>
> the verification email is sent before the
> register_onaccept
> callback, so if anything goes wrong during the callback (which I would
> still consider part of the registration process), the verification email
> will be sent regardless. I wonder if this would cause problem in some
> appli
>
> Actually, looking at the code, auth.user.id should work as well, unless
> you have auth.settings.registration_requires_verification = True, in which
> case, session.auth.user.id won't work either (but form.vars.id will work
> in either case).
>
I was going to update this post to reflect th
On Friday, April 20, 2012 5:50:25 PM UTC-4, Anthony wrote:
>
> The new user id should be in form.vars.id as well as session.auth.user.idat
> that point.
Actually, looking at the code, auth.user.id should work as well, unless you
have auth.settings.registration_requires_verification = True, in w
On Friday, April 20, 2012 6:28:45 PM UTC-4, cyan wrote:
>
>
> The new user id should be in form.vars.id as well as session.auth.user.id at
>> that point.
>
>
> Thanks Anthony. But is this documented anywhere in the manual or in any
> doc of Web2py? Otherwise, it is really difficult for users to f
> The new user id should be in form.vars.id as well as session.auth.user.id at
> that point.
Thanks Anthony. But is this documented anywhere in the manual or in any doc
of Web2py? Otherwise, it is really difficult for users to figure this out
without consulting experts like you.
You second
The new user id should be in form.vars.id as well as session.auth.user.id
at that point.
Is there a potential security problem here -- what would prevent someone
from manually altering the first arg in the URL to any arbitrary group
(e.g., "admin")? Perhaps you should check the value of request
6 matches
Mail list logo
