I'm not sure if the way you are going about it is the way I would do it...
.... but for what you are trying to do, suggest you look at gluon/tools.py
at Auth.login_bare() for some ideas...
On Tue, Jun 30, 2009 at 1:51 PM, Yannick <ytchatch...@gmail.com> wrote:
>
> Hell Yarko,
> Thanks for the note but you didn't really understand the problem, i do
> know about the decorator and use it on my app.. My application has a
> functionality that allow users to change their email (The email they
> provide during registration process) and to do so they have to provide
> their password so i can verify the password before changing the email
> since changing the email is a sensitive process...
> I wanted to know How to verify the password since the password is save
> as an encrypted string...
> here is what i did in my action class:
>
> ....
> users = auth.db((db.auth_user.id == session.auth.user.id)&
> (db.auth_user.oldemail == request.vars.oldemail)).select()
> if users:
> user = users[0]
> if user['password'] != request.vars.get('password',''):
> # the password not valid don't update the new email
> else:
> # password is valid and update the email
> db(db.auth_user.id == session.auth.user.id).update
> (email=request.vars.newEmail)
> ....
>
> This password verification is not working and I was wondering how can
> I make it work... I think its a very small thing that I'm missing...
>
> Thanks again,
> Yannick P.
>
> On Jun 30, 11:36 am, Yarko Tymciurak <yark...@gmail.com> wrote:
> > All you should have to do is add an authorization decorator to your
> > function, e.g.:
> >
> > @auth.requires_login()
> > def my_user_email_updater()
> > # your stuff here
> > return dict()
> >
> > Look at the Authorization section inhttp://
> www.web2py.com/examples/default/tools
> >
> > On Tue, Jun 30, 2009 at 7:16 AM, Hans Donner <hans.don...@pobox.com>
> wrote:
> >
> > > I think you should more look at how the login checks the password, and
> > > not try to decrypt the password.
> >
> > > On Tue, Jun 30, 2009 at 2:05 PM, Yannick<ytchatch...@gmail.com> wrote:
> >
> > > > Hello mate,
> > > > In my application I have this functionality that allow the users to
> > > > change their email address and in order to do so they need to provide
> > > > their password for authentication....
> > > > Since the password is encrypted in the DB... How can I decrypt it for
> > > > verification ?
> > > > Here is my controller:
> >
> > > > @auth.requires_login()
> > > > def changeEmail():
> >
> > > > current_email = auth.db(db.auth_user.id ==
> > > > session.auth.user.id).select()[0].email
> >
> > > > from gluon.sqlhtml import form_factory
> > > > chgEmailform = form_factory(
> > > > SQLField('email',label='Old
> > > > Email',requires=IS_NOT_EMPTY(), default="%s"%current_email),
> > > > SQLField('newEmail',label='New
> > > > email',requires=IS_NOT_EMPTY(), default=''),
> > > > SQLField
> > > > ('password',label='password',requires=CRYPT(),type='password'),)
> >
> > > > if chgEmailform.accepts(request.vars, session, keepvalues=True,
> > > > formname='email'):
> >
> > > > users = auth.db((db.auth_user.id == session.auth.user.id)&
> > > > (db.auth_user.email == request.vars.email))\
> > > > .select()
> > > > print users
> >
> > > > if users:
> > > > user = users[0]
> > > > if user['password'] != request.vars.get('password',''):
> >
> > > > session.flash = 'Password not valid Please Try again'
> >
> > > > else:
> > > > db(db.auth_user.id == session.auth.user.id).update
> > > > (email=request.vars.newEmail)
> >
> > > > return dict(form = chgEmailform)
> >
> > > > Thanks for your help,
> >
> > > > Cheers,
> > > > Yannick P.
> >
>
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"web2py Web Framework" group.
To post to this group, send email to web2py@googlegroups.com
To unsubscribe from this group, send email to
web2py+unsubscr...@googlegroups.com
For more options, visit this group at
http://groups.google.com/group/web2py?hl=en
-~----------~----~----~----~------~----~------~--~---
