[web2py] Re: smartgrid tampering with url in browser

[T.R.Rajkumar]

Yes, perfect Anthony. Thanks a lot for forbearing with me. Anyway it is my 
pleasure to learn from the group.

I put the above code in my login action as below. It is working perfectly.

from gluon.storage import Storage
from gluon.utils import web2py_uuid
def login():
    form = FORM(TABLE(
            TR('User Name:',INPUT( 
_name='txtUName',_id='txtUName',requires=[IS_NOT_EMPTY(),IS_LENGTH(6,6),IS_MATCH('^e\d{5}',error_message='not
 
valid user name.')])),
            TR('Password:', INPUT (_name='txtPwd', _id='txtPwd', 
_type='password',requires=[IS_NOT_EMPTY(),IS_LENGTH(8,6)])),
            INPUT (_type='submit',_value='Login') 
                    )
               )
    msg=''
    if form.process(keepvalues=True).accepted:
        
        lcUname = form.vars.txtUName
        lcPwd = form.vars.txtPwd        
        lnCode = 10
        lcMsg = 'y'
        
        from gluon.contrib.pysimplesoap.client import SoapClient
        client = 
SoapClient(wsdl="http://172.16.164.64/ws_ts2admin/ts2admin.asmx?WSDL";)
        rs = client.ValidateLogin(lcUname, lcPwd, lnCode, lcMsg)
        rs1 = rs['ValidateLoginResult']
        ret_code = rs1['Code']
        ret_msg = rs1['Msg']
        #print ret_msg
        lcAppId = 'vb_cont'
        if ret_code == 1:
            rs2 = client.ValidateAppUser(lcUname,lcAppId)            
            rs3 = rs2['ValidateAppUserResult']
            rs4 = rs3['Code']
            if rs4 == 1:
                rows =  db.executesql("exec admin_get_user_details 
@lcUserName = ?",placeholders=([lcUname]),as_dict=True)
                for i in rows:
                    session.divn = i['amcdcod']
                    session.sec = i['amcscod']
                    session.unit = i['unitid']
                    session.logged_in = True
                    session.uname = lcUname
                    if 'auth' in session:
                        session.auth = None
                   
* if not 'auth' in session:                        session.auth = 
Storage(hmac_key=web2py_uuid(), user=True)*
                    redirect(URL('amc','new_contract'))
            else:
                response.flash ='Not a user of app.'
        else:
            response.flash = ret_msg
        
        
    return dict(form=form,msg=msg)

def logout():
    session.logged_in = None
    session.uname = None
    session.auth = None
    session.divn = None
    session.sec = None
    session.unit = None
    redirect(URL('login','login'))

-- 
Resources:
- http://web2py.com
- http://web2py.com/book (Documentation)
- http://github.com/web2py/web2py (Source code)
- https://code.google.com/p/web2py/issues/list (Report Issues)
--- 
You received this message because you are subscribed to the Google Groups 
"web2py-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to web2py+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.