If i am correct this will not work because it should be:
1. check last character
2. remove last character
3. do db validation
I think onvalidation does db validation and then 1&2.
Db validation will not pass because usernames are stored without last
character (as stated in first post).
Not sure if I am right but should be easy to check :)
Marin
On Thu, Mar 29, 2012 at 10:55 PM, Marin Pranjić <marin.pran...@gmail.com>wrote:
> Is check_username triggered before or after the database validation? I am
> not able to check it now.
>
> Marin
>
>
>
> On Thu, Mar 29, 2012 at 10:46 PM, Anthony <abasta...@gmail.com> wrote:
>
>> Oops, right. In that case, I would reverse the if/else.
>>
>>
>> On Thursday, March 29, 2012 4:11:13 PM UTC-4, Detectedstealth wrote:
>>>
>>> Yes I think you are correct, your solution is cleaner and explains the
>>> problem. However the last character would still need to be removed so your
>>> solution would need to be changed to:
>>>
>>> def check_username(form):
>>> if not form.vars.username.en**dswith('R')
>>> form.errors.username = '**Invalid username'
>>> else:
>>> form.vars.username = forms.vars.username[:-1]
>>>
>>> auth.settings.login_**onvalidation = [check_username**]
>>>
>>> Or is there a different way to handle that?
>>>
>>> On Thu, Mar 29, 2012 at 1:01 PM, Anthony <abasta...@gmail.com> wrote:
>>>
>>>> I just used the following because I don't want their login to succeed
>>>>> if they enter no character IE: 0000012 the real username without the
>>>>> character should also fail.
>>>>>
>>>>> if request.args(0) == 'login' and request.post_vars.username:
>>>>> login_char = request.post_vars.username[-1]
>>>>> if login_char == 'R':
>>>>> request.post_vars.username = request.vars.username =
>>>>> request.post_vars.username[:-**1**] # remove last character
>>>>> else:
>>>>> request.post_vars.username = request.vars.username =
>>>>> request.post_vars.username + 'X'
>>>>>
>>>>
>>>> Actually, Marin's original solution would already protect against
>>>> entering the real username without the extra character because it stripped
>>>> the last character, which would therefore not match the username in the db.
>>>> The problem was that it would succeed with any extra character at the end,
>>>> not just with 'R'. Your solution above handles that problem, though I think
>>>> the onvalidation solution is simpler and more straightforward (and it
>>>> enables you to emit a custom error message for the particular case where
>>>> the last character is incorrect if desired).
>>>>
>>>> Anthony
>>>>
>>>>
>>>
>>>
>>>
>>> --
>>> --
>>> Regards,
>>> Bruce Wade
>>> http://ca.linkedin.com/in/**brucelwade<http://ca.linkedin.com/in/brucelwade>
>>> http://www.wadecybertech.com
>>> http://www.warplydesigned.com
>>> http://www.**fitnessfriendsfinder.com<http://www.fitnessfriendsfinder.com>
>>>
>>
>
