > > > > > > > > > > > it to me?
> >
> > > > > > > > > > > > On Aug 13, 6:39 pm, elfuego1 <[email protected]>
> wrote:
> >
> > > > > > > > > > > > > Requirements for password field in db.py file are
> as follows:
> >
> > > > > > > > > > > > > db.auth_user.password.requires =
> > > > > > > > > > > > >
> [IS_STRONG(min=8,max=None,upper=None,lower=None,special=None,number=None,error_message='Too
>
>
> > > > > > > > > > > > > short'),
> > > > > > > > > > > > > CRYPT(auth.settings.hmac_key)]
> >
> > > > > > > > > > > > > there are aslo defined these parameters:
> >
> > > > > > > > > > > > > auth.settings.controller = 'default'
> > > > > > > > > > > > > auth.settings.hmac_key='sha512:phraseforthepass'
> >
> > > > > > > > > > > > > I was not sure if I import enough modules so
> beside the obvious:
> >
> > > > > > > > > > > > > from gluon.tools import *
> >
> > > > > > > > > > > > > I aslo imported these two:
> >
> > > > > > > > > > > > > from gluon.utils import *
> > > > > > > > > > > > > from gluon.validators import *
> >
> > > > > > > > > > > > > Massimo, after I added the part of code you
> suggested in my
> > > > > > > > > > > > > registration page (register.html):
> > > > > > > > > > > > > {{=CRYPT(auth.settings.hmac_key)('hello world')}}
> >
> > > > > > > > > > > > > I got this on the page in web browser:
> >
> > > > > > > > > > > > >
> ('ae0bd13943b9f20d94ee01dd121d26bbee315f269d309de6aacbfeeeefe6e1c9d75c3d1549dbf9cf2db8c0ecf9094c72cca33baac3944256815e6969fbc97830',
>
>
> > > > > > > > > > > > > None)
> >
> > > > > > > > > > > > > On 14 Sie, 00:16, mdipierro <
> [email protected]> wrote:
> >
> > > > > > > > > > > > > > can you try
> >
> > > > > > > > > > > > > > print CRYPT(auth.settings.hmac_key)('hello
> world')
> >
> > > > > > > > > > > > > > what do you get? Did you set
> >
> > > > > > > > > > > > > >
> auth.settings.hmac_key='sha512:somerandompasphrase'
> >
> > > > > > > > > > > > > > On Aug 13, 12:39 pm, elfuego1 <
> [email protected]> wrote:
> >
> > > > > > > > > > > > > > > I did as mr.freeze suggested and I added
> values for all parameters:
> >
> > > > > > > > > > > > > > > db.auth_user.password.requires =
> > > > > > > > > > > > > > >
> [IS_STRONG(min=8,max=None,upper=None,lower=None,special=None,number=None,error_message='Too
>
>
> > > > > > > > > > > > > > > short'),
> > > > > > > > > > > > > > > CRYPT(auth.settings.hmac_key)]
> >
> > > > > > > > > > > > > > > It helped with my first problem. I don't get
> error_message any more.
> > > > > > > > > > > > > > > Form is processed smoothly now.
> >
> > > > > > > > > > > > > > > BUT the password still isn't hashed...
> >
> > > > > > > > > > > > > > > I had found information about additonal
> parameter
> > > > > > > > > > > > > > > auth.settings.controller = 'default'
> >
> > > > > > > > > > > > > > > and had added it in my db.py file. To no avail
> though :-(
> >
> > > > > > > > > > > > > > > On 13 Sie, 11:19, mdipierro <
> [email protected]> wrote:
> >
> > > > > > > > > > > > > > > > @elfuogo1, let us know if the problems are
> solved.
> >
> > > > > > > > > > > > > > > > On Aug 12, 10:36 pm, "mr.freeze" <
> [email protected]> wrote:
> >
> > > > > > > > > > > > > > > > > IS_STRONG is failing for a different
> reason but displaying your error
> > > > > > > > > > > > > > > > > message. The defaults are:
> > > > > > > > > > > > > > > > > min=8, max=20, upper=1, lower=1, number=1,
> special=1
> >
> > > > > > > > > > > > > > > > > If you remove your error message, you will
> get a descriptive message
> > > > > > > > > > > > > > > > > for each failure. You can set each
> parameter to 0 to disallow and to
> > > > > > > > > > > > > > > > > None to not check.
> > > > > > > > > > > > > > > > > db.auth_user.password.requires =
> [IS_STRONG(min=8,max=None,upper=None,
> >
> > > > > > > > > > > > > > > > >
> lower=None,special=None,number=None,error_message='Too short'),
> > > > > > > > > > > > > > > > >
> CRYPT(auth.settings.hmac_key)]
> >
> > > > > > > > > > > > > > > > > Perhaps the defaults should be less
> aggressive. Not sure on the
> > > > > > > > > > > > > > > > > CRYPT, it hashes the password for me.
> >
> > > > > > > > > > > > > > > > > On Aug 12, 9:53 pm, elfuego1 <
> [email protected]> wrote:
> >
> > > > > > > > > > > > > > > > > > Hi,
> >
> > > > > > > > > > > > > > > > > > I have a problem with two things in
> registration form.
> >
> > > > > > > > > > > > > > > > > > 1. Definition for password field in
> database looks as follows:
> >
> > > > > > > > > > > > > > > > > > db.auth_user.password.requires =
> [IS_STRONG(min=8 ,error_message='Your
> > > > > > > > > > > > > > > > > > password is too short!'),
> CRYPT(auth.settings.hmac_key)]
> >
> > > > > > > > > > > > > > > > > > But the form is not accepting passwords.
> Each time I want to send a
> > > > > > > > > > > > > > > > > > form it shows me error message: 'Your
> password is too short', even if
> > > > > > > > > > > > > > > > > > the password is
> >
> > ...
> >
> > read more ยป
--
