Hell Yarko, Thanks for the note but you didn't really understand the problem, i do know about the decorator and use it on my app.. My application has a functionality that allow users to change their email (The email they provide during registration process) and to do so they have to provide their password so i can verify the password before changing the email since changing the email is a sensitive process... I wanted to know How to verify the password since the password is save as an encrypted string... here is what i did in my action class:
.... users = auth.db((db.auth_user.id == session.auth.user.id)& (db.auth_user.oldemail == request.vars.oldemail)).select() if users: user = users[0] if user['password'] != request.vars.get('password',''): # the password not valid don't update the new email else: # password is valid and update the email db(db.auth_user.id == session.auth.user.id).update (email=request.vars.newEmail) .... This password verification is not working and I was wondering how can I make it work... I think its a very small thing that I'm missing... Thanks again, Yannick P. On Jun 30, 11:36 am, Yarko Tymciurak <yark...@gmail.com> wrote: > All you should have to do is add an authorization decorator to your > function, e.g.: > > @auth.requires_login() > def my_user_email_updater() > # your stuff here > return dict() > > Look at the Authorization section > inhttp://www.web2py.com/examples/default/tools > > On Tue, Jun 30, 2009 at 7:16 AM, Hans Donner <hans.don...@pobox.com> wrote: > > > I think you should more look at how the login checks the password, and > > not try to decrypt the password. > > > On Tue, Jun 30, 2009 at 2:05 PM, Yannick<ytchatch...@gmail.com> wrote: > > > > Hello mate, > > > In my application I have this functionality that allow the users to > > > change their email address and in order to do so they need to provide > > > their password for authentication.... > > > Since the password is encrypted in the DB... How can I decrypt it for > > > verification ? > > > Here is my controller: > > > > @auth.requires_login() > > > def changeEmail(): > > > > current_email = auth.db(db.auth_user.id == > > > session.auth.user.id).select()[0].email > > > > from gluon.sqlhtml import form_factory > > > chgEmailform = form_factory( > > > SQLField('email',label='Old > > > Email',requires=IS_NOT_EMPTY(), default="%s"%current_email), > > > SQLField('newEmail',label='New > > > email',requires=IS_NOT_EMPTY(), default=''), > > > SQLField > > > ('password',label='password',requires=CRYPT(),type='password'),) > > > > if chgEmailform.accepts(request.vars, session, keepvalues=True, > > > formname='email'): > > > > users = auth.db((db.auth_user.id == session.auth.user.id)& > > > (db.auth_user.email == request.vars.email))\ > > > .select() > > > print users > > > > if users: > > > user = users[0] > > > if user['password'] != request.vars.get('password',''): > > > > session.flash = 'Password not valid Please Try again' > > > > else: > > > db(db.auth_user.id == session.auth.user.id).update > > > (email=request.vars.newEmail) > > > > return dict(form = chgEmailform) > > > > Thanks for your help, > > > > Cheers, > > > Yannick P. --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "web2py Web Framework" group. To post to this group, send email to web2py@googlegroups.com To unsubscribe from this group, send email to web2py+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/web2py?hl=en -~----------~----~----~----~------~----~------~--~---