Since the CRYPT validator generates a unique salt for each password hash,
they will never be equal. If you are going to create your own custom
register form, you will need to implement your own register controller
logic to validate the password & confirm password match in clear text, then
hash the value and add it to the database. Here is some sample code from
one of my apps where I have "extra fields" and needed my own register:
I have bolded the important part.
Note that your form should NOT have a requires = CRYPT. you have to do
that after validating the form and making sure the values are equal in
clear-text.
def validate_form(form):
if form.vars.password != form.vars.password_two:
form.errors.password = 'Passwords must match'
form.errors.password_two = 'Passwords must match'
else:
*form.vars.password =
str(CRYPT(digest_alg='sha512',salt=True)(form.vars.password)[0])*
form = SQLFORM.factory(
db.auth_user.first_name,
db.auth_user.last_name,
db.auth_user.email,
db.auth_user.year_of_birth,
db.auth_user.zip_code,
db.auth_user.news_and_updates,
db.auth_user.sale_launch_alert,
db.auth_user.ninety_pt_wine_alerts,
db.auth_user.near_sellout_warning,
db.auth_user.soldout_alert,
db.auth_user.charity_updates,
*Field('password', 'password'),*
Field('password_two', 'password'),
Field('tos', 'boolean', requires=IS_EXPR('bool(value)',
error_message='You must agree')))
if session.invite:
form.vars.first_name = session.invite.first_name
form.vars.last_name = session.invite.last_name
form.vars.email = str(session.invite.email).lower()
#form[0].insert(-1, TR('', auth.settings.register_captcha))
if form.process(onvalidation=validate_form).accepted:
if session.invite:
# update the invite table to 'accepted'
invite =
db((db.invites.registration_key==session.invite.registration_key)).select().first()
invite.status = 'accepted'
invite.update_record()
userid =
db.auth_user.insert(**db.auth_user._filter_fields(form.vars))
member_group_id = db(db.auth_group.role ==
'member').select().first().id
auth.add_membership(member_group_id, userid)
user_record = db.auth_user[userid]
from utils import web2py_uuid
user = Storage(db.auth_user._filter_fields(user_record, id=True))
auth.user = user
## subscribe user to mailchimp mailing lists
from mailchimp import MailChimp
mailchimp = MailChimp()
mailchimp.create(user_record)
session.auth = Storage(user=user, last_visit=request.now,
expiration=auth.settings.expiration,
hmac_key = web2py_uuid())
session.flash = 'Thank you for registering'
redirect(URL('sales','current'))
On Sunday, November 18, 2012 4:58:51 PM UTC-5, Daniele wrote:
>
> I have a field in my register form for verifying the password, as such:
>
> Field <http://127.0.0.1:8000/examples/global/vars/Field>('password',
> 'password', length=512, readable=False),
> Field
> <http://127.0.0.1:8000/examples/global/vars/Field>('password_verify',
> 'password', length=512, readable=False, requires=CRYPT
> <http://127.0.0.1:8000/examples/global/vars/CRYPT>(digest_alg='sha512'))
>
> Even though I added requires CRYPT, this field gets stored as the user's
> actual password
> (without any encryption). I take it this is not a good thing.
>
> How can I encrypt even the verify password field on my registration form?
>
> Thanks
>
--
