If i am correct this will not work because it should be: 1. check last character 2. remove last character 3. do db validation
I think onvalidation does db validation and then 1&2. Db validation will not pass because usernames are stored without last character (as stated in first post). Not sure if I am right but should be easy to check :) Marin On Thu, Mar 29, 2012 at 10:55 PM, Marin Pranjić <marin.pran...@gmail.com>wrote: > Is check_username triggered before or after the database validation? I am > not able to check it now. > > Marin > > > > On Thu, Mar 29, 2012 at 10:46 PM, Anthony <abasta...@gmail.com> wrote: > >> Oops, right. In that case, I would reverse the if/else. >> >> >> On Thursday, March 29, 2012 4:11:13 PM UTC-4, Detectedstealth wrote: >>> >>> Yes I think you are correct, your solution is cleaner and explains the >>> problem. However the last character would still need to be removed so your >>> solution would need to be changed to: >>> >>> def check_username(form): >>> if not form.vars.username.en**dswith('R') >>> form.errors.username = '**Invalid username' >>> else: >>> form.vars.username = forms.vars.username[:-1] >>> >>> auth.settings.login_**onvalidation = [check_username**] >>> >>> Or is there a different way to handle that? >>> >>> On Thu, Mar 29, 2012 at 1:01 PM, Anthony <abasta...@gmail.com> wrote: >>> >>>> I just used the following because I don't want their login to succeed >>>>> if they enter no character IE: 0000012 the real username without the >>>>> character should also fail. >>>>> >>>>> if request.args(0) == 'login' and request.post_vars.username: >>>>> login_char = request.post_vars.username[-1] >>>>> if login_char == 'R': >>>>> request.post_vars.username = request.vars.username = >>>>> request.post_vars.username[:-**1**] # remove last character >>>>> else: >>>>> request.post_vars.username = request.vars.username = >>>>> request.post_vars.username + 'X' >>>>> >>>> >>>> Actually, Marin's original solution would already protect against >>>> entering the real username without the extra character because it stripped >>>> the last character, which would therefore not match the username in the db. >>>> The problem was that it would succeed with any extra character at the end, >>>> not just with 'R'. Your solution above handles that problem, though I think >>>> the onvalidation solution is simpler and more straightforward (and it >>>> enables you to emit a custom error message for the particular case where >>>> the last character is incorrect if desired). >>>> >>>> Anthony >>>> >>>> >>> >>> >>> >>> -- >>> -- >>> Regards, >>> Bruce Wade >>> http://ca.linkedin.com/in/**brucelwade<http://ca.linkedin.com/in/brucelwade> >>> http://www.wadecybertech.com >>> http://www.warplydesigned.com >>> http://www.**fitnessfriendsfinder.com<http://www.fitnessfriendsfinder.com> >>> >> >