SOLVED: Have to use:
DB: requires=CRYPT(key=auth.settings.hmac_key) CONTROLLER: myhash = hmac.new(auth.settings.hmac_key, request.vars.get (passfield,''), hashlib.sha512).hexdigest() Note that hashlib.sha512 has to be used rather than md5. Thanks for all the help! On Sep 21, 12:46 pm, Jonathan Lundell <jlund...@pobox.com> wrote: > On Sep 21, 2009, at 11:22 AM, waTR wrote: > > > > > > > @Fran: Thanks! That is exactly what I needed to see. > > > @Jonathan: > > > Yeah, but FORM isn't the most comfortable thing for a webdesigner to > > use ;) > > > In our team we are separate...web designer doesnt know web2py and > > doesn't want to know it...nor should he be forced to have to learn > > it... > > > All of web2py helpers are nice for developers...but useless for web > > designers, as they make everything in html/css/javascript... I need to > > be able to take their designs and put code behind them...without re- > > doing their work in any-way...this includes re-building their forms in > > web2py using FORM. > > Well, that's reasonable. But I think it's desirable to use common code > for hashing passwords when they're first written to the database and > when they're being checked. > > > > > On Sep 21, 8:06 am, Jonathan Lundell <jlund...@pobox.com> wrote: > >> On Sep 21, 2009, at 12:02 AM, Fran wrote: > > >>> On Sep 21, 5:13 am, waTR <r...@devshell.org> wrote: > >>>> Is it possible to convert the request.vars.get(passfied, '') to the > >>>> same hash form as you would get from using form() ? > > >>> Yes: > >>> myhash = hmac.new(auth.settings.hmac_key, request.vars.get > >>> (passfield, > >>> ''), hashlib.md5).hexdigest() > >>> if myhash == db(db.auth.settings.table_user.id == myid).select > >>> [0].password: > >>> # we match > >>> ... > > >>> NB Code not fully-tested, but I hope you get the idea... > > >> You're better off doing through the form (and the CRYPT instance), I > >> think, since you'll automatically use the same hash method that the > >> form does (which might not be md5). --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "web2py-users" group. To post to this group, send email to web2py@googlegroups.com To unsubscribe from this group, send email to web2py+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/web2py?hl=en -~----------~----~----~----~------~----~------~--~---
