On Jun 28, 10:01 pm, "Scott Moonen" <[EMAIL PROTECTED]> wrote:
> If you add the timestamp into both the hash and the token then you can
> achieve a more granular expiration policy.
That's the approach I use for djangopeople.net - the problem is that
including the timestamp lengthens the URL yet further. I actually use
a hex representation of the number of days since 2001/1/1 as a short
representation of a timestamp, which at least knocks it down to just 3
characters:
ORIGIN_DATE = datetime.date(2000, 1, 1)
hex_to_int = lambda s: int(s, 16)
int_to_hex = lambda i: hex(i).replace('0x', '')
def lost_url_for_user(username):
days = int_to_hex((datetime.date.today() - ORIGIN_DATE).days)
hash = md5.new(settings.SECRET_KEY + days + username).hexdigest()
return '/recover/%s/%s/%s/' % (
username, days, hash
)
def hash_is_valid(username, days, hash):
if md5.new(settings.SECRET_KEY + days + username).hexdigest() !=
hash:
return False # Hash failed
# Ensure days is within a week of today
days_now = (datetime.date.today() - ORIGIN_DATE).days
days_old = days_now - hex_to_int(days)
if days_old < 7:
return True
else:
return False
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"Django developers" group.
To post to this group, send email to django-developers@googlegroups.com
To unsubscribe from this group, send email to [EMAIL PROTECTED]
For more options, visit this group at
http://groups.google.com/group/django-developers?hl=en
-~----------~----~----~----~------~----~------~--~---
