>
> In this line of code:
>>
>>
>> form[0].insert(10,DIV(LABEL(H5(password),_class="control-label"),_class="control-group"))
>>
>
> What do you mean? In your example run above, password appears to have the
> correct value both before and after that line. Are you saying the label
> shown in the HTML is the wrong value?
>
Yes,
In this line:
warning=warning +' before label: ' + password
password has value: TnewO[86
In this line
form[0].insert(10,DIV(LABEL(H5(password),_class="control-label"),_class="control-group"))
password has value: HnewN}86
In this line
warning=warning +' after label: ' + password
password has value: TnewO[86
>
>> and for the insert in the auth_user table password has the value: HnewN}86
>
>
> How do you know what gets inserted? Is the password hashed, and you just
> observed that logging in with that value work, or is it stored in plain
> text?
> Are you using the standard db.auth_user definition? If not, can we see the
> definition or any changes you made to the validators, etc.? Is the password
> field shown in the register form?
>
I know what's inserted, because I am able to log in using this password:
HnewN}86,
the other password: TnewO[86 fails. It's hashed.
This is my auth_user table definition:
db.define_table(
auth.settings.table_user_name,
Field('title',length=8,requires=IS_IN_SET(['de
heer','mevrouw'],zero='Select a title'),label='Aanhef * '),
Field('first_name',length=32,default='',requires=[IS_LENGTH(32,error_message='Lengte
overschreidt 32 tekens'),IS_NOT_EMPTY()],notnull=True,label='Voornaam * '),
Field('familyNamePreposition',length=16,requires=IS_LENGTH(16,error_message='Lengte
overschreidt 16 tekens'),label='Tussenvoegsel'),
Field('last_name',length=64,default='',requires=[IS_LENGTH(64,error_message='Lengte
overschreidt 64 charactrer'),IS_NOT_EMPTY()],notnull=True,label='Achternaam
* '),
Field('shortname',length=128,requires=[IS_LENGTH(128,error_message='Lengte
overschreidt 128
tekens'),IS_EMPTY_OR(IS_NOT_IN_DB(db,'auth_user.shortname',error_message='Shortname
al in database'))],unique=True,writable=False,readable=False),
Field('phone',length=16,requires=IS_LENGTH(16,error_message='Lengte
overschreidt 16 tekens'),label='Telefoon'),
Field('email',length=128,default='',requires=[IS_LENGTH(128,error_message='Lengte
overschreidt 128 tekens'),IS_EMAIL(error_message='Ongeldig
e-mailadres'),IS_NOT_IN_DB(db,'auth_user.email',error_message='E-mailadres
al in database')],notnull=True,unique=True,label='E-mail * '),
Field('username',length=32,default='',requires=[IS_LENGTH(32,error_message='Lengte
overschreidt 32
charactrer'),IS_NOT_EMPTY(),IS_NOT_IN_DB(db,'auth_user.username',error_message='Username
al in
database')],notnull=True,unique=True,writable=False,readable=False,label='Gebruikersnaam
* '),
Field('password',
type='password',length=512,requires=[IS_STRONG(),CRYPT()],writable=False,readable=False,label='Wachtwoord
* '),
Field('nodeID','reference
node',default='',requires=IS_EMPTY_OR(IS_IN_DB(db,'node.id','%(id)s',zero='Select
a node')),ondelete='CASCADE',label='NodeID *
',writable=False,readable=False),
Field('registration_key',length=512,default='',writable=False,readable=False),
Field('reset_password_key',length=512,default='',writable=False,readable=False),
Field('registration_id',length=512,default='',writable=False,readable=False),
Field('createdOn',**attributes),
Field('modifiedOn',update=request.now,**attributes))
The password field is shown in the form, because I set: ignore_rw=True
However, I made it read only:
form.element('#no_table_password')['_readonly']=True
> Also, what is the value of form.vars.password after .process() has been
> called? form.vars.password is the value that actually gets inserted into
> the database.
>
It's the hashed password. I first had the following line of code to set the
context:
context=dict(...,username=form.vars.username,password=form.vars.password,...)
In that case the hashed password is mailed to the user, and the user can't
use it to log in.
Kind regards,
Annet
--
---
You received this message because you are subscribed to the Google Groups
"web2py-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
For more options, visit https://groups.google.com/groups/opt_out.
