Ming that the result of CRYPT()('password')[0] is not the hashed password
but an object that, when converted to a string is a hashed password but
when compared to a hash-ed password string, performs the comparison using
the same salt and the same algorithm using the hash it is compering itself
with.
On Tuesday, 28 June 2016 05:15:53 UTC-5, Marvix wrote:
>
> Ok, thanks to the suggestions. I'll give a try!
>
>
>
> 2016-06-27 23:15 GMT+02:00 Limedrop <[email protected]>:
>
>> The function you are looking for is CRYPT. You could but something like
>> this in an on_validation function:
>>
>> if auth.user.password ==
>> CRYPT()(request.vars.new_password)[0]:
>> form.errors.new_password = 'Cannot re-use password'
>>
>> On Friday, 24 June 2016 03:53:47 UTC+12, Marvix wrote:
>>>
>>> Hello,
>>>
>>> when an user is changing his password, is it possible to check if it is
>>> equal to the current? and refuse it in that case?
>>>
>>> Thanks!
>>>
>> --
>> Resources:
>> - http://web2py.com
>> - http://web2py.com/book (Documentation)
>> - http://github.com/web2py/web2py (Source code)
>> - https://code.google.com/p/web2py/issues/list (Report Issues)
>> ---
>> You received this message because you are subscribed to the Google Groups
>> "web2py-users" group.
>> To unsubscribe from this group and stop receiving emails from it, send an
>> email to [email protected].
>> For more options, visit https://groups.google.com/d/optout.
>>
>
>
--
Resources:
- http://web2py.com
- http://web2py.com/book (Documentation)
- http://github.com/web2py/web2py (Source code)
- https://code.google.com/p/web2py/issues/list (Report Issues)
---
You received this message because you are subscribed to the Google Groups
"web2py-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
For more options, visit https://groups.google.com/d/optout.
