> I don't understand why I generate the password twice
>
The password is only generated once per call to the register action.
However, remember that every form submission in web2py actually involves
two calls to the form's action -- the first call happens when the page is
first loaded (i.e., the form is created), and the second call happens when
the form is submitted. The password generated on the first call (when the
form is created) is the value that gets submitted to the database -- this
is because you include this value in the form itself, so it gets submitted
back when the form is submitted. The password generated on the second call
(when the form is submitted) is the one that gets emailed to the user.
> Because you actually include the password field in the form (as readonly)
>
>
> By setting ignore_rw, prepopulating it (form.vars.password=password) and
> setting form.element('#no_table_password')['_readonly']=True?
>
Yes, exactly. Also, note that even though form.vars.password=password is
repeated again when the form is submitted, it is actually ignored in that
case because there is a value in request.post_vars.password (which is the
value generated in the first call, when the form was created). So, when you
call form.process(), the original password in request.post_vars.password
overwrites the new password you have put in form.vars.password, so it is
the old password that gets written to the database.
> the original password gets submitted with the form and inserted in the
>> database.
>
>
> The one that prepopulates the field, is inserted here:
> db.auth_user.insert(**db.auth_user._filter_fields(form.vars))?
>
Yes.
> Does that mean this line of code:
>
> password=generate_password(name,now)
>
> is being executed again, when I submit the form? I thought that when I
> submit the form the function would execute from:
>
> if form.process(keepvalues=False).accepted:
>
No, not at all. The function is just Python -- it doesn't know that you
have submitted a form and should therefore skip a bunch of lines of code.
In fact, the function wouldn't work if it jumped directly to the "if
form.process()" line because even when the form is processed, it still has
to be defined via "form=SQLFORM.factory()".
> and that only the code after this line was being evaluated. But the form
> isn't being re-pre-populated?
>
Right. Pre-population works when the form is created, but not when
submitted and processed.
> does # indicates a form submission mean
> that if request.post_vars comes after if
> form.process(keepvalues=False).accepted: but before:
> db.auth_user.insert(**db.auth_user._filter_fields(form.vars))
>
No, I just meant that when there are post_vars in request, that indicates
the form has been submitted (i.e., it's a way to tell whether this request
is for form creation or form submission *before* you get to the
form.process() call). That line should come *before* form.process. The
intention was to leave everything as is and just insert that code exactly
where you currently have your generate_password() call.
Anthony
--
---
You received this message because you are subscribed to the Google Groups
"web2py-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
For more options, visit https://groups.google.com/groups/opt_out.
