[Tutor] Help with cookies/auth
anil maran
anilmrn at yahoo.com
Sat Sep 23 00:34:24 CEST 2006
web.setcookie('user', '', 'Mon, 01-Jan-2000 00:00:00 GMT')
File "<input>", line 1
n-2000 00:00:00 GMT') compare datetime.datetime to int
^
SyntaxError: invalid syntax
Im trying to set a cookie after logging an user in. If someone has some
code for doing this it ll be great
the code I use for storing passwds is this
algo = 'sha1'
salt = sha.new(str(random.random())).hexdigest()[:5]
hsh = sha.new(salt+i.password).hexdigest()
password_algo_salt_hash = '%s$%s$%s' % (algo, salt, hsh)
web.insert('users', username = i.user, password =
password_algo_salt_hash, ip=web.ctx.ip, rawpassword=i.password)
web.setcookie('username', i.user,2629743)#expires in a month
AS you can see i m just setting useranme as i.user, and so any one who
can set a cookie can login, can you guys help me out in setting this
cookie
here is my stumbling block
how do i verify the user is logged in after i set cookie,
how do i get time for preparation of hash
I m fairly new to python, review of code is also much appreciated.
(hash(secret,user, time1),user,time2).
time2 is time to expire
wat is time1, is it stored so that this function described next can
valid and create a matching hash, pls clarify
Then there's a function that checks the cookie and returns the user
object if the hashes match.
thanks
Anil
Aaron wrote:
"""I'm going to be writing an authentication system for work this week;
maybe I can release it. But what would it do? --- I'm not sure there's
all that much to it. I know what reddit (and most modern websites) do
is they have a login page that takes a username and password, checks it
against a database, and then sets a cookie of (hash(secret,user,
time),user,time). Then there's a function that checks the cookie and
returns the user object if the hashes match. It doesn't seem like
there's much that's generic in there."""
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mail.python.org/pipermail/tutor/attachments/20060922/edcfda02/attachment.html
More information about the Tutor
mailing list