Can you verify that the jQuery sha256 plugin is being included on the
page properly with firebug?
On May 14, 11:05 pm, Frank <thethinkbo...@gmail.com> wrote:
> thank you freeze for your slices code,
>
> now I try hash my password like you did in slices, copy clienttools.py to
> cd/modules folder,I use the code in "def user" in default.py and "def
> clientcrypt_auth" in db.py like below,but fail, I can register user but
> password
> was not hashed in database and still plain text. when I log out, I can not
> login
> again with the register one. what I missed in this?
>
> please advise. Frank
>
> def user():
> if maint_mode and not 'logout' in request.args:
> session.flash = "Site is read-only for maintenance."
> redirect(URL(r=request,f='index'))
> if request.args:
> response.statusbar = request.args(0).replace("_"," ").capitalize()
> form = handler = None
> if not session.token:
> import uuid
> session.token=str(uuid.uuid4())
> auth.settings.login_methods = [clientcrypt_auth(db,session.token)]
> page.include("http://plugins.jquery.com/files/jquery.sha256.min.js.txt";,
> download=True,filename="jquery.sha256.min.js")
> if request.args(0) == 'register':
> setpass = jq("#auth_user_password").val(jq().sha256hmac(
> jq("#auth_user_username"),
> jq("#auth_user_password"))
> )()
> setverify = jq("input[name='password_two']").val(jq().sha256hmac(
> jq("#auth_user_username"),
> jq("input[name='password_two']"))
> )()
> handler = setpass + setverify
>
> if request.args(0) == 'login':
> auth.settings.captcha = None
> form=auth()
> hdn = INPUT(_type="hidden",_name="token",_value=session.token)
> form.components.append(hdn)
> setpass = jq("#auth_user_password").val(jq().sha256hmac(
> jq("#auth_user_username").val().toLowerCase(),
> jq("#auth_user_password"))
> )()
> setagain = jq("#auth_user_password").val(jq().sha256hmac(jq(hdn),
> jq("#auth_user_password"))
> )()
> handler = setpass + setagain
>
> if request.args(0)== "retrieve_password" and request.vars.email:
> user = db(db.auth_user.email== request.vars.email).select()
> if user:
> user=user[0]
> t = auth.settings.table_user
> t.password.requires = CRYPT(key=user.username,digest_alg="sha256")
>
> if request.args(0)=="change_password" and auth.is_logged_in():
> form=auth()
> hdn = INPUT(_type="hidden",_name="username",_value=auth.user.username)
> form.components.append(hdn)
> setold = jq("#no_table_old_password").val(jq().sha256hmac(
> jq(hdn),
> jq("#no_table_old_password"))
> )()
> setnew = jq("#no_table_new_password").val(jq().sha256hmac(
> jq(hdn),
> jq("#no_table_new_password")) )()
> setverify = jq("#no_table_new_password2").val(jq().sha256hmac(
> jq(hdn),
> jq("#no_table_new_password2"))
> )()
> handler = setold + setnew + setverify
>
> if not form: form=auth()
> if handler: event.listen("submit","form", handler )
> return dict(form=form)
>
> from applications.cd.modules.clienttools import *
> page = PageManager(globals())
> event = EventManager(page)
> js = ScriptManager(page)
> jq = JQuery
>
> def clientcrypt_auth(db, key):
> def clientcrypt_login_aux(username, password, db=db, key=key):
> user = db(db.auth_user.username == username).select()
> if user:
> user=user[0]
> userpass_crypt, error =
> CRYPT(key=key,digest_alg="sha256")(user.password)
> if request.vars.password==userpass_crypt: return True
> return False
> return clientcrypt_login_aux
