I think you should more look at how the login checks the password, and
not try to decrypt the password.
On Tue, Jun 30, 2009 at 2:05 PM, Yannick<ytchatch...@gmail.com> wrote:
>
> Hello mate,
> In my application I have this functionality that allow the users to
> change their email address and in order to do so they need to provide
> their password for authentication....
> Since the password is encrypted in the DB... How can I decrypt it for
> verification ?
> Here is my controller:
>
> @auth.requires_login()
> def changeEmail():
>
> current_email = auth.db(db.auth_user.id ==
> session.auth.user.id).select()[0].email
>
>
> from gluon.sqlhtml import form_factory
> chgEmailform = form_factory(
> SQLField('email',label='Old
> Email',requires=IS_NOT_EMPTY(), default="%s"%current_email),
> SQLField('newEmail',label='New
> email',requires=IS_NOT_EMPTY(), default=''),
> SQLField
> ('password',label='password',requires=CRYPT(),type='password'),)
>
> if chgEmailform.accepts(request.vars, session, keepvalues=True,
> formname='email'):
>
> users = auth.db((db.auth_user.id == session.auth.user.id)&
> (db.auth_user.email == request.vars.email))\
> .select()
> print users
>
> if users:
> user = users[0]
> if user['password'] != request.vars.get('password',''):
>
> session.flash = 'Password not valid Please Try again'
>
> else:
> db(db.auth_user.id == session.auth.user.id).update
> (email=request.vars.newEmail)
>
> return dict(form = chgEmailform)
>
>
> Thanks for your help,
>
> Cheers,
> Yannick P.
> >
>
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"web2py Web Framework" group.
To post to this group, send email to web2py@googlegroups.com
To unsubscribe from this group, send email to
web2py+unsubscr...@googlegroups.com
For more options, visit this group at
http://groups.google.com/group/web2py?hl=en
-~----------~----~----~----~------~----~------~--~---
