Thanks alot Massimo!
Still there is one problem.
When tried to login . It do not try to authenticate , instead IT INSERTS A
NEW RECORD!!! am i doing wrong ? OR is that a Serious Security Flaw???
here is my new code at layout.html :
<div class="ez-box statusbar-v2">
{{if not auth.user:}}
<form action="/{{=request.application}}/default/user/login"
enctype="multipart/form-data" method="post">
Username: <input id="auth_user_username" name="username"
type="text" value="" />
Password: <input id="auth_user_password" name="password"
type="password" value="" />
<input type="submit" value="Login" />
<div class="hidden">
<input name="_next" type="hidden"
value="/sExtract/default/index" />
<input name="_formkey" type="hidden"
value="4ae3a7ab-73ab-4d2e-8032-ad525bf88e65" />
<input name="_formname" type="hidden" value="login" />
</div>
</form>
{{else:}}
{{=T('Welcome %s',auth.user.first_name)}} [
{{=A(T('logout'),_href=URL(r=request,c='default',f='user/logout'))}}]
{{pass}}
</div>
in controller/default :
def user():
form = auth()
if form.accepts( request.vars, formname = 'login'):
"""
exposes:
http://..../[app]/default/user/login
http://..../[app]/default/user/logout
http://..../[app]/default/user/register
http://..../[app]/default/user/profile
http://..../[app]/default/user/retrieve_password
http://..../[app]/default/user/change_password
use @auth.requires_login()
@auth.requires_membership('group name')
@auth.requires_permission('read','table name',record_id)
to decorate functions that need access control
"""
return
return dict( loginform = form )
HERE .. auth_user table is inserted!!!
1 selected
auth_user.id<http://localhost:8080/sExtract/appadmin/select/db?orderby=auth_user.id>
auth_user.first_name<http://localhost:8080/sExtract/appadmin/select/db?orderby=auth_user.first_name>
auth_user.last_name<http://localhost:8080/sExtract/appadmin/select/db?orderby=auth_user.last_name>
auth_user.username<http://localhost:8080/sExtract/appadmin/select/db?orderby=auth_user.username>
auth_user.email<http://localhost:8080/sExtract/appadmin/select/db?orderby=auth_user.email>
auth_user.password<http://localhost:8080/sExtract/appadmin/select/db?orderby=auth_user.password>
auth_user.registration_key<http://localhost:8080/sExtract/appadmin/select/db?orderby=auth_user.registration_key>
6 <http://localhost:8080/sExtract/appadmin/update/db/auth_user/6>
admin
e32a0ac290738947df73643d5bb73de9
Help!!
On Sat, Jul 10, 2010 at 7:34 AM, mdipierro <[email protected]> wrote:
> you still need
>
> auth.define_tables()
>
> after you define the custom tables.
>
> On 9 Lug, 22:59, Phyo Arkar <[email protected]> wrote:
> > Hello Web2py
> >
> > I am having trouble with Auth form. As described in Web2py book , i added
> > this :
> >
> > in Model db.py:
> >
> > from gluon.tools import Auth
> >
> > auth = Auth(globals(),db) #
> > authentication/authorization
> >
> > auth.settings.hmac_key = 'mwpk120409' # before define_tables()
> >
> > auth_table = db.define_table(
> > auth.settings.table_user_name,
> > Field('first_name', length=128, default=""),
> > Field('last_name', length=128, default=""),
> > Field('username', length=128, default="",unique=True),
> > Field('email', length=128, default="", unique=True),
> > Field('password', 'password', length=128,
> > readable=False, label='Password'),
> > Field('registration_key', length=128, default= "",
> > writable=False, readable=False))
> >
> > auth_table.first_name.requires = \
> > IS_NOT_EMPTY(error_message=auth.messages.is_empty)
> > auth_table.last_name.requires = \
> > IS_NOT_EMPTY(error_message=auth.messages.is_empty)
> > auth_table.password.requires = [IS_STRONG(), CRYPT()]
> > auth_table.email.requires = [
> > IS_EMAIL(error_message=auth.messages.invalid_email),
> > IS_NOT_IN_DB(db, auth_table.email)]
> > auth_table.username.requires = IS_NOT_IN_DB(db, auth_table.username)
> > auth.settings.table_user = auth_table
> >
> > auth.settings.actions_disabled.append('register')
> > #auth.settings.actions_disabled.append('change_password')
> > auth.settings.actions_disabled.append('verify_email')
> > auth.settings.actions_disabled.append('retrieve_username')
> > auth.settings.actions_disabled.append('retrieve_password')
> > auth.settings.actions_disabled.append('impersonate')
> > auth.settings.actions_disabled.append('groups')
> >
> > In Controller :
> >
> > def user():
> >
> > form = auth()
> > if form.accepts( request.vars, formname = 'login'):
> >
> > """
> > exposes:
> > http://..../[app]/default/user/login
> > http://..../[app]/default/user/logout
> > http://..../[app]/default/user/register
> > http://..../[app]/default/user/profile
> > http://..../[app]/default/user/retrieve_password
> > http://..../[app]/default/user/change_password
> > use @auth.requires_login()
> > @auth.requires_membership('group name')
> > @auth.requires_permission('read','table name',record_id)
> > to decorate functions that need access control
> > """
> > return
> > return dict( loginform = form )
> >
> > In View- layout.html (i did a custom form to fit it in status bar):
> >
> > <div class="ez-box statusbar-v2">
> > <form action="" enctype="multipart/form-data" method="post">
> > Username: <input id="auth_user_username" name="username"
> > type="text" value="" />
> > Password: <input id="auth_user_password" name="password"
> > type="password" value="" />
> > <input type="submit" value="Login" />
> > <div class="hidden">
> > <input name="_next" type="hidden"
> > value="/sExtract/default/index" />
> > <input name="_formkey" type="hidden"
> > value="4ae3a7ab-73ab-4d2e-8032-ad525bf88e65" />
> > <input name="_formname" type="hidden" value="login" />
> > </div>
> > </form>
> > </div>
> >
> > Then when i tried to Login
> >
> > Traceback (most recent call last):
> >
> > File "/home/v3ss/workspace-bbb/web2py-clone/gluon/restricted.py",
> > line 178, in restricted
> >
> > exec ccode in environment
> > File
> "/home/v3ss/workspace-bbb/web2py-clone/applications/sExtract/controllers/default.py"
> > <
> http://localhost:8080/admin/default/edit/sExtract/controllers/default.py>,
> > line 286, in <module>
> >
> > File "/home/v3ss/workspace-bbb/web2py-clone/gluon/globals.py", line
> > 96, in <lambda>
> >
> > self._caller = lambda f: f()
> >
> > File
> "/home/v3ss/workspace-bbb/web2py-clone/applications/sExtract/controllers/default.py"
> > <
> http://localhost:8080/admin/default/edit/sExtract/controllers/default.py>,
> > line 185, in user
> >
> > form = auth()
> > File "/home/v3ss/workspace-bbb/web2py-clone/gluon/tools.py", line
> > 962, in __call__
> >
> > return self.login()
> > File "/home/v3ss/workspace-bbb/web2py-clone/gluon/tools.py", line
> > 1394, in login
> >
> > self.log_event(log % self.user)
> >
> > File "/home/v3ss/workspace-bbb/web2py-clone/gluon/tools.py", line
> > 1154, in log_event
> >
> > self.settings.table_event.insert(description=description,
> > AttributeError: 'NoneType' object has no attribute 'insert'
>
