Yeah that is pretty much what I did. Their may be a better way to handle this however this was fast and easy. I have two different frameworks that need to access the database, this way allows for members to use both frameworks.
in def user(): auth.settings.login_onvalidation = [check_old_login_details] def check_old_login_details(form): if form.vars.username.endswith('R'): form.vars.username = form.vars.username[:-1] user = db(db.auth_user.username == form.vars.username).select().first() if user: if user.password != form.vars.password: import hashlib hashed_password = hashlib.sha224(request.vars.password).hexdigest() # example of different password user_old = db(db.users.username == form.vars.username).select().first() if user_old: if user_old.password == hashed_password: user.password = form.vars.password user.update_record() else: user_old = db(db.users.username == form.vars.username).select().first() if user_old: import hashlib hashed_password = hashlib.sha224(request.vars.password).hexdigest() # example of different password if user_old.password == hashed_password: new_user = db[auth.settings.table_user].insert( username=user_old.username, account_id=user_old.account_id, email=user_old.email, password=form.vars.password, security=form.vars.password) db.commit() On Sat, Apr 14, 2012 at 2:22 PM, pbreit <pbreitenb...@gmail.com> wrote: > I'd be curious what you did. > > I've been wanting to switch my passwords to something salted or bcrypt. > Can web2py's password handling be modified to try the new one, try the old > one, if old one works convert to new one? > -- -- Regards, Bruce Wade http://ca.linkedin.com/in/brucelwade http://www.wadecybertech.com http://www.fittraineronline.com - Fitness Personal Trainers Online http://www.warplydesigned.com