> > I just used the following because I don't want their login to succeed if > they enter no character IE: 0000012 the real username without the character > should also fail. > > if request.args(0) == 'login' and request.post_vars.username: > login_char = request.post_vars.username[-1] > if login_char == 'R': > request.post_vars.username = request.vars.username = > request.post_vars.username[:-1] # remove last character > else: > request.post_vars.username = request.vars.username = > request.post_vars.username + 'X' >
Actually, Marin's original solution would already protect against entering the real username without the extra character because it stripped the last character, which would therefore not match the username in the db. The problem was that it would succeed with any extra character at the end, not just with 'R'. Your solution above handles that problem, though I think the onvalidation solution is simpler and more straightforward (and it enables you to emit a custom error message for the particular case where the last character is incorrect if desired). Anthony
