[Tutor] do you know how to do this

anil maran anilmrn at yahoo.com
Thu Oct 12 22:13:47 CEST 2006 

Dear Danny

THanks for your prompt response. THis is not a homework problem, I m trying to learn how to do sessions logins

I m trying to do the following

1) have logins/passwords stored in postgresql, currently this is my
code, python+psycopg2 talking to postgresql running in backend.

if i.email != "" and i.password != "":

      algo = 'sha1'

      salt = sha.new(str(random.random())).hexdigest()[:5]

      hsh = sha.new(salt+i.password).hexdigest()

      password_algo_salt_hash = '%s$%s$%s' % (algo, salt, hsh)

          web.insert('users', email = i.email, password = password_algo_salt_hash, ip=web.ctx.ip, rawpassword=i.password)

          web.setcookie('username', i.email,2629743)#expires in a month



2) As you can
see I m not setting the cookie properly , I m just setting email as
cookie, So I want to set a proper hash of email time and cookie HOW DO I set a proper hash based cookie.
a login page that takes a username and password, checks it 
 against a database, and then sets a cookie of (hash(secret,user, 
 time),user,time). Then there's a function that checks the cookie and 
 returns the user object if the hashes match. 

I m unable to figure out how to do this yet


Anil
----- Original Message ----
From: Danny Yoo <dyoo at hkn.eecs.berkeley.edu>
To: anilmrn at yahoo.com
Cc: Tutor <tutor at python.org>
Sent: Thursday, October 12, 2006 10:17:14 AM
Subject: do you know how to do this

>> Date: Thu, 12 Oct 2006 01:46:44 -0700 (PDT)
>> From: anil maran <anilmrn at yahoo.com>
>> Subject: do you know how to do this
>> To: Alan Gauld <alan.gauld at btinternet.com>
>>
>> The user, password and group are stored in a session on disk using 
>> flup.middleware.session. You can change this to fit your needs like in 
>> a database. I think someone have already extended the flup session with 
>> a database store?
>>
>> Use the decorator function on your GET and POST method to set
>> authentication and provide which group are allowed.
>>
>> If auth is set to True and user/password/access did not match, a 
>> redirect is made to /login.

Anil, can you try to refocus your question?

You have to be more specific than "Do you know how to do this?" because 
that can invite really flippant answers like "Yes" or "No".  That's not 
going to be useful for you.  Instead, try focusing us on what problems 
you're having.

From your message with Alan, I see a general problem statement with 
several requirements necessary for a solution.  It really looks like a 
homework assignment.  We are not allowed to go into a particular solution; 
we're going to have to limit ourselves to reduce the confusion you have 
with the problem, but that's it: you're going to have to do your own work 
on the problem.

Is there any part in your assignment that you don't understand?  Is there 
any part in there that you do understand?  Do you understand all the terms 
used in the problem?  At what point are you getting stuck?  Have you 
worked on any other problem that's similar to the one you're looking at 
now?

Good luck.






-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mail.python.org/pipermail/tutor/attachments/20061012/ca795d99/attachment.html

More information about the Tutor mailing list