The logic is very complex because it needs to deal with many options and
not-break backward compatibility.
Normally an encrypted password looks like
algorithm$salt$hash
algorithm$$hash (no salt)
hash (legacy)
the hash is computing using the algorithm, the salt, and optionally a user
provided
If you do db.auth_user.validate_and_insert(...) to insert a new record, it
will run all the validators just like when a form is submitted, so it
should handle the hashing as usual (there's also a .validate_and_update()method
for updates).
Anthony
On Thursday, January 31, 2013 2:53:46 AM
lets say you want to control manually if some string is the password of the
user
email='some@email'
pwd='12312312'
hashed_pwd = db.auth_user.password.validate(pwd)[0] # I suppose this is
what you want
if
db(((db.auth_user.password==hashed_pwd)(db.auth_user.email==email)).count():
#do
How can i do it without the validate function or what do the validate
function do exactly ? am working with an API so am using another language ,
so i need to do what the validate dose .
regards,
On Thu, Jan 31, 2013 at 11:16 AM, Vasile Ermicioi elff...@gmail.com wrote:
lets say you want to
search in web2py sources
may be here https://github.com/web2py/web2py/blob/master/gluon/validators.py
--
---
You received this message because you are subscribed to the Google Groups
web2py-users group.
To unsubscribe from this group and stop receiving emails from it, send an email
to
5 matches
Mail list logo