that makes sense. thanks!
On Monday, April 16, 2012 11:39:52 AM UTC+8, Matt Gorecki wrote: > > In one of my applications, I create users by hand as well with a custom > form. My flow goes something like this: > > 1. Fill out the Create User form. There are is no password field here. > 2. In the function that processes the form, I generate a random, readable > password at the beginning. > 3. Before inserting into the database, I encrypt the password: > my_crypt = CRYPT(key=auth.settings.hmac_key) > crypt_pass = my_crypt(passwd)[0] > > 4. Once that is successful, I send the email out with the plaintext > password from the beginning. > > > Here's the function I use to generate a readable, random password. > https://gist.github.com/2396242 > > > Matt Gorecki > > On Sunday, April 15, 2012 9:06:21 PM UTC-6, weheh wrote: >> >> I'm building an administrative interface where only the admin can >> register new users. Upon registering a new user, the system will email >> login and initial temporary password to user. I'm using the auth_user table >> but with a customized form and create action. Is there a way to capture the >> password before it's encrypted? >> >> Obviously, I can have the admin enter the password twice, the second time >> as a string, but that's a little user hostile. I could make an ajax call >> that would copy it behind the scenes, but that's extra work. What's the >> easy way? >> >> def create(): >> """adds a new user to the auth_user database""" >> response.sub_title = T('Add New User') >> form = SQLFORM.factory( >> db.auth_user.username, >> db.auth_user.password, >> db.auth_user.email, >> ) >> # password not available here >> if form.process(onvalidation=get_password).accepted: >> user_id = db.auth_user.insert( >> username=form.vars.username, >> password=form.vars.password, # password already >> encrypted here >> email=form.vars.email, >> ) >> send_new_user_mail(form.vars.username, form.vars.email, response. >> password) >> session.flash = T('Added new user') >> redirect(URL(c='user', f='manage_users')) >> elif form.errors: >> response.flash = T('Please correct errors') >> return dict(form=form) >> >> def get_password(form): >> # password already encrypted here >> ... >> >
