thank you.
2013/4/6 Massimo Di Pierro <[email protected]> > This was explained many times before. You should look into the docstring > of the CRYPT validator for examples and explanations. The bottom line is > that > > db.auth_user.password.**validate(...) calls a crypt validator which > returns (lazy_crypt(...), None or 'error') > > The lazy_crypt object is not a string but it can be be comparer with a > string and serialized into a string. > > lazy_crypt(...) == 'hashed.... password' reads the salt from the right > hand side in order to perform a comparison. > > Massimo > > > On Friday, 5 April 2013 14:02:39 UTC-5, OrrĂ¹ wrote: >> >> >> suppose password='12345' and db.auth_user.first_name=='**Lucas' >> so i find user by first_name, >> row_user=db(db.auth_user.**first_name=='Lucas').select().**first() >> and >> row_user.password='pbkdf2(**1000,20,sha512)$**97448b22487eca1d$** >> dae65c0429430b7ae7bb311fed8e84**4b6a37ff30' >> >> db.auth_user.password.**validate('12345') == (db(db.auth_user.id== >> row_user.**id <http://row_user.id>).select ().first ().password, None) >> return False >> CRYPT()('12345')==(row_user.**password,None) >> also returns false >> >> where I am going wrong? >> >> On Friday, December 21, 2012 11:12:26 PM UTC-2, Pearu Peterson wrote: >>> >>> Hi, >>> >>> I have a password in plain text and I want to check if it matches with >>> the crypted password in auth_user.password field. >>> >>> I have tried comparing auth_user.password with str(db.auth_user.password. >>> **validate(plain_password)[0]) with no success even when I know that >>> the passwords match exactly. >>> >>> The problem seems to boil down to the fact that encryption of the same >>> string results different encrypted strings. For example, >>> >>> from gluon.validators import CRYPT, LazyCrypt >>> >>> crypt = CRYPT() >>> >>> str(LazyCrypt(crypt, 'mysecret')) >>> 'pbkdf2(1000,20,sha512)$**a2a2ca127df6bc19$** >>> 77bb5a3d129e2ce710daaefeefef83**56c4c827ff' >>> >>> str(LazyCrypt(crypt, 'mysecret')) >>> 'pbkdf2(1000,20,sha512)$**a555a267249876fb$** >>> bc18f82b72a3a5ebce617f32d6abaa**5c48734ab9' >>> >>> What would be the correct way to check if passwords match when they are >>> given in encrypted form? >>> >>> Any hints are appreciated, >>> Pearu >>> >>> -- > > --- > You received this message because you are subscribed to a topic in the > Google Groups "web2py-users" group. > To unsubscribe from this topic, visit > https://groups.google.com/d/topic/web2py/eqbXmseZ6XA/unsubscribe?hl=en. > To unsubscribe from this group and all its topics, send an email to > [email protected]. > For more options, visit https://groups.google.com/groups/opt_out. > > > -- --- You received this message because you are subscribed to the Google Groups "web2py-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/groups/opt_out.
