thank you freeze for your slices code, now I try hash my password like you did in slices, copy clienttools.py to cd/modules folder,I use the code in "def user" in default.py and "def clientcrypt_auth" in db.py like below,but fail, I can register user but password was not hashed in database and still plain text. when I log out, I can not login again with the register one. what I missed in this?
please advise. Frank def user(): if maint_mode and not 'logout' in request.args: session.flash = "Site is read-only for maintenance." redirect(URL(r=request,f='index')) if request.args: response.statusbar = request.args(0).replace("_"," ").capitalize() form = handler = None if not session.token: import uuid session.token=str(uuid.uuid4()) auth.settings.login_methods = [clientcrypt_auth(db,session.token)] page.include("http://plugins.jquery.com/files/jquery.sha256.min.js.txt", download=True,filename="jquery.sha256.min.js") if request.args(0) == 'register': setpass = jq("#auth_user_password").val(jq().sha256hmac( jq("#auth_user_username"), jq("#auth_user_password")) )() setverify = jq("input[name='password_two']").val(jq().sha256hmac( jq("#auth_user_username"), jq("input[name='password_two']")) )() handler = setpass + setverify if request.args(0) == 'login': auth.settings.captcha = None form=auth() hdn = INPUT(_type="hidden",_name="token",_value=session.token) form.components.append(hdn) setpass = jq("#auth_user_password").val(jq().sha256hmac( jq("#auth_user_username").val().toLowerCase(), jq("#auth_user_password")) )() setagain = jq("#auth_user_password").val(jq().sha256hmac(jq(hdn), jq("#auth_user_password")) )() handler = setpass + setagain if request.args(0)== "retrieve_password" and request.vars.email: user = db(db.auth_user.email== request.vars.email).select() if user: user=user[0] t = auth.settings.table_user t.password.requires = CRYPT(key=user.username,digest_alg="sha256") if request.args(0)=="change_password" and auth.is_logged_in(): form=auth() hdn = INPUT(_type="hidden",_name="username",_value=auth.user.username) form.components.append(hdn) setold = jq("#no_table_old_password").val(jq().sha256hmac( jq(hdn), jq("#no_table_old_password")) )() setnew = jq("#no_table_new_password").val(jq().sha256hmac( jq(hdn), jq("#no_table_new_password")) )() setverify = jq("#no_table_new_password2").val(jq().sha256hmac( jq(hdn), jq("#no_table_new_password2")) )() handler = setold + setnew + setverify if not form: form=auth() if handler: event.listen("submit","form", handler ) return dict(form=form) from applications.cd.modules.clienttools import * page = PageManager(globals()) event = EventManager(page) js = ScriptManager(page) jq = JQuery def clientcrypt_auth(db, key): def clientcrypt_login_aux(username, password, db=db, key=key): user = db(db.auth_user.username == username).select() if user: user=user[0] userpass_crypt, error = CRYPT(key=key,digest_alg="sha256")(user.password) if request.vars.password==userpass_crypt: return True return False return clientcrypt_login_aux