[web2py] Re: [OT] Ubuntu 12.10 will no longer ship with Python 2

2012-09-07 Thread pbreit 
As far as I can tell, Python 2 remains the default Python, at least in 
server. Defaulting to 3 would be completely insane.

On Friday, September 7, 2012 5:56:59 AM UTC-7, Luther Goh Lu Feng wrote:
>
> FYI: Ubuntu 12.10 Quantal Quetzal says bye bye to Python 2. Take note if 
> you run web2py and intend to use 12.10. I am not sure if there are ways to 
> get Python 2 installed though.
>
> "For 12.10, we intend to ship only Python 3 with the Ubuntu desktop image, 
> not Python 2. Beta-1 continues this process."
>
> https://wiki.ubuntu.com/QuantalQuetzal/TechnicalOverview/Beta1#Python_3.0

--

Re: [web2py] Populating widgets with queries

2012-09-07 Thread Bruno Rocha 
maybe this?

form = SQLFORM.factory(
Field('test',
type='string',
requires=IS_IN_DB(*db(db.table.field == xyz)*, db.city.name_url,
'%(name)s', multiple=True),
widget=lambda f, v: SQLFORM.widgets.checkboxes.widget(f, v,
style='divs'),
default = 'New-York'), formstyle='divs')

or

myset = [("value 1", "text 1"), ("value 2", "text 2"), ("value 2", "text
2")]

form = SQLFORM.factory(
Field('test',
type='string',
requires=IS_IN_SET(myset, multiple=True),
widget=lambda f, v: SQLFORM.widgets.checkboxes.widget(f, v,
style='divs'),
default = 'New-York'), formstyle='divs')

or

myset = {"value 1": "text 1", "value 2": "text 2", "value 2": "text 2"}

form = SQLFORM.factory(
Field('test',
type='string',
requires=IS_IN_SET(myset, multiple=True),
widget=lambda f, v: SQLFORM.widgets.checkboxes.widget(f, v,
style='divs'),
default = 'New-York'), formstyle='divs')

or


myset = db.executesql("SELECT value, text FROM sometable")

form = SQLFORM.factory(
Field('test',
type='string',
requires=IS_IN_SET(myset, multiple=True),
widget=lambda f, v: SQLFORM.widgets.checkboxes.widget(f, v,
style='divs'),
default = 'New-York'), formstyle='divs')


*Bruno Cezar Rocha** - @rochacbruno*
rochacbr...@gmail.com | Mobile: +55 (11) 99210-8821
www.CursoDePython.com.br | www.rochacbruno.com.br
Blog: Using Python to get all the external links from a
webpage
  Get a signature like this.

Click
here.



On Sat, Sep 8, 2012 at 3:22 AM, Mike Girard  wrote:

> I have a checkboxes widget which I invoke like so:
>
> form = SQLFORM.factory(
> Field('test',
> type='string',
> requires=IS_IN_DB(db, db.city.name_url, '%(name)s',
> multiple=True),
> widget=lambda f, v: SQLFORM.widgets.checkboxes.widget(f, v,
> style='divs'),
> default = 'New-York'), formstyle='divs')
>
> I use requires=IS_IN_DB solely to populate the checkboxes with fresh data.
> I don't really need the validation. Now I would prefer to spread the data
> in the one table being used across multiple checkbox groups. Is there an
> out-of-the-box way to populate form elements with queries instead of just
> binding them to tables?
>
> --
>
>
>
>

--

Re: [web2py] Re: Why would I use DIV classes/helpers, over an html template?

2012-09-07 Thread pbreit 
I would never/rarely do what Cliff describes. I generally put as little 
logic into the views as possible. That is totally perfectly fine with 
Web2py.

But it's nice to have full Python available. It's basically the best of 
both worlds. If you need to have the templating literally forbid you from 
using too much logic, then maybe Web2py isn't the right framework. But that 
seems bizarre to me.


On Friday, September 7, 2012 12:21:30 PM UTC-7, luckysmack wrote:
>
> But see, to me, now that's putting HTML in the controller. Which I see as 
> a negative. Ideally I would pass the data to the view and use a foreach 
> over the data contents. And for marking a field as red, I would put some 
> metadata into the data sent to the view. I would just test if vacant was 
> true, and if so, change style. This way there's no hidden HTML 
> tags/structure from a designers template file. 
> On Sep 7, 2012 12:11 PM, "Andrew W" > 
> wrote:
>
>> Good example Cliff.
>>
>> --
>>
>>
>>
>>  

--

[web2py] Re: Populating widgets with queries

2012-09-07 Thread Mike Girard 
I should add that it would be easy for me to customize form elements this 
way, but I would like to do so in a way that does not sacrifice existing 
form functionality and is just generally in conformance with the web2py 
way. 

On Saturday, September 8, 2012 2:22:21 AM UTC-4, Mike Girard wrote:
>
> I have a checkboxes widget which I invoke like so:
>
> form = SQLFORM.factory(
> Field('test', 
> type='string',
> requires=IS_IN_DB(db, db.city.name_url, '%(name)s', 
> multiple=True), 
> widget=lambda f, v: SQLFORM.widgets.checkboxes.widget(f, v, 
> style='divs'),
> default = 'New-York'), formstyle='divs')
>
> I use requires=IS_IN_DB solely to populate the checkboxes with fresh data. 
> I don't really need the validation. Now I would prefer to spread the data 
> in the one table being used across multiple checkbox groups. Is there an 
> out-of-the-box way to populate form elements with queries instead of just 
> binding them to tables? 
>

--

[web2py] Populating widgets with queries

2012-09-07 Thread Mike Girard 
I have a checkboxes widget which I invoke like so:

form = SQLFORM.factory(
Field('test', 
type='string',
requires=IS_IN_DB(db, db.city.name_url, '%(name)s', multiple=True), 
widget=lambda f, v: SQLFORM.widgets.checkboxes.widget(f, v, 
style='divs'),
default = 'New-York'), formstyle='divs')

I use requires=IS_IN_DB solely to populate the checkboxes with fresh data. 
I don't really need the validation. Now I would prefer to spread the data 
in the one table being used across multiple checkbox groups. Is there an 
out-of-the-box way to populate form elements with queries instead of just 
binding them to tables? 

--

[web2py] Re: response.stream and web2py_component

2012-09-07 Thread Anthony 


window.open('{{=URL('reports', 'form_query')}}' + '/' + jQuery(this).val());

is still the way to trigger the download. The jQuery "change" event handler 
could trigger the component loading *in addition* to triggering the above 
command. Another option might be to include the above JS in a script within 
the component, so when the component loads, the script is run and then 
triggers the download. Either way, I don't think you want to load the file 
itself into the component div, as your code does. If you want HTML content 
displayed in the div, then that's what the component has to return. 
Triggering the download is a separate issue.

Anthony

On Friday, September 7, 2012 8:48:14 PM UTC-4, maverick wrote:
>
> I do want to also display content in the DIV. In addition to displaying 
> content in the DIV, I want the controller to also trigger a file download. 
> A more accurate version of the form_query() controller would be something 
> like:
>
> In reponse to the form submission, it has to return a dict containing a 
> table (Result) that will be loaded to the target DIV as well as trigger a 
> file download. The file is just a static file for now, but eventually it 
> will be a csv export of the query result (rows). This way i display the 
> result as a table and also have the user download the result set as a csv.
>
> def form_query():
> if request.args(0) in db.tables:
> response.generic_patterns = ['load']
> form=SQLFORM(db[request.args(0)])
> if form.validate(keepvalues=True):
> rows = db().select(db.vmt_weekly.ALL)
> Result=SQLTABLE(rows,headers='fieldname:capitalize',truncate=60) 
>  response.headers['Content-Type'] = gluon.contenttype.contenttype('.txt')
> response.headers['Content-Disposition'] = 'attachment; 
> filename=somefile.txt'
>  #NOTE#It has to return: 
> dict(Result=SQLTABLE(rows,headers='fieldname:capitalize',truncate=60),Query=form)
>  
> And also
> trigger the download of somefile.txt. And further somefile.txt will be a 
> csv representation of 'rows' variable above.
>
> return dict(form=form)
> else:
> return dict()
>
> Thanks,
> mave
>
> On Thursday, September 6, 2012 1:20:04 PM UTC-7, Anthony wrote:
>>
>> My response from Stack Overflow:
>>
>> jQuery('#rep_type').change(function(){
>>   window.open('{{=URL('reports', 'form_query')}}' + '/' + 
>> jQuery(this).val());
>> });
>>
>> If you want the file to download as an attachment, don't use a component. 
>> A component creates a div for displaying content, but you just want to 
>> trigger a file download.
>>
>> Anthony
>>
>>
>> On Thursday, September 6, 2012 12:48:56 PM UTC-4, maverick wrote:
>>>
>>> Hello!
>>> I want to stream a file as an attachment in the response. I have this 
>>> function:
>>> def form_query():
>>> response.flash = str(request.args(0))
>>> response.generic_patterns = ['load']
>>> response.headers['Content-Type'] = 
>>> gluon.contenttype.contenttype('.txt')
>>> response.headers['Content-Disposition'] = 'attachment; 
>>> filename=somefile.txt'
>>>#more code goes in here to process request.args here. Ultimately, 
>>> the controller is expected to return a dict containing a table and the file 
>>> to be streamed as an attachment. For now just trying to get the file 
>>> streamed.
>>> return response.stream(open('somefile.txt'),chunk_size=1024)
>>> 
>>> When I call this controller normally (if I put the streaming code inside 
>>> index() for e.g.) it responds by opening up a download popup to save the 
>>> file to disk. But when I have this called as a target function from 
>>> web2py_component in index.html (to fill a div with the response)like this:
>>>
>>> web2py_component("{{=URL('reports', 'form_query.load')}}" + "/" + 
>>> jQuery(this).val(), target='div_form_query');
>>>
>>> It renders the file inside the DIV 'div_form_query' rather than popup a 
>>> download window.
>>>
>>> Any ideas how to render the file as an attachment while using 
>>> web2py_component. I'm using web2py_component as I want to conditionally 
>>> load input forms into that div target (div_form_query) based on a select 
>>> list which has tables as options. The index.html looks something like:
>>>
>>> {{left_sidebar_enabled,right_sidebar_enabled=True,False}}
>>> {{extend 'layout.html'}}
>>> {{=message}}
>>> {{=SELECT('Select a report', 
>>> *[OPTION(repts[i].descr, _value=str(repts[i].report)) for i in 
>>> range(len(repts))], _id="rep_type")}}
>>> 
>>>
>>> 
>>> jQuery(document).ready(function(){
>>> jQuery('#rep_type').change(function(){
>>> web2py_component("{{=URL('reports', 'form_query.load')}}" + "/" + 
>>> jQuery(this).val(), target='div_form_query');
>>> });
>>>  });
>>> 
>>>
>>> {{block left_sidebar}}
>>> {{"""=A(T("Administrative Interface"), 
>>> _href=URL('admin','default','index'), _class='button',
>>>  _style='margin-top: 1em;')"""}}
>>> 
>>> 
>>>   {{=A(T("Reports"), _href=URL('netman','reports','index'))}}
>>>   {{=A(T("Billing"), _href=URL('netman','billing',

[web2py] Re: response.stream and web2py_component

2012-09-07 Thread maverick 
I do want to also display content in the DIV. In addition to displaying 
content in the DIV, I want the controller to also trigger a file download. 
A more accurate version of the form_query() controller would be something 
like:

In reponse to the form submission, it has to return a dict containing a 
table (Result) that will be loaded to the target DIV as well as trigger a 
file download. The file is just a static file for now, but eventually it 
will be a csv export of the query result (rows). This way i display the 
result as a table and also have the user download the result set as a csv.

def form_query():
if request.args(0) in db.tables:
response.generic_patterns = ['load']
form=SQLFORM(db[request.args(0)])
if form.validate(keepvalues=True):
rows = db().select(db.vmt_weekly.ALL)
Result=SQLTABLE(rows,headers='fieldname:capitalize',truncate=60) 
 response.headers['Content-Type'] = gluon.contenttype.contenttype('.txt')
response.headers['Content-Disposition'] = 'attachment; 
filename=somefile.txt'
 #NOTE#It has to return: 
dict(Result=SQLTABLE(rows,headers='fieldname:capitalize',truncate=60),Query=form)
 
And also
trigger the download of somefile.txt. And further somefile.txt will be a 
csv representation of 'rows' variable above.

return dict(form=form)
else:
return dict()

Thanks,
mave

On Thursday, September 6, 2012 1:20:04 PM UTC-7, Anthony wrote:
>
> My response from Stack Overflow:
>
> jQuery('#rep_type').change(function(){
>   window.open('{{=URL('reports', 'form_query')}}' + '/' + jQuery(this).val());
> });
>
> If you want the file to download as an attachment, don't use a component. 
> A component creates a div for displaying content, but you just want to 
> trigger a file download.
>
> Anthony
>
>
> On Thursday, September 6, 2012 12:48:56 PM UTC-4, maverick wrote:
>>
>> Hello!
>> I want to stream a file as an attachment in the response. I have this 
>> function:
>> def form_query():
>> response.flash = str(request.args(0))
>> response.generic_patterns = ['load']
>> response.headers['Content-Type'] = 
>> gluon.contenttype.contenttype('.txt')
>> response.headers['Content-Disposition'] = 'attachment; 
>> filename=somefile.txt'
>>#more code goes in here to process request.args here. Ultimately, 
>> the controller is expected to return a dict containing a table and the file 
>> to be streamed as an attachment. For now just trying to get the file 
>> streamed.
>> return response.stream(open('somefile.txt'),chunk_size=1024)
>> 
>> When I call this controller normally (if I put the streaming code inside 
>> index() for e.g.) it responds by opening up a download popup to save the 
>> file to disk. But when I have this called as a target function from 
>> web2py_component in index.html (to fill a div with the response)like this:
>>
>> web2py_component("{{=URL('reports', 'form_query.load')}}" + "/" + 
>> jQuery(this).val(), target='div_form_query');
>>
>> It renders the file inside the DIV 'div_form_query' rather than popup a 
>> download window.
>>
>> Any ideas how to render the file as an attachment while using 
>> web2py_component. I'm using web2py_component as I want to conditionally 
>> load input forms into that div target (div_form_query) based on a select 
>> list which has tables as options. The index.html looks something like:
>>
>> {{left_sidebar_enabled,right_sidebar_enabled=True,False}}
>> {{extend 'layout.html'}}
>> {{=message}}
>> {{=SELECT('Select a report', 
>> *[OPTION(repts[i].descr, _value=str(repts[i].report)) for i in 
>> range(len(repts))], _id="rep_type")}}
>> 
>>
>> 
>> jQuery(document).ready(function(){
>> jQuery('#rep_type').change(function(){
>> web2py_component("{{=URL('reports', 'form_query.load')}}" + "/" + 
>> jQuery(this).val(), target='div_form_query');
>> });
>>  });
>> 
>>
>> {{block left_sidebar}}
>> {{"""=A(T("Administrative Interface"), 
>> _href=URL('admin','default','index'), _class='button',
>>  _style='margin-top: 1em;')"""}}
>> 
>> 
>>   {{=A(T("Reports"), _href=URL('netman','reports','index'))}}
>>   {{=A(T("Billing"), _href=URL('netman','billing','index'))}}
>>   http://192.168.136.40/zabbix
>> ">{{=T('Monitoring')}}
>> 
>> {{end}}
>>
>> Thanks,
>> mave
>>
>

--

[web2py] Re: web2py 2.0.8 posted

2012-09-07 Thread shartha 
Thanks for the clarification.

On Thursday, September 6, 2012 7:55:29 PM UTC-7, Massimo Di Pierro wrote:
>
> Minor bug fixes, some recent tickets closed and fixed a problem with the 
> windows binary distribution. It should now run on XP and more recent 
> versions of windows without pyhton pre-installed. Thanks Niphlod and Marin 
> for help with windows.
>
> Massimo
>

--

[web2py] Re: How do I incorporate git into my web2py workflow?

2012-09-07 Thread Massimo Di Pierro 
One of the new features is that in admin you can use a git url to install a 
web2py directly from github. You can also push 
an app to github. All of this requires python-git.

We are working on adding better git/hg features.




On Friday, 7 September 2012 17:24:42 UTC-5, Pystar wrote:
>
> I would like to know how coders here incorporate git or any other VCS into 
> their coding workflow with web2py?
> Thanks
>

--

[web2py] Re: web2py 2.0.8 posted

2012-09-07 Thread Massimo Di Pierro 
Was renamed gluon.contrib.fpdf by the author (Mariano).
There is a gluon.contrib.pyfpdf.py that should enable backward 
compatibility.


On Friday, 7 September 2012 16:48:17 UTC-5, shartha wrote:
>
> Hi Massimo. Correct me if I am wrong, but is *gluon.contrib.pyfpdf* not 
> included in the new version?
>
> On Thursday, September 6, 2012 7:55:29 PM UTC-7, Massimo Di Pierro wrote:
>>
>> Minor bug fixes, some recent tickets closed and fixed a problem with the 
>> windows binary distribution. It should now run on XP and more recent 
>> versions of windows without pyhton pre-installed. Thanks Niphlod and Marin 
>> for help with windows.
>>
>> Massimo
>>
>

--

Re: [web2py] sqlform.grid and query conditions

2012-09-07 Thread Massimo Di Pierro 
Anyway, thank you for brining out security issues. It is very important for 
web2py. The more people look at it from the security point of view, the 
better.

On Friday, 7 September 2012 15:33:11 UTC-5, MichaelF wrote:
>
> Ahhh; thanks for pointing that out. I had breezed over the mention about 
> digitally signed (my fault). Makes sense. I'll have to think about the 
> public db keys. Using them through web2py seems to be handled, though.
>
> Thanks again.
>
> Michael
>
> On Friday, September 7, 2012 1:39:47 PM UTC-6, Massimo Di Pierro wrote:
>>
>> In some sense the grid does what you say.
>>
>> For example:
>>
>> @auth.requires_login()
>> def index():
>>  db.define_table('thing',Field('name'),auth.signature)
>>  grid = SQLFORM.grid(db.thing.created_by==auth.user_id)
>>  return locals()
>>
>> Notice all the URLs linked by the grid are digitally signed. They are one 
>> time URLs. They can only be used by the user within this session and they 
>> cannot be tampered with. For example replacing the id of a record with 
>> another record in the edit page will not give access to the other record 
>> because would break the signature. This was broken in 1.99.7 for the grid 
>> (and in fact it was experimental) but it is fixed in 2.0.x.
>>
>> Users can digitally sign any URL:
>>
>> def index():
>> ...
>> link = URL('edit',args=id,user_signature=True)
>> return dict(link=link)
>>
>> @auth.requires_signature()
>> def edit():
>> ...
>>
>> Now the http://.../edit/?signature= is still the id of the 
>> record but without the signature the URL is not valid.
>>
>>
>>
>>
>>
>> On Friday, 7 September 2012 13:27:49 UTC-5, MichaelF wrote:
>>>
>>> Thanks, Massimo.
>>>
>>> Re. needing a way to reference individual records: of course. But it 
>>> doesn't have to be the internal record id (primary key value). The php code 
>>> we used gave out unique-per-request values so that one couldn't, say, use a 
>>> key retrieved from one form in another form.
>>>
>>> The @auth infrastructure is great. It's not a record-level design (or is 
>>> it?). I just hate to think that internal db keys are public info. Okay, 
>>> perhaps I'm going over the edge being worried about exposing database 
>>> primary keys. But I find that when I decide I'm going over the edge, that 
>>> means that some cracker will find a way to use that information against my 
>>> site.
>>>
>>> I don't think web2py is much different from other infrastructures on 
>>> this issue. I wanted to know what others thought; thanks for your reply.
>>>
>>> Michael
>>>
>>> On Friday, September 7, 2012 10:28:08 AM UTC-6, Massimo Di Pierro wrote:

 I strongly disagree with this.

 Publishing record IDs does not imply indirect object reference 
 vulnerability. Any application that publishes record information must 
 have a way to reference individual records. If the individual access 
 is not validated than the app is vulnerable to indirect object reference, 
 whether or not the reference is done by id or not.

 Who can access what is a matter of policy and policy must be 
 implemented by the developer. Web2py provides the 
 @auth.requires_permission 
 and @auth.requires_membership and $auth.requires_signature.

 Massimo

 On Friday, 7 September 2012 09:22:12 UTC-5, MichaelF wrote:
>
> I appreciate that web2py has ways to handle this, and I also agree 
> that it's somewhat hackish. The problem remains, though, that we're still 
> exposing (publishing) internal primary keys to the browser. Isn't the 
> main 
> problem the fact that we're dealing with primary key values being sent to 
> the browser? Look at https://www.owasp.org/index.php/Top_10_2010-A4 for 
> one description of the vulnerability.
>
> In our php application we wrote a class that hashed primary keys sent 
> to the browser, giving different hashes on each GET/POST so that, for 
> example, the hashed primary key 1 would different if the user visited the 
> same page two times.
>
> Thoughts?
>
> Thanks.
>
> On Thursday, September 6, 2012 8:18:44 AM UTC-6, Anthony wrote:
>>
>> How about 
>> http://web2py.com/books/default/chapter/29/06#Common-filters or 
>> http://web2py.com/books/default/chapter/29/06#Common-fields-and-multi-tenancy
>> ?
>>
>> Anthony
>>
>> On Wednesday, September 5, 2012 8:48:49 PM UTC-4, Kevin C wrote:
>>>
>>>  We did something similar but it feels very hackish, considering it 
>>> has to be done in every method of the admin controller.  I just wanted 
>>> to 
>>> see if there was a better way.
>>>
>>> Thank you.
>>>
>>> Kevin Cackler
>>> Tech Daddies
>>> 501-205-1512http://www.techdaddies.com
>>>
>>> On 9/5/2012 7:45 PM, Bruno Rocha wrote:
>>>  
>>> You can do: 
>>>
>>>  if request.args(0) in ['edit', 'delete']:
>>>

[web2py] How do I incorporate git into my web2py workflow?

2012-09-07 Thread Pystar 
I would like to know how coders here incorporate git or any other VCS into 
their coding workflow with web2py?
Thanks

--

[web2py] Re: web2py 2.0.8 posted

2012-09-07 Thread shartha 
Hi Massimo. Correct me if I am wrong, but is *gluon.contrib.pyfpdf* not 
included in the new version?

On Thursday, September 6, 2012 7:55:29 PM UTC-7, Massimo Di Pierro wrote:
>
> Minor bug fixes, some recent tickets closed and fixed a problem with the 
> windows binary distribution. It should now run on XP and more recent 
> versions of windows without pyhton pre-installed. Thanks Niphlod and Marin 
> for help with windows.
>
> Massimo
>

--

Re: [web2py] Re: Why would I use DIV classes/helpers, over an html template?

2012-09-07 Thread Anthony 
On Friday, September 7, 2012 3:21:30 PM UTC-4, luckysmack wrote:
>
> But see, to me, now that's putting HTML in the controller. Which I see as 
> a negative. Ideally I would pass the data to the view and use a foreach 
> over the data contents. And for marking a field as red, I would put some 
> metadata into the data sent to the view. I would just test if vacant was 
> true, and if so, change style. This way there's no hidden HTML 
> tags/structure from a designers template file.
>
It probably depends on who's doing the work. Note, though, you can use the 
HTML helpers in the view as well, so the HTML structure won't be hidden 
there. A designer who is comfortable creating Python for loops and 
inter-mixing Python template code with HTML could probably also get 
comfortable working with the HTML helpers as well. HTML is probably 
preferable in most cases, but there are cases where working with the 
helpers can make the code a lot simpler.

Anthony

--

[web2py] Re: I can't display a thumbnail?

2012-09-07 Thread Anthony 
cStringIO.StringIO is a file-like object. The code "saves" the thumbnail to 
that object and then passes it to the .store() method, which treats it like 
an actual file.

Anthony

On Friday, September 7, 2012 4:24:46 PM UTC-4, BlueShadow wrote:
>
> Anthony you are the best. I got pretty much no Idea what your code does 
> but it works perfectly. for all people who have the smae problem I posted 
> the complete working app.
>
> regards BlueShadow
>
> On Friday, September 7, 2012 7:24:33 PM UTC+2, Anthony wrote:
>>
>> How about if you do something like:
>>
>> from cStringIO import StringIO
>> tmp = StringIO()
>> im.save(tmp, 'jpeg')
>> tmp.seek(0)
>> thisImage.update_record(thumb=db.Images.thumb.store(tmp, filename=
>> 'thumbnail.jpg'))
>>
>> Anthony
>>
>>

--

Re: [web2py] sqlform.grid and query conditions

2012-09-07 Thread MichaelF 
Ahhh; thanks for pointing that out. I had breezed over the mention about 
digitally signed (my fault). Makes sense. I'll have to think about the 
public db keys. Using them through web2py seems to be handled, though.

Thanks again.

Michael

On Friday, September 7, 2012 1:39:47 PM UTC-6, Massimo Di Pierro wrote:
>
> In some sense the grid does what you say.
>
> For example:
>
> @auth.requires_login()
> def index():
>  db.define_table('thing',Field('name'),auth.signature)
>  grid = SQLFORM.grid(db.thing.created_by==auth.user_id)
>  return locals()
>
> Notice all the URLs linked by the grid are digitally signed. They are one 
> time URLs. They can only be used by the user within this session and they 
> cannot be tampered with. For example replacing the id of a record with 
> another record in the edit page will not give access to the other record 
> because would break the signature. This was broken in 1.99.7 for the grid 
> (and in fact it was experimental) but it is fixed in 2.0.x.
>
> Users can digitally sign any URL:
>
> def index():
> ...
> link = URL('edit',args=id,user_signature=True)
> return dict(link=link)
>
> @auth.requires_signature()
> def edit():
> ...
>
> Now the http://.../edit/?signature= is still the id of the 
> record but without the signature the URL is not valid.
>
>
>
>
>
> On Friday, 7 September 2012 13:27:49 UTC-5, MichaelF wrote:
>>
>> Thanks, Massimo.
>>
>> Re. needing a way to reference individual records: of course. But it 
>> doesn't have to be the internal record id (primary key value). The php code 
>> we used gave out unique-per-request values so that one couldn't, say, use a 
>> key retrieved from one form in another form.
>>
>> The @auth infrastructure is great. It's not a record-level design (or is 
>> it?). I just hate to think that internal db keys are public info. Okay, 
>> perhaps I'm going over the edge being worried about exposing database 
>> primary keys. But I find that when I decide I'm going over the edge, that 
>> means that some cracker will find a way to use that information against my 
>> site.
>>
>> I don't think web2py is much different from other infrastructures on this 
>> issue. I wanted to know what others thought; thanks for your reply.
>>
>> Michael
>>
>> On Friday, September 7, 2012 10:28:08 AM UTC-6, Massimo Di Pierro wrote:
>>>
>>> I strongly disagree with this.
>>>
>>> Publishing record IDs does not imply indirect object reference 
>>> vulnerability. Any application that publishes record information must 
>>> have a way to reference individual records. If the individual access is 
>>> not validated than the app is vulnerable to indirect object reference, 
>>> whether or not the reference is done by id or not.
>>>
>>> Who can access what is a matter of policy and policy must be implemented 
>>> by the developer. Web2py provides the @auth.requires_permission and 
>>> @auth.requires_membership and $auth.requires_signature.
>>>
>>> Massimo
>>>
>>> On Friday, 7 September 2012 09:22:12 UTC-5, MichaelF wrote:

 I appreciate that web2py has ways to handle this, and I also agree that 
 it's somewhat hackish. The problem remains, though, that we're still 
 exposing (publishing) internal primary keys to the browser. Isn't the main 
 problem the fact that we're dealing with primary key values being sent to 
 the browser? Look at https://www.owasp.org/index.php/Top_10_2010-A4 for 
 one description of the vulnerability.

 In our php application we wrote a class that hashed primary keys sent 
 to the browser, giving different hashes on each GET/POST so that, for 
 example, the hashed primary key 1 would different if the user visited the 
 same page two times.

 Thoughts?

 Thanks.

 On Thursday, September 6, 2012 8:18:44 AM UTC-6, Anthony wrote:
>
> How about http://web2py.com/books/default/chapter/29/06#Common-filters
>  or 
> http://web2py.com/books/default/chapter/29/06#Common-fields-and-multi-tenancy
> ?
>
> Anthony
>
> On Wednesday, September 5, 2012 8:48:49 PM UTC-4, Kevin C wrote:
>>
>>  We did something similar but it feels very hackish, considering it 
>> has to be done in every method of the admin controller.  I just wanted 
>> to 
>> see if there was a better way.
>>
>> Thank you.
>>
>> Kevin Cackler
>> Tech Daddies
>> 501-205-1512http://www.techdaddies.com
>>
>> On 9/5/2012 7:45 PM, Bruno Rocha wrote:
>>  
>> You can do: 
>>
>>  if request.args(0) in ['edit', 'delete']:
>> STORE_DETAILS.id == int(request.args(2)) or 
>> redirect(URL('default', 'wherever'))
>>
>>   db.pages.stores_id.default = STORE_DETAILS.id
>> query = ((db.pages.stores_id == STORE_DETAILS.id))
>> form = SQLFORM.grid(query=query)
>>
>>  return dict(form=form)
>>  
>>  
>>
>> On Wed, Sep 5, 2012 at 9:38 PM,

Re: [web2py] Re: static blog

2012-09-07 Thread Massimo Di Pierro 
Yes. I will post the script soon. I need to fix it because I changed the 
markmin syntax of links so my previous script broke.


On Friday, 7 September 2012 14:58:06 UTC-5, Andrew W wrote:
>
> Thanks.  My intention is to make , and print, a PDF of the markmin 
> content,  just like the book.   For disaster recovery doco, I want a hard 
> copy. 
> With the new book app, are you still planning to have available a PDF from 
> the files? 

--

Re: [web2py] Re: static blog

2012-09-07 Thread Andrew W 
Thanks.  My intention is to make , and print, a PDF of the markmin content,  
just like the book.   For disaster recovery doco, I want a hard copy. 
With the new book app, are you still planning to have available a PDF from the 
files? 

--

Re: [web2py] sqlform.grid and query conditions

2012-09-07 Thread Massimo Di Pierro 
I should add that if user_signature=False the tables are always exposed in 
readonly mode: SQLFORM.grid(..,editable=False, create=False, 
deletable=False)

On Friday, 7 September 2012 14:50:56 UTC-5, Massimo Di Pierro wrote:
>
> I only talk for 2.0.x.
>
> Yes. That is prevented with the default user_signature=True.
>
> If you disable user signature with user_signature=False than you expose 
> yourself to major security risks and may expose the entire database. 
> user_signature = False should only be used for testing or if you manually 
> disable edit access. For example:
>
> grid = SQLFORM.grid(..,editable=False, create=False, deletable=False).
>
>
> On Friday, 7 September 2012 14:43:22 UTC-5, Kevin C wrote:
>>
>>  I guess I need to look into the auth.signature functionality.  We 
>> already had our grid conditional be db.pages.stores_id=STORE_INFO.id but we 
>> were able to edit Store 1's page while logged into Store 2's administration 
>> area, just by changing the ID in the URL.  Are you saying that 
>> auth.signature will prevent this?
>>
>> Kevin Cackler
>> Tech Daddies
>> 501-205-1512http://www.techdaddies.com
>>
>> On 9/7/2012 2:39 PM, Massimo Di Pierro wrote:
>>  
>> In some sense the grid does what you say. 
>>
>>  For example:
>>
>>  @auth.requires_login()
>> def index():
>>  db.define_table('thing',Field('name'),auth.signature)
>>  grid = SQLFORM.grid(db.thing.created_by==auth.user_id)
>>  return locals()
>>
>>  Notice all the URLs linked by the grid are digitally signed. They are 
>> one time URLs. They can only be used by the user within this session and 
>> they cannot be tampered with. For example replacing the id of a record with 
>> another record in the edit page will not give access to the other record 
>> because would break the signature. This was broken in 1.99.7 for the grid 
>> (and in fact it was experimental) but it is fixed in 2.0.x.
>>
>>  Users can digitally sign any URL:
>>
>>  def index():
>> ...
>> link = URL('edit',args=id,user_signature=True)
>> return dict(link=link)
>>
>>  @auth.requires_signature()
>> def edit():
>> ...
>>
>>  Now the http://.../edit/?signature= is still the id of 
>> the record but without the signature the URL is not valid.
>>
>>  
>>  
>>  
>>
>> On Friday, 7 September 2012 13:27:49 UTC-5, MichaelF wrote: 
>>>
>>> Thanks, Massimo. 
>>>
>>>  Re. needing a way to reference individual records: of course. But it 
>>> doesn't have to be the internal record id (primary key value). The php code 
>>> we used gave out unique-per-request values so that one couldn't, say, use a 
>>> key retrieved from one form in another form. 
>>>
>>>  The @auth infrastructure is great. It's not a record-level design (or 
>>> is it?). I just hate to think that internal db keys are public info. Okay, 
>>> perhaps I'm going over the edge being worried about exposing database 
>>> primary keys. But I find that when I decide I'm going over the edge, that 
>>> means that some cracker will find a way to use that information against my 
>>> site.
>>>
>>>  I don't think web2py is much different from other infrastructures on 
>>> this issue. I wanted to know what others thought; thanks for your reply.
>>>
>>>  Michael
>>>
>>> On Friday, September 7, 2012 10:28:08 AM UTC-6, Massimo Di Pierro wrote: 

 I strongly disagree with this. 

  Publishing record IDs does not imply indirect object reference 
 vulnerability. Any application that publishes record information must 
 have a way to reference individual records. If the individual access 
 is not validated than the app is vulnerable to indirect object reference, 
 whether or not the reference is done by id or not.

  Who can access what is a matter of policy and policy must be 
 implemented by the developer. Web2py provides the 
 @auth.requires_permission 
 and @auth.requires_membership and $auth.requires_signature.

  Massimo

 On Friday, 7 September 2012 09:22:12 UTC-5, MichaelF wrote: 
>
> I appreciate that web2py has ways to handle this, and I also agree 
> that it's somewhat hackish. The problem remains, though, that we're still 
> exposing (publishing) internal primary keys to the browser. Isn't the 
> main 
> problem the fact that we're dealing with primary key values being sent to 
> the browser? Look at https://www.owasp.org/index.php/Top_10_2010-A4 for 
> one description of the vulnerability. 
>
>  In our php application we wrote a class that hashed primary keys 
> sent to the browser, giving different hashes on each GET/POST so that, 
> for 
> example, the hashed primary key 1 would different if the user visited the 
> same page two times.
>
>  Thoughts?
>
>  Thanks.
>
> On Thursday, September 6, 2012 8:18:44 AM UTC-6, Anthony wrote: 
>>
>> How about 
>> http://web2py.com/books/default/chapter/29/06#Common-filters or 
>> http://web2py.c

Re: [web2py] sqlform.grid and query conditions

2012-09-07 Thread Massimo Di Pierro 
I only talk for 2.0.x.

Yes. That is prevented with the default user_signature=True.

If you disable user signature with user_signature=False than you expose 
yourself to major security risks and may expose the entire database. 
user_signature = False should only be used for testing or if you manually 
disable edit access. For example:

grid = SQLFORM.grid(..,editable=False, create=False, deletable=False).


On Friday, 7 September 2012 14:43:22 UTC-5, Kevin C wrote:
>
>  I guess I need to look into the auth.signature functionality.  We 
> already had our grid conditional be db.pages.stores_id=STORE_INFO.id but we 
> were able to edit Store 1's page while logged into Store 2's administration 
> area, just by changing the ID in the URL.  Are you saying that 
> auth.signature will prevent this?
>
> Kevin Cackler
> Tech Daddies
> 501-205-1512http://www.techdaddies.com
>
> On 9/7/2012 2:39 PM, Massimo Di Pierro wrote:
>  
> In some sense the grid does what you say. 
>
>  For example:
>
>  @auth.requires_login()
> def index():
>  db.define_table('thing',Field('name'),auth.signature)
>  grid = SQLFORM.grid(db.thing.created_by==auth.user_id)
>  return locals()
>
>  Notice all the URLs linked by the grid are digitally signed. They are 
> one time URLs. They can only be used by the user within this session and 
> they cannot be tampered with. For example replacing the id of a record with 
> another record in the edit page will not give access to the other record 
> because would break the signature. This was broken in 1.99.7 for the grid 
> (and in fact it was experimental) but it is fixed in 2.0.x.
>
>  Users can digitally sign any URL:
>
>  def index():
> ...
> link = URL('edit',args=id,user_signature=True)
> return dict(link=link)
>
>  @auth.requires_signature()
> def edit():
> ...
>
>  Now the http://.../edit/?signature= is still the id of 
> the record but without the signature the URL is not valid.
>
>  
>  
>  
>
> On Friday, 7 September 2012 13:27:49 UTC-5, MichaelF wrote: 
>>
>> Thanks, Massimo. 
>>
>>  Re. needing a way to reference individual records: of course. But it 
>> doesn't have to be the internal record id (primary key value). The php code 
>> we used gave out unique-per-request values so that one couldn't, say, use a 
>> key retrieved from one form in another form. 
>>
>>  The @auth infrastructure is great. It's not a record-level design (or 
>> is it?). I just hate to think that internal db keys are public info. Okay, 
>> perhaps I'm going over the edge being worried about exposing database 
>> primary keys. But I find that when I decide I'm going over the edge, that 
>> means that some cracker will find a way to use that information against my 
>> site.
>>
>>  I don't think web2py is much different from other infrastructures on 
>> this issue. I wanted to know what others thought; thanks for your reply.
>>
>>  Michael
>>
>> On Friday, September 7, 2012 10:28:08 AM UTC-6, Massimo Di Pierro wrote: 
>>>
>>> I strongly disagree with this. 
>>>
>>>  Publishing record IDs does not imply indirect object reference 
>>> vulnerability. Any application that publishes record information must 
>>> have a way to reference individual records. If the individual access is 
>>> not validated than the app is vulnerable to indirect object reference, 
>>> whether or not the reference is done by id or not.
>>>
>>>  Who can access what is a matter of policy and policy must be 
>>> implemented by the developer. Web2py provides the @auth.requires_permission 
>>> and @auth.requires_membership and $auth.requires_signature.
>>>
>>>  Massimo
>>>
>>> On Friday, 7 September 2012 09:22:12 UTC-5, MichaelF wrote: 

 I appreciate that web2py has ways to handle this, and I also agree that 
 it's somewhat hackish. The problem remains, though, that we're still 
 exposing (publishing) internal primary keys to the browser. Isn't the main 
 problem the fact that we're dealing with primary key values being sent to 
 the browser? Look at https://www.owasp.org/index.php/Top_10_2010-A4 for 
 one description of the vulnerability. 

  In our php application we wrote a class that hashed primary keys sent 
 to the browser, giving different hashes on each GET/POST so that, for 
 example, the hashed primary key 1 would different if the user visited the 
 same page two times.

  Thoughts?

  Thanks.

 On Thursday, September 6, 2012 8:18:44 AM UTC-6, Anthony wrote: 
>
> How about http://web2py.com/books/default/chapter/29/06#Common-filters
>  or 
> http://web2py.com/books/default/chapter/29/06#Common-fields-and-multi-tenancy?
>  
>
>
>  Anthony
>
> On Wednesday, September 5, 2012 8:48:49 PM UTC-4, Kevin C wrote: 
>>
>>  We did something similar but it feels very hackish, considering it 
>> has to be done in every method of the admin controller.  I just wanted 
>> to 
>> see if there was a

Re: [web2py] Re: web2py book on github

2012-09-07 Thread Ezugworie Ikechukwu 
Hello,
Please am a windows user and I don't know how to use mercurial or git so i
downloaded the book in 'tar.gz' format. I managed to install the book but
the images are not displaying (streaming). I don't know why. Please could
someone help me with what to do.
Thanks

On Tue, Sep 4, 2012 at 8:54 PM, Niphlod  wrote:

> sections with code are h1,h2,h3,h4,h5,h6 contained in a div with class
> article containing a code tag.
> assuming you want them styled as h1,h2,h3,h4,h5,h6 with no changes in
> style in respect of other h1,h2,h3,h4,h5,h6 the simplest thing is
>
> .article h1 code, .article h2 code, .article h3 code, .article h4 code, 
> .article
> h5 code, .article h6 code {
>display: block;
>color : #33;
>border: 0px;
>font-size: inherit;
>background: transparent;
> }
>
>
> On Monday, September 3, 2012 11:37:12 PM UTC+2, Massimo Di Pierro wrote:
>>
>> The book uses the default web2py style with bootstrap. The section
>> titles, if they contain code are not rendered properly. Could use some help
>> improving the css.
>>
>> massimo
>>
>> On Saturday, 1 September 2012 12:00:49 UTC-5, Massimo Di Pierro wrote:
>>>
>>> The web2py book app has been rewritten
>>>
>>>http://www.web2py.com/book
>>>
>>> and the source of the app and the book itself is now on github
>>>
>>>
>>> https://github.com/mdipierro/**web2py-book/tree/master/**sources
>>>
>>> Hopefully this will make it easier to keep it updated. You can just send
>>> me patches. You can also try run it yourself and see how it looks. It is no
>>> more db based. it is file based. The syntax is markmin as documented in the
>>> bok itself.
>>>
>>> Massimo
>>>
>>>
>>>
>>>
>>>  --
>
>
>
>

--

Re: [web2py] Re: static blog

2012-09-07 Thread Massimo Di Pierro 
If you use:

from gluon.contrib.autolinks import expand_one
html = MARKMIN(page.body,url=True,environment={},
 autolinks=lambda link: expand_one(link,{})).xml()

embedding in markmin any link to a public document (pdf, doc, docx, xls, 
etc.) will call google doc viewer and embed the viewer for the document.

Massimo

On Friday, 7 September 2012 14:41:05 UTC-5, Martin.Mulone wrote:
>
> book app and this are static generation of the content, focus on 
> lightweight aproach. Auth.wiki is all included is a cms, auth, edit create, 
> delete system grid, etc. I think you can render a pdf with no problem from 
> markmin.
>
> 2012/9/7 Andrew W >
>
>> Good work Martin,
>> I was thinking of looking at the book app for the same purpose.
>> I want to document some Disaster Recovery procedures,  so I therefore 
>> also need to create a PDF version as well.  Do you think the book app vs 
>> auth.wiki() is better (easier?) for generating PDFs.?
>>
>> So many choices!
>>
>> --
>>
>>
>>
>>
>
>
> -- 
> http://martinmulone.com.ar
>

--

Re: [web2py] sqlform.grid and query conditions

2012-09-07 Thread Kevin Cackler 
I guess I need to look into the auth.signature functionality.  We 
already had our grid conditional be db.pages.stores_id=STORE_INFO.id but 
we were able to edit Store 1's page while logged into Store 2's 
administration area, just by changing the ID in the URL.  Are you saying 
that auth.signature will prevent this?


Kevin Cackler
Tech Daddies
501-205-1512
http://www.techdaddies.com

On 9/7/2012 2:39 PM, Massimo Di Pierro wrote:

In some sense the grid does what you say.

For example:

@auth.requires_login()
def index():
 db.define_table('thing',Field('name'),auth.signature)
 grid = SQLFORM.grid(db.thing.created_by==auth.user_id)
 return locals()

Notice all the URLs linked by the grid are digitally signed. They are 
one time URLs. They can only be used by the user within this session 
and they cannot be tampered with. For example replacing the id of a 
record with another record in the edit page will not give access to 
the other record because would break the signature. This was broken in 
1.99.7 for the grid (and in fact it was experimental) but it is fixed 
in 2.0.x.


Users can digitally sign any URL:

def index():
...
link = URL('edit',args=id,user_signature=True)
return dict(link=link)

@auth.requires_signature()
def edit():
...

Now the http://.../edit/?signature= is still the id of 
the record but without the signature the URL is not valid.






On Friday, 7 September 2012 13:27:49 UTC-5, MichaelF wrote:

Thanks, Massimo.

Re. needing a way to reference individual records: of course. But
it doesn't have to be the internal record id (primary key value).
The php code we used gave out unique-per-request values so that
one couldn't, say, use a key retrieved from one form in another form.

The @auth infrastructure is great. It's not a record-level design
(or is it?). I just hate to think that internal db keys are public
info. Okay, perhaps I'm going over the edge being worried about
exposing database primary keys. But I find that when I decide I'm
going over the edge, that means that some cracker will find a way
to use that information against my site.

I don't think web2py is much different from other infrastructures
on this issue. I wanted to know what others thought; thanks for
your reply.

Michael

On Friday, September 7, 2012 10:28:08 AM UTC-6, Massimo Di Pierro
wrote:

I strongly disagree with this.

Publishing record IDs does not imply indirect object reference
vulnerability. Any application that publishes record
information must have a way to reference individual records.
If the individual access is not validated than the app is
vulnerable to indirect object reference, whether or not the
reference is done by id or not.

Who can access what is a matter of policy and policy must be
implemented by the developer. Web2py provides the
@auth.requires_permission and @auth.requires_membership and
$auth.requires_signature.

Massimo

On Friday, 7 September 2012 09:22:12 UTC-5, MichaelF wrote:

I appreciate that web2py has ways to handle this, and I
also agree that it's somewhat hackish. The problem
remains, though, that we're still exposing (publishing)
internal primary keys to the browser. Isn't the main
problem the fact that we're dealing with primary key
values being sent to the browser? Look at
https://www.owasp.org/index.php/Top_10_2010-A4
 for one
description of the vulnerability.

In our php application we wrote a class that hashed
primary keys sent to the browser, giving different hashes
on each GET/POST so that, for example, the hashed primary
key 1 would different if the user visited the same page
two times.

Thoughts?

Thanks.

On Thursday, September 6, 2012 8:18:44 AM UTC-6, Anthony
wrote:

How about
http://web2py.com/books/default/chapter/29/06#Common-filters
 
or

http://web2py.com/books/default/chapter/29/06#Common-fields-and-multi-tenancy

?


Anthony

On Wednesday, September 5, 2012 8:48:49 PM UTC-4,
Kevin C wrote:

We did something similar but it feels very
hackish, considering it has to be done in every
method of the admin controller.  I just wanted to
see if there was a better way.

Thank you.

Kevin Cackler
Tech Daddies

[web2py] Re: Getting auth.wiki pages to display without login

2012-09-07 Thread Massimo Di Pierro 
Strange. It should work even without url=True. You should be able to paste 
any URL in markmin and it should work.

MARKMIN(text, url=True)

simply allows you to user the shortcuts @/app/controller/function/args and 
they will be converted in http:///app/controller/function/args where 
app, controller and function are optional. You can do @///index for example.

On Friday, 7 September 2012 14:15:31 UTC-5, Andrew W wrote:
>
> No I didn't.   Only just found out about URL=True.  Di I pass as a URL 
> variable ?

--

Re: [web2py] Re: static blog

2012-09-07 Thread Martín Mulone 
book app and this are static generation of the content, focus on
lightweight aproach. Auth.wiki is all included is a cms, auth, edit create,
delete system grid, etc. I think you can render a pdf with no problem from
markmin.

2012/9/7 Andrew W 

> Good work Martin,
> I was thinking of looking at the book app for the same purpose.
> I want to document some Disaster Recovery procedures,  so I therefore also
> need to create a PDF version as well.  Do you think the book app vs
> auth.wiki() is better (easier?) for generating PDFs.?
>
> So many choices!
>
> --
>
>
>
>


-- 
http://martinmulone.com.ar

--

Re: [web2py] sqlform.grid and query conditions

2012-09-07 Thread Massimo Di Pierro 
In some sense the grid does what you say.

For example:

@auth.requires_login()
def index():
 db.define_table('thing',Field('name'),auth.signature)
 grid = SQLFORM.grid(db.thing.created_by==auth.user_id)
 return locals()

Notice all the URLs linked by the grid are digitally signed. They are one 
time URLs. They can only be used by the user within this session and they 
cannot be tampered with. For example replacing the id of a record with 
another record in the edit page will not give access to the other record 
because would break the signature. This was broken in 1.99.7 for the grid 
(and in fact it was experimental) but it is fixed in 2.0.x.

Users can digitally sign any URL:

def index():
...
link = URL('edit',args=id,user_signature=True)
return dict(link=link)

@auth.requires_signature()
def edit():
...

Now the http://.../edit/?signature= is still the id of the 
record but without the signature the URL is not valid.





On Friday, 7 September 2012 13:27:49 UTC-5, MichaelF wrote:
>
> Thanks, Massimo.
>
> Re. needing a way to reference individual records: of course. But it 
> doesn't have to be the internal record id (primary key value). The php code 
> we used gave out unique-per-request values so that one couldn't, say, use a 
> key retrieved from one form in another form.
>
> The @auth infrastructure is great. It's not a record-level design (or is 
> it?). I just hate to think that internal db keys are public info. Okay, 
> perhaps I'm going over the edge being worried about exposing database 
> primary keys. But I find that when I decide I'm going over the edge, that 
> means that some cracker will find a way to use that information against my 
> site.
>
> I don't think web2py is much different from other infrastructures on this 
> issue. I wanted to know what others thought; thanks for your reply.
>
> Michael
>
> On Friday, September 7, 2012 10:28:08 AM UTC-6, Massimo Di Pierro wrote:
>>
>> I strongly disagree with this.
>>
>> Publishing record IDs does not imply indirect object reference 
>> vulnerability. Any application that publishes record information must 
>> have a way to reference individual records. If the individual access is 
>> not validated than the app is vulnerable to indirect object reference, 
>> whether or not the reference is done by id or not.
>>
>> Who can access what is a matter of policy and policy must be implemented 
>> by the developer. Web2py provides the @auth.requires_permission and 
>> @auth.requires_membership and $auth.requires_signature.
>>
>> Massimo
>>
>> On Friday, 7 September 2012 09:22:12 UTC-5, MichaelF wrote:
>>>
>>> I appreciate that web2py has ways to handle this, and I also agree that 
>>> it's somewhat hackish. The problem remains, though, that we're still 
>>> exposing (publishing) internal primary keys to the browser. Isn't the main 
>>> problem the fact that we're dealing with primary key values being sent to 
>>> the browser? Look at https://www.owasp.org/index.php/Top_10_2010-A4 for 
>>> one description of the vulnerability.
>>>
>>> In our php application we wrote a class that hashed primary keys sent to 
>>> the browser, giving different hashes on each GET/POST so that, for example, 
>>> the hashed primary key 1 would different if the user visited the same page 
>>> two times.
>>>
>>> Thoughts?
>>>
>>> Thanks.
>>>
>>> On Thursday, September 6, 2012 8:18:44 AM UTC-6, Anthony wrote:

 How about http://web2py.com/books/default/chapter/29/06#Common-filters
  or 
 http://web2py.com/books/default/chapter/29/06#Common-fields-and-multi-tenancy
 ?

 Anthony

 On Wednesday, September 5, 2012 8:48:49 PM UTC-4, Kevin C wrote:
>
>  We did something similar but it feels very hackish, considering it 
> has to be done in every method of the admin controller.  I just wanted to 
> see if there was a better way.
>
> Thank you.
>
> Kevin Cackler
> Tech Daddies
> 501-205-1512http://www.techdaddies.com
>
> On 9/5/2012 7:45 PM, Bruno Rocha wrote:
>  
> You can do: 
>
>  if request.args(0) in ['edit', 'delete']:
> STORE_DETAILS.id == int(request.args(2)) or 
> redirect(URL('default', 'wherever'))
>
>   db.pages.stores_id.default = STORE_DETAILS.id
> query = ((db.pages.stores_id == STORE_DETAILS.id))
> form = SQLFORM.grid(query=query)
>
>  return dict(form=form)
>  
>  
>
> On Wed, Sep 5, 2012 at 9:38 PM, Kevin C  wrote:
>
>> Basically, we are generating a SQLFORM.grid with the following code: 
>>
>>  db.pages.stores_id.default = STORE_DETAILS.id
>> query = ((db.pages.stores_id == STORE_DETAILS.id))
>> form = SQLFORM.grid(query=query)
>>
>>  return dict(form=form)
>>  
>>  This is working perfectly fine for us.  However, we have noticed 
>> that if we just change the ID in the query string for the edit page, we

Re: [web2py] Re: Why would I use DIV classes/helpers, over an html template?

2012-09-07 Thread Shawn McElroy 
But see, to me, now that's putting HTML in the controller. Which I see as a
negative. Ideally I would pass the data to the view and use a foreach over
the data contents. And for marking a field as red, I would put some
metadata into the data sent to the view. I would just test if vacant was
true, and if so, change style. This way there's no hidden HTML
tags/structure from a designers template file.
On Sep 7, 2012 12:11 PM, "Andrew W"  wrote:

> Good example Cliff.
>
> --
>
>
>
>

--

[web2py] Re: Getting auth.wiki pages to display without login

2012-09-07 Thread Andrew W 
No I didn't.   Only just found out about URL=True.  Di I pass as a URL variable 
?

--

[web2py] Re: Why would I use DIV classes/helpers, over an html template?

2012-09-07 Thread Andrew W 
Good example Cliff.

--

[web2py] Re: Why would I use DIV classes/helpers, over an html template?

2012-09-07 Thread Cliff Kachinske 
Because you can do stuff like this:

rows = db(...#get some arbitrary rows
tbody = TBODY()
for r in rows:
  tbody.append(TR(...# do complex stuff with row data.  If a list of rental 
properties, for example, style the address red if vacant
table=TABLE(THEAD(...arbitrary column headings), tbody)

The ability to manipulate the DOM like this helps separate page design from 
content.  This is a good thing, even if you are a solo developer.

On Thursday, September 6, 2012 1:30:03 AM UTC-4, luckysmack wrote:
>
> Traditionally, for html templates, I would do something like this in a 
> template.php file (i am coming from php):
>
> **
> *Hello *
> **
>
> and reading through the docs for web2py, I see the classes like DIV(), 
> which i can then add id's, classes, and other attributes to, to be 
> rendered. Which seems odd to me. Ive always had the mindset that I shouldnt 
> mix html template and logic. minus things like for loops and such. and in 
> my code, I shouldnt generate html. Mixing them, to me at least, makes it 
> harder for designers to go into the templates to style things and change 
> id's, classes. I also tend not to use ids/classes for structure. lately i 
> have been using things like data attributes to help with structure or 
> looping through things. this way if styles change and id's/classes change, 
> functionality is not broken.
>
> So should I still think that way? Should I not use DIV and the other html 
> helper classes in my templates? or is there a use case where I would to 
> that.
>
> If there is, I am curious to see/hear about some use cases or examples of 
> why I would use them in templates, or use them in controllers to generate 
> html.
>
> or am I just thinking about them wrong somehow. if they should be used in 
> a different way, how should I use them.
>
> Thanks.
>

--

[web2py] Re: How to use sheduler when running web2py in apache + mod_wsgi scenario ?

2012-09-07 Thread Niphlod 
yep, works perfectly. 

On Friday, September 7, 2012 6:54:45 PM UTC+2, David Marko wrote:
>
> Thanks! also in one of other threads you mentioned NSSM for runnig 
> programs as services on Windows. Does is also work for scheduler worker? Do 
> you have experience with this as an scheduler author :-) ?
>
> David
>
> Dne pátek, 7. září 2012 16:40:26 UTC+2 Niphlod napsal(a):
>>
>> Perfectly fine.it's the recommended way!
>>
>> Apache & co. kill processes that hang up (usually a certain timeout) 
>> because normally a page "should" return something in a small timeframe. 
>> This feature is useful to free up resources if the code to generate your 
>> webpage is too heavy on the machine, and to let the webserver serve other 
>> requests.
>>
>> A scheduler instead is a "never-ending" process (it's sort of the apache 
>> process) that manages other processes to do your tasks, in a totally 
>> separate environment from apache itself (so apache is free, and your users 
>> happy). 
>>
>> Having a scheduler "managed" by apache is infact "killing the purpose" of 
>> the scheduler. 
>>
>> Il giorno venerdì 7 settembre 2012 14:32:09 UTC+2, David Marko ha scritto:
>>>
>>> How to use sheduler when running web2py in apache + mod_wsgi scenario ? 
>>> Is it ok to run it as ussual I mean start it separately from apache-wsgi'  
>>> python 
>>> web2py.py -K myapp:group1:group2,myotherapp:group1' ? No problem with 
>>> this?
>>>
>>

--

Re: [web2py] sqlform.grid and query conditions

2012-09-07 Thread MichaelF 
Thanks, Massimo.

Re. needing a way to reference individual records: of course. But it 
doesn't have to be the internal record id (primary key value). The php code 
we used gave out unique-per-request values so that one couldn't, say, use a 
key retrieved from one form in another form.

The @auth infrastructure is great. It's not a record-level design (or is 
it?). I just hate to think that internal db keys are public info. Okay, 
perhaps I'm going over the edge being worried about exposing database 
primary keys. But I find that when I decide I'm going over the edge, that 
means that some cracker will find a way to use that information against my 
site.

I don't think web2py is much different from other infrastructures on this 
issue. I wanted to know what others thought; thanks for your reply.

Michael

On Friday, September 7, 2012 10:28:08 AM UTC-6, Massimo Di Pierro wrote:
>
> I strongly disagree with this.
>
> Publishing record IDs does not imply indirect object reference 
> vulnerability. Any application that publishes record information must 
> have a way to reference individual records. If the individual access is 
> not validated than the app is vulnerable to indirect object reference, 
> whether or not the reference is done by id or not.
>
> Who can access what is a matter of policy and policy must be implemented 
> by the developer. Web2py provides the @auth.requires_permission and 
> @auth.requires_membership and $auth.requires_signature.
>
> Massimo
>
> On Friday, 7 September 2012 09:22:12 UTC-5, MichaelF wrote:
>>
>> I appreciate that web2py has ways to handle this, and I also agree that 
>> it's somewhat hackish. The problem remains, though, that we're still 
>> exposing (publishing) internal primary keys to the browser. Isn't the main 
>> problem the fact that we're dealing with primary key values being sent to 
>> the browser? Look at https://www.owasp.org/index.php/Top_10_2010-A4 for 
>> one description of the vulnerability.
>>
>> In our php application we wrote a class that hashed primary keys sent to 
>> the browser, giving different hashes on each GET/POST so that, for example, 
>> the hashed primary key 1 would different if the user visited the same page 
>> two times.
>>
>> Thoughts?
>>
>> Thanks.
>>
>> On Thursday, September 6, 2012 8:18:44 AM UTC-6, Anthony wrote:
>>>
>>> How about http://web2py.com/books/default/chapter/29/06#Common-filters
>>>  or 
>>> http://web2py.com/books/default/chapter/29/06#Common-fields-and-multi-tenancy
>>> ?
>>>
>>> Anthony
>>>
>>> On Wednesday, September 5, 2012 8:48:49 PM UTC-4, Kevin C wrote:

  We did something similar but it feels very hackish, considering it 
 has to be done in every method of the admin controller.  I just wanted to 
 see if there was a better way.

 Thank you.

 Kevin Cackler
 Tech Daddies
 501-205-1512http://www.techdaddies.com

 On 9/5/2012 7:45 PM, Bruno Rocha wrote:
  
 You can do: 

  if request.args(0) in ['edit', 'delete']:
 STORE_DETAILS.id == int(request.args(2)) or 
 redirect(URL('default', 'wherever'))

   db.pages.stores_id.default = STORE_DETAILS.id
 query = ((db.pages.stores_id == STORE_DETAILS.id))
 form = SQLFORM.grid(query=query)

  return dict(form=form)
  
  

 On Wed, Sep 5, 2012 at 9:38 PM, Kevin C  wrote:

> Basically, we are generating a SQLFORM.grid with the following code: 
>
>  db.pages.stores_id.default = STORE_DETAILS.id
> query = ((db.pages.stores_id == STORE_DETAILS.id))
> form = SQLFORM.grid(query=query)
>
>  return dict(form=form)
>  
>  This is working perfectly fine for us.  However, we have noticed 
> that if we just change the ID in the query string for the edit page, we 
> are 
> allowed to edit other store's entries.
>
>  IE 
> http://test.oursite.com/test/admin/pages/edit/pages/6?_signature=f8c5560743.
> ..
>
>  What is the proper way to do this, then?  The grid itself looks 
> great, but just by changing the page ID in the URL, we are allowed to 
> edit 
> pages not belonging to us.  I guess I was hoping that the query 
> conditional 
> would be passed to each function (add, edit, delete) but that obviously 
> is 
> not the case.  Is multi-tenancy the solution to this issue or are we 
> overlooking something simple?
>  -- 
>  
>  
>  
>
  

  -- 
  
  
  


  

--

[web2py] Re: I can't display a thumbnail?

2012-09-07 Thread Anthony 
How about if you do something like:

from cStringIO import StringIO
tmp = StringIO()
im.save(tmp, 'jpeg')
tmp.seek(0)
thisImage.update_record(thumb=db.Images.thumb.store(tmp, filename=
'thumbnail.jpg'))

Anthony

On Friday, September 7, 2012 12:07:27 PM UTC-4, BlueShadow wrote:
>
> Traceback (most recent call last):
>   File "F:\Website\web2py\gluon\restricted.py", line 209, in restricted
> exec ccode in environment
>   File "F:/Website/web2py/applications/testthumb/controllers/default.py" 
> , 
> line 128, in 
>   File "F:\Website\web2py\gluon\globals.py", line 185, in 
> self._caller = lambda f: f()
>   File "F:/Website/web2py/applications/testthumb/controllers/default.py" 
> , 
> line 121, in newImage
> makeThumbnail(dbtable,form.vars.id,(200,200))
>   File "F:/Website/web2py/applications/testthumb/controllers/default.py" 
> , 
> line 106, in makeThumbnail
> thisImage.update_record(thumb=db.Images.thumb.store(im, 
> filename='thumbnail.jpg'))
>   File "F:\Website\web2py\gluon\dal.py", line 8442, in store
> shutil.copyfileobj(file, dest_file)
>   File "C:\Python27\lib\shutil.py", line 48, in copyfileobj
> buf = fsrc.read(length)
>   File "C:\Python27\lib\site-packages\PIL\Image.py", line 512, in __getattr__
> raise AttributeError(name)
> AttributeError: read
>
>
> that was the error message
>
>
>
> On Friday, September 7, 2012 5:57:09 PM UTC+2, Anthony wrote:
>>
>> Yes, I see a message was deleted -- don't know who deleted it. Can you 
>> post the error again?
>>
>> On Friday, September 7, 2012 11:41:05 AM UTC-4, BlueShadow wrote:
>>>
>>> I was referring to paolos post
>>> your solution gives me just the error message I don't understand 
>>> Anthony. I posted the error message before but it got somehow deleted. 
>>>
>>> On Friday, September 7, 2012 5:38:15 PM UTC+2, Anthony wrote:

 On Friday, September 7, 2012 11:22:41 AM UTC-4, BlueShadow wrote:
>
> I tried your solution and it just leaves the thumb field empty and no 
> thumbnail is created in the upload folder.
>

 Are you referring to Paolo's solution or this one:

 thisImage.update_record(thumb=db.Images.thumb.store(im, filename=
 'thumbnail.jpg'))

 and how did you get this Database view I really like that^^


 Are you talking about the image Paolo attached? That's just the Chrome 
 developer tools (hit F12 in Chrome to open it).

 Anthony

>>>

--

[web2py] Re: How to use sheduler when running web2py in apache + mod_wsgi scenario ?

2012-09-07 Thread David Marko 
Thanks! also in one of other threads you mentioned NSSM for runnig programs 
as services on Windows. Does is also work for scheduler worker? Do you have 
experience with this as an scheduler author :-) ?

David

Dne pátek, 7. září 2012 16:40:26 UTC+2 Niphlod napsal(a):
>
> Perfectly fine.it's the recommended way!
>
> Apache & co. kill processes that hang up (usually a certain timeout) 
> because normally a page "should" return something in a small timeframe. 
> This feature is useful to free up resources if the code to generate your 
> webpage is too heavy on the machine, and to let the webserver serve other 
> requests.
>
> A scheduler instead is a "never-ending" process (it's sort of the apache 
> process) that manages other processes to do your tasks, in a totally 
> separate environment from apache itself (so apache is free, and your users 
> happy). 
>
> Having a scheduler "managed" by apache is infact "killing the purpose" of 
> the scheduler. 
>
> Il giorno venerdì 7 settembre 2012 14:32:09 UTC+2, David Marko ha scritto:
>>
>> How to use sheduler when running web2py in apache + mod_wsgi scenario ? 
>> Is it ok to run it as ussual I mean start it separately from apache-wsgi'  
>> python 
>> web2py.py -K myapp:group1:group2,myotherapp:group1' ? No problem with 
>> this?
>>
>

--

Re: [web2py] Re: [OT] Ubuntu 12.10 will no longer ship with Python 2

2012-09-07 Thread Bruno Rocha 
Let's create a virtual-env with Python 2.7 and it will not be a problem.

--

[web2py] Re: How to add a web2py GUI for a background process ?

2012-09-07 Thread Andrew 
Sure thing :)

One thing to consider is that the messaging implementation can be 
completely asynchronous. I don't know if that's important  for your 
use-case. Since qpid supports persistent queues it even allows you to allow 
the broker to be down for maintenance etc.

On Friday, September 7, 2012 9:45:24 AM UTC-5, Esteban García-Gurtubay 
wrote:
>
> Thanks, Andrew
> I had a look into Qpid. It certainly can do the job, but on the same 
> spirit, I think a simpler client/server implementation with XMLRPC might 
> work as well. Besides, XMLRPC libraries are bundled with Python by default.
>
> /E.-
>
>
>
>
>
> On Friday, September 7, 2012 5:06:56 AM UTC+2, Andrew wrote:
>>
>> How about messaging?
>>
>> Qpid.apache.org has a good broker implementation with python bindings. 
>> Your script could be a producer and web2py a consumer of a queue used for 
>> communicating events.
>>
>>
>> Andrew
>>
>>

--

[web2py] Re: Getting auth.wiki pages to display without login

2012-09-07 Thread Massimo Di Pierro 
cannot reproduce. Can you provide an example? Did you pass url=True?

On Friday, 7 September 2012 11:25:34 UTC-5, Andrew W wrote:
>
> Pasting in one of my urls into the browser, I always get a login screen. 
>  I haven't turned on permissions=True.
> Is there an extra step ?.
>
>
>

--

Re: [web2py] Re: [OT] Ubuntu 12.10 will no longer ship with Python 2

2012-09-07 Thread Richard Vézina 
Again bad Ubuntu decision!

Richard

On Fri, Sep 7, 2012 at 9:54 AM, LightDot  wrote:

> Please don't spread FUD. The news only says that the DESKTOP CD IMAGE will
> not contain python 2.x, this doesn't mean Ubuntu 12.10 will remove python
> 2.x from the distribution. This also doesn't affect server images, or any
> other Ubuntu images. The server cd image and other images will contain
> Python 2.x as usual.
>
> Even if you do a fresh install from the desktop cd image, all you'll need
> to do is run 'apt get' or use whichever GUI you use to install packages
> from the Ubuntu repository, same as you'd do for any other software that is
> a part of Ubuntu but not distributed on the install media.
>
> I believe this Ubuntu's decision is a mistake nevertheless. I have nothing
> against python 3, but who ever is behind such "political statements", isn't
> helping it's promotion with such moves. IMHO, naturally...
>
> Regards,
> Ales
>
>
>
> On Friday, September 7, 2012 2:56:59 PM UTC+2, Luther Goh Lu Feng wrote:
>>
>> FYI: Ubuntu 12.10 Quantal Quetzal says bye bye to Python 2. Take note if
>> you run web2py and intend to use 12.10. I am not sure if there are ways to
>> get Python 2 installed though.
>>
>> "For 12.10, we intend to ship only Python 3 with the Ubuntu desktop
>> image, not Python 2. Beta-1 continues this process."
>>
>> https://wiki.ubuntu.com/**QuantalQuetzal/**TechnicalOverview/Beta1#**
>> Python_3.0
>
>  --
>
>
>
>

--

Re: [web2py] sqlform.grid and query conditions

2012-09-07 Thread Massimo Di Pierro 
I strongly disagree with this.

Publishing record IDs does not imply indirect object reference 
vulnerability. Any application that publishes record information must have 
a way to reference individual records. If the individual access is not 
validated than the app is vulnerable to indirect object reference, whether 
or not the reference is done by id or not.

Who can access what is a matter of policy and policy must be implemented by 
the developer. Web2py provides the @auth.requires_permission and 
@auth.requires_membership and $auth.requires_signature.

Massimo

On Friday, 7 September 2012 09:22:12 UTC-5, MichaelF wrote:
>
> I appreciate that web2py has ways to handle this, and I also agree that 
> it's somewhat hackish. The problem remains, though, that we're still 
> exposing (publishing) internal primary keys to the browser. Isn't the main 
> problem the fact that we're dealing with primary key values being sent to 
> the browser? Look at https://www.owasp.org/index.php/Top_10_2010-A4 for 
> one description of the vulnerability.
>
> In our php application we wrote a class that hashed primary keys sent to 
> the browser, giving different hashes on each GET/POST so that, for example, 
> the hashed primary key 1 would different if the user visited the same page 
> two times.
>
> Thoughts?
>
> Thanks.
>
> On Thursday, September 6, 2012 8:18:44 AM UTC-6, Anthony wrote:
>>
>> How about http://web2py.com/books/default/chapter/29/06#Common-filters
>>  or 
>> http://web2py.com/books/default/chapter/29/06#Common-fields-and-multi-tenancy
>> ?
>>
>> Anthony
>>
>> On Wednesday, September 5, 2012 8:48:49 PM UTC-4, Kevin C wrote:
>>>
>>>  We did something similar but it feels very hackish, considering it has 
>>> to be done in every method of the admin controller.  I just wanted to see 
>>> if there was a better way.
>>>
>>> Thank you.
>>>
>>> Kevin Cackler
>>> Tech Daddies
>>> 501-205-1512http://www.techdaddies.com
>>>
>>> On 9/5/2012 7:45 PM, Bruno Rocha wrote:
>>>  
>>> You can do: 
>>>
>>>  if request.args(0) in ['edit', 'delete']:
>>> STORE_DETAILS.id == int(request.args(2)) or 
>>> redirect(URL('default', 'wherever'))
>>>
>>>   db.pages.stores_id.default = STORE_DETAILS.id
>>> query = ((db.pages.stores_id == STORE_DETAILS.id))
>>> form = SQLFORM.grid(query=query)
>>>
>>>  return dict(form=form)
>>>  
>>>  
>>>
>>> On Wed, Sep 5, 2012 at 9:38 PM, Kevin C  wrote:
>>>
 Basically, we are generating a SQLFORM.grid with the following code: 

  db.pages.stores_id.default = STORE_DETAILS.id
 query = ((db.pages.stores_id == STORE_DETAILS.id))
 form = SQLFORM.grid(query=query)

  return dict(form=form)
  
  This is working perfectly fine for us.  However, we have noticed that 
 if we just change the ID in the query string for the edit page, we are 
 allowed to edit other store's entries.

  IE 
 http://test.oursite.com/test/admin/pages/edit/pages/6?_signature=f8c5560743.
 ..

  What is the proper way to do this, then?  The grid itself looks 
 great, but just by changing the page ID in the URL, we are allowed to edit 
 pages not belonging to us.  I guess I was hoping that the query 
 conditional 
 would be passed to each function (add, edit, delete) but that obviously is 
 not the case.  Is multi-tenancy the solution to this issue or are we 
 overlooking something simple?
  -- 
  
  
  

>>>  
>>>
>>>  -- 
>>>  
>>>  
>>>  
>>>
>>>
>>>  

--

[web2py] Getting auth.wiki pages to display without login

2012-09-07 Thread Andrew W 
Pasting in one of my urls into the browser, I always get a login screen.  I 
haven't turned on permissions=True.
Is there an extra step ?.


--

[web2py] Re: I can't display a thumbnail?

2012-09-07 Thread BlueShadow 


Traceback (most recent call last):
  File "F:\Website\web2py\gluon\restricted.py", line 209, in restricted
exec ccode in environment
  File "F:/Website/web2py/applications/testthumb/controllers/default.py" 
, 
line 128, in 
  File "F:\Website\web2py\gluon\globals.py", line 185, in 
self._caller = lambda f: f()
  File "F:/Website/web2py/applications/testthumb/controllers/default.py" 
, 
line 121, in newImage
makeThumbnail(dbtable,form.vars.id,(200,200))
  File "F:/Website/web2py/applications/testthumb/controllers/default.py" 
, 
line 106, in makeThumbnail
thisImage.update_record(thumb=db.Images.thumb.store(im, 
filename='thumbnail.jpg'))
  File "F:\Website\web2py\gluon\dal.py", line 8442, in store
shutil.copyfileobj(file, dest_file)
  File "C:\Python27\lib\shutil.py", line 48, in copyfileobj
buf = fsrc.read(length)
  File "C:\Python27\lib\site-packages\PIL\Image.py", line 512, in __getattr__
raise AttributeError(name)
AttributeError: read


that was the error message



On Friday, September 7, 2012 5:57:09 PM UTC+2, Anthony wrote:
>
> Yes, I see a message was deleted -- don't know who deleted it. Can you 
> post the error again?
>
> On Friday, September 7, 2012 11:41:05 AM UTC-4, BlueShadow wrote:
>>
>> I was referring to paolos post
>> your solution gives me just the error message I don't understand Anthony. 
>> I posted the error message before but it got somehow deleted. 
>>
>> On Friday, September 7, 2012 5:38:15 PM UTC+2, Anthony wrote:
>>>
>>> On Friday, September 7, 2012 11:22:41 AM UTC-4, BlueShadow wrote:

 I tried your solution and it just leaves the thumb field empty and no 
 thumbnail is created in the upload folder.

>>>
>>> Are you referring to Paolo's solution or this one:
>>>
>>> thisImage.update_record(thumb=db.Images.thumb.store(im, filename=
>>> 'thumbnail.jpg'))
>>>
>>> and how did you get this Database view I really like that^^
>>>
>>>
>>> Are you talking about the image Paolo attached? That's just the Chrome 
>>> developer tools (hit F12 in Chrome to open it).
>>>
>>> Anthony
>>>
>>

--

[web2py] Re: I can't display a thumbnail?

2012-09-07 Thread Anthony 
Yes, I see a message was deleted -- don't know who deleted it. Can you post 
the error again?

On Friday, September 7, 2012 11:41:05 AM UTC-4, BlueShadow wrote:
>
> I was referring to paolos post
> your solution gives me just the error message I don't understand Anthony. 
> I posted the error message before but it got somehow deleted. 
>
> On Friday, September 7, 2012 5:38:15 PM UTC+2, Anthony wrote:
>>
>> On Friday, September 7, 2012 11:22:41 AM UTC-4, BlueShadow wrote:
>>>
>>> I tried your solution and it just leaves the thumb field empty and no 
>>> thumbnail is created in the upload folder.
>>>
>>
>> Are you referring to Paolo's solution or this one:
>>
>> thisImage.update_record(thumb=db.Images.thumb.store(im, filename=
>> 'thumbnail.jpg'))
>>
>> and how did you get this Database view I really like that^^
>>
>>
>> Are you talking about the image Paolo attached? That's just the Chrome 
>> developer tools (hit F12 in Chrome to open it).
>>
>> Anthony
>>
>

--

Re: [web2py] Re: static blog

2012-09-07 Thread Andrew W 
Good work Martin,
I was thinking of looking at the book app for the same purpose.  
I want to document some Disaster Recovery procedures,  so I therefore also need 
to create a PDF version as well.  Do you think the book app vs auth.wiki() is 
better (easier?) for generating PDFs.?

So many choices!

--

Re: [web2py] Re: What is the proper way to use external cron with web2py?

2012-09-07 Thread Jonathan Lundell 
On 7 Sep 2012, at 8:33 AM, Jose C  wrote:
> Mainly, it avoids some unnecessary overhead, and automatically sets some 
> other useful flags (like -N). And in the trunk (so wait for >2.0.8), it sets 
> nobanner and nogui.
> Also, it overrides requires_https.
> 
> (I don't actually see a reference to it in newcron.py...)
> 
> Great, thanks for the info... the newcron.py references are on lines 318 and 
> 325, this is version 2.0.7 (perhaps removed in 2.0.8 or trunk?)  
> 
> 

Oh, I see what you mean. I was referring to using the flag (cronjob) that -J 
sets.

--

[web2py] Re: I can't display a thumbnail?

2012-09-07 Thread BlueShadow 
I was referring to paolos post

On Friday, September 7, 2012 5:38:15 PM UTC+2, Anthony wrote:
>
> On Friday, September 7, 2012 11:22:41 AM UTC-4, BlueShadow wrote:
>>
>> I tried your solution and it just leaves the thumb field empty and no 
>> thumbnail is created in the upload folder.
>>
>
> Are you referring to Paolo's solution or this one:
>
> thisImage.update_record(thumb=db.Images.thumb.store(im, filename=
> 'thumbnail.jpg'))
>
> and how did you get this Database view I really like that^^
>
>
> Are you talking about the image Paolo attached? That's just the Chrome 
> developer tools (hit F12 in Chrome to open it).
>
> Anthony
>

--

[web2py] Re: I can't display a thumbnail?

2012-09-07 Thread Anthony 
On Friday, September 7, 2012 11:22:41 AM UTC-4, BlueShadow wrote:
>
> I tried your solution and it just leaves the thumb field empty and no 
> thumbnail is created in the upload folder.
>

Are you referring to Paolo's solution or this one:

thisImage.update_record(thumb=db.Images.thumb.store(im, filename=
'thumbnail.jpg'))

and how did you get this Database view I really like that^^


Are you talking about the image Paolo attached? That's just the Chrome 
developer tools (hit F12 in Chrome to open it).

Anthony

--

Re: [web2py] Re: What is the proper way to use external cron with web2py?

2012-09-07 Thread Jose C 

>
>
> Mainly, it avoids some unnecessary overhead, and automatically sets some 
> other useful flags (like -N). And in the trunk (so wait for >2.0.8), it 
> sets nobanner and nogui.
> Also, it overrides requires_https.
>
> (I don't actually see a reference to it in newcron.py...)
>

Great, thanks for the info... the newcron.py references are on lines 318 
and 325, this is version 2.0.7 (perhaps removed in 2.0.8 or trunk?)  

--

[web2py] Re: Using the template system to generate messages

2012-09-07 Thread Niphlod 
it's a path relative to the app's *views *folder. With this code your *
message.html* should be next to layout.html, just in the *yourapp/views/*folder.

Il giorno venerdì 7 settembre 2012 17:04:27 UTC+2, Daniel Gonzalez ha 
scritto:
>
> As explained here:
>
>
> http://web2py.com/books/default/chapter/29/8#Using-the-template-system-to-generate-messages
>
> The following code can be used to render a view file to send via email:
>
> for person in db(db.person).select():
> context = dict(person=person)
> message = response.render('message.html', context)
> mail.send(to=['w...@example.com '],
>   subject='None',
>   message=message)
>
> I have tried this, but I am not able to place the "message.html" correctly 
> in the directory hierarchy.
> How does reponse.render find the view files, or, even better, how can I 
> tell response.render where to find my template file?
>
> Thanks,
> Daniel
>

--

Re: [web2py] Re: What is the proper way to use external cron with web2py?

2012-09-07 Thread Jonathan Lundell 
On 7 Sep 2012, at 8:06 AM, Jose C  wrote:
> Using system/external cron, you should use the -J flag. 
> 
> Jonathan,  could you elaborate on what the `J` flag is supposed to do?  I've 
> just run external cron tests both with and without that flag and can't see 
> any visible difference.  I've scanned the source but can only find reference 
> to it in newcron.py.

Mainly, it avoids some unnecessary overhead, and automatically sets some other 
useful flags (like -N). And in the trunk (so wait for >2.0.8), it sets nobanner 
and nogui.

Also, it overrides requires_https.

(I don't actually see a reference to it in newcron.py...)

--

Re: [web2py] Re: What is the proper way to use external cron with web2py?

2012-09-07 Thread Jose C 

>
> Using system/external cron, you should use the -J flag. 
>

Jonathan,  could you elaborate on what the `J` flag is supposed to do?  
I've just run external cron tests both with and without that flag and can't 
see any visible difference.  I've scanned the source but can only find 
reference to it in newcron.py.

Thanks,
JC

--

[web2py] Using the template system to generate messages

2012-09-07 Thread Daniel Gonzalez 
As explained here:

http://web2py.com/books/default/chapter/29/8#Using-the-template-system-to-generate-messages

The following code can be used to render a view file to send via email:

for person in db(db.person).select():
context = dict(person=person)
message = response.render('message.html', context)
mail.send(to=['w...@example.com'],
  subject='None',
  message=message)

I have tried this, but I am not able to place the "message.html" correctly 
in the directory hierarchy.
How does reponse.render find the view files, or, even better, how can I 
tell response.render where to find my template file?

Thanks,
Daniel

--

[web2py] Re: Validating form fields manually

2012-09-07 Thread Daniel Gonzalez 
Thanks Bruno and Anthony, that worked. For others who might need this, this 
is my code:

 def validate_my_form(form):
destination = form.vars.destination
log.error("call_channel='%s'" % (form.vars.call_channel))
if form.vars.call_channel == VOICEMAIL_CHANNEL:
_, err_msg = IS_EMAIL()(destination)
if err_msg: form.errors.destination = err_msg
elif form.vars.call_channel == PHONE_CHANNEL:
_, err_msg = IS_MATCH('\+[0-9]+', error_message=T('Enter a phone 
number, in international format'))(destination)
if err_msg: form.errors.destination = err_msg
elif form.vars.call_channel == SIP_CHANNEL:
_, err_msg = IS_EMAIL(error_message=T('Enter a valid SIP address'))(
destination)
if err_msg: form.errors.destination = err_msg
else:
form.errors.call_channel = "call_channel=%s not supported" % (form.
vars.call_channel)


On Tuesday, September 4, 2012 9:55:20 PM UTC+2, Anthony wrote:
>
> For phone and sip address, you could use the IS_MATCH validator with an 
> appropriate regular expression defined. Or you could create a custom 
> validator.
>
> Bruno covered your other question.
>
> Anthony
>
> On Tuesday, September 4, 2012 3:09:42 PM UTC-4, Daniel Gonzalez wrote:
>>
>> Hi,
>>
>> In my application I have a form with (among other data), the following 
>> two fields:
>>
>>- channel: a set with three possible values: "voicemail", 
>>"sipaddress" or "phone".
>>- destination: a string, the meaningf of which depends on the value 
>>of channel.
>>
>> I have the problem that I attach a validation rule ("require") to the 
>> destination field, because the validation rule depends on the value of 
>> "channel"
>>
>> What I would like to do is to leave the validation rule of the 
>> destination empty, and then do a manual validation, depending on the value 
>> of "channel".
>> The rest of the fields would be validated as usual, with form.process(), 
>> but the destination would be validated manually.
>>
>> Something like this:
>>
>> if form.process().accepted:
>> if request.var.channel == 'voicemail': validate requests.var.destination 
>> as a mail address.
>> elif request.var.channel == 'sipaddress' validate 
>> requests.var.destination 
>> as a sip address.
>> elfi request.var.channel == 'phone' validate requests.var.destination 
>> as a telephone number
>>
>>
>> I have two questions:
>>
>>- has web2py suppot for validation of telephone numbers and sip 
>>addresses?
>>- how can I manually apply validation rules, so that I can apply 
>>complex algorithms as the one described while validating?
>>
>> Thanks
>> Daniel
>>
>

--

[web2py] Re: How to add a web2py GUI for a background process ?

2012-09-07 Thread Esteban García-Gurtubay 
Thanks, Andrew.

I had a look into Qpid. It certainly can do the job, but on the same 
spirit, I think a simpler client/server implementation with XMLRPC might 
work as well. Besides, XMLRPC libraries are bundled with Python by default.

/E.-





On Friday, September 7, 2012 5:06:56 AM UTC+2, Andrew wrote:
>
> How about messaging?
>
> Qpid.apache.org has a good broker implementation with python bindings. 
> Your script could be a producer and web2py a consumer of a queue used for 
> communicating events.
>
>
> Andrew
>
>

--

[web2py] Re: routes_onerror changes error code to 200 OK

2012-09-07 Thread Jose C 


On Friday, September 7, 2012 3:18:10 PM UTC+1, Massimo Di Pierro wrote:
>
> Can you please open a ticket and link those threads?
>

Done. 

--

[web2py] Re: How to use sheduler when running web2py in apache + mod_wsgi scenario ?

2012-09-07 Thread Niphlod 
Perfectly fine.it's the recommended way!

Apache & co. kill processes that hang up (usually a certain timeout) 
because normally a page "should" return something in a small timeframe. 
This feature is useful to free up resources if the code to generate your 
webpage is too heavy on the machine, and to let the webserver serve other 
requests.

A scheduler instead is a "never-ending" process (it's sort of the apache 
process) that manages other processes to do your tasks, in a totally 
separate environment from apache itself (so apache is free, and your users 
happy). 

Having a scheduler "managed" by apache is infact "killing the purpose" of 
the scheduler. 

Il giorno venerdì 7 settembre 2012 14:32:09 UTC+2, David Marko ha scritto:
>
> How to use sheduler when running web2py in apache + mod_wsgi scenario ? Is 
> it ok to run it as ussual I mean start it separately from apache-wsgi'  
> python 
> web2py.py -K myapp:group1:group2,myotherapp:group1' ? No problem with 
> this?
>

--

Re: [web2py] sqlform.grid and query conditions

2012-09-07 Thread MichaelF 
I appreciate that web2py has ways to handle this, and I also agree that 
it's somewhat hackish. The problem remains, though, that we're still 
exposing (publishing) internal primary keys to the browser. Isn't the main 
problem the fact that we're dealing with primary key values being sent to 
the browser? Look at https://www.owasp.org/index.php/Top_10_2010-A4 for one 
description of the vulnerability.

In our php application we wrote a class that hashed primary keys sent to 
the browser, giving different hashes on each GET/POST so that, for example, 
the hashed primary key 1 would different if the user visited the same page 
two times.

Thoughts?

Thanks.

On Thursday, September 6, 2012 8:18:44 AM UTC-6, Anthony wrote:
>
> How about http://web2py.com/books/default/chapter/29/06#Common-filters or 
> http://web2py.com/books/default/chapter/29/06#Common-fields-and-multi-tenancy
> ?
>
> Anthony
>
> On Wednesday, September 5, 2012 8:48:49 PM UTC-4, Kevin C wrote:
>>
>>  We did something similar but it feels very hackish, considering it has 
>> to be done in every method of the admin controller.  I just wanted to see 
>> if there was a better way.
>>
>> Thank you.
>>
>> Kevin Cackler
>> Tech Daddies
>> 501-205-1512http://www.techdaddies.com
>>
>> On 9/5/2012 7:45 PM, Bruno Rocha wrote:
>>  
>> You can do: 
>>
>>  if request.args(0) in ['edit', 'delete']:
>> STORE_DETAILS.id == int(request.args(2)) or 
>> redirect(URL('default', 'wherever'))
>>
>>   db.pages.stores_id.default = STORE_DETAILS.id
>> query = ((db.pages.stores_id == STORE_DETAILS.id))
>> form = SQLFORM.grid(query=query)
>>
>>  return dict(form=form)
>>  
>>  
>>
>> On Wed, Sep 5, 2012 at 9:38 PM, Kevin C  wrote:
>>
>>> Basically, we are generating a SQLFORM.grid with the following code: 
>>>
>>>  db.pages.stores_id.default = STORE_DETAILS.id
>>> query = ((db.pages.stores_id == STORE_DETAILS.id))
>>> form = SQLFORM.grid(query=query)
>>>
>>>  return dict(form=form)
>>>  
>>>  This is working perfectly fine for us.  However, we have noticed that 
>>> if we just change the ID in the query string for the edit page, we are 
>>> allowed to edit other store's entries.
>>>
>>>  IE 
>>> http://test.oursite.com/test/admin/pages/edit/pages/6?_signature=f8c5560743.
>>> ..
>>>
>>>  What is the proper way to do this, then?  The grid itself looks great, 
>>> but just by changing the page ID in the URL, we are allowed to edit pages 
>>> not belonging to us.  I guess I was hoping that the query conditional would 
>>> be passed to each function (add, edit, delete) but that obviously is not 
>>> the case.  Is multi-tenancy the solution to this issue or are we 
>>> overlooking something simple?
>>>  -- 
>>>  
>>>  
>>>  
>>>
>>  
>>
>>  -- 
>>  
>>  
>>  
>>
>>
>>  

--

Re: [web2py] Re: What is the proper way to use external cron with web2py?

2012-09-07 Thread Jonathan Lundell 
> 
> But I see web2py has some flags and I am not sure should I use them or not. 
> Does it matter?
> 
>   -J, --cronjob identify cron-initiated command
>   -C, --crontrigger a cron run manually; usually invoked from a
> system crontab
> 
> Do they change anything?
> 
> 
> I don't use those flags, I suspect they are for the internal web2py cron 
> process.

Using system/external cron, you should use the -J flag. 

And --nobanner is a good idea, though I've submitted a patch to make -J 
suppress the banner as well.

Depending on what you're trying to accomplish, you're probably better off 
running web2py requests from a system crontab using -S, instead of using 
web2py's -C extcron facility.

--

[web2py] Re: routes_onerror changes error code to 200 OK

2012-09-07 Thread Massimo Di Pierro 
Can you please open a ticket and link those threads?

On Friday, 7 September 2012 08:53:13 UTC-5, Jose C wrote:
>
>
> This is an old issue as per:
>
> https://groups.google.com/forum/#!searchin/web2py/404$20/web2py/D7zU8Ssa3OA/BqJW97wr4HwJ
> and
>
> https://groups.google.com/forum/#!searchin/web2py/404$20/web2py/Fp0jxzNTVUI/fl7doNG2L5IJ
>
> Also Yarin has created a workaround for it:
> http://www.web2pyslices.com/slice/show/1529/custom-error-routing
>
> I'm raising it here to check whether this shouldn't be considered a bug?  
> If one of the devs weighs in and agrees, I'm happy to open a bug on the 
> issue tracker.
>
> Regards,
> JC

--

Re: [web2py] little css issue and french translation

2012-09-07 Thread Massimo Di Pierro 
Or simply a reminder to pull from your github repo when you make changes. 

On Friday, 7 September 2012 08:50:56 UTC-5, Richard wrote:
>
> For sure I can help once in a wild, I am pretty busy... I can take it 
> paragraph by paragraph... :)
>
> I will check how it works with Git.
>
> Richard
>
> On Thu, Sep 6, 2012 at 10:56 PM, Massimo Di Pierro 
> 
> > wrote:
>
>> :-)
>>
>> merci'. Send me a patch when you can.
>>
>>
>> On Thursday, 6 September 2012 21:20:44 UTC-5, Don_X wrote:
>>>
>>>
>>> "propulsé par"  is definately the proper translation for powered by
>>>
>>> it is indeed nice to see french speaking folks here ... the french group 
>>> on the other hand has been inactive .. it seems since last year !
>>>
>>> There is the french translation for the latest version of the book in 
>>> the works ! ... do you guys want to pitch in 
>>>
>>> The related Git repo can be found here :
>>>
>>> https://github.com/**DonaldClermont/web2py-book/**
>>> tree/master/sources/38-web2py-**french-translation-in-progress
>>>
>>> so far ... only the 00.markmin was completed ! ...  it would be nice if 
>>> I get a hand with this from the french speaking folks who loves web2py like 
>>> I do !
>>>
>>> just contact me if you guys want in on this ... on the side .. i am also 
>>> preparing a glossarium of the terms and expressions used in the book ... 
>>> that in itself is a nice challenge considering there are many terms and 
>>> expressions that have never really been properly translated elsewhere other 
>>> than in Quebec Canada. ( like at Ecole Polytechnique  and the Quebec Board 
>>> of the French Language )
>>>
>>> au plaisir
>>>
>>> Don
>>>
>>  -- 
>>  
>>  
>>  
>>
>
>

--

Re: [web2py] little css issue and french translation

2012-09-07 Thread Massimo Di Pierro 
A zip of the files will do.

On Friday, 7 September 2012 08:50:56 UTC-5, Richard wrote:
>
> For sure I can help once in a wild, I am pretty busy... I can take it 
> paragraph by paragraph... :)
>
> I will check how it works with Git.
>
> Richard
>
> On Thu, Sep 6, 2012 at 10:56 PM, Massimo Di Pierro 
> 
> > wrote:
>
>> :-)
>>
>> merci'. Send me a patch when you can.
>>
>>
>> On Thursday, 6 September 2012 21:20:44 UTC-5, Don_X wrote:
>>>
>>>
>>> "propulsé par"  is definately the proper translation for powered by
>>>
>>> it is indeed nice to see french speaking folks here ... the french group 
>>> on the other hand has been inactive .. it seems since last year !
>>>
>>> There is the french translation for the latest version of the book in 
>>> the works ! ... do you guys want to pitch in 
>>>
>>> The related Git repo can be found here :
>>>
>>> https://github.com/**DonaldClermont/web2py-book/**
>>> tree/master/sources/38-web2py-**french-translation-in-progress
>>>
>>> so far ... only the 00.markmin was completed ! ...  it would be nice if 
>>> I get a hand with this from the french speaking folks who loves web2py like 
>>> I do !
>>>
>>> just contact me if you guys want in on this ... on the side .. i am also 
>>> preparing a glossarium of the terms and expressions used in the book ... 
>>> that in itself is a nice challenge considering there are many terms and 
>>> expressions that have never really been properly translated elsewhere other 
>>> than in Quebec Canada. ( like at Ecole Polytechnique  and the Quebec Board 
>>> of the French Language )
>>>
>>> au plaisir
>>>
>>> Don
>>>
>>  -- 
>>  
>>  
>>  
>>
>
>

--

[web2py] Re: [OT] Ubuntu 12.10 will no longer ship with Python 2

2012-09-07 Thread LightDot 
Please don't spread FUD. The news only says that the DESKTOP CD IMAGE will 
not contain python 2.x, this doesn't mean Ubuntu 12.10 will remove python 
2.x from the distribution. This also doesn't affect server images, or any 
other Ubuntu images. The server cd image and other images will contain 
Python 2.x as usual.

Even if you do a fresh install from the desktop cd image, all you'll need 
to do is run 'apt get' or use whichever GUI you use to install packages 
from the Ubuntu repository, same as you'd do for any other software that is 
a part of Ubuntu but not distributed on the install media.

I believe this Ubuntu's decision is a mistake nevertheless. I have nothing 
against python 3, but who ever is behind such "political statements", isn't 
helping it's promotion with such moves. IMHO, naturally...

Regards,
Ales


On Friday, September 7, 2012 2:56:59 PM UTC+2, Luther Goh Lu Feng wrote:
>
> FYI: Ubuntu 12.10 Quantal Quetzal says bye bye to Python 2. Take note if 
> you run web2py and intend to use 12.10. I am not sure if there are ways to 
> get Python 2 installed though.
>
> "For 12.10, we intend to ship only Python 3 with the Ubuntu desktop image, 
> not Python 2. Beta-1 continues this process."
>
> https://wiki.ubuntu.com/QuantalQuetzal/TechnicalOverview/Beta1#Python_3.0

--

[web2py] routes_onerror changes error code to 200 OK

2012-09-07 Thread Jose C 

This is an old issue as per:
https://groups.google.com/forum/#!searchin/web2py/404$20/web2py/D7zU8Ssa3OA/BqJW97wr4HwJ
and
https://groups.google.com/forum/#!searchin/web2py/404$20/web2py/Fp0jxzNTVUI/fl7doNG2L5IJ

Also Yarin has created a workaround for it:
http://www.web2pyslices.com/slice/show/1529/custom-error-routing

I'm raising it here to check whether this shouldn't be considered a bug?  
If one of the devs weighs in and agrees, I'm happy to open a bug on the 
issue tracker.

Regards,
JC

--

Re: [web2py] redirect with method POST

2012-09-07 Thread Jonathan Lundell 
On 7 Sep 2012, at 3:56 AM, Pradeeshnarayan  wrote:
> In my web2py application after a form submit, I want to redirect to another 
> page with some POST variables. I couldn't find any option to set then method.
> 
> My main idea is to avoid those values from users. 
> 
> I would greatly appreciate any suggestions.
> 

I think that redirection is not what you're after; that will just cause the 
browser to post the same form to the new (redirected) URL.

If the new function/page is in the same controller, you could edit the request 
and just call that function, I suppose. You could use urllib/urllib2 to make an 
entirely new request, but you'd want to be careful not to create a deadlock 
(for example, you'd want to forget the session before making the request). 
Seems like unnecessary overhead.

If the function/page is in another controller, perhaps the heavy lifting could 
be moved to a shared module.

--

Re: [web2py] little css issue and french translation

2012-09-07 Thread Richard Vézina 
For sure I can help once in a wild, I am pretty busy... I can take it
paragraph by paragraph... :)

I will check how it works with Git.

Richard

On Thu, Sep 6, 2012 at 10:56 PM, Massimo Di Pierro <
massimo.dipie...@gmail.com> wrote:

> :-)
>
> merci'. Send me a patch when you can.
>
>
> On Thursday, 6 September 2012 21:20:44 UTC-5, Don_X wrote:
>>
>>
>> "propulsé par"  is definately the proper translation for powered by
>>
>> it is indeed nice to see french speaking folks here ... the french group
>> on the other hand has been inactive .. it seems since last year !
>>
>> There is the french translation for the latest version of the book in the
>> works ! ... do you guys want to pitch in 
>>
>> The related Git repo can be found here :
>>
>> https://github.com/**DonaldClermont/web2py-book/**
>> tree/master/sources/38-web2py-**french-translation-in-progress
>>
>> so far ... only the 00.markmin was completed ! ...  it would be nice if I
>> get a hand with this from the french speaking folks who loves web2py like I
>> do !
>>
>> just contact me if you guys want in on this ... on the side .. i am also
>> preparing a glossarium of the terms and expressions used in the book ...
>> that in itself is a nice challenge considering there are many terms and
>> expressions that have never really been properly translated elsewhere other
>> than in Quebec Canada. ( like at Ecole Polytechnique  and the Quebec Board
>> of the French Language )
>>
>> au plaisir
>>
>> Don
>>
>  --
>
>
>
>

--

Re: [web2py] Re: static blog

2012-09-07 Thread Martín Mulone 
I'm not sure if I understand, there no admin, you make post copying and
pasting new folder under "source_blog" in the app, and editing files using
your favorite editor like gedit, ultraedit, any ide, etc.

2012/9/7 Ovidio Marinho 

> You are missing an administrator, or is it just me?
>
>
>
>Ovidio Marinho Falcao Neto
> Web Developer
>  ovidio...@gmail.com
>   ovidiomari...@itjp.net.br
>  ITJP - itjp.net.br
>83   8826 9088 - Oi
>83   9334 0266 - Claro
> Brasil
>
>
>
>
> 2012/9/7 Martín Mulone 
>
>> Yes is based on the book app. I made some changes, in the index I made a
>> change that read "extract.markmin" because abstract in info.txt is to short
>> in lenght, but I have to render to a file like "chapters" because is to
>> slow to read it all the time to make an index of posts. Ok I'm going to
>> change this on markmin. Also is not need it for this porpouse to create a
>> subfolder, so I create "post-XXX.html" and for index pages "posts-X.html".
>> The blog is based on this.
>>
>>
>> 2012/9/7 Massimo Di Pierro 
>>
>>> +1
>>>
>>> I see you used some of the book code in the book. In particular you use
>>> MARKMIN the way it is done in the book using extra variables. That is ok
>>> and it is done for backward compatibility with old book sources which also
>>> need to processed in latex. If that is not important there is a batter way
>>> to use markmin:
>>>
>>>
>>> from gluon.contrib.autolinks import expand_one
>>> html = MARKMIN(page.body,url=True,environment={},
>>>  autolinks=lambda link: expand_one(link,{})).xml()
>>>
>>> Because url = True you will be able to use the @ notation to
>>> reference any URL in the app. The book code prevents that for backward
>>> compatibility.
>>>
>>> autolinks=lambda link: expand_one(link,{}) enables OMEBED which means if
>>> you do not have to markup links. Web2py will automatically embed, images
>>> video and other objects using the OEMBED protocol.
>>>
>>> Massimo
>>>
>>>
>>>
>>> On Friday, 7 September 2012 07:01:21 UTC-5, Martin.Mulone wrote:

 http://blog.martinmulone.com.**ar/post/996-static-blog-in-**web2py

 --
 http://martinmulone.com.ar

>>>  --
>>>
>>>
>>>
>>>
>>
>>
>>
>> --
>> http://martinmulone.com.ar
>>
>> --
>>
>>
>>
>>
>
>  --
>
>
>
>



-- 
http://martinmulone.com.ar

--

Re: [web2py] Re: static blog

2012-09-07 Thread Ovidio Marinho 
You are missing an administrator, or is it just me?



   Ovidio Marinho Falcao Neto
Web Developer
 ovidio...@gmail.com
  ovidiomari...@itjp.net.br
 ITJP - itjp.net.br
   83   8826 9088 - Oi
   83   9334 0266 - Claro
Brasil




2012/9/7 Martín Mulone 

> Yes is based on the book app. I made some changes, in the index I made a
> change that read "extract.markmin" because abstract in info.txt is to short
> in lenght, but I have to render to a file like "chapters" because is to
> slow to read it all the time to make an index of posts. Ok I'm going to
> change this on markmin. Also is not need it for this porpouse to create a
> subfolder, so I create "post-XXX.html" and for index pages "posts-X.html".
> The blog is based on this.
>
>
> 2012/9/7 Massimo Di Pierro 
>
>> +1
>>
>> I see you used some of the book code in the book. In particular you use
>> MARKMIN the way it is done in the book using extra variables. That is ok
>> and it is done for backward compatibility with old book sources which also
>> need to processed in latex. If that is not important there is a batter way
>> to use markmin:
>>
>>
>> from gluon.contrib.autolinks import expand_one
>> html = MARKMIN(page.body,url=True,environment={},
>>  autolinks=lambda link: expand_one(link,{})).xml()
>>
>> Because url = True you will be able to use the @ notation to
>> reference any URL in the app. The book code prevents that for backward
>> compatibility.
>>
>> autolinks=lambda link: expand_one(link,{}) enables OMEBED which means if
>> you do not have to markup links. Web2py will automatically embed, images
>> video and other objects using the OEMBED protocol.
>>
>> Massimo
>>
>>
>>
>> On Friday, 7 September 2012 07:01:21 UTC-5, Martin.Mulone wrote:
>>>
>>> http://blog.martinmulone.com.**ar/post/996-static-blog-in-**web2py
>>>
>>> --
>>> http://martinmulone.com.ar
>>>
>>  --
>>
>>
>>
>>
>
>
>
> --
> http://martinmulone.com.ar
>
> --
>
>
>
>

--

[web2py] Re: What is the proper way to use external cron with web2py?

2012-09-07 Thread Jose C 


> But I see web2py has some flags and I am not sure should I use them or 
> not. Does it matter?
>
>   -J, --cronjob identify cron-initiated command
>   -C, --crontrigger a cron run manually; usually invoked froma
> system crontab
>
> Do they change anything?
>
>
I don't use those flags, I suspect they are for the internal web2py cron 
process.



> Another question... My cron.txt is full of:
> web2py Web Framework
> Created by Massimo Di Pierro, Copyright 2007-2012
> Version 2.0.7 (2012-09-04 17:58:46) stable
> Database drivers available: SQLite(sqlite3), MySQL(pymysql), MySQL(MySQLdb
> ), PostgreSQL(pg8000), CouchDB(couchdb), IMAP(imaplib)
>
> I would like to remove this but if I run with -Q flag, then I can't see 
> script output and I cannot see the traceback if there is an exception.
>

Use the  --no-banner flag, removes that.  I also use the --no-gui flag for 
good measure when running from cron.

HTH,
JC

--

[web2py] Re: [OT] Ubuntu 12.10 will no longer ship with Python 2

2012-09-07 Thread Massimo Di Pierro 
I think this is a mistake but installing python 2.7 should be easy enough.

Massimo

On Friday, 7 September 2012 07:56:59 UTC-5, Luther Goh Lu Feng wrote:
>
> FYI: Ubuntu 12.10 Quantal Quetzal says bye bye to Python 2. Take note if 
> you run web2py and intend to use 12.10. I am not sure if there are ways to 
> get Python 2 installed though.
>
> "For 12.10, we intend to ship only Python 3 with the Ubuntu desktop image, 
> not Python 2. Beta-1 continues this process."
>
> https://wiki.ubuntu.com/QuantalQuetzal/TechnicalOverview/Beta1#Python_3.0

--

[web2py] [OT] Ubuntu 12.10 will no longer ship with Python 2

2012-09-07 Thread Luther Goh Lu Feng 
FYI: Ubuntu 12.10 Quantal Quetzal says bye bye to Python 2. Take note if 
you run web2py and intend to use 12.10. I am not sure if there are ways to 
get Python 2 installed though.

"For 12.10, we intend to ship only Python 3 with the Ubuntu desktop image, 
not Python 2. Beta-1 continues this process."

https://wiki.ubuntu.com/QuantalQuetzal/TechnicalOverview/Beta1#Python_3.0

--

Re: [web2py] Re: static blog

2012-09-07 Thread Martín Mulone 
Yes is based on the book app. I made some changes, in the index I made a
change that read "extract.markmin" because abstract in info.txt is to short
in lenght, but I have to render to a file like "chapters" because is to
slow to read it all the time to make an index of posts. Ok I'm going to
change this on markmin. Also is not need it for this porpouse to create a
subfolder, so I create "post-XXX.html" and for index pages "posts-X.html".
The blog is based on this.

2012/9/7 Massimo Di Pierro 

> +1
>
> I see you used some of the book code in the book. In particular you use
> MARKMIN the way it is done in the book using extra variables. That is ok
> and it is done for backward compatibility with old book sources which also
> need to processed in latex. If that is not important there is a batter way
> to use markmin:
>
>
> from gluon.contrib.autolinks import expand_one
> html = MARKMIN(page.body,url=True,environment={},
>  autolinks=lambda link: expand_one(link,{})).xml()
>
> Because url = True you will be able to use the @ notation to reference
> any URL in the app. The book code prevents that for backward compatibility.
>
> autolinks=lambda link: expand_one(link,{}) enables OMEBED which means if
> you do not have to markup links. Web2py will automatically embed, images
> video and other objects using the OEMBED protocol.
>
> Massimo
>
>
>
> On Friday, 7 September 2012 07:01:21 UTC-5, Martin.Mulone wrote:
>>
>> http://blog.martinmulone.com.**ar/post/996-static-blog-in-**web2py
>>
>> --
>> http://martinmulone.com.ar
>>
>  --
>
>
>
>



-- 
http://martinmulone.com.ar

--

[web2py] Re: conditional form submission

2012-09-07 Thread Massimo Di Pierro 
organization=db((db.organization.cocNumber==form.vars.cocNumber)&\

(db.organization.subdossierNumber==form.vars.subdossierNumber)).select()

should be'

organization=db((db.organization.cocNumber==form.vars.cocNumber)&\

(db.organization.subdossierNumber==form.vars.subdossierNumber)).select().first()

On Friday, 7 September 2012 07:07:04 UTC-5, Annet wrote:
>
> I have a function with an SQLFORM.factory() form, after submission I check 
> whether the database already contains an organization with the CoC number 
> in the form, when it does I set a response.flash telling the user the 
> database already contains that organization. Some organizations have 
> branches with the same CoC number but different names and addresses, I 
> would like the user to be able to enter these branches as well. I thought 
> maybe adding a check box to the form which the user can check if he wants 
> the form to be processed anyway would be the way to go. This is the form:
>
> form=SQLFORM.factory(db.node,db.organization,db.address)
> if form.process(keepvalues=True).accepted:
> organization=db((db.organization.cocNumber==form.vars.cocNumber)&\
> 
> (db.organization.subdossierNumber==form.vars.subdossierNumber)).select()
> if organization:
> response.flash=form.vars.name + ' is ab branch of' + 
> organization.name + ': '
> else:
> processForm(subclass,form)
> 
> elif form.errors:
> response.flash=responseFlash('formerror')
> elif not response.flash:
> response.flash=responseFlash('form')
> return dict(form=form)
>
> Any ideas?
>
>
> Kind regards,
>
> Annet
>

--

[web2py] Re: static blog

2012-09-07 Thread Massimo Di Pierro 
+1

I see you used some of the book code in the book. In particular you use 
MARKMIN the way it is done in the book using extra variables. That is ok 
and it is done for backward compatibility with old book sources which also 
need to processed in latex. If that is not important there is a batter way 
to use markmin:


from gluon.contrib.autolinks import expand_one
html = MARKMIN(page.body,url=True,environment={},
 autolinks=lambda link: expand_one(link,{})).xml()

Because url = True you will be able to use the @ notation to reference 
any URL in the app. The book code prevents that for backward compatibility.

autolinks=lambda link: expand_one(link,{}) enables OMEBED which means if 
you do not have to markup links. Web2py will automatically embed, images 
video and other objects using the OEMBED protocol.

Massimo



On Friday, 7 September 2012 07:01:21 UTC-5, Martin.Mulone wrote:
>
> http://blog.martinmulone.com.ar/post/996-static-blog-in-web2py
>
> -- 
> http://martinmulone.com.ar
>

--

[web2py] How to use sheduler when running web2py in apache + mod_wsgi scenario ?

2012-09-07 Thread David Marko 
How to use sheduler when running web2py in apache + mod_wsgi scenario ? Is 
it ok to run it as ussual I mean start it separately from apache-wsgi'  python 
web2py.py -K myapp:group1:group2,myotherapp:group1' ? No problem with this?

--

[web2py] conditional form submission

2012-09-07 Thread Annet 
I have a function with an SQLFORM.factory() form, after submission I check 
whether the database already contains an organization with the CoC number 
in the form, when it does I set a response.flash telling the user the 
database already contains that organization. Some organizations have 
branches with the same CoC number but different names and addresses, I 
would like the user to be able to enter these branches as well. I thought 
maybe adding a check box to the form which the user can check if he wants 
the form to be processed anyway would be the way to go. This is the form:

form=SQLFORM.factory(db.node,db.organization,db.address)
if form.process(keepvalues=True).accepted:
organization=db((db.organization.cocNumber==form.vars.cocNumber)&\

(db.organization.subdossierNumber==form.vars.subdossierNumber)).select()
if organization:
response.flash=form.vars.name + ' is ab branch of' + 
organization.name + ': '
else:
processForm(subclass,form)

elif form.errors:
response.flash=responseFlash('formerror')
elif not response.flash:
response.flash=responseFlash('form')
return dict(form=form)

Any ideas?


Kind regards,

Annet

--

[web2py] static blog

2012-09-07 Thread Martín Mulone 
http://blog.martinmulone.com.ar/post/996-static-blog-in-web2py

-- 
http://martinmulone.com.ar

--

Re: [web2py] redirect with method POST

2012-09-07 Thread Marin Pranjić 
You cannot send POST vars.
You can send GET vars.
You can store vars in session and then access them from another page (if
they are in the same app).
You can return a page with form and then submit that form with javascript
(document.form.submit())

Marin

On Fri, Sep 7, 2012 at 12:56 PM, Pradeeshnarayan
wrote:

> In my web2py application after a form submit, I want to redirect to
> another page with some POST variables. I couldn't find any option to set
> then method.
>
> My main idea is to avoid those values from users.
>
> I would greatly appreciate any suggestions.
>
>  --
>
>
>
>

--

Re: [web2py] Re: internal error crash with newest 2.0.6 and old 1.99.2

2012-09-07 Thread lucas 
On Friday, September 7, 2012 4:57:37 AM UTC-4, Michele Comitini wrote:
>
> lucas,
>
> OK. So there is no error at SQL level.  The problem is probably a closing 
> cursor that happens somewhere in the DAL, that is triggered by some 
> usage/environment peculiar to your application.
>
> Check the following just to be sure:
> 1) pooling connections.  Try to work with pooled connection and without 
> and see if anything changes.


 educate me a bit, how do i turn on/off pooling connections?  this is what 
i know for sure.  once a user gets the internal error/ticket with "db 
cursor has been closed", the only way to get that user logged in, is by 
having them clear all cookies and website data in their browser, and i 
clearing all sessions under the application's sessions folder, and then 
restarting the httpd service.  then the user can login, but also what is 
unusual, is the first time they log in after all those steps, it 
immediately returns them to the login page where they have to login again. 
 it is like the site lost the first login.  but then the second time it 
will go fine and they can proceed as normal.

2) explicit commits, rollbacks.
>

according to massimo, web2py handles all that internally so on the surface, 
we should not be doing much explicit commits and rollbacks. so i don't have 
those calls in my code.

3) access to  DBAPI cursor bypassing the DAL.
>

i would have to write a separate app to do that to bypass all my code in 
order to bread it down to more basic SQL statements.  i think.
 

> 4) check if psycopg2 is recent and compiled againsts libpq-9.1
>

that is good point.  in fact, how do i know if web2py is using pg8000 or 
psycopg2?  in fact both are on my machine.  i think there is a syntax in 
the DAL for specifying which one.  perhaps i should use one over the other. 

Also what kind of server configuration you have? rocket, apache+wsgi or ...
>

apache+wsgi on a centos 6.3 server, old single core compaq at the moment.
 

> Does the error happen on a multicore machine and there are concurrent 
> requests?  See the pooling item above..
>
> What we really need is a simplified version of your code that shows  the 
> same error. 
>

yes, i agree and i have backing off/commenting a lot of code to isolate the 
problem.  but still baffled. 


> mic
>

--

[web2py] redirect with method POST

2012-09-07 Thread Pradeeshnarayan 
In my web2py application after a form submit, I want to redirect to another 
page with some POST variables. I couldn't find any option to set then 
method.

My main idea is to avoid those values from users. 

I would greatly appreciate any suggestions.

--

[web2py] What is the proper way to use external cron with web2py?

2012-09-07 Thread Marin Pranjić 
I want to run a script once a day. I need to execute models.

I tried with:

0 0 * * * python /path/to/web2py.py -S app -M -N -R applications/app/private
/cron_test.py >> cron.txt 2>&1


And this *works*.

But I see web2py has some flags and I am not sure should I use them or not. 
Does it matter?

  -J, --cronjob identify cron-initiated command
  -C, --crontrigger a cron run manually; usually invoked from a
system crontab

Do they change anything?


Another question... My cron.txt is full of:
web2py Web Framework
Created by Massimo Di Pierro, Copyright 2007-2012
Version 2.0.7 (2012-09-04 17:58:46) stable
Database drivers available: SQLite(sqlite3), MySQL(pymysql), MySQL(MySQLdb), 
PostgreSQL(pg8000), CouchDB(couchdb), IMAP(imaplib)

I would like to remove this but if I run with -Q flag, then I can't see 
script output and I cannot see the traceback if there is an exception.

Any suggestions?

--

[web2py] New webapp www.DocMator.com uses web2py , need help with login

2012-09-07 Thread Akash Kakkar 
Hi All,

I have recently launched a web application DocMator , 
*I would appreciate your Feedback on the application usefulness, usability 
and suggestions for improvements and enhancements (http://www.docmator.com )
*

This application uses web2py framework. Users can login using facebook, 
twitter, google and can also register with the site to login.

The facebook, twitter & google logins do not work as expected. I am using  
web2py_multiauth. 

by *Christian Foster Howes *
This is an excellent slice and helps you use facebook, twitter and google 
logins with using Janrain (janrain is paid if the number of users are 
greater than 2500)

I tried implementing multiauth, I am having a few issues.

1) Facebook and Twitter logins do not work
2) Google works fine but does not go to the post login page 
www.docmator.com/docmatorx/default/index and I need to click google icon on 
login page to be redirected to index page.

I am attaching the auth_ext file for your reference. This is the only file 
that needs configuration settings for the web2py slice multiauth to work.

The login implementation is available on www.docmator.com, I request you to 
help me with the problem.

I am using web2py 1.99.7

It would be great if you can provide me with a* feedback* to improve 
DocMator further.

Thanks,
Akash Kakkar
Developer Founder CEO
DocMator

www.docmator.com

-- 



#
# $Date: 2010-04-29 12:30:50 -0700 (Thu, 29 Apr 2010) $
# $Rev: 1214 $
# $Author: cfhowes $
# $URL: http://24.239.32.45:9090/svn/trunk/src/tenthrow/opt/web2py/applications/tenthrow/controllers/auth_ext.py $
#


def twitter():
"""
Login/auth integration with twitter.  Makes use of the OAuth login provided
by the module.

As part of the login steps, if the user has not logged in using this twitter
account before they will be directed to twitemail() to provide an email
address for the account being created.

if there is already a logged in user, this will allow that user to associate
a twitter account with their current account.
"""
if auth.is_logged_in() and auth.user.twitter_id:
redirect(URL(r=request, c='default', f='index'))
from applications.docmatorx.modules.twitter_account import TwitterAuth
#@TODO: put these keys elsewhere
key = ''
secret = ''
auth.settings.login_form=TwitterAuth(request, response,
 **{
'twitter_consumer_key':key,
'twitter_consumer_secret':secret,
'denied':URL(r=request, f='denied'),
'globals':globals()})

return auth.login(next=URL(r=request, c='default', f='index'))

def twitemail():
"""
If this is the first time the twitter user has logged in with us, get an
email address from them.  This needs to be a new email address not already in
they system.  To add a twitter account to an existing account, the user must
login with that account first, then add twitter to it (link on the account
page)
"""
if auth.is_logged_in():
session.twitterauth_user['email'] = auth.user.email
return twitter()

user = db((db.auth_user.twitter_id==session.twitterauth_user['twitter_id']) &
  (db.auth_user.email!=None)).select().first()
if user:
session.twitterauth_user['email'] = user.email
return twitter()

form = SQLFORM.factory(
Field('email', requires=[IS_EMAIL(error_message="Please enter a valid email address."),
 IS_NOT_IN_DB(db, 'auth_user.email')]),
_name="emailaddyform",
_onsubmit="return submitTwitEmail();"
)

if form.accepts(request.vars, session, formname="twitemail"):
session.twitterauth_user['email'] = form.vars.email
return twitter()
return dict(form=form)

def facebook():
"""
Integrate with the facebook graph API to complete user authentication and
account creation
"""
import facebook
#@TODO: put these somewhere global
facebook_appid = ''
facebook_secret = ''
fb_user = facebook.get_user_from_cookie(request.cookies, facebook_appid, facebook_secret)
if fb_user:
graph = facebook.GraphAPI(fb_user["access_token"])
profile = graph.get_object("me")

if profile.setdefault('email', None):
#do login
profile['facebook_id'] = str(fb_user['uid'])
keys = dict([(str(k), v) for (k, v) in profile.items()])
session.fbauth_user = keys
from applications.docmatorx.modules.facebook_account import FacebookAuth
auth.settings.login_form=FacebookAuth(session)
return auth.login(next=URL(r=request, c='default', f='index'))
else:
return "we need your email damint"
#@TODO: ret

[web2py] Re: PythonAnywhere, upgrading to latest Web2Py?

2012-09-07 Thread Nico Zanferrari 
Hello Hansel!

You can also easily fix the upgrade script as described 
here and 
let existing users decide directly from the administrative interface!
In this way the upgrade to 2.0.8 seems to work fine, except for a ticket 
error at the end of the upgrade that hangs the application until you reload 
the web app. And a silly "Running on %s" on the administrative interface 
itself under the version number.

Thank you for the great work,
Nico

--

Re: [web2py] Re: internal error crash with newest 2.0.6 and old 1.99.2

2012-09-07 Thread Michele Comitini 
lucas,

OK. So there is no error at SQL level.  The problem is probably a closing
cursor that happens somewhere in the DAL, that is triggered by some
usage/environment peculiar to your application.

Check the following just to be sure:
1) pooling connections.  Try to work with pooled connection and without and
see if anything changes.
2) explicit commits, rollbacks.
3) access to  DBAPI cursor bypassing the DAL.
4) check if psycopg2 is recent and compiled againsts libpq-9.1


Also what kind of server configuration you have? rocket, apache+wsgi or ...
Does the error happen on a multicore machine and there are concurrent
requests?  See the pooling item above..

What we really need is a simplified version of your code that shows  the
same error.

mic


2012/9/7 lucas 

> ok, so i turned on debug5 in the postgres.conf file and restarted it.
>> gives lots of entries.  i then waited for that type ticket to arise again,
>> it did, and traced to logs to that date/time stamp.  the entries are
>> below.  i really can't see anything unusual except to say that it is
>> occuring at login.  i don't know exactly what kind of error postgres might
>> give, but it looks like it commits and tidies up after the queries just
>> fine.  not really seeing any problem there and it only confirms that web2py
>> is bugging during the login.  lucas.
>>
> 2012-09-06 19:51:07 EDT: [unknown]LOG:  connection received:
> host=127.0.0.1 port=50185
> 2012-09-06 19:51:07 EDT: [unknown]DEBUG:  postmaster child[27375]:
> starting with (
> 2012-09-06 19:51:07 EDT: [unknown]DEBUG:  postgres
> 2012-09-06 19:51:07 EDT: [unknown]DEBUG:  weinstruct
> 2012-09-06 19:51:07 EDT: [unknown]DEBUG:  )
> 2012-09-06 19:51:07 EDT: [unknown]DEBUG:  InitPostgres
> 2012-09-06 19:51:07 EDT: [unknown]DEBUG:  my backend ID is 2
> 2012-09-06 19:51:07 EDT: [unknown]DEBUG:  StartTransaction
> 2012-09-06 19:51:07 EDT: [unknown]DEBUG:  name: unnamed; blockState:
> DEFAULT; state: INPROGR, xid/subid/cid: 0/1/0, nestlvl: 1, children:
> 2012-09-06 19:51:07 EDT: [unknown]DEBUG:  received password packet
> 2012-09-06 19:51:07 EDT: [unknown]LOG:  connection authorized:
> user=postgres database=weinstruct
> 2012-09-06 19:51:07 EDT: [unknown]DEBUG:  CommitTransaction
> 2012-09-06 19:51:07 EDT: [unknown]DEBUG:  name: unnamed; blockState:
> STARTED; state: INPROGR, xid/subid/cid: 0/1/0, nestlvl: 1, children:
> 2012-09-06 19:51:07 EDT: [unknown]DEBUG:  StartTransactionCommand
> 2012-09-06 19:51:07 EDT: [unknown]STATEMENT:  BEGIN
> 2012-09-06 19:51:07 EDT: [unknown]DEBUG:  StartTransaction
> 2012-09-06 19:51:07 EDT: [unknown]STATEMENT:  BEGIN
> 2012-09-06 19:51:07 EDT: [unknown]DEBUG:  name: unnamed; blockState:
> DEFAULT; state: INPROGR, xid/subid/cid: 0/1/0, nestlvl: 1, children:
> 2012-09-06 19:51:07 EDT: [unknown]STATEMENT:  BEGIN
> 2012-09-06 19:51:07 EDT: [unknown]DEBUG:  ProcessUtility
> 2012-09-06 19:51:07 EDT: [unknown]STATEMENT:  BEGIN
> 2012-09-06 19:51:07 EDT: [unknown]DEBUG:  CommitTransactionCommand
> 2012-09-06 19:51:07 EDT: [unknown]STATEMENT:  BEGIN
> 2012-09-06 19:51:07 EDT: [unknown]DEBUG:  StartTransactionCommand
> 2012-09-06 19:51:07 EDT: [unknown]STATEMENT:  SET
> standard_conforming_strings=on;
> 2012-09-06 19:51:07 EDT: [unknown]DEBUG:  ProcessUtility
> 2012-09-06 19:51:07 EDT: [unknown]STATEMENT:  SET
> standard_conforming_strings=on;
> 2012-09-06 19:51:07 EDT: [unknown]DEBUG:  CommitTransactionCommand
> 2012-09-06 19:51:07 EDT: [unknown]STATEMENT:  SET
> standard_conforming_strings=on;
> 2012-09-06 19:51:08 EDT: [unknown]DEBUG:  StartTransactionCommand
> 2012-09-06 19:51:08 EDT: [unknown]STATEMENT:  SELECT  auth_user.id,
> auth_user.prefix_title, auth_user.first_name, auth_user.last_name,
> auth_user.nick_name, auth_user.city_state, auth_user.zip, auth_user.gender,
> auth_user.age, auth_user.birthdate,
> auth_user.name_of_college_or_university, auth_user.school_id,
> auth_user.degree_seeking, auth_user.email, auth_user.password,
> auth_user.registration_key, auth_user.reset_password_key,
> auth_user.registration_id, auth_user.professor,
> auth_user.create_lecture_request, auth_user.create_lecture_agreement,
> auth_user.create_lecture_foldername, auth_user.input_date FROM auth_user
> WHERE (auth_user.email = 'dykab...@yahoo.com');
> 2012-09-06 19:51:08 EDT: [unknown]DEBUG:  CommitTransactionCommand
> 2012-09-06 19:51:08 EDT: [unknown]STATEMENT:  SELECT  auth_user.id,
> auth_user.prefix_title, auth_user.first_name, auth_user.last_name,
> auth_user.nick_name, auth_user.city_state, auth_user.zip, auth_user.gender,
> auth_user.age, auth_user.birthdate,
> auth_user.name_of_college_or_university, auth_user.school_id,
> auth_user.degree_seeking, auth_user.email, auth_user.password,
> auth_user.registration_key, auth_user.reset_password_key,
> auth_user.registration_id, auth_user.professor,
> auth_user.create_lecture_request, auth_user.create_lecture_agreement,
> auth_user.create_lecture_foldername, auth_user.input_date FROM auth_user
> WHERE (auth_user.email