[web2py:25334] Re: Password Encrypted comparison....

Tue, 30 Jun 2009 08:36:37 -0700 

All you should have to do is add an authorization decorator to your
function, e.g.:

@auth.requires_login()
def  my_user_email_updater()
     # your stuff here
     return dict()

Look at the Authorization section in
http://www.web2py.com/examples/default/tools


On Tue, Jun 30, 2009 at 7:16 AM, Hans Donner <hans.don...@pobox.com> wrote:

>
> I think you should more look at how the login checks the password, and
> not try to decrypt the password.
>
> On Tue, Jun 30, 2009 at 2:05 PM, Yannick<ytchatch...@gmail.com> wrote:
> >
> > Hello mate,
> > In my application  I have this functionality that allow the users to
> > change their email address and in order to do so they need to provide
> > their password for authentication....
> > Since the password is encrypted in the DB... How can I decrypt it for
> > verification ?
> > Here is my controller:
> >
> > @auth.requires_login()
> > def changeEmail():
> >
> >    current_email = auth.db(db.auth_user.id ==
> > session.auth.user.id).select()[0].email
> >
> >
> >    from gluon.sqlhtml import form_factory
> >    chgEmailform = form_factory(
> >                               SQLField('email',label='Old
> > Email',requires=IS_NOT_EMPTY(), default="%s"%current_email),
> >                               SQLField('newEmail',label='New
> > email',requires=IS_NOT_EMPTY(), default=''),
> >                               SQLField
> > ('password',label='password',requires=CRYPT(),type='password'),)
> >
> >      if chgEmailform.accepts(request.vars, session, keepvalues=True,
> > formname='email'):
> >
> >        users = auth.db((db.auth_user.id == session.auth.user.id)&
> > (db.auth_user.email == request.vars.email))\
> >                    .select()
> >        print users
> >
> >        if users:
> >           user = users[0]
> >           if user['password'] != request.vars.get('password',''):
> >
> >                 session.flash = 'Password not valid Please Try again'
> >
> >            else:
> >                 db(db.auth_user.id == session.auth.user.id).update
> > (email=request.vars.newEmail)
> >
> >    return dict(form = chgEmailform)
> >
> >
> > Thanks for your help,
> >
> > Cheers,
> > Yannick P.
> > >
> >
>
> >
>

--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups 
"web2py Web Framework" group.
To post to this group, send email to web2py@googlegroups.com
To unsubscribe from this group, send email to 
web2py+unsubscr...@googlegroups.com
For more options, visit this group at 
http://groups.google.com/group/web2py?hl=en
-~----------~----~----~----~------~----~------~--~---

Reply via email to