[Zope] How to use "lower" attribute (or function) to catch duplicate
User IDs?
Bob King
mlc@subbob.net
Wed, 26 Feb 2003 21:58:17 -0600
I am new to Zope (less than a week) and I'm in the process of writing a
small portal where users can sign themselves up.
Right now it is working, but I have a few known problems - one of which is
that my routine that checks for duplicate User IDs is case-sensitive (i.e.
it would allow "bob","Bob" and "BOB" all to register).
I also realize that what I have right now is kluged together - I'm sure
there is a more efficient (and more elegant) way of doing what I've done.
Here's the basic outline of what I have done so far. It is very skeletal
right now, as I'm figuring out how to use Zope.
Public Access page:
-> Contains link to sign up
-> Contains link to members only side
Private Page:
-> contains link to make entry in member database
-> contains link to list members
Logic Flow:
NewLAGUserForm - captures first attempt to create User ID & calls
VerifyLAGUserForm
VerifyLAGUserForm - checks data, if all OK, calls AddLAGUser, otherwise
redisplays entry form (with appropriate error messages) and submits input
to VerifyLAGUserForm again
AddLAGUser - makes entry into acl_users with appropriate role, makes entry
into SQL database with user information, emails "thank you" message to user
with User ID & password info
SECURITY QUESTION: - In order for this to work I had to set the security
for on acl_users (for this folder) to "Manage users" for "Anonymous". Does
this open up any way for someone to gain access directly to the acl_users
folder? I've tried to and it seems like it is still safe - I have the
'Member' role hardcoded into the add user script.
Code Examples
Rather than post lengthy codes segments to the list, I put all of the code
examples online as text files via the following link:
http://examples.subbob.net (non-zope)
The working implementation of the above files may be found at:
http://www.subbob.net:8081/wargames
Feel free to try it out as I'm only in testing right now and will be
purging the database when testing is complete.
Outstanding Questions:
1) How to track a "state" within a given DTML Document or Method? The
Verify form is very cumbersome as I go through each "test" twice.
The first set of nested ifs are used to determine the overall validity of
the submission - if it gets to the "center" of the nest, the data is submitted.
If any errors exist, then I retest each parameter prior to redisplaying the
form in order to flag the associated input box with an error message. I
had to do that way because I couldn't figure out a way to accomplish it
like this in DTML:
If email-good then
email-error=0
else
email-error=1
Then check, if all error values=0, submit the form, otherwise display the
errors.
I'll appreciate any feedback on what I've done so far - I've probably
violated most accepted practices of "good" zope coding! :)