Re: [web2py] Re: About crud.update to edit or update a user's profile info !
thank you for the response Massimo, I do agree with your thoughts regarding the vulnerability exposed upon a new registration ! that can easily be arranged by adding an additional table to manage all users profile pics ! ... that way, a user can only upload his avatar ( or picture ) only when they are already registered and when they decide to edit their profile, they will be able to upload their own pic ... However, I still foresee the same problem, when it comes to edit that profile pic, with the crud.update for that eventual userimage table that will referenced the appropriate auth_user table record... I come to realize that there are many issues or challenges regarding pictures, uploading pictures, *viewing pictures upon uploads before submitting or updating a form (or crud)* etc .. throughout the web2py forum This is a matter that needs to be addressed head on, through a slice or a how to article, we know that it certainly involves ajax ... but many before me had experienced that problem and though out this web2py user forum, no effective solutions or how tos really stands out .. there is no solid approach to this ! .. if there is one, then I have not found it ! ...or if someone knows ... please point me in a that direction ! Can someone stand up take the time and share or write a good slice about this ! ... a lot of users will benefit from this ! .. the few slices that exist about file uploads and ajax are not well explained or outdated or simply do not work ! thank you Don --
[web2py] Re: About crud.update to edit or update a user's profile info !
I will look into this shortly anyway... having a picture in the auth_user table is a vulnerability. This is because the upload entry may appear upon registration allowing un-registered users to uploading large files. On Saturday, 1 December 2012 08:59:21 UTC-6, Don_X wrote: > > Hello web2py users, > > I am in the process of completing the "edit profile" option for the web > app members and I am experiencing a particular problem that is causing me > a headache ! > > in the profile controller, I am using the following function to update a > user's profile : > > def editprofile(): >table = db.auth_user >form= crud.update(table,request.args(0)) >return dict(form=form) > > > and in the view, just to test this function, I am starting out with a > simple view with no customization like : > {{extend 'profile/userlayout.html'}} > This is editprofile > {{=form}} > > in db.auth_user there is the picture or avatar for the user among other > fields > > First observation ) When a user updates his profile, all other fields gets > updated ... except the picture field ! ??? > > Second ) the fields that used checkboxes as widgets when the user was > registering on the site do not show as checked on the edit profile view ! > > So : > the user's profile keeps the old picture and old thumbnail even after > uploading a new one to replace the old > the new picture uploaded does not even make it to the table nor to the > upload folder ! ... however, I do get the message that the uploaded pic was > re-sized but ... it is not there ! > and I wish to have that same picture to show up on the edit profile page > before the submit (update) button is pressed ! > > And why doesn't the checkboxes show their status or value when in edit > profile view ? > any assistance on this will be greatly appreciated ! > > thank you > > Don > > > --