Yeah that is pretty much what I did. Their may be a better way to handle
this however this was fast and easy. I have two different frameworks that
need to access the database, this way allows for members to use both
frameworks.
in def user():
auth.settings.login_onvalidation = [check_old_login_details]
def check_old_login_details(form):
if form.vars.username.endswith('R'):
form.vars.username = form.vars.username[:-1]
user = db(db.auth_user.username == form.vars.username).select().first()
if user:
if user.password != form.vars.password:
import hashlib
hashed_password =
hashlib.sha224(request.vars.password).hexdigest() # example of different
password
user_old = db(db.users.username ==
form.vars.username).select().first()
if user_old:
if user_old.password == hashed_password:
user.password = form.vars.password
user.update_record()
else:
user_old = db(db.users.username ==
form.vars.username).select().first()
if user_old:
import hashlib
hashed_password =
hashlib.sha224(request.vars.password).hexdigest() # example of different
password
if user_old.password == hashed_password:
new_user = db[auth.settings.table_user].insert(
username=user_old.username,
account_id=user_old.account_id,
email=user_old.email,
password=form.vars.password,
security=form.vars.password)
db.commit()
On Sat, Apr 14, 2012 at 2:22 PM, pbreit <[email protected]> wrote:
> I'd be curious what you did.
>
> I've been wanting to switch my passwords to something salted or bcrypt.
> Can web2py's password handling be modified to try the new one, try the old
> one, if old one works convert to new one?
>
--
--
Regards,
Bruce Wade
http://ca.linkedin.com/in/brucelwade
http://www.wadecybertech.com
http://www.fittraineronline.com - Fitness Personal Trainers Online
http://www.warplydesigned.com
