Hi! You can use CRYPT <http://web2py.com/books/default/chapter/29/07/forms-and-validators#Complexity-and-security-validators> validator: password_err = CRYPT()(request.vars.password) password_err[0] # - LazyCrypt object (if password_err[1] == None) that will be calculated while insert(). Call str(password) to get a hash-string, but it's redundant password_err[1] # - Error if validation failed
On Tuesday, January 2, 2018 at 7:43:54 PM UTC+3, David Cabeza wrote: > > Hello, > > I am making a register page because in my system, users are registered by > certain users (administrators) with that permission. > > I can't use web2py custom register form because when I place > auth.register() in the controller I'm being sent to index (because I am > logged in) > > The thing is that I receive password in plain text via > request.vars.password and I am trying to apply to the password the > algorithm that web2py uses to insert registered user directly in auth_user > table. > > This is what I tried > > from gluon.contrib.pbkdf2 import pbkdf2_hex > from hashlib import sha512 > > @auth.requires(lambda: check_role()) > def register(): > > if request.vars and request.vars.register == "do_register": > db.auth_user.insert(first_name=request.vars.first_name, > last_name=request.vars.last_name, email=request.vars.email, > password=pbkdf2_hex(request.vars.password, 'salt', iterations=1000, > keylen=20, hashfunc=sha512)) > > What is the best way to do this? > > Thank you. > -- Resources: - http://web2py.com - http://web2py.com/book (Documentation) - http://github.com/web2py/web2py (Source code) - https://code.google.com/p/web2py/issues/list (Report Issues) --- You received this message because you are subscribed to the Google Groups "web2py-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
