Sample controller code:
(This is not production quality code. It is meant only to suggest an
approach to use).
def isloggedin_cookieless0(self):
request,response,session,cache,T,db=self._globals()
retIsLoggedIn = False
person_id = session.person_id
retIsLoggedIn = True if person_id else False
if retIsLoggedIn:
resmsg = T("OK")
else:
resmsg = T("Not Logged In")
return (retIsLoggedIn, resmsg)
def isloggedin_cookieless(self):
request,response,session,cache,T,db=self._globals()
session_id_tuple0 = response.session_id # example
'None:d602d501-877d-42aa-9b52-0e58a91b8336'
session_tuple_split = session_id_tuple0.split(':')
session_record_id = session_tuple_split[0]
session_guid = session_tuple_split[1]
if session_record_id == 'None':
session_record_id_fromweb2py = response.session_record_id
else:
session_record_id_fromweb2py = int(session_record_id)
if 'cred' in request.post_vars:
basic_cred = request.post_vars.cred
if not basic_cred[:6].lower() == 'basic ':
basic_cred = 'basic ' + basic_cred
if not basic_cred or not basic_cred[:6].lower() == 'basic ':
user = None
pwd = None
else:
import base64
(user, pwd) = base64.b64decode(basic_cred[6:]).split(':')
pwdcrypt=CRYPT()(pwd)[0]
rows=db(db.person.email==user)\
(db.person.password==pwdcrypt).select()
if rows:
session.person_id=rows[0].id
retIsLoggedIn, resmsg = self.isloggedin_cookieless0()
result = '{ "IsLoggedIn": "%s", "session_record_id_fromweb2py":"%s",
"session_guid_fromweb2py":"%s","resmsg": "%s"}' % (retIsLoggedIn,
session_record_id_fromweb2py, session_guid, resmsg) # Use this if called
from xmlHttpRequest in Javascript
response.headers['Content-Type'] = 'application/jsonp'
response.headers['Access-Control-Allow-Origin'] = '*' # CORS
response.view = 'generic.jsonp' # Using python code in file
init/views/generic.jsonp to leave data unescaped
return result
def login_cookieless(self):
request,response,session,cache,T,db=self._globals()
resmsg = T("Invalid login credentials")
retIsLoggedIn, resmsg = self.isloggedin_cookieless0()
if retIsLoggedIn:
resmsg = T("Already Logged In")
if (not retIsLoggedIn) and (request.is_https or
(request.client=='127.0.0.1')):
basic_cred = request.post_vars.cred
if not basic_cred or not basic_cred[:6].lower() == 'basic ':
user = None
pwd = None
else:
import base64
(user, pwd) = base64.b64decode(basic_cred[6:]).split(':')
pwdcrypt=CRYPT()(pwd)[0]
rows=db(db.person.email==user)\
(db.person.password==pwdcrypt)\
(db.person.registration_key=='').select()
if rows:
retIsLoggedIn = True
session.person_id=rows[0].id
session.person_name=rows[0].name
session.person_email=rows[0].email
ressessioncookiename = response.session_id_name
sessiontuplesplit = response.session_id.split(':')
session_record_id = sessiontuplesplit[0]
session_guid = sessiontuplesplit[1]
resmsg = T("Login Successful")
result = '{ "IsLoggedIn":"%s", "sessioncookiename_fromweb2py":"%s",
"session_record_id_fromweb2py":"%s", "session_guid_fromweb2py":"%s",
"resmsg":"%s"}' % (retIsLoggedIn, ressessioncookiename, session_record_id,
session_guid, resmsg) # Use this if called from xmlHttpRequest in
Javascript
response.headers['Content-Type'] = 'application/jsonp'
response.headers['Access-Control-Allow-Origin'] = '*' # CORS
response.view = 'generic.jsonp' # Using python code in file
init/views/generic.jsonp to leave data unescaped
return result
--
