Yes I think you are correct, your solution is cleaner and explains the
problem. However the last character would still need to be removed so your
solution would need to be changed to:
def check_username(form):
if not form.vars.username.endswith('R')
form.errors.username = 'Invalid username'
else:
form.vars.username = forms.vars.username[:-1]
auth.settings.login_onvalidation = [check_username]
Or is there a different way to handle that?
On Thu, Mar 29, 2012 at 1:01 PM, Anthony <[email protected]> wrote:
> I just used the following because I don't want their login to succeed if
>> they enter no character IE: 0000012 the real username without the character
>> should also fail.
>>
>> if request.args(0) == 'login' and request.post_vars.username:
>> login_char = request.post_vars.username[-1]
>> if login_char == 'R':
>> request.post_vars.username = request.vars.username =
>> request.post_vars.username[:-**1] # remove last character
>> else:
>> request.post_vars.username = request.vars.username =
>> request.post_vars.username + 'X'
>>
>
> Actually, Marin's original solution would already protect against entering
> the real username without the extra character because it stripped the last
> character, which would therefore not match the username in the db. The
> problem was that it would succeed with any extra character at the end, not
> just with 'R'. Your solution above handles that problem, though I think the
> onvalidation solution is simpler and more straightforward (and it enables
> you to emit a custom error message for the particular case where the last
> character is incorrect if desired).
>
> Anthony
>
>
--
--
Regards,
Bruce Wade
http://ca.linkedin.com/in/brucelwade
http://www.wadecybertech.com
http://www.warplydesigned.com
http://www.fitnessfriendsfinder.com
