[Tutor] Help with cookies/auth

anil maran anilmrn at yahoo.com
Sat Sep 23 00:34:24 CEST 2006 

web.setcookie('user', '', 'Mon, 01-Jan-2000 00:00:00 GMT')
  File "<input>", line 1
    n-2000 00:00:00 GMT') compare datetime.datetime to int
            ^
SyntaxError: invalid syntax

Im trying to set a cookie after logging an user in. If someone has some
code for doing this it ll be great
the code I use for storing passwds is this

 algo = 'sha1'
          salt = sha.new(str(random.random())).hexdigest()[:5]
          hsh = sha.new(salt+i.password).hexdigest()
          password_algo_salt_hash = '%s$%s$%s' % (algo, salt, hsh)
          web.insert('users', username = i.user, password =
password_algo_salt_hash, ip=web.ctx.ip, rawpassword=i.password)
          web.setcookie('username', i.user,2629743)#expires in a month

AS you can see i m just setting useranme as i.user, and so any one who
can set a cookie can login, can you guys help me out in setting this
cookie
here is my stumbling block
how do i verify the user is logged in after i set cookie,
how do i get time for preparation of hash
I m fairly new to python, review of code is also much appreciated.
 (hash(secret,user, time1),user,time2).
time2 is time to expire
wat is time1, is it stored so that this function described next can
valid and create a matching hash, pls clarify

Then there's a function that checks the cookie and returns the user
object if the hashes match. 
thanks
Anil

Aaron wrote:

"""I'm going to be writing an authentication system for work this week;
maybe I can release it. But what would it do? --- I'm not sure there's
all that much to it. I know what reddit (and most  modern websites) do
is they have a login page that takes a username and password, checks it
against a database, and then sets a cookie of (hash(secret,user,
time),user,time). Then there's a function that checks the cookie and
returns the user object if the hashes match. It doesn't seem like
there's much that's generic in there."""




-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mail.python.org/pipermail/tutor/attachments/20060922/edcfda02/attachment.html

More information about the Tutor mailing list