You cannot do this:
form = auth()
if form.accepts( request.vars, formname = 'login'):
because there already an accept into auth()
On 10 Lug, 11:35, Phyo Arkar <[email protected]> wrote:
> Thanks alot Massimo!
>
> Still there is one problem.
>
> When tried to login . It do not try to authenticate , instead IT INSERTS A
> NEW RECORD!!! am i doing wrong ? OR is that a Serious Security Flaw???
>
> here is my new code at layout.html :
>
> <div class="ez-box statusbar-v2">
>
> {{if not auth.user:}}
> <form action="/{{=request.application}}/default/user/login"
> enctype="multipart/form-data" method="post">
> Username: <input id="auth_user_username" name="username"
> type="text" value="" />
> Password: <input id="auth_user_password" name="password"
> type="password" value="" />
> <input type="submit" value="Login" />
> <div class="hidden">
> <input name="_next" type="hidden"
> value="/sExtract/default/index" />
> <input name="_formkey" type="hidden"
> value="4ae3a7ab-73ab-4d2e-8032-ad525bf88e65" />
> <input name="_formname" type="hidden" value="login" />
> </div>
> </form>
> {{else:}}
> {{=T('Welcome %s',auth.user.first_name)}} [
>
> {{=A(T('logout'),_href=URL(r=request,c='default',f='user/logout'))}}]
> {{pass}}
> </div>
>
> in controller/default :
>
> def user():
>
> form = auth()
> if form.accepts( request.vars, formname = 'login'):
>
> """
> exposes:
> http://..../[app]/default/user/login
> http://..../[app]/default/user/logout
> http://..../[app]/default/user/register
> http://..../[app]/default/user/profile
> http://..../[app]/default/user/retrieve_password
> http://..../[app]/default/user/change_password
> use @auth.requires_login()
> @auth.requires_membership('group name')
> @auth.requires_permission('read','table name',record_id)
> to decorate functions that need access control
> """
> return
> return dict( loginform = form )
>
> HERE .. auth_user table is inserted!!!
>
> 1 selected
> auth_user.id<http://localhost:8080/sExtract/appadmin/select/db?orderby=auth_user.id>
> auth_user.first_name<http://localhost:8080/sExtract/appadmin/select/db?orderby=auth_user.f...>
> auth_user.last_name<http://localhost:8080/sExtract/appadmin/select/db?orderby=auth_user.l...>
> auth_user.username<http://localhost:8080/sExtract/appadmin/select/db?orderby=auth_user.u...>
> auth_user.email<http://localhost:8080/sExtract/appadmin/select/db?orderby=auth_user.e...>
> auth_user.password<http://localhost:8080/sExtract/appadmin/select/db?orderby=auth_user.p...>
> auth_user.registration_key<http://localhost:8080/sExtract/appadmin/select/db?orderby=auth_user.r...>
> 6 <http://localhost:8080/sExtract/appadmin/update/db/auth_user/6>
>
> admin
> e32a0ac290738947df73643d5bb73de9
>
> Help!!
>
> On Sat, Jul 10, 2010 at 7:34 AM, mdipierro <[email protected]> wrote:
> > you still need
>
> > auth.define_tables()
>
> > after you define the custom tables.
>
> > On 9 Lug, 22:59, Phyo Arkar <[email protected]> wrote:
> > > Hello Web2py
>
> > > I am having trouble with Auth form. As described in Web2py book , i added
> > > this :
>
> > > in Model db.py:
>
> > > from gluon.tools import Auth
>
> > > auth = Auth(globals(),db) #
> > > authentication/authorization
>
> > > auth.settings.hmac_key = 'mwpk120409' # before define_tables()
>
> > > auth_table = db.define_table(
> > > auth.settings.table_user_name,
> > > Field('first_name', length=128, default=""),
> > > Field('last_name', length=128, default=""),
> > > Field('username', length=128, default="",unique=True),
> > > Field('email', length=128, default="", unique=True),
> > > Field('password', 'password', length=128,
> > > readable=False, label='Password'),
> > > Field('registration_key', length=128, default= "",
> > > writable=False, readable=False))
>
> > > auth_table.first_name.requires = \
> > > IS_NOT_EMPTY(error_message=auth.messages.is_empty)
> > > auth_table.last_name.requires = \
> > > IS_NOT_EMPTY(error_message=auth.messages.is_empty)
> > > auth_table.password.requires = [IS_STRONG(), CRYPT()]
> > > auth_table.email.requires = [
> > > IS_EMAIL(error_message=auth.messages.invalid_email),
> > > IS_NOT_IN_DB(db, auth_table.email)]
> > > auth_table.username.requires = IS_NOT_IN_DB(db, auth_table.username)
> > > auth.settings.table_user = auth_table
>
> > > auth.settings.actions_disabled.append('register')
> > > #auth.settings.actions_disabled.append('change_password')
> > > auth.settings.actions_disabled.append('verify_email')
> > > auth.settings.actions_disabled.append('retrieve_username')
> > > auth.settings.actions_disabled.append('retrieve_password')
> > > auth.settings.actions_disabled.append('impersonate')
> > > auth.settings.actions_disabled.append('groups')
>
> > > In Controller :
>
> > > def user():
>
> > > form = auth()
> > > if form.accepts( request.vars, formname = 'login'):
>
> > > """
> > > exposes:
> > > http://..../[app]/default/user/login
> > > http://..../[app]/default/user/logout
> > > http://..../[app]/default/user/register
> > > http://..../[app]/default/user/profile
> > > http://..../[app]/default/user/retrieve_password
> > > http://..../[app]/default/user/change_password
> > > use @auth.requires_login()
> > > @auth.requires_membership('group name')
> > > @auth.requires_permission('read','table name',record_id)
> > > to decorate functions that need access control
> > > """
> > > return
> > > return dict( loginform = form )
>
> > > In View- layout.html (i did a custom form to fit it in status bar):
>
> > > <div class="ez-box statusbar-v2">
> > > <form action="" enctype="multipart/form-data" method="post">
> > > Username: <input id="auth_user_username" name="username"
> > > type="text" value="" />
> > > Password: <input id="auth_user_password" name="password"
> > > type="password" value="" />
> > > <input type="submit" value="Login" />
> > > <div class="hidden">
> > > <input name="_next" type="hidden"
> > > value="/sExtract/default/index" />
> > > <input name="_formkey" type="hidden"
> > > value="4ae3a7ab-73ab-4d2e-8032-ad525bf88e65" />
> > > <input name="_formname" type="hidden" value="login" />
> > > </div>
> > > </form>
> > > </div>
>
> > > Then when i tried to Login
>
> > > Traceback (most recent call last):
>
> > > File "/home/v3ss/workspace-bbb/web2py-clone/gluon/restricted.py",
> > > line 178, in restricted
>
> > > exec ccode in environment
> > > File
> > "/home/v3ss/workspace-bbb/web2py-clone/applications/sExtract/controllers/default.py"
> > > <
> >http://localhost:8080/admin/default/edit/sExtract/controllers/default.py>,
> > > line 286, in <module>
>
> > > File "/home/v3ss/workspace-bbb/web2py-clone/gluon/globals.py", line
> > > 96, in <lambda>
>
> > > self._caller = lambda f: f()
>
> > > File
> > "/home/v3ss/workspace-bbb/web2py-clone/applications/sExtract/controllers/default.py"
> > > <
> >http://localhost:8080/admin/default/edit/sExtract/controllers/default.py>,
> > > line 185, in user
>
> > > form = auth()
> > > File "/home/v3ss/workspace-bbb/web2py-clone/gluon/tools.py", line
> > > 962, in __call__
>
> > > return self.login()
> > > File "/home/v3ss/workspace-bbb/web2py-clone/gluon/tools.py", line
> > > 1394, in login
>
> > > self.log_event(log % self.user)
>
> > > File "/home/v3ss/workspace-bbb/web2py-clone/gluon/tools.py", line
> > > 1154, in log_event
>
> > > self.settings.table_event.insert(description=description,
> > > AttributeError: 'NoneType' object has no attribute 'insert'
