0

I have my own signin/login functionality in my APP. At the time registering I am encrypting the password using passlib hash method and storing the encrypted value inside table. But my problem is while I am trying to logged in it could not match the value using Python.

Here is my code:

def signsave(request):
    name = request.POST.get('uname')
    password = request.POST.get('pass')
    con_pass = request.POST.get('conpass')
    new_pass = sha256_crypt.encrypt( password )
    hash = new_pass
    if password == con_pass:
       passw = User(
             uname=name,
             password=new_pass,
             raw_password=password,
       )
    passw.save()

Here I am saving all credentials in table.

def loginsave(request):
    password = request.POST.get('pass')
    uname = request.POST.get('uname')
    new_pass = sha256_crypt.encrypt( password )
    per = User.objects.all().filter(
            Q(password__icontains=new_pass) &
            Q(uname__icontains=uname)).count()

Here again I am trying to encrypt the registered password and matched with table but its not working and count is coming 0.

halfer
  • 19,824
  • 17
  • 99
  • 186
satya
  • 3,508
  • 11
  • 50
  • 130

1 Answers1

0

You're not supposed to hash the password again when trying to log in. You need to get the existing hash out of the database and use .verify() on it. There's an example on the homepage of passlib about how to use it: https://passlib.readthedocs.io/en/stable/

viraptor
  • 33,322
  • 10
  • 107
  • 191