On Sep 18, 2009, at 4:44 PM, waTR wrote:
>
> I need to be able to compare another password submitted against the
> one in that field. How would I go about doing that? What functions are
> available in web2py for this.
>
> db.define_table('pass',
> SQLField("password", 'password', readable=False, label='Password',
> requires=CRYPT()))
>
> I.e. I have just submitted a form that contains a
> request.get_vars.password
> how do I compare that password against the one in db.
Here's the central code in Auth.login:
users = self.db(table_user[username] == form.vars
[username]).select()
if users:
# user in db, check if registration pending or
disabled
temp_user = users[0]
...
if not user:
# alternates have failed, maybe because
service inaccessible
if self.settings.login_methods[0] == self:
# try logging in locally using cached
credentials
if temp_user[passfield] == form.vars.get
(passfield, ''):
# success
user = temp_user
The values being compared are hashes, because the field in question
requires IS_CRYPT(), which really doesn't do anything but hash the
value.
>
>
>
>
>
>
> On Sep 18, 1:34 pm, Jonathan Lundell <[email protected]> wrote:
>> On Sep 18, 2009, at 1:06 PM, waTR wrote:
>>
>>> Related question though... how can one check if password entered
>>> matches password stored in DB for that user? When I retrieve the
>>> stored password via select(), it is encrypted. How does Auth
>>> decrypt?
>>> Where can I find that code (what file)?
>>
>> Briefly, you don't decrypt the stored password. Actually, you can't,
>> because it's not encrypted; it's hashed.
>>
>> You check it by hashing the login password and comparing the hashes.
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"web2py-users" group.
To post to this group, send email to [email protected]
To unsubscribe from this group, send email to
[email protected]
For more options, visit this group at
http://groups.google.com/group/web2py?hl=en
-~----------~----~----~----~------~----~------~--~---
