Oops, right. In that case, I would reverse the if/else.
On Thursday, March 29, 2012 4:11:13 PM UTC-4, Detectedstealth wrote:
>
> Yes I think you are correct, your solution is cleaner and explains the
> problem. However the last character would still need to be removed so your
> solution would need to be changed to:
>
> def check_username(form):
> if not form.vars.username.endswith('R')
> form.errors.username = 'Invalid username'
> else:
> form.vars.username = forms.vars.username[:-1]
>
> auth.settings.login_onvalidation = [check_username]
>
> Or is there a different way to handle that?
>
> On Thu, Mar 29, 2012 at 1:01 PM, Anthony <[email protected]> wrote:
>
>> I just used the following because I don't want their login to succeed if
>>> they enter no character IE: 0000012 the real username without the character
>>> should also fail.
>>>
>>> if request.args(0) == 'login' and request.post_vars.username:
>>> login_char = request.post_vars.username[-1]
>>> if login_char == 'R':
>>> request.post_vars.username = request.vars.username =
>>> request.post_vars.username[:-**1] # remove last character
>>> else:
>>> request.post_vars.username = request.vars.username =
>>> request.post_vars.username + 'X'
>>>
>>
>> Actually, Marin's original solution would already protect against
>> entering the real username without the extra character because it stripped
>> the last character, which would therefore not match the username in the db.
>> The problem was that it would succeed with any extra character at the end,
>> not just with 'R'. Your solution above handles that problem, though I think
>> the onvalidation solution is simpler and more straightforward (and it
>> enables you to emit a custom error message for the particular case where
>> the last character is incorrect if desired).
>>
>> Anthony
>>
>>
>
>
>
> --
> --
> Regards,
> Bruce Wade
> http://ca.linkedin.com/in/brucelwade
> http://www.wadecybertech.com
> http://www.warplydesigned.com
> http://www.fitnessfriendsfinder.com
>