This cannot be done. It is a feature not a bug. The purpose of the salt in
the hashed password is to prevent brute force attacks to the database. What
you are doing is the brute force attack.
The only way to do it is to select all records. Loop one by one and compare
them with
encpwd =
CRYPT(digest_alg='pbkdf2(1000,20,sha512)')(request.vars.password)[0])
for row in db(..).select():
if row.password == encpwd: ....
I guess this is a ever more brute force attack.... It will be slow but may
work on small databases.
On Sunday, 28 August 2016 08:39:06 UTC-5, Steve Joe wrote:
>
> db((db.auth_user.username == request.vars.username) &
> (db.auth_user.password ==
> CRYPT(digest_alg='pbkdf2(1000,20,sha512)')(request.vars.password)[0])).select()
> this doesn't work at all too.
>
> On Saturday, August 27, 2016 at 5:44:53 PM UTC+5:30, Kiran Subbaraman
> wrote:
>>
>> The book can help you:
>> http://web2py.com/books/default/chapter/29/06/the-database-abstraction-layer#Logical-operators
>> You need to use the right operator in your query
>> You can also use the web2py debugger to figure out how your code works
>> and values returned, at runtime.
>>
>> ________________________________________
>> Kiran Subbaramanhttp://subbaraman.wordpress.com/about/
>>
>> On Sat, 27-08-2016 2:50 PM, Steve Joe wrote:
>>
>> Anyone there? Anthony?
>>
>> On Friday, August 26, 2016 at 7:38:40 PM UTC+5:30, Steve Joe wrote:
>>>
>>> *db(db.auth_user.username == request.vars.username and
>>> db.auth_user.password == CRYPT(request.vars.password)).select()*
>>>
>>>
>>> *if db(db.auth_user.username == request.vars.username and
>>> db.auth_user.password ==
>>> CRYPT(digest_alg='md5')(request.vars.password)[0]).select(): *
>>>
>>> Both of them don't work either.
>>>
>>> On Friday, August 26, 2016 at 7:30:41 PM UTC+5:30, Niphlod wrote:
>>>>
>>>> fortunately the password doesn't get stored in plain text on web2py :D
>>>> You need to apply CRYPT() before comparing. Read more about that on the
>>>> book.
>>>>
>>>> On Friday, August 26, 2016 at 3:31:54 PM UTC+2, Steve Joe wrote:
>>>>>
>>>>> IN PHONEGAP:
>>>>>
>>>>> <form action="https://#someurl#.
>>>>> pythonanywhere.com/welcome/phonegap/login">
>>>>> username:<br>
>>>>> <input type="text" name="username" value="username">
>>>>> <br>
>>>>> Password:<br>
>>>>> <input type="password" name="password" value="">
>>>>> <br><br>
>>>>> <input type="submit" value="Submit">
>>>>> </form>
>>>>>
>>>>>
>>>>> IN WEB2PY:
>>>>>
>>>>> def login():
>>>>> k="false"
>>>>> if db(db.auth_user.username == request.vars.username and
>>>>> db.auth_user.password == request.vars.password).select():
>>>>> k="true"
>>>>> return locals()
>>>>>
>>>>> and in view I can see:
>>>>>
>>>>> <Storage {'username': 'shinchan', 'password': '1156'}> false
>>>>> which means I got k as false.
>>>>>
>>>>> The username and pasword are correct according to my database but I
>>>>> can't login. What should I do?
>>>>>
>>>> --
>> Resources:
>> - http://web2py.com
>> - http://web2py.com/book (Documentation)
>> - http://github.com/web2py/web2py (Source code)
>> - https://code.google.com/p/web2py/issues/list (Report Issues)
>> ---
>> You received this message because you are subscribed to the Google Groups
>> "web2py-users" group.
>> To unsubscribe from this group and stop receiving emails from it, send an
>> email to [email protected].
>> For more options, visit https://groups.google.com/d/optout.
>>
>>
>>
--
Resources:
- http://web2py.com
- http://web2py.com/book (Documentation)
- http://github.com/web2py/web2py (Source code)
- https://code.google.com/p/web2py/issues/list (Report Issues)
---
You received this message because you are subscribed to the Google Groups
"web2py-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
For more options, visit https://groups.google.com/d/optout.
