On Sep 21, 2009, at 11:22 AM, waTR wrote: > > @Fran: Thanks! That is exactly what I needed to see. > > > @Jonathan: > > Yeah, but FORM isn't the most comfortable thing for a webdesigner to > use ;) > > In our team we are separate...web designer doesnt know web2py and > doesn't want to know it...nor should he be forced to have to learn > it... > > All of web2py helpers are nice for developers...but useless for web > designers, as they make everything in html/css/javascript... I need to > be able to take their designs and put code behind them...without re- > doing their work in any-way...this includes re-building their forms in > web2py using FORM.
Well, that's reasonable. But I think it's desirable to use common code for hashing passwords when they're first written to the database and when they're being checked. > > > > > On Sep 21, 8:06 am, Jonathan Lundell <jlund...@pobox.com> wrote: >> On Sep 21, 2009, at 12:02 AM, Fran wrote: >> >>> On Sep 21, 5:13 am, waTR <r...@devshell.org> wrote: >>>> Is it possible to convert the request.vars.get(passfied, '') to the >>>> same hash form as you would get from using form() ? >> >>> Yes: >>> myhash = hmac.new(auth.settings.hmac_key, request.vars.get >>> (passfield, >>> ''), hashlib.md5).hexdigest() >>> if myhash == db(db.auth.settings.table_user.id == myid).select >>> [0].password: >>> # we match >>> ... >> >>> NB Code not fully-tested, but I hope you get the idea... >> >> You're better off doing through the form (and the CRYPT instance), I >> think, since you'll automatically use the same hash method that the >> form does (which might not be md5). > > --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "web2py-users" group. To post to this group, send email to web2py@googlegroups.com To unsubscribe from this group, send email to web2py+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/web2py?hl=en -~----------~----~----~----~------~----~------~--~---
