technically though USERNAME is clear. so you need to query for username and
just match the password with the crypted value.
On Monday, August 29, 2016 at 3:05:20 AM UTC+2, Massimo Di Pierro wrote:
>
> This cannot be done. It is a feature not a bug. The purpose of the salt in
> the hashed
This cannot be done. It is a feature not a bug. The purpose of the salt in
the hashed password is to prevent brute force attacks to the database. What
you are doing is the brute force attack.
The only way to do it is to select all records. Loop one by one and compare
them with
encpwd =
db((db.auth_user.username == request.vars.username) &
(db.auth_user.password ==
CRYPT(digest_alg='pbkdf2(1000,20,sha512)')(request.vars.password)[0])).select()
this doesn't work at all too.
On Saturday, August 27, 2016 at 5:44:53 PM UTC+5:30, Kiran Subbaraman wrote:
>
> The book can help you:
The book can help you:
http://web2py.com/books/default/chapter/29/06/the-database-abstraction-layer#Logical-operators
You need to use the right operator in your query
You can also use the web2py debugger to figure out how your code works
and values returned, at runtime.
Anyone there? Anthony?
On Friday, August 26, 2016 at 7:38:40 PM UTC+5:30, Steve Joe wrote:
>
> *db(db.auth_user.username == request.vars.username and
> db.auth_user.password == CRYPT(request.vars.password)).select()*
>
>
> *if db(db.auth_user.username == request.vars.username and
>
*db(db.auth_user.username == request.vars.username and
db.auth_user.password == CRYPT(request.vars.password)).select()*
This also doesn't work either.
On Friday, August 26, 2016 at 7:30:41 PM UTC+5:30, Niphlod wrote:
>
> fortunately the password doesn't get stored in plain text on web2py :D
fortunately the password doesn't get stored in plain text on web2py :D You
need to apply CRYPT() before comparing. Read more about that on the book.
On Friday, August 26, 2016 at 3:31:54 PM UTC+2, Steve Joe wrote:
>
> IN PHONEGAP:
>
> https://#someurl#.pythonanywhere.com/welcome/phonegap/login
>
7 matches
Mail list logo
