It's a bit big because of all the validations, but here it goes:
import re, random, os, shutil def create(): first_name = request.vars.firstname session.first_name = first_name last_name = request.vars.lastname session.last_name = last_name email = request.vars.email session.email = email username = request.vars.username session.username = username password = request.vars.password confirm_password = request.vars.confirm_password domains = "aero", "asia", "biz", "cat", "com", "coop", \ "edu", "gov", "info", "int", "jobs", "mil", "mobi", "museum", \ "name", "net", "org", "pro", "tel", "travel" if len(email) < 8: session.flash=T('Please enter a valid email address') redirect(URL(r=request,c='default', f="register")) # Split up email address into parts. try: localpart, domainname = email.rsplit('@', 1) host, toplevel = domainname.rsplit('.', 1) except ValueError: session.flash=T('Please enter a valid email address') redirect(URL(r=request,c='default', f="register")) # Check for Country code or Generic Domain. if len(toplevel) != 2 and toplevel not in domains: session.flash=T('Please enter a valid email domain name') redirect(URL(r=request,c='default', f="register")) for i in '-_.%+.': localpart = localpart.replace(i, "") for i in '-_.': host = host.replace(i, "") if not localpart.isalnum() and not host.isalnum(): session.flash=T('Please enter a valid email address') redirect(URL(r=request,c='default', f="register")) if not password==confirm_password: session.flash=T('Please enter the same passwords!') redirect(URL(r=request,c='default', f="register")) users = db().select(db.auth_user.id, db.auth_user.username, db.auth_user.email, orderby=db.auth_user.id) for user in users: if username==user.username: session.flash=T('Username already in use!') redirect(URL(r=request,c='default', f="register")) if email==user.email: session.flash=T('Email already in use!') redirect(URL(r=request,c='default', f="register")) my = str(user.id+1) password=db.auth_user.password.requires[0](password)[0] photo_filename='' photo_path='' photo_file='' photo = request.vars.photo if not photo=='': ext = re.compile('\.\w+$').findall(photo.filename.strip())[0] if ext != '.jpg' and ext != '.png': session.flash=T('Invalid image file') return photo_filename photo_filename = 'auth_user.picture.'+my +'.'+str(random.random())[2:] + ext photo_path = os.path.join(request.folder, 'uploads/', photo_filename) photo_file = open(photo_path,'wb') shutil.copyfileobj(photo.file, photo_file) photo_file.close() user = db.auth_user.insert(first_name=first_name, last_name=last_name, email=email, username=username, password=password, picture=photo_filename) mail.send(to='t...@test.com', subject='new user', message="new user registed with email %s" %email) form='image_crop' session.photo_path=photo_path if photo_file=='': session.flash=T('Register OK') redirect(URL(r=request, c='default', f="login")) return dict(photo_filename=photo_filename, photo_file=photo_file, photo_path=photo_path, form=form, my=my)