def create(cls, fname, lname, username, email, password, image=None, dob=None): salt = generate_salt() password_hash = hash_password(password, salt) dob = dob or None image = image or 'default.gif' _conn.execute('''INSERT INTO tbl_users (fname, lname, username, email, image, password, salt, dob) VALUES (?, ?, ?, ?, ?, ?, ?, ?)''', (fname, lname, username, email, image, password_hash, salt, dob)) _conn.commit() return cls.find(username)
def check_password(cls, username, password): cur = _conn.execute('''SELECT password, salt FROM tbl_users WHERE username = ? LIMIT 1''', (username,)) row = cur.fetchone() if not row: return False salt = row['salt'] password_hash = hash_password(password, salt) if password_hash == row['password']: return True return False