suppose password='12345' and db.auth_user.first_name=='Lucas' so i find user by first_name, row_user=db(db.auth_user.first_name=='Lucas').select().first() and row_user.password='pbkdf2(1000,20,sha512)$97448b22487eca1d$dae65c0429430b7ae7bb311fed8e844b6a37ff30'
db.auth_user.password.validate('12345') == (db(db.auth_user.id==row_user.id).select ().first ().password, None) return False CRYPT()('12345')==(row_user.password,None) also returns false where I am going wrong? On Friday, December 21, 2012 11:12:26 PM UTC-2, Pearu Peterson wrote: > > Hi, > > I have a password in plain text and I want to check if it matches with the > crypted password in auth_user.password field. > > I have tried comparing auth_user.password with > str(db.auth_user.password.validate(plain_password)[0]) with no success even > when I know that the passwords match exactly. > > The problem seems to boil down to the fact that encryption of the same > string results different encrypted strings. For example, > >>> from gluon.validators import CRYPT, LazyCrypt > >>> crypt = CRYPT() > >>> str(LazyCrypt(crypt, 'mysecret')) > > 'pbkdf2(1000,20,sha512)$a2a2ca127df6bc19$77bb5a3d129e2ce710daaefeefef8356c4c827ff' > >>> str(LazyCrypt(crypt, 'mysecret')) > > 'pbkdf2(1000,20,sha512)$a555a267249876fb$bc18f82b72a3a5ebce617f32d6abaa5c48734ab9' > > What would be the correct way to check if passwords match when they are > given in encrypted form? > > Any hints are appreciated, > Pearu > > -- --- You received this message because you are subscribed to the Google Groups "web2py-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to web2py+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/groups/opt_out.