[web2py] json parsing and db insert problem
Hello OK can smbd. explains this S4!#T to me. I am sending json string from my view to controller. in request.vars['value'] there is a string /dict and for easier handling I want to convert it to a dict. Now this code works. def saveAsFormData(): import json #data = simplejson.loads(request.vars.value) #print data #datumDo = data[dateTo] #datumOd = data[dateFrom] data = request.vars['value'] name = request.vars['name'] data_dict = json.loads(data) datumOd = data_dict[dateFrom] datumDo = data_dict[dateTo] schedule = {} schedule['from'] = '1970-01-01' schedule['to'] = '1970-01-01' return id = db.script.insert(sc_name = name, sc_user = auth.user_id, sc_organization = auth.user.organization, sc_cal_start = datumOd,\ sc_cal_end = datumDo, sc_status = 1, sc_modified = 'now') return_data = { 'type': 1, 'msg': 'aaa', 'id': id } print New script inserted into db return dict(return_data) this code def saveAsFormData(): import json #data = simplejson.loads(request.vars.value) #print data #datumDo = data[dateTo] #datumOd = data[dateFrom] data = request.vars['value'] name = request.vars['name'] data_dict = json.loads(data) datumOd = data_dict[dateFrom] datumDo = data_dict[dateTo] schedule = {} schedule['from'] = '1970-01-01' schedule['to'] = '1970-01-01' id = db.script.insert(sc_name = name, sc_user = auth.user_id, sc_organization = auth.user.organization, sc_cal_start = datumOd,\ sc_cal_end = datumDo, sc_status = 1, sc_modified = 'now') return_data = { 'type': 1, 'msg': 'aaa', 'id': id } print New script inserted into db return dict(return_data) return an error type 'exceptions.TypeError' expected string or buffer in line data_dict = json.loads(data) WHY?? why does insert or smth crashes it on line before it is executed??? -- Resources: - http://web2py.com - http://web2py.com/book (Documentation) - http://github.com/web2py/web2py (Source code) - https://code.google.com/p/web2py/issues/list (Report Issues) --- You received this message because you are subscribed to the Google Groups web2py-users group. To unsubscribe from this group and stop receiving emails from it, send an email to web2py+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[web2py] Re: The scheduler eats Windows .... (lol)
that's probably why then. in that configuration killing the master process leaves zombies behind,. On Thursday, July 24, 2014 6:37:29 PM UTC+2, Tim Richardson wrote: I used nssm and added four instances of the appname to the command line to create multiple workers. -- Resources: - http://web2py.com - http://web2py.com/book (Documentation) - http://github.com/web2py/web2py (Source code) - https://code.google.com/p/web2py/issues/list (Report Issues) --- You received this message because you are subscribed to the Google Groups web2py-users group. To unsubscribe from this group and stop receiving emails from it, send an email to web2py+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [web2py] json parsing and db insert problem
Il 25/07/14 09:22, Yebach ha scritto: type 'exceptions.TypeError' expected string or buffer in line data_dict = json.loads(data) WHY?? why does insert or smth crashes it on line before it is executed??? can you paste a print of your data variable value just before the code crashes? M. -- Resources: - http://web2py.com - http://web2py.com/book (Documentation) - http://github.com/web2py/web2py (Source code) - https://code.google.com/p/web2py/issues/list (Report Issues) --- You received this message because you are subscribed to the Google Groups web2py-users group. To unsubscribe from this group and stop receiving emails from it, send an email to web2py+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [web2py] json parsing and db insert problem
Found the problem The error was the second call for json object when I got an error in console, so I went to check the error folder in app. Looks like I have a date parse problems. 2014-07-25 10:08 GMT+02:00 Manuele Pesenti manuele.pese...@gmail.com: Il 25/07/14 09:22, Yebach ha scritto: type 'exceptions.TypeError' expected string or buffer in line data_dict = json.loads(data) WHY?? why does insert or smth crashes it on line before it is executed??? can you paste a print of your data variable value just before the code crashes? M. -- Resources: - http://web2py.com - http://web2py.com/book (Documentation) - http://github.com/web2py/web2py (Source code) - https://code.google.com/p/web2py/issues/list (Report Issues) --- You received this message because you are subscribed to a topic in the Google Groups web2py-users group. To unsubscribe from this topic, visit https://groups.google.com/d/topic/web2py/b7-CaacVqMI/unsubscribe. To unsubscribe from this group and all its topics, send an email to web2py+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout. -- Lep pozdrav Vid Ogris -- Resources: - http://web2py.com - http://web2py.com/book (Documentation) - http://github.com/web2py/web2py (Source code) - https://code.google.com/p/web2py/issues/list (Report Issues) --- You received this message because you are subscribed to the Google Groups web2py-users group. To unsubscribe from this group and stop receiving emails from it, send an email to web2py+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[web2py] Password fields fine tuning
I'm trying to improve user exprerience on my website and I noticed a rather annoying behavior on password fields : If I type a password longer than 8 characters and somehow my form fails (some other field didn't validate), my password gets replaced by in request.vars.password. For example : I try to login and misstype my username -- login form fails. I correct the mistake in the username and press the submit button again -- login still fails, because the password got replaced by '*' under the hood. Another example: I try to register and type my password but mistyped my password verification (password_two) -- register form fails. I focus the password_two field and retype my password -- register still fails because the original password field got replaced... This behavior is extremely frustrating for users as they can't print request.vars.password like a developper would. All they see is obfuscated passwords. I cannot have this on my commercial website. Is there any way to fix this ? -- Resources: - http://web2py.com - http://web2py.com/book (Documentation) - http://github.com/web2py/web2py (Source code) - https://code.google.com/p/web2py/issues/list (Report Issues) --- You received this message because you are subscribed to the Google Groups web2py-users group. To unsubscribe from this group and stop receiving emails from it, send an email to web2py+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[web2py] Re: Can not import copy_reg
nginx will need a VPS so i'll stick to CGI for prototyping and buy some time for a new hosting service. In the book an option for Some web hosting services do not support mod_wsgi. In this case, we must use Apache as a proxy and forward all incoming requests to the web2py built-in web server (running for example on localhost:8000). I'll try this first. On Thursday, July 24, 2014 9:15:12 PM UTC+2, Richard wrote: I am hosted at JustHost, who has the option on installing Nginx. I'll try that for a better infrastructure. On Thursday, July 24, 2014 9:21:24 AM UTC+2, Massimo Di Pierro wrote: I agree with you that Apache is not a good solution any more. Nginx for example is a much better solution. Nevertheless some people may not have a choice. On Wednesday, 23 July 2014 14:45:45 UTC-5, Niphlod wrote: I seem to be the only advocate for ditching apache always and before anything else (especially before going into production, where a not-so-well-tuned apache (most-likely you're using everybody's else defaults) still suffers a Slowloris attack). Those kind of headaches are non-existent with other solutions (often more performant without particular tuning). Check with a simple google search for mod_wsgi recompile to see how many people have been in your situation (mismatch between what mod_wsgi has been originally compiled vs the current running python version) and their solutions for various distributions. It's a pretty well documented issue with a large number of cases. On Wednesday, July 23, 2014 1:07:38 PM UTC+2, Richard wrote: The issue does not occur on my local development machine. I did an upgrade on the remote host where the issue occurs using the web2py update feature. Then I upgraded from Python 2.6 to 2.7.8. All apps works fine but not the one where I add features to auth. How should resolve this in a manner that I have a solid basis for production? We are in a pre-production phase. On Wednesday, July 23, 2014 12:30:11 PM UTC+2, Niphlod wrote: I'd vote for the usual issue with apache and mod_wsgi not compiled against the latest interpreter On Wednesday, July 23, 2014 11:40:14 AM UTC+2, Richard wrote: Massimo, importing copy_reg from the console works fine :) Richard On Wednesday, July 23, 2014 11:20:06 AM UTC+2, Massimo Di Pierro wrote: I understand but can you open a web2py shell. from the console type: $ cd web2py $ python web2py.py -S welcome -P import copy_reg On Wednesday, 23 July 2014 04:03:48 UTC-5, Richard wrote: When I add the import copy_reg in db.py I get the error: type 'exceptions.ImportError' No module named copy_reg In the python/Python-2.7.8/Lib directory are 3 copy_reg files: - copy_reg.py - copy_reg.pyc - copy_reg.pyo Maybe of any relevance: I run a shared Apache server with the following first line in cgihandler.py : #!/home4/mamplcom/python/Python-2.7.8/python On Tuesday, July 22, 2014 1:21:36 PM UTC+2, Massimo Di Pierro wrote: Copy reg is a python module. Can you import it from the normal python shell? On Tuesday, 22 July 2014 06:05:06 UTC-5, Richard wrote: Hi, I have an issue with adjusting the auth tables resulting in a custom import and an error that copy_reg can not be imported. The error trace is: Traceback (most recent call last): File /home4/mamplcom/public_html/cgi-bin/gluon/restricted.py, line 220, in restricted exec ccode in environment File /home4/mamplcom/public_html/cgi-bin/applications/im/models/db.py https://www.mampl.com/admin/default/edit/im/models/db.py, line 74, in module auth.define_tables(username=False, signature=False) File /home4/mamplcom/public_html/cgi-bin/gluon/tools.py, line 1784, in define_tables format='%(first_name)s %(last_name)s (%(id)s)')) File /home4/mamplcom/public_html/cgi-bin/gluon/dal.py, line 8226, in define_table table = self.lazy_define_table(tablename,*fields,**args) File /home4/mamplcom/public_html/cgi-bin/gluon/dal.py, line 8263, in lazy_define_table polymodel=polymodel) File /home4/mamplcom/public_html/cgi-bin/gluon/dal.py, line 1125, in create_table sql_fields_old = pickle.load(tfile) File /home4/mamplcom/public_html/cgi-bin/gluon/custom_import.py, line 92, in custom_importer return base_importer(pname, globals, locals, fromlist, level) ImportError: No module named copy_reg I can import copy_reg from the python prompt and adding the import copy reg from Dal.py (suggested in a thread by Massimo) has no effect. I use Python 2.7.8. Any clu would be helpfull. Richard -- Resources: - http://web2py.com - http://web2py.com/book (Documentation) - http://github.com/web2py/web2py (Source code) - https://code.google.com/p/web2py/issues/list (Report Issues) --- You received this message because you are subscribed to the Google Groups web2py-users group. To unsubscribe from this group and stop receiving emails from it, send an email
[web2py] Re: Password fields fine tuning
so you really want the webpage to return the actual password instead of asterisks ? it's a big security risk, no matter what user experience says. On Friday, July 25, 2014 10:53:40 AM UTC+2, Louis Amon wrote: I'm trying to improve user exprerience on my website and I noticed a rather annoying behavior on password fields : If I type a password longer than 8 characters and somehow my form fails (some other field didn't validate), my password gets replaced by in request.vars.password. For example : I try to login and misstype my username -- login form fails. I correct the mistake in the username and press the submit button again -- login still fails, because the password got replaced by '*' under the hood. Another example: I try to register and type my password but mistyped my password verification (password_two) -- register form fails. I focus the password_two field and retype my password -- register still fails because the original password field got replaced... This behavior is extremely frustrating for users as they can't print request.vars.password like a developper would. All they see is obfuscated passwords. I cannot have this on my commercial website. Is there any way to fix this ? -- Resources: - http://web2py.com - http://web2py.com/book (Documentation) - http://github.com/web2py/web2py (Source code) - https://code.google.com/p/web2py/issues/list (Report Issues) --- You received this message because you are subscribed to the Google Groups web2py-users group. To unsubscribe from this group and stop receiving emails from it, send an email to web2py+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [web2py] Password fields fine tuning
I don't see much of a security threat here. What's the worst-case scenario ? If you take a look at airbnb.com, their registration form keeps your typed password even if you fail validation on other fields. If a website that big can do it then surely my small website will pull though, don't you think ? Le 25 juil. 2014 à 14:47, Niphlod niph...@gmail.com a écrit : so you really want the webpage to return the actual password instead of asterisks ? it's a big security risk, no matter what user experience says. On Friday, July 25, 2014 10:53:40 AM UTC+2, Louis Amon wrote: I'm trying to improve user exprerience on my website and I noticed a rather annoying behavior on password fields : If I type a password longer than 8 characters and somehow my form fails (some other field didn't validate), my password gets replaced by in request.vars.password. For example : I try to login and misstype my username -- login form fails. I correct the mistake in the username and press the submit button again -- login still fails, because the password got replaced by '*' under the hood. Another example: I try to register and type my password but mistyped my password verification (password_two) -- register form fails. I focus the password_two field and retype my password -- register still fails because the original password field got replaced... This behavior is extremely frustrating for users as they can't print request.vars.password like a developper would. All they see is obfuscated passwords. I cannot have this on my commercial website. Is there any way to fix this ? -- Resources: - http://web2py.com - http://web2py.com/book (Documentation) - http://github.com/web2py/web2py (Source code) - https://code.google.com/p/web2py/issues/list (Report Issues) --- You received this message because you are subscribed to a topic in the Google Groups web2py-users group. To unsubscribe from this topic, visit https://groups.google.com/d/topic/web2py/T1vfDXDgsmE/unsubscribe. To unsubscribe from this group and all its topics, send an email to web2py+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout. -- Resources: - http://web2py.com - http://web2py.com/book (Documentation) - http://github.com/web2py/web2py (Source code) - https://code.google.com/p/web2py/issues/list (Report Issues) --- You received this message because you are subscribed to the Google Groups web2py-users group. To unsubscribe from this group and stop receiving emails from it, send an email to web2py+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [web2py] Password fields fine tuning
A simple google search will yield people complaining about their host accounts getting hacked on airbnb. Just because someone or something large 'does it that way' doesn't mean it's a best practice! On Friday, July 25, 2014 9:08:00 AM UTC-4, Louis Amon wrote: I don’t see much of a security threat here. What’s the worst-case scenario ? If you take a look at airbnb.com http://www.airbnb.com, their registration form keeps your typed password even if you fail validation on other fields. If a website that big can do it then surely my small website will pull though, don’t you think ? Le 25 juil. 2014 à 14:47, Niphlod nip...@gmail.com javascript: a écrit : so you really want the webpage to return the actual password instead of asterisks ? it's a big security risk, no matter what user experience says. On Friday, July 25, 2014 10:53:40 AM UTC+2, Louis Amon wrote: I'm trying to improve user exprerience on my website and I noticed a rather annoying behavior on password fields : If I type a password longer than 8 characters and somehow my form fails (some other field didn't validate), my password gets replaced by in request.vars.password. For example : I try to login and misstype my username -- login form fails. I correct the mistake in the username and press the submit button again -- login still fails, because the password got replaced by '*' under the hood. Another example: I try to register and type my password but mistyped my password verification (password_two) -- register form fails. I focus the password_two field and retype my password -- register still fails because the original password field got replaced... This behavior is extremely frustrating for users as they can't print request.vars.password like a developper would. All they see is obfuscated passwords. I cannot have this on my commercial website. Is there any way to fix this ? -- Resources: - http://web2py.com - http://web2py.com/book (Documentation) - http://github.com/web2py/web2py (Source code) - https://code.google.com/p/web2py/issues/list (Report Issues) --- You received this message because you are subscribed to a topic in the Google Groups web2py-users group. To unsubscribe from this topic, visit https://groups.google.com/d/topic/web2py/T1vfDXDgsmE/unsubscribe. To unsubscribe from this group and all its topics, send an email to web2py+un...@googlegroups.com javascript:. For more options, visit https://groups.google.com/d/optout. -- Resources: - http://web2py.com - http://web2py.com/book (Documentation) - http://github.com/web2py/web2py (Source code) - https://code.google.com/p/web2py/issues/list (Report Issues) --- You received this message because you are subscribed to the Google Groups web2py-users group. To unsubscribe from this group and stop receiving emails from it, send an email to web2py+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [web2py] Password fields fine tuning
We're all developers here so I couldn't agree more. Still, I'm running a commercial website so I'm a slave to what my users want. As far as my customers are concerned, security comes second after ease of use... Anyway, you have to admit that the examples I gave in the first post are misleading in terms of user experience, right ? Isn't there a way to improve it without compromising security too much ? I can see one : erasing input fields after each validation failure (blank fields are less misleading). Do you see other ? Le 25 juil. 2014 à 15:19, Willoughby neil.erik...@gmail.com a écrit : A simple google search will yield people complaining about their host accounts getting hacked on airbnb. Just because someone or something large 'does it that way' doesn't mean it's a best practice! On Friday, July 25, 2014 9:08:00 AM UTC-4, Louis Amon wrote: I don't see much of a security threat here. What's the worst-case scenario ? If you take a look at airbnb.com, their registration form keeps your typed password even if you fail validation on other fields. If a website that big can do it then surely my small website will pull though, don't you think ? Le 25 juil. 2014 à 14:47, Niphlod nip...@gmail.com a écrit : so you really want the webpage to return the actual password instead of asterisks ? it's a big security risk, no matter what user experience says. On Friday, July 25, 2014 10:53:40 AM UTC+2, Louis Amon wrote: I'm trying to improve user exprerience on my website and I noticed a rather annoying behavior on password fields : If I type a password longer than 8 characters and somehow my form fails (some other field didn't validate), my password gets replaced by in request.vars.password. For example : I try to login and misstype my username -- login form fails. I correct the mistake in the username and press the submit button again -- login still fails, because the password got replaced by '*' under the hood. Another example: I try to register and type my password but mistyped my password verification (password_two) -- register form fails. I focus the password_two field and retype my password -- register still fails because the original password field got replaced... This behavior is extremely frustrating for users as they can't print request.vars.password like a developper would. All they see is obfuscated passwords. I cannot have this on my commercial website. Is there any way to fix this ? -- Resources: - http://web2py.com - http://web2py.com/book (Documentation) - http://github.com/web2py/web2py (Source code) - https://code.google.com/p/web2py/issues/list (Report Issues) --- You received this message because you are subscribed to a topic in the Google Groups web2py-users group. To unsubscribe from this topic, visit https://groups.google.com/d/topic/web2py/T1vfDXDgsmE/unsubscribe. To unsubscribe from this group and all its topics, send an email to web2py+un...@googlegroups.com. For more options, visit https://groups.google.com/d/optout. -- Resources: - http://web2py.com - http://web2py.com/book (Documentation) - http://github.com/web2py/web2py (Source code) - https://code.google.com/p/web2py/issues/list (Report Issues) --- You received this message because you are subscribed to a topic in the Google Groups web2py-users group. To unsubscribe from this topic, visit https://groups.google.com/d/topic/web2py/T1vfDXDgsmE/unsubscribe. To unsubscribe from this group and all its topics, send an email to web2py+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout. -- Resources: - http://web2py.com - http://web2py.com/book (Documentation) - http://github.com/web2py/web2py (Source code) - https://code.google.com/p/web2py/issues/list (Report Issues) --- You received this message because you are subscribed to the Google Groups web2py-users group. To unsubscribe from this group and stop receiving emails from it, send an email to web2py+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[web2py] Re: Help me stop bashing me head on keyboard...
On Thursday, July 24, 2014 9:55:10 PM UTC-4, Jesse Ferguson wrote: Oh and the conditional problem is that I would like to populate items, Like if you chose a city that's in the database it would auto populate the state input because the city table has a reference to the state.. See http://stackoverflow.com/questions/8146260/best-practice-for-populating-dropdown-based-on-other-dropdown-selection-in-web2p/8152910#8152910. -- Resources: - http://web2py.com - http://web2py.com/book (Documentation) - http://github.com/web2py/web2py (Source code) - https://code.google.com/p/web2py/issues/list (Report Issues) --- You received this message because you are subscribed to the Google Groups web2py-users group. To unsubscribe from this group and stop receiving emails from it, send an email to web2py+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [web2py] Password fields fine tuning
*I can see one : erasing input fields after each validation failure (blank fields are less misleading). Do you see other ?* That's the one I've always understood to be the most secure - blank all the fields and don't indicate which field failed. On Friday, July 25, 2014 9:32:03 AM UTC-4, Louis Amon wrote: We’re all developers here so I couldn’t agree more. Still, I’m running a commercial website so I’m a slave to what my users want. As far as my customers are concerned, security comes second after ease of use… Anyway, you have to admit that the examples I gave in the first post are misleading in terms of user experience, right ? Isn’t there a way to improve it without compromising security too much ? I can see one : erasing input fields after each validation failure (blank fields are less misleading). Do you see other ? Le 25 juil. 2014 à 15:19, Willoughby neil.e...@gmail.com javascript: a écrit : A simple google search will yield people complaining about their host accounts getting hacked on airbnb. Just because someone or something large 'does it that way' doesn't mean it's a best practice! On Friday, July 25, 2014 9:08:00 AM UTC-4, Louis Amon wrote: I don’t see much of a security threat here. What’s the worst-case scenario ? If you take a look at airbnb.com http://www.airbnb.com/, their registration form keeps your typed password even if you fail validation on other fields. If a website that big can do it then surely my small website will pull though, don’t you think ? Le 25 juil. 2014 à 14:47, Niphlod nip...@gmail.com a écrit : so you really want the webpage to return the actual password instead of asterisks ? it's a big security risk, no matter what user experience says. On Friday, July 25, 2014 10:53:40 AM UTC+2, Louis Amon wrote: I'm trying to improve user exprerience on my website and I noticed a rather annoying behavior on password fields : If I type a password longer than 8 characters and somehow my form fails (some other field didn't validate), my password gets replaced by in request.vars.password. For example : I try to login and misstype my username -- login form fails. I correct the mistake in the username and press the submit button again -- login still fails, because the password got replaced by '*' under the hood. Another example: I try to register and type my password but mistyped my password verification (password_two) -- register form fails. I focus the password_two field and retype my password -- register still fails because the original password field got replaced... This behavior is extremely frustrating for users as they can't print request.vars.password like a developper would. All they see is obfuscated passwords. I cannot have this on my commercial website. Is there any way to fix this ? -- Resources: - http://web2py.com - http://web2py.com/book (Documentation) - http://github.com/web2py/web2py (Source code) - https://code.google.com/p/web2py/issues/list (Report Issues) --- You received this message because you are subscribed to a topic in the Google Groups web2py-users group. To unsubscribe from this topic, visit https://groups.google.com/d/topic/web2py/T1vfDXDgsmE/unsubscribe. To unsubscribe from this group and all its topics, send an email to web2py+un...@googlegroups.com. For more options, visit https://groups.google.com/d/optout. -- Resources: - http://web2py.com - http://web2py.com/book (Documentation) - http://github.com/web2py/web2py (Source code) - https://code.google.com/p/web2py/issues/list (Report Issues) --- You received this message because you are subscribed to a topic in the Google Groups web2py-users group. To unsubscribe from this topic, visit https://groups.google.com/d/topic/web2py/T1vfDXDgsmE/unsubscribe. To unsubscribe from this group and all its topics, send an email to web2py+un...@googlegroups.com javascript:. For more options, visit https://groups.google.com/d/optout. -- Resources: - http://web2py.com - http://web2py.com/book (Documentation) - http://github.com/web2py/web2py (Source code) - https://code.google.com/p/web2py/issues/list (Report Issues) --- You received this message because you are subscribed to the Google Groups web2py-users group. To unsubscribe from this group and stop receiving emails from it, send an email to web2py+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [web2py] Password fields fine tuning
I think common practice is to leave password fields blank after a login failure so the password must be re-entered. In any case, I cannot replicate either behavior you describe using the standard web2p Auth forms. When I have a failed login, the entire login form is reloaded emtpy. When I enter the second password incorrectly on a register form, the form reloads, and I only have to correct the second password, not re-enter the first. Can you show the code you are using for your forms? Anthony On Friday, July 25, 2014 9:32:03 AM UTC-4, Louis Amon wrote: We’re all developers here so I couldn’t agree more. Still, I’m running a commercial website so I’m a slave to what my users want. As far as my customers are concerned, security comes second after ease of use… Anyway, you have to admit that the examples I gave in the first post are misleading in terms of user experience, right ? Isn’t there a way to improve it without compromising security too much ? I can see one : erasing input fields after each validation failure (blank fields are less misleading). Do you see other ? Le 25 juil. 2014 à 15:19, Willoughby neil.erik...@gmail.com a écrit : A simple google search will yield people complaining about their host accounts getting hacked on airbnb. Just because someone or something large 'does it that way' doesn't mean it's a best practice! On Friday, July 25, 2014 9:08:00 AM UTC-4, Louis Amon wrote: I don’t see much of a security threat here. What’s the worst-case scenario ? If you take a look at airbnb.com http://www.airbnb.com/, their registration form keeps your typed password even if you fail validation on other fields. If a website that big can do it then surely my small website will pull though, don’t you think ? Le 25 juil. 2014 à 14:47, Niphlod nip...@gmail.com a écrit : so you really want the webpage to return the actual password instead of asterisks ? it's a big security risk, no matter what user experience says. On Friday, July 25, 2014 10:53:40 AM UTC+2, Louis Amon wrote: I'm trying to improve user exprerience on my website and I noticed a rather annoying behavior on password fields : If I type a password longer than 8 characters and somehow my form fails (some other field didn't validate), my password gets replaced by in request.vars.password. For example : I try to login and misstype my username -- login form fails. I correct the mistake in the username and press the submit button again -- login still fails, because the password got replaced by '*' under the hood. Another example: I try to register and type my password but mistyped my password verification (password_two) -- register form fails. I focus the password_two field and retype my password -- register still fails because the original password field got replaced... This behavior is extremely frustrating for users as they can't print request.vars.password like a developper would. All they see is obfuscated passwords. I cannot have this on my commercial website. Is there any way to fix this ? -- Resources: - http://web2py.com - http://web2py.com/book (Documentation) - http://github.com/web2py/web2py (Source code) - https://code.google.com/p/web2py/issues/list (Report Issues) --- You received this message because you are subscribed to a topic in the Google Groups web2py-users group. To unsubscribe from this topic, visit https://groups.google.com/d/topic/web2py/T1vfDXDgsmE/unsubscribe. To unsubscribe from this group and all its topics, send an email to web2py+un...@googlegroups.com. For more options, visit https://groups.google.com/d/optout. -- Resources: - http://web2py.com - http://web2py.com/book (Documentation) - http://github.com/web2py/web2py (Source code) - https://code.google.com/p/web2py/issues/list (Report Issues) --- You received this message because you are subscribed to a topic in the Google Groups web2py-users group. To unsubscribe from this topic, visit https://groups.google.com/d/topic/web2py/T1vfDXDgsmE/unsubscribe. To unsubscribe from this group and all its topics, send an email to web2py+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout. -- Resources: - http://web2py.com - http://web2py.com/book (Documentation) - http://github.com/web2py/web2py (Source code) - https://code.google.com/p/web2py/issues/list (Report Issues) --- You received this message because you are subscribed to the Google Groups web2py-users group. To unsubscribe from this group and stop receiving emails from it, send an email to web2py+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [web2py] Password fields fine tuning
@Anthony: Indeed, I forgot to add that I'm using auth forms through ajax via LOAD. The problem may be due to ajax's JSON conversion of request.vars. Le 25 juil. 2014 à 15:52, Anthony abasta...@gmail.com a écrit : I think common practice is to leave password fields blank after a login failure so the password must be re-entered. In any case, I cannot replicate either behavior you describe using the standard web2p Auth forms. When I have a failed login, the entire login form is reloaded emtpy. When I enter the second password incorrectly on a register form, the form reloads, and I only have to correct the second password, not re-enter the first. Can you show the code you are using for your forms? Anthony On Friday, July 25, 2014 9:32:03 AM UTC-4, Louis Amon wrote: We're all developers here so I couldn't agree more. Still, I'm running a commercial website so I'm a slave to what my users want. As far as my customers are concerned, security comes second after ease of use... Anyway, you have to admit that the examples I gave in the first post are misleading in terms of user experience, right ? Isn't there a way to improve it without compromising security too much ? I can see one : erasing input fields after each validation failure (blank fields are less misleading). Do you see other ? Le 25 juil. 2014 à 15:19, Willoughby neil.erik...@gmail.com a écrit : A simple google search will yield people complaining about their host accounts getting hacked on airbnb. Just because someone or something large 'does it that way' doesn't mean it's a best practice! On Friday, July 25, 2014 9:08:00 AM UTC-4, Louis Amon wrote: I don't see much of a security threat here. What's the worst-case scenario ? If you take a look at airbnb.com, their registration form keeps your typed password even if you fail validation on other fields. If a website that big can do it then surely my small website will pull though, don't you think ? Le 25 juil. 2014 à 14:47, Niphlod nip...@gmail.com a écrit : so you really want the webpage to return the actual password instead of asterisks ? it's a big security risk, no matter what user experience says. On Friday, July 25, 2014 10:53:40 AM UTC+2, Louis Amon wrote: I'm trying to improve user exprerience on my website and I noticed a rather annoying behavior on password fields : If I type a password longer than 8 characters and somehow my form fails (some other field didn't validate), my password gets replaced by in request.vars.password. For example : I try to login and misstype my username -- login form fails. I correct the mistake in the username and press the submit button again -- login still fails, because the password got replaced by '*' under the hood. Another example: I try to register and type my password but mistyped my password verification (password_two) -- register form fails. I focus the password_two field and retype my password -- register still fails because the original password field got replaced... This behavior is extremely frustrating for users as they can't print request.vars.password like a developper would. All they see is obfuscated passwords. I cannot have this on my commercial website. Is there any way to fix this ? -- Resources: - http://web2py.com - http://web2py.com/book (Documentation) - http://github.com/web2py/web2py (Source code) - https://code.google.com/p/web2py/issues/list (Report Issues) --- You received this message because you are subscribed to a topic in the Google Groups web2py-users group. To unsubscribe from this topic, visit https://groups.google.com/d/topic/web2py/T1vfDXDgsmE/unsubscribe. To unsubscribe from this group and all its topics, send an email to web2py+un...@googlegroups.com. For more options, visit https://groups.google.com/d/optout. -- Resources: - http://web2py.com - http://web2py.com/book (Documentation) - http://github.com/web2py/web2py (Source code) - https://code.google.com/p/web2py/issues/list (Report Issues) --- You received this message because you are subscribed to a topic in the Google Groups web2py-users group. To unsubscribe from this topic, visit https://groups.google.com/d/topic/web2py/T1vfDXDgsmE/unsubscribe. To unsubscribe from this group and all its topics, send an email to web2py+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout. -- Resources: - http://web2py.com - http://web2py.com/book (Documentation) - http://github.com/web2py/web2py (Source code) - https://code.google.com/p/web2py/issues/list (Report Issues) --- You received this message because you are subscribed to a topic in the Google Groups web2py-users group. To unsubscribe from this topic, visit https://groups.google.com/d/topic/web2py/T1vfDXDgsmE/unsubscribe. To unsubscribe from this group and all its topics, send an email to
Re: [web2py] Password fields fine tuning
I still cannot replicate the behavior you observe. Can you show your code or attach a minimal app that demonstrates the behavior? Anthony On Friday, July 25, 2014 9:56:38 AM UTC-4, Louis Amon wrote: @Anthony: Indeed, I forgot to add that I’m using auth forms through ajax via LOAD. The problem may be due to ajax's JSON conversion of request.vars. Le 25 juil. 2014 à 15:52, Anthony abasta...@gmail.com a écrit : I think common practice is to leave password fields blank after a login failure so the password must be re-entered. In any case, I cannot replicate either behavior you describe using the standard web2p Auth forms. When I have a failed login, the entire login form is reloaded emtpy. When I enter the second password incorrectly on a register form, the form reloads, and I only have to correct the second password, not re-enter the first. Can you show the code you are using for your forms? Anthony On Friday, July 25, 2014 9:32:03 AM UTC-4, Louis Amon wrote: We’re all developers here so I couldn’t agree more. Still, I’m running a commercial website so I’m a slave to what my users want. As far as my customers are concerned, security comes second after ease of use… Anyway, you have to admit that the examples I gave in the first post are misleading in terms of user experience, right ? Isn’t there a way to improve it without compromising security too much ? I can see one : erasing input fields after each validation failure (blank fields are less misleading). Do you see other ? Le 25 juil. 2014 à 15:19, Willoughby neil.erik...@gmail.com a écrit : A simple google search will yield people complaining about their host accounts getting hacked on airbnb. Just because someone or something large 'does it that way' doesn't mean it's a best practice! On Friday, July 25, 2014 9:08:00 AM UTC-4, Louis Amon wrote: I don’t see much of a security threat here. What’s the worst-case scenario ? If you take a look at airbnb.com http://www.airbnb.com/, their registration form keeps your typed password even if you fail validation on other fields. If a website that big can do it then surely my small website will pull though, don’t you think ? Le 25 juil. 2014 à 14:47, Niphlod nip...@gmail.com a écrit : so you really want the webpage to return the actual password instead of asterisks ? it's a big security risk, no matter what user experience says. On Friday, July 25, 2014 10:53:40 AM UTC+2, Louis Amon wrote: I'm trying to improve user exprerience on my website and I noticed a rather annoying behavior on password fields : If I type a password longer than 8 characters and somehow my form fails (some other field didn't validate), my password gets replaced by in request.vars.password. For example : I try to login and misstype my username -- login form fails. I correct the mistake in the username and press the submit button again -- login still fails, because the password got replaced by '*' under the hood. Another example: I try to register and type my password but mistyped my password verification (password_two) -- register form fails. I focus the password_two field and retype my password -- register still fails because the original password field got replaced... This behavior is extremely frustrating for users as they can't print request.vars.password like a developper would. All they see is obfuscated passwords. I cannot have this on my commercial website. Is there any way to fix this ? -- Resources: - http://web2py.com - http://web2py.com/book (Documentation) - http://github.com/web2py/web2py (Source code) - https://code.google.com/p/web2py/issues/list (Report Issues) --- You received this message because you are subscribed to a topic in the Google Groups web2py-users group. To unsubscribe from this topic, visit https://groups.google.com/d/topic/web2py/T1vfDXDgsmE/unsubscribe. To unsubscribe from this group and all its topics, send an email to web2py+un...@googlegroups.com. For more options, visit https://groups.google.com/d/optout. -- Resources: - http://web2py.com - http://web2py.com/book (Documentation) - http://github.com/web2py/web2py (Source code) - https://code.google.com/p/web2py/issues/list (Report Issues) --- You received this message because you are subscribed to a topic in the Google Groups web2py-users group. To unsubscribe from this topic, visit https://groups.google.com/d/topic/web2py/T1vfDXDgsmE/unsubscribe. To unsubscribe from this group and all its topics, send an email to web2py+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout. -- Resources: - http://web2py.com - http://web2py.com/book (Documentation) - http://github.com/web2py/web2py (Source code) - https://code.google.com/p/web2py/issues/list (Report Issues) --- You received this message because you are subscribed to a topic in the
[web2py] Re: What can cause some of my extra fields to be missing from auth.user?
Do you guys need an example application where this problems happens? -- Resources: - http://web2py.com - http://web2py.com/book (Documentation) - http://github.com/web2py/web2py (Source code) - https://code.google.com/p/web2py/issues/list (Report Issues) --- You received this message because you are subscribed to the Google Groups web2py-users group. To unsubscribe from this group and stop receiving emails from it, send an email to web2py+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[web2py] Re: Help me stop bashing me head on keyboard...
Jesse here's an example of way to do it I posted a long time ago: https://groups.google.com/d/msg/web2py/z_lGYsO6LKE/mDNm3DQ4DVUJ -- Resources: - http://web2py.com - http://web2py.com/book (Documentation) - http://github.com/web2py/web2py (Source code) - https://code.google.com/p/web2py/issues/list (Report Issues) --- You received this message because you are subscribed to the Google Groups web2py-users group. To unsubscribe from this group and stop receiving emails from it, send an email to web2py+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [web2py] Password fields fine tuning
After much research I found the trigger to replicate the issue : db.auth_user.password.widget = lambda k,v: SQLFORM.widgets.password.widget(k , v, _id=login_password, _class=input-basic input-200) If you type a password longer than 8 characters and the validation fails, your password will be replaced with '' in request.vars.password. On Friday, July 25, 2014 4:12:06 PM UTC+2, Anthony wrote: I still cannot replicate the behavior you observe. Can you show your code or attach a minimal app that demonstrates the behavior? Anthony On Friday, July 25, 2014 9:56:38 AM UTC-4, Louis Amon wrote: @Anthony: Indeed, I forgot to add that I’m using auth forms through ajax via LOAD. The problem may be due to ajax's JSON conversion of request.vars. Le 25 juil. 2014 à 15:52, Anthony abas...@gmail.com javascript: a écrit : I think common practice is to leave password fields blank after a login failure so the password must be re-entered. In any case, I cannot replicate either behavior you describe using the standard web2p Auth forms. When I have a failed login, the entire login form is reloaded emtpy. When I enter the second password incorrectly on a register form, the form reloads, and I only have to correct the second password, not re-enter the first. Can you show the code you are using for your forms? Anthony On Friday, July 25, 2014 9:32:03 AM UTC-4, Louis Amon wrote: We’re all developers here so I couldn’t agree more. Still, I’m running a commercial website so I’m a slave to what my users want. As far as my customers are concerned, security comes second after ease of use… Anyway, you have to admit that the examples I gave in the first post are misleading in terms of user experience, right ? Isn’t there a way to improve it without compromising security too much ? I can see one : erasing input fields after each validation failure (blank fields are less misleading). Do you see other ? Le 25 juil. 2014 à 15:19, Willoughby neil.e...@gmail.com javascript: a écrit : A simple google search will yield people complaining about their host accounts getting hacked on airbnb. Just because someone or something large 'does it that way' doesn't mean it's a best practice! On Friday, July 25, 2014 9:08:00 AM UTC-4, Louis Amon wrote: I don’t see much of a security threat here. What’s the worst-case scenario ? If you take a look at airbnb.com http://www.airbnb.com/, their registration form keeps your typed password even if you fail validation on other fields. If a website that big can do it then surely my small website will pull though, don’t you think ? Le 25 juil. 2014 à 14:47, Niphlod nip...@gmail.com a écrit : so you really want the webpage to return the actual password instead of asterisks ? it's a big security risk, no matter what user experience says. On Friday, July 25, 2014 10:53:40 AM UTC+2, Louis Amon wrote: I'm trying to improve user exprerience on my website and I noticed a rather annoying behavior on password fields : If I type a password longer than 8 characters and somehow my form fails (some other field didn't validate), my password gets replaced by in request.vars.password. For example : I try to login and misstype my username -- login form fails. I correct the mistake in the username and press the submit button again -- login still fails, because the password got replaced by '*' under the hood. Another example: I try to register and type my password but mistyped my password verification (password_two) -- register form fails. I focus the password_two field and retype my password -- register still fails because the original password field got replaced... This behavior is extremely frustrating for users as they can't print request.vars.password like a developper would. All they see is obfuscated passwords. I cannot have this on my commercial website. Is there any way to fix this ? -- Resources: - http://web2py.com - http://web2py.com/book (Documentation) - http://github.com/web2py/web2py (Source code) - https://code.google.com/p/web2py/issues/list (Report Issues) --- You received this message because you are subscribed to a topic in the Google Groups web2py-users group. To unsubscribe from this topic, visit https://groups.google.com/d/topic/web2py/T1vfDXDgsmE/unsubscribe. To unsubscribe from this group and all its topics, send an email to web2py+un...@googlegroups.com. For more options, visit https://groups.google.com/d/optout. -- Resources: - http://web2py.com - http://web2py.com/book (Documentation) - http://github.com/web2py/web2py (Source code) - https://code.google.com/p/web2py/issues/list (Report Issues) --- You received this message because you are subscribed to a topic in the Google Groups web2py-users group. To unsubscribe from this topic, visit https://groups.google.com/d/topic/web2py/T1vfDXDgsmE/unsubscribe. To
Re: [web2py] Easy to Understand SQLFORM.grid Custom Search
Dear villas, You said: I suppose that my proposal to use shlex would really apply to Peter's suggestion. I guess it might also be considered for use in the build_query function of sqlhtml.py. Shlex seems like a great way of using quotes to contain search phrases. I guess Google would be using something similar, and I'm sure that many of us use that feature all the time. I think you're right on all accounts. Maybe you should post an Enhancement request to Issues-web2py https://code.google.com/p/web2py/issues/list for the build_query function of sqlhtml.py. Love and peace, Joe On Monday, July 21, 2014 8:25:24 AM UTC-7, villas wrote: Hi Joe, I suppose that my proposal to use shlex would really apply to Peter's suggestion. I guess it might also be considered for use in the build_query function of sqlhtml.py. Shlex seems like a great way of using quotes to contain search phrases. I guess Google would be using something similar, and I'm sure that many of us use that feature all the time. On Monday, 14 July 2014 17:54:27 UTC+1, JoeCodeswell wrote: Dear villas, Thanks for the reply. Here is my understanding of what you want. You'd like to be able to search using a search syntax based on the shlex module. My technique uses the SQLFORM.grid's Standard Search Input (#w2p_keywords) syntax for it's searches. I suggest you post an Enhancment suggestion for the SQLFORM.grid's Standard Search Input as a main discussion topic in this forum. Thanks again, villas. Love and peace, Joe On Saturday, July 12, 2014 10:39:31 AM UTC-7, villas wrote: I would also like to add an optional 'extra' because it is nice to be able to search like this: search_text = 'David Cameron uk' By quoting search 'phrases' as well as words, you can get a better result. After all, I would not want every David in the UK to be listed. I have found that using 'shlex' is a good solution. For example: import shlex words = [x for x in shlex.split(search_text)] if search_text else [] I hope this might also be useful to someone wishing to improve their search options. D On Friday, 11 July 2014 00:20:39 UTC+1, peter wrote: Thanks for this Joe, and it is an interesting approach. However I find the approach I used https://groups.google.com/forum/#!searchin/web2py/sqlform.grid$20search/web2py/9_1ECdKHKUo/8OISg7o8OVIJ Somewhat easier to understand. Your approach is more novel however. Peter On Monday, July 21, 2014 8:25:24 AM UTC-7, villas wrote: Hi Joe, I suppose that my proposal to use shlex would really apply to Peter's suggestion. I guess it might also be considered for use in the build_query function of sqlhtml.py. Shlex seems like a great way of using quotes to contain search phrases. I guess Google would be using something similar, and I'm sure that many of us use that feature all the time. On Monday, 14 July 2014 17:54:27 UTC+1, JoeCodeswell wrote: Dear villas, Thanks for the reply. Here is my understanding of what you want. You'd like to be able to search using a search syntax based on the shlex module. My technique uses the SQLFORM.grid's Standard Search Input (#w2p_keywords) syntax for it's searches. I suggest you post an Enhancment suggestion for the SQLFORM.grid's Standard Search Input as a main discussion topic in this forum. Thanks again, villas. Love and peace, Joe On Saturday, July 12, 2014 10:39:31 AM UTC-7, villas wrote: I would also like to add an optional 'extra' because it is nice to be able to search like this: search_text = 'David Cameron uk' By quoting search 'phrases' as well as words, you can get a better result. After all, I would not want every David in the UK to be listed. I have found that using 'shlex' is a good solution. For example: import shlex words = [x for x in shlex.split(search_text)] if search_text else [] I hope this might also be useful to someone wishing to improve their search options. D On Friday, 11 July 2014 00:20:39 UTC+1, peter wrote: Thanks for this Joe, and it is an interesting approach. However I find the approach I used https://groups.google.com/forum/#!searchin/web2py/sqlform.grid$20search/web2py/9_1ECdKHKUo/8OISg7o8OVIJ Somewhat easier to understand. Your approach is more novel however. Peter -- Resources: - http://web2py.com - http://web2py.com/book (Documentation) - http://github.com/web2py/web2py (Source code) - https://code.google.com/p/web2py/issues/list (Report Issues) --- You received this message because you are subscribed to the Google Groups web2py-users group. To unsubscribe from this group and stop receiving emails from it, send an email to web2py+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [web2py] Password fields fine tuning
I still don't see the behavior for login, but for registration, you can try: db.auth_user.password.widget = lambda k,v: SQLFORM.widgets.password.widget(k , None, _id=login_password, _class=input-basic input-200) Anthony On Friday, July 25, 2014 10:35:18 AM UTC-4, Louis Amon wrote: After much research I found the trigger to replicate the issue : db.auth_user.password.widget = lambda k,v: SQLFORM.widgets.password.widget (k, v, _id=login_password, _class=input-basic input-200) If you type a password longer than 8 characters and the validation fails, your password will be replaced with '' in request.vars.password. On Friday, July 25, 2014 4:12:06 PM UTC+2, Anthony wrote: I still cannot replicate the behavior you observe. Can you show your code or attach a minimal app that demonstrates the behavior? Anthony On Friday, July 25, 2014 9:56:38 AM UTC-4, Louis Amon wrote: @Anthony: Indeed, I forgot to add that I’m using auth forms through ajax via LOAD. The problem may be due to ajax's JSON conversion of request.vars. Le 25 juil. 2014 à 15:52, Anthony abas...@gmail.com a écrit : I think common practice is to leave password fields blank after a login failure so the password must be re-entered. In any case, I cannot replicate either behavior you describe using the standard web2p Auth forms. When I have a failed login, the entire login form is reloaded emtpy. When I enter the second password incorrectly on a register form, the form reloads, and I only have to correct the second password, not re-enter the first. Can you show the code you are using for your forms? Anthony On Friday, July 25, 2014 9:32:03 AM UTC-4, Louis Amon wrote: We’re all developers here so I couldn’t agree more. Still, I’m running a commercial website so I’m a slave to what my users want. As far as my customers are concerned, security comes second after ease of use… Anyway, you have to admit that the examples I gave in the first post are misleading in terms of user experience, right ? Isn’t there a way to improve it without compromising security too much ? I can see one : erasing input fields after each validation failure (blank fields are less misleading). Do you see other ? Le 25 juil. 2014 à 15:19, Willoughby neil.e...@gmail.com a écrit : A simple google search will yield people complaining about their host accounts getting hacked on airbnb. Just because someone or something large 'does it that way' doesn't mean it's a best practice! On Friday, July 25, 2014 9:08:00 AM UTC-4, Louis Amon wrote: I don’t see much of a security threat here. What’s the worst-case scenario ? If you take a look at airbnb.com http://www.airbnb.com/, their registration form keeps your typed password even if you fail validation on other fields. If a website that big can do it then surely my small website will pull though, don’t you think ? Le 25 juil. 2014 à 14:47, Niphlod nip...@gmail.com a écrit : so you really want the webpage to return the actual password instead of asterisks ? it's a big security risk, no matter what user experience says. On Friday, July 25, 2014 10:53:40 AM UTC+2, Louis Amon wrote: I'm trying to improve user exprerience on my website and I noticed a rather annoying behavior on password fields : If I type a password longer than 8 characters and somehow my form fails (some other field didn't validate), my password gets replaced by in request.vars.password. For example : I try to login and misstype my username -- login form fails. I correct the mistake in the username and press the submit button again -- login still fails, because the password got replaced by '*' under the hood. Another example: I try to register and type my password but mistyped my password verification (password_two) -- register form fails. I focus the password_two field and retype my password -- register still fails because the original password field got replaced... This behavior is extremely frustrating for users as they can't print request.vars.password like a developper would. All they see is obfuscated passwords. I cannot have this on my commercial website. Is there any way to fix this ? -- Resources: - http://web2py.com - http://web2py.com/book (Documentation) - http://github.com/web2py/web2py (Source code) - https://code.google.com/p/web2py/issues/list (Report Issues) --- You received this message because you are subscribed to a topic in the Google Groups web2py-users group. To unsubscribe from this topic, visit https://groups.google.com/d/topic/web2py/T1vfDXDgsmE/unsubscribe. To unsubscribe from this group and all its topics, send an email to web2py+un...@googlegroups.com. For more options, visit https://groups.google.com/d/optout. -- Resources: - http://web2py.com - http://web2py.com/book (Documentation) - http://github.com/web2py/web2py (Source code) -
Re: [web2py] Auto update db records behaviour per input field on release (AJAX)
Well, I like your idea. Do you think you could post it to web2pyslices? On Tuesday, July 8, 2014 8:16:12 PM UTC-7, Francisco Ribeiro wrote: Derek, that bit where you mention hooking run-time validation to be saved, is pretty much what I’m doing in my post. You need to consider that you might not have a complete record to insert, but one field at the time, hence why I create the ‘updateTableService()’. From what I understand, the only difference between what you suggest and what I did, is that on my code, the validation is fully done on the server side. The advantages are that I can apply validators such as ‘isUnique’ (among others that require the DB access) as well enforce input validation (from a security standpoint, there is no such thing as client-side input validation). The downside is obviously performance whenever things don’t even need to reach the server-side and parsley is able to do them immediately within the browser. I guess I could add parsley to get the best of both worlds... Thank you, Francisco On 7 Jul 2014, at 22:07, Derek sp1...@gmail.com javascript: wrote: If you read, I suggested that when the 'page close' or 'navigate away' event is fired, you can trigger a save then (one option). You can use parsely to manage your validators (because you don't want to save invalid data). It will do run-time validation, which you can then hook into to do the saving for you, so as soon as valid data is entered, it is saved. Another option is to collect a small amount of information at a time. Such like a 'wizard' interface. Take a look here for what I'm talking about: http://parsleyjs.org/doc/examples/multisteps.html On Friday, June 13, 2014 3:29:20 PM UTC-7, Francisco Ribeiro wrote: Thank you for stepping up to reply but 'parsely' looks more like a library for client-side form validation which is not really the major problem I am trying to address. My goal is to have a mechanism that stores (with persistence) information provided by the user as soon as possible once it is provided input field by input field (on focusOut event) , rather than just doing all at once when the form is submitted. Anyway, thanks :) Francisco On Friday, 13 June 2014 21:06:48 UTC+1, Derek wrote: Try 'parsely' http://parsleyjs.org/doc/examples/simple.html and prompt on page close to save first. On Wednesday, June 11, 2014 7:43:41 PM UTC-7, Francisco G. T. Ribeiro wrote: hi all, I'm working on an app that uses forms that can be quite long and its users often interrupt their sessions for whatever reason and end up losing the information already filled. For this and other reasons I wanted to provide a different behaviour to these forms where each input field updates the record on the database as soon as its input field is released ('focusOut' event on jQuery). Ideally, the server would reply with 'success' or an error message so users know when they can move on to another field (without refreshing the whole page). By the end of the form, the user wouldn't have to review things that were written long ago since these were all already validated. Now, I know this can be tricky due to database constrains but because i need to do this very often (multiple fields and multiple forms), I thought it would be useful to automate it, maybe even by having on the db Field something like '..auto_update=True' (merely a suggestion) but before getting there, I would like to know if anyone has faced this problem and if yes what solution did you employ? Thank you in advance, Francisco -- Resources: - http://web2py.com - http://web2py.com/book (Documentation) - http://github.com/web2py/web2py (Source code) - https://code.google.com/p/web2py/issues/list (Report Issues) --- You received this message because you are subscribed to a topic in the Google Groups web2py-users group. To unsubscribe from this topic, visit https://groups.google.com/d/topic/web2py/v1MD3u5ZLm0/unsubscribe. To unsubscribe from this group and all its topics, send an email to web2py+un...@googlegroups.com javascript:. For more options, visit https://groups.google.com/d/optout. -- Resources: - http://web2py.com - http://web2py.com/book (Documentation) - http://github.com/web2py/web2py (Source code) - https://code.google.com/p/web2py/issues/list (Report Issues) --- You received this message because you are subscribed to the Google Groups web2py-users group. To unsubscribe from this group and stop receiving emails from it, send an email to web2py+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [web2py] json parsing and db insert problem
I don't get it. Why exactly are you passing around json? Your usage doesn't warrant it, and it looks like it is causing you problems. Why not send it like regular x-www-form-urlencoded? On Friday, July 25, 2014 1:17:11 AM UTC-7, Yebach wrote: Found the problem The error was the second call for json object when I got an error in console, so I went to check the error folder in app. Looks like I have a date parse problems. 2014-07-25 10:08 GMT+02:00 Manuele Pesenti manuele...@gmail.com javascript:: Il 25/07/14 09:22, Yebach ha scritto: type 'exceptions.TypeError' expected string or buffer in line data_dict = json.loads(data) WHY?? why does insert or smth crashes it on line before it is executed??? can you paste a print of your data variable value just before the code crashes? M. -- Resources: - http://web2py.com - http://web2py.com/book (Documentation) - http://github.com/web2py/web2py (Source code) - https://code.google.com/p/web2py/issues/list (Report Issues) --- You received this message because you are subscribed to a topic in the Google Groups web2py-users group. To unsubscribe from this topic, visit https://groups.google.com/d/topic/web2py/b7-CaacVqMI/unsubscribe. To unsubscribe from this group and all its topics, send an email to web2py+un...@googlegroups.com javascript:. For more options, visit https://groups.google.com/d/optout. -- Lep pozdrav Vid Ogris -- Resources: - http://web2py.com - http://web2py.com/book (Documentation) - http://github.com/web2py/web2py (Source code) - https://code.google.com/p/web2py/issues/list (Report Issues) --- You received this message because you are subscribed to the Google Groups web2py-users group. To unsubscribe from this group and stop receiving emails from it, send an email to web2py+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[web2py] Re: error(10053, 'An established connection was aborted by the software in your host machine')
Glad you fixed it, sorry to hear you are stuck with mySQL. your my.cnf file controls how many connections are allowed. On Thursday, July 24, 2014 9:34:20 PM UTC-7, Dmitry Ermolaev wrote: SOLVED! I update mySQL to 5.6.19 vers! понедельник, 14 июля 2014 г., 15:06:03 UTC+4 пользователь Copper Lark написал: Versionweb2py™Version 2.9.5-trunk+timestamp.2014.03.29.21.54.41Traceback 1. 2. 3. 4. 5. 6. 7. 8. 9. 10. 11. 12. 13. 14. 15. Traceback (most recent call last): File C:\web2py-m\gluon\main.py, line 539, in wsgibase BaseAdapter.close_all_instances('rollback') File C:\web2py-m\gluon\dal.py, line 600, in close_all_instances db._adapter.close(action) File C:\web2py-m\gluon\dal.py, line 580, in close getattr(self, action)() File C:\web2py-m\gluon\dal.py, line 1923, in rollback return self.connection.rollback() File C:\web2py-m\gluon\contrib\pymysql\connections.py, line 640, in rollback self.errorhandler(None, exc, value) File C:\web2py-m\gluon\contrib\pymysql\connections.py, line 200, in defaulterrorhandler raise Error(errorclass, errorvalue) Error: (class 'socket.error', error(10053, 'An established connection was aborted by the software in your host machine')) In file: Framework -- Resources: - http://web2py.com - http://web2py.com/book (Documentation) - http://github.com/web2py/web2py (Source code) - https://code.google.com/p/web2py/issues/list (Report Issues) --- You received this message because you are subscribed to the Google Groups web2py-users group. To unsubscribe from this group and stop receiving emails from it, send an email to web2py+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[web2py] Re: Managing 600MB size files on Google Cloud with web2py
Look up the maximum entity size, I believe it's around 1MB, so that would make storing the data in the Cloud Datastore or as a blob, impossible. On Wednesday, July 23, 2014 2:27:29 AM UTC-7, Giacomo Dorigo wrote: Hello everybody, I am writing an app for storing and delivering files more or less from 3 up to 600Mb size. I would like to rely on Google App Engine for running my web2py instance. What I am wondering if it's better to store the data directly in the Google not relational datastore (Google Cloud Datastore), or to upload them to the Google relational MySQL version (Google Cloud SQL), or in the end to implement the upload/download to the Google Cloud Storage treating it as alternative uploadfs. Does anybody have any suggestion or experience on this topic? Thanks. -- Resources: - http://web2py.com - http://web2py.com/book (Documentation) - http://github.com/web2py/web2py (Source code) - https://code.google.com/p/web2py/issues/list (Report Issues) --- You received this message because you are subscribed to the Google Groups web2py-users group. To unsubscribe from this group and stop receiving emails from it, send an email to web2py+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [web2py] Password fields fine tuning
That's a very elegant solution. Thank you Anthony. On Friday, July 25, 2014 8:01:53 PM UTC+2, Anthony wrote: I still don't see the behavior for login, but for registration, you can try: db.auth_user.password.widget = lambda k,v: SQLFORM.widgets.password.widget (k, None, _id=login_password, _class=input-basic input-200) Anthony On Friday, July 25, 2014 10:35:18 AM UTC-4, Louis Amon wrote: After much research I found the trigger to replicate the issue : db.auth_user.password.widget = lambda k,v: SQLFORM.widgets.password. widget(k, v, _id=login_password, _class=input-basic input-200) If you type a password longer than 8 characters and the validation fails, your password will be replaced with '' in request.vars.password. On Friday, July 25, 2014 4:12:06 PM UTC+2, Anthony wrote: I still cannot replicate the behavior you observe. Can you show your code or attach a minimal app that demonstrates the behavior? Anthony On Friday, July 25, 2014 9:56:38 AM UTC-4, Louis Amon wrote: @Anthony: Indeed, I forgot to add that I’m using auth forms through ajax via LOAD. The problem may be due to ajax's JSON conversion of request.vars. Le 25 juil. 2014 à 15:52, Anthony abas...@gmail.com a écrit : I think common practice is to leave password fields blank after a login failure so the password must be re-entered. In any case, I cannot replicate either behavior you describe using the standard web2p Auth forms. When I have a failed login, the entire login form is reloaded emtpy. When I enter the second password incorrectly on a register form, the form reloads, and I only have to correct the second password, not re-enter the first. Can you show the code you are using for your forms? Anthony On Friday, July 25, 2014 9:32:03 AM UTC-4, Louis Amon wrote: We’re all developers here so I couldn’t agree more. Still, I’m running a commercial website so I’m a slave to what my users want. As far as my customers are concerned, security comes second after ease of use… Anyway, you have to admit that the examples I gave in the first post are misleading in terms of user experience, right ? Isn’t there a way to improve it without compromising security too much ? I can see one : erasing input fields after each validation failure (blank fields are less misleading). Do you see other ? Le 25 juil. 2014 à 15:19, Willoughby neil.e...@gmail.com a écrit : A simple google search will yield people complaining about their host accounts getting hacked on airbnb. Just because someone or something large 'does it that way' doesn't mean it's a best practice! On Friday, July 25, 2014 9:08:00 AM UTC-4, Louis Amon wrote: I don’t see much of a security threat here. What’s the worst-case scenario ? If you take a look at airbnb.com http://www.airbnb.com/, their registration form keeps your typed password even if you fail validation on other fields. If a website that big can do it then surely my small website will pull though, don’t you think ? Le 25 juil. 2014 à 14:47, Niphlod nip...@gmail.com a écrit : so you really want the webpage to return the actual password instead of asterisks ? it's a big security risk, no matter what user experience says. On Friday, July 25, 2014 10:53:40 AM UTC+2, Louis Amon wrote: I'm trying to improve user exprerience on my website and I noticed a rather annoying behavior on password fields : If I type a password longer than 8 characters and somehow my form fails (some other field didn't validate), my password gets replaced by in request.vars.password. For example : I try to login and misstype my username -- login form fails. I correct the mistake in the username and press the submit button again -- login still fails, because the password got replaced by '*' under the hood. Another example: I try to register and type my password but mistyped my password verification (password_two) -- register form fails. I focus the password_two field and retype my password -- register still fails because the original password field got replaced... This behavior is extremely frustrating for users as they can't print request.vars.password like a developper would. All they see is obfuscated passwords. I cannot have this on my commercial website. Is there any way to fix this ? -- Resources: - http://web2py.com - http://web2py.com/book (Documentation) - http://github.com/web2py/web2py (Source code) - https://code.google.com/p/web2py/issues/list (Report Issues) --- You received this message because you are subscribed to a topic in the Google Groups web2py-users group. To unsubscribe from this topic, visit https://groups.google.com/d/topic/web2py/T1vfDXDgsmE/unsubscribe. To unsubscribe from this group and all its topics, send an email to web2py+un...@googlegroups.com. For more options, visit https://groups.google.com/d/optout. -- Resources: -
Re: [web2py] Auto update db records behaviour per input field on release (AJAX)
thanks! http://www.web2pyslices.com/slice/show/1983/auto-update-db-records-behaviour-per-input-field-on-release Cheers, Francisco On 25 Jul 2014, at 19:31, Derek sp1d...@gmail.com wrote: Well, I like your idea. Do you think you could post it to web2pyslices? On Tuesday, July 8, 2014 8:16:12 PM UTC-7, Francisco Ribeiro wrote: Derek, that bit where you mention hooking run-time validation to be saved, is pretty much what I'm doing in my post. You need to consider that you might not have a complete record to insert, but one field at the time, hence why I create the 'updateTableService()'. From what I understand, the only difference between what you suggest and what I did, is that on my code, the validation is fully done on the server side. The advantages are that I can apply validators such as 'isUnique' (among others that require the DB access) as well enforce input validation (from a security standpoint, there is no such thing as client-side input validation). The downside is obviously performance whenever things don't even need to reach the server-side and parsley is able to do them immediately within the browser. I guess I could add parsley to get the best of both worlds... Thank you, Francisco On 7 Jul 2014, at 22:07, Derek sp1...@gmail.com wrote: If you read, I suggested that when the 'page close' or 'navigate away' event is fired, you can trigger a save then (one option). You can use parsely to manage your validators (because you don't want to save invalid data). It will do run-time validation, which you can then hook into to do the saving for you, so as soon as valid data is entered, it is saved. Another option is to collect a small amount of information at a time. Such like a 'wizard' interface. Take a look here for what I'm talking about: http://parsleyjs.org/doc/examples/multisteps.html On Friday, June 13, 2014 3:29:20 PM UTC-7, Francisco Ribeiro wrote: Thank you for stepping up to reply but 'parsely' looks more like a library for client-side form validation which is not really the major problem I am trying to address. My goal is to have a mechanism that stores (with persistence) information provided by the user as soon as possible once it is provided input field by input field (on focusOut event) , rather than just doing all at once when the form is submitted. Anyway, thanks :) Francisco On Friday, 13 June 2014 21:06:48 UTC+1, Derek wrote: Try 'parsely' http://parsleyjs.org/doc/examples/simple.html and prompt on page close to save first. On Wednesday, June 11, 2014 7:43:41 PM UTC-7, Francisco G. T. Ribeiro wrote: hi all, I'm working on an app that uses forms that can be quite long and its users often interrupt their sessions for whatever reason and end up losing the information already filled. For this and other reasons I wanted to provide a different behaviour to these forms where each input field updates the record on the database as soon as its input field is released ('focusOut' event on jQuery). Ideally, the server would reply with 'success' or an error message so users know when they can move on to another field (without refreshing the whole page). By the end of the form, the user wouldn't have to review things that were written long ago since these were all already validated. Now, I know this can be tricky due to database constrains but because i need to do this very often (multiple fields and multiple forms), I thought it would be useful to automate it, maybe even by having on the db Field something like '..auto_update=True' (merely a suggestion) but before getting there, I would like to know if anyone has faced this problem and if yes what solution did you employ? Thank you in advance, Francisco -- Resources: - http://web2py.com - http://web2py.com/book (Documentation) - http://github.com/web2py/web2py (Source code) - https://code.google.com/p/web2py/issues/list (Report Issues) --- You received this message because you are subscribed to a topic in the Google Groups web2py-users group. To unsubscribe from this topic, visit https://groups.google.com/d/topic/web2py/v1MD3u5ZLm0/unsubscribe. To unsubscribe from this group and all its topics, send an email to web2py+un...@googlegroups.com. For more options, visit https://groups.google.com/d/optout. -- Resources: - http://web2py.com - http://web2py.com/book (Documentation) - http://github.com/web2py/web2py (Source code) - https://code.google.com/p/web2py/issues/list (Report Issues) --- You received this message because you are subscribed to a topic in the Google Groups web2py-users group. To unsubscribe from this topic, visit https://groups.google.com/d/topic/web2py/v1MD3u5ZLm0/unsubscribe. To unsubscribe from this group and all its topics, send an email to web2py+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout. -- Resources: -
[web2py] GAE Python Dev Server won't serve static assets on Windows - MIME type error
It appears that this issue will affect web2py on windows development and basically all the css files get ignored so its rather obvious its a problem: http://code.google.com/p/googleappengine/issues/detail?id=11001 and putting the stuff below into the top of the handlers section of app.yaml does appear to fix it - however I don't fully understand these sections and whether a proper correction should be included in the example app.yaml or if you just leave and expect future version of the app engine to sort it out. If someone that does could just post a recommended app.yaml to overcome the problem that would be great. Regards Russ - url: /(.+?)/static/css/(.+) static_files: applications/\1/static/css/\2 mime_type: text/css upload: applications/(.+?)/static/css/(.+) secure: optional - url: /(.+?)/static/images/(.+) static_files: applications/\1/static/images/\2 mime_type: image/png upload: applications/(.+?)/static/css/(.+) secure: optional -- Resources: - http://web2py.com - http://web2py.com/book (Documentation) - http://github.com/web2py/web2py (Source code) - https://code.google.com/p/web2py/issues/list (Report Issues) --- You received this message because you are subscribed to the Google Groups web2py-users group. To unsubscribe from this group and stop receiving emails from it, send an email to web2py+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[web2py] AJAX function
I've got a fairly substantial page with a lot of data in it that I don't want to keep reloading the page so I'm using the AJAX function provided with web2py and pulling the data from a SQLFORM used in the view page. Question I have is, I'm using validate_and_insert function, I was wondering is it necessary to escape the input on the server side first before the validation_and_ insert function? Thanks in advance. -- Resources: - http://web2py.com - http://web2py.com/book (Documentation) - http://github.com/web2py/web2py (Source code) - https://code.google.com/p/web2py/issues/list (Report Issues) --- You received this message because you are subscribed to the Google Groups web2py-users group. To unsubscribe from this group and stop receiving emails from it, send an email to web2py+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [web2py] Auto update db records behaviour per input field on release (AJAX)
I just updated this entry because I had some irrelevant code there / code missing to make it easily reproducible. Hopefully, should be fine now.. Francisco On 25 Jul 2014, at 21:54, Francisco Gama francisco@gmail.com wrote: thanks! http://www.web2pyslices.com/slice/show/1983/auto-update-db-records-behaviour-per-input-field-on-release Cheers, Francisco On 25 Jul 2014, at 19:31, Derek sp1d...@gmail.com wrote: Well, I like your idea. Do you think you could post it to web2pyslices? On Tuesday, July 8, 2014 8:16:12 PM UTC-7, Francisco Ribeiro wrote: Derek, that bit where you mention hooking run-time validation to be saved, is pretty much what I'm doing in my post. You need to consider that you might not have a complete record to insert, but one field at the time, hence why I create the 'updateTableService()'. From what I understand, the only difference between what you suggest and what I did, is that on my code, the validation is fully done on the server side. The advantages are that I can apply validators such as 'isUnique' (among others that require the DB access) as well enforce input validation (from a security standpoint, there is no such thing as client-side input validation). The downside is obviously performance whenever things don't even need to reach the server-side and parsley is able to do them immediately within the browser. I guess I could add parsley to get the best of both worlds... Thank you, Francisco On 7 Jul 2014, at 22:07, Derek sp1...@gmail.com wrote: If you read, I suggested that when the 'page close' or 'navigate away' event is fired, you can trigger a save then (one option). You can use parsely to manage your validators (because you don't want to save invalid data). It will do run-time validation, which you can then hook into to do the saving for you, so as soon as valid data is entered, it is saved. Another option is to collect a small amount of information at a time. Such like a 'wizard' interface. Take a look here for what I'm talking about: http://parsleyjs.org/doc/examples/multisteps.html On Friday, June 13, 2014 3:29:20 PM UTC-7, Francisco Ribeiro wrote: Thank you for stepping up to reply but 'parsely' looks more like a library for client-side form validation which is not really the major problem I am trying to address. My goal is to have a mechanism that stores (with persistence) information provided by the user as soon as possible once it is provided input field by input field (on focusOut event) , rather than just doing all at once when the form is submitted. Anyway, thanks :) Francisco On Friday, 13 June 2014 21:06:48 UTC+1, Derek wrote: Try 'parsely' http://parsleyjs.org/doc/examples/simple.html and prompt on page close to save first. On Wednesday, June 11, 2014 7:43:41 PM UTC-7, Francisco G. T. Ribeiro wrote: hi all, I'm working on an app that uses forms that can be quite long and its users often interrupt their sessions for whatever reason and end up losing the information already filled. For this and other reasons I wanted to provide a different behaviour to these forms where each input field updates the record on the database as soon as its input field is released ('focusOut' event on jQuery). Ideally, the server would reply with 'success' or an error message so users know when they can move on to another field (without refreshing the whole page). By the end of the form, the user wouldn't have to review things that were written long ago since these were all already validated. Now, I know this can be tricky due to database constrains but because i need to do this very often (multiple fields and multiple forms), I thought it would be useful to automate it, maybe even by having on the db Field something like '..auto_update=True' (merely a suggestion) but before getting there, I would like to know if anyone has faced this problem and if yes what solution did you employ? Thank you in advance, Francisco -- Resources: - http://web2py.com - http://web2py.com/book (Documentation) - http://github.com/web2py/web2py (Source code) - https://code.google.com/p/web2py/issues/list (Report Issues) --- You received this message because you are subscribed to a topic in the Google Groups web2py-users group. To unsubscribe from this topic, visit https://groups.google.com/d/topic/web2py/v1MD3u5ZLm0/unsubscribe. To unsubscribe from this group and all its topics, send an email to web2py+un...@googlegroups.com. For more options, visit https://groups.google.com/d/optout. -- Resources: - http://web2py.com - http://web2py.com/book (Documentation) - http://github.com/web2py/web2py (Source code) - https://code.google.com/p/web2py/issues/list (Report Issues) --- You received this message because you are subscribed to a topic in the Google Groups web2py-users group. To unsubscribe from this topic, visit