suppose password='12345' and db.auth_user.first_name=='Lucas'
so i find user by first_name,
row_user=db(db.auth_user.first_name=='Lucas').select().first()
and
row_user.password='pbkdf2(1000,20,sha512)$97448b22487eca1d$dae65c0429430b7ae7bb311fed8e844b6a37ff30'
db.auth_user.password.validate('12345') ==
(db(db.auth_user.id==row_user.id).select ().first ().password, None)
return False
CRYPT()('12345')==(row_user.password,None)
also returns false
where I am going wrong?
On Friday, December 21, 2012 11:12:26 PM UTC-2, Pearu Peterson wrote:
>
> Hi,
>
> I have a password in plain text and I want to check if it matches with the
> crypted password in auth_user.password field.
>
> I have tried comparing auth_user.password with
> str(db.auth_user.password.validate(plain_password)[0]) with no success even
> when I know that the passwords match exactly.
>
> The problem seems to boil down to the fact that encryption of the same
> string results different encrypted strings. For example,
> >>> from gluon.validators import CRYPT, LazyCrypt
> >>> crypt = CRYPT()
> >>> str(LazyCrypt(crypt, 'mysecret'))
>
> 'pbkdf2(1000,20,sha512)$a2a2ca127df6bc19$77bb5a3d129e2ce710daaefeefef8356c4c827ff'
> >>> str(LazyCrypt(crypt, 'mysecret'))
>
> 'pbkdf2(1000,20,sha512)$a555a267249876fb$bc18f82b72a3a5ebce617f32d6abaa5c48734ab9'
>
> What would be the correct way to check if passwords match when they are
> given in encrypted form?
>
> Any hints are appreciated,
> Pearu
>
>
--
---
You received this message because you are subscribed to the Google Groups
"web2py-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to web2py+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/groups/opt_out.
