Re: [web2py] Re: About crud.update to edit or update a user's profile info !

[Le Don X]

thank you for the response Massimo,

I do agree with your thoughts regarding the vulnerability exposed upon a
new registration !  that can easily be arranged by adding an additional
table to manage all users profile pics ! ... that way, a user can only
upload his avatar ( or picture ) only when they are already registered and
when they decide to edit their profile, they will be able to upload their
own pic ...

However, I still foresee the same problem, when it comes to edit that
profile pic, with the crud.update for that eventual userimage table that
will referenced the appropriate auth_user table record...

I come to realize that there are many issues or challenges regarding
pictures, uploading pictures, *viewing pictures upon uploads before
submitting or updating a form (or crud)* etc .. throughout the web2py forum
  This is a matter that needs to be addressed head on, through a slice
or a how to article, we know that it certainly involves ajax ... but many
before me had experienced that problem and though out this web2py user
forum, no effective solutions or how tos really stands out .. there is no
solid approach to this !  .. if there is one, then I have not found it !
...or if someone knows ... please point me in a that direction !

Can someone stand up  take the time and share or write a good slice
about this ! ... a lot of users will benefit from this ! .. the few slices
that exist about file uploads and ajax are not well explained or outdated
or simply do not work !

thank you

Don

-- 

[web2py] Re: About crud.update to edit or update a user's profile info !

[Massimo Di Pierro]

I will look into this shortly anyway... having a picture in the auth_user 
table is a vulnerability. This is because the upload entry may appear upon 
registration allowing un-registered users to uploading large files.

On Saturday, 1 December 2012 08:59:21 UTC-6, Don_X wrote:
>
> Hello web2py users,
>
> I am in the process of completing the "edit profile" option for the web 
> app members  and I am experiencing a particular problem that is causing me 
> a headache !
>
> in the profile controller, I am using the following function to update a 
> user's profile :
>
> def editprofile():
>table = db.auth_user
>form= crud.update(table,request.args(0)) 
>return dict(form=form)
>
>
> and in the view, just to test this function, I am starting out with a 
> simple view with no customization like :
> {{extend 'profile/userlayout.html'}}
> This is editprofile 
> {{=form}}
>
> in db.auth_user there is the picture or avatar for the user among other 
> fields
>
> First observation ) When a user updates his profile, all other fields gets 
> updated ...  except the picture field !  ??? 
>
> Second ) the fields that used checkboxes as widgets when the user was 
> registering on the site do not show as checked on the edit profile view !
>
> So :
> the user's profile keeps the old picture and old thumbnail even after 
> uploading a new one to replace the old   
> the new picture uploaded does not even make it to the table nor to the 
> upload folder ! ... however, I do get the message that the uploaded pic was 
> re-sized but ... it is not there !
>  and I wish to have that same picture to show up on the edit profile page 
> before the  submit (update) button is pressed !
>
> And why doesn't the checkboxes show their status or value when in edit 
> profile view ?
> any assistance on this will be greatly appreciated ! 
>
> thank you
>
> Don
>
>
>

--