In one of my applications, I create users by hand as well with a custom form. My flow goes something like this:
1. Fill out the Create User form. There are is no password field here. 2. In the function that processes the form, I generate a random, readable password at the beginning. 3. Before inserting into the database, I encrypt the password: my_crypt = CRYPT(key=auth.settings.hmac_key) crypt_pass = my_crypt(passwd)[0] 4. Once that is successful, I send the email out with the plaintext password from the beginning. Here's the function I use to generate a readable, random password. https://gist.github.com/2396242 Matt Gorecki On Sunday, April 15, 2012 9:06:21 PM UTC-6, weheh wrote: > > I'm building an administrative interface where only the admin can register > new users. Upon registering a new user, the system will email login and > initial temporary password to user. I'm using the auth_user table but with > a customized form and create action. Is there a way to capture the password > before it's encrypted? > > Obviously, I can have the admin enter the password twice, the second time > as a string, but that's a little user hostile. I could make an ajax call > that would copy it behind the scenes, but that's extra work. What's the > easy way? > > def create(): > """adds a new user to the auth_user database""" > response.sub_title = T('Add New User') > form = SQLFORM.factory( > db.auth_user.username, > db.auth_user.password, > db.auth_user.email, > ) > # password not available here > if form.process(onvalidation=get_password).accepted: > user_id = db.auth_user.insert( > username=form.vars.username, > password=form.vars.password, # password already > encrypted here > email=form.vars.email, > ) > send_new_user_mail(form.vars.username, form.vars.email, response. > password) > session.flash = T('Added new user') > redirect(URL(c='user', f='manage_users')) > elif form.errors: > response.flash = T('Please correct errors') > return dict(form=form) > > def get_password(form): > # password already encrypted here > ... >
