Hell Yarko,
Thanks for the note but you didn't really understand the problem, i do
know about the decorator and use it on my app.. My application has a
functionality that allow users to change their email (The email they
provide during registration process) and to do so they have to provide
their password so i can verify the password before changing the email
since changing the email is a sensitive process...
I wanted to know How to verify the password since the password is save
as an encrypted string...
here is what i did in my action class:
....
users = auth.db((db.auth_user.id == session.auth.user.id)&
(db.auth_user.oldemail == request.vars.oldemail)).select()
if users:
user = users[0]
if user['password'] != request.vars.get('password',''):
# the password not valid don't update the new email
else:
# password is valid and update the email
db(db.auth_user.id == session.auth.user.id).update
(email=request.vars.newEmail)
....
This password verification is not working and I was wondering how can
I make it work... I think its a very small thing that I'm missing...
Thanks again,
Yannick P.
On Jun 30, 11:36 am, Yarko Tymciurak <yark...@gmail.com> wrote:
> All you should have to do is add an authorization decorator to your
> function, e.g.:
>
> @auth.requires_login()
> def my_user_email_updater()
> # your stuff here
> return dict()
>
> Look at the Authorization section
> inhttp://www.web2py.com/examples/default/tools
>
> On Tue, Jun 30, 2009 at 7:16 AM, Hans Donner <hans.don...@pobox.com> wrote:
>
> > I think you should more look at how the login checks the password, and
> > not try to decrypt the password.
>
> > On Tue, Jun 30, 2009 at 2:05 PM, Yannick<ytchatch...@gmail.com> wrote:
>
> > > Hello mate,
> > > In my application I have this functionality that allow the users to
> > > change their email address and in order to do so they need to provide
> > > their password for authentication....
> > > Since the password is encrypted in the DB... How can I decrypt it for
> > > verification ?
> > > Here is my controller:
>
> > > @auth.requires_login()
> > > def changeEmail():
>
> > > current_email = auth.db(db.auth_user.id ==
> > > session.auth.user.id).select()[0].email
>
> > > from gluon.sqlhtml import form_factory
> > > chgEmailform = form_factory(
> > > SQLField('email',label='Old
> > > Email',requires=IS_NOT_EMPTY(), default="%s"%current_email),
> > > SQLField('newEmail',label='New
> > > email',requires=IS_NOT_EMPTY(), default=''),
> > > SQLField
> > > ('password',label='password',requires=CRYPT(),type='password'),)
>
> > > if chgEmailform.accepts(request.vars, session, keepvalues=True,
> > > formname='email'):
>
> > > users = auth.db((db.auth_user.id == session.auth.user.id)&
> > > (db.auth_user.email == request.vars.email))\
> > > .select()
> > > print users
>
> > > if users:
> > > user = users[0]
> > > if user['password'] != request.vars.get('password',''):
>
> > > session.flash = 'Password not valid Please Try again'
>
> > > else:
> > > db(db.auth_user.id == session.auth.user.id).update
> > > (email=request.vars.newEmail)
>
> > > return dict(form = chgEmailform)
>
> > > Thanks for your help,
>
> > > Cheers,
> > > Yannick P.
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"web2py Web Framework" group.
To post to this group, send email to web2py@googlegroups.com
To unsubscribe from this group, send email to
web2py+unsubscr...@googlegroups.com
For more options, visit this group at
http://groups.google.com/group/web2py?hl=en
-~----------~----~----~----~------~----~------~--~---
