I've done what I imagine many projects end up doing:
1) Customize auth model:
http://web2py.com/book/default/chapter/08#Customizing-Auth.
2) Rewrite views/default/user.html
For example:
{{if request.args(0)=='login':}}
<h2>Login</h2>
<div id="user_form">
{{=form.custom.begin}}
<p><label for="email">Email</label><br>
{{=form.custom.widget.email}}</p>
<p><label for="password">Password</label><br>
{{=form.custom.widget.password}}</p>
<p><input class="checkbox" id="auth_user_remember" name="remember"
type="checkbox" value="on" checked /> <label
for="auth_user_remember">Remember me</label></p>
<p><input type="submit" value="login" /></p>
{{=form.custom.end}}
<br/><a href="{{=URL(r=request,args='register')}}">register</a>
<br/><a
href="{{=URL(r=request,args='request_reset_password')}}">password help</a>
</div>
{{if request.cookies.has_key('login_email'):}}
<script>$('#auth_user_email').val('{{=request.cookies['login_email'].value}}');</script>
{{pass}}
3) Override some classes. For example, I have "class MyAuth(Auth): def
navbar():" in a model file so that I can modify how the navbar is created.
You also have to set "auth = MyAuth(globals(),db)" to pick it up.
It seems to me that Auth needs to be carved out of gluon and provided via
application controllers/models/views since pretty much any non-trivial app
will need to modify it. Maybe it should be a plugin or something.
