def new_password(): # Create a new password size = random.randint(8, 12) new_pwd = functions.random_sequence(size) salt = random.randint(1000, 9999) # Hash them hash_pwd = functions.get_hash(new_pwd, salt) return new_pwd, str(salt), hash_pwd
def check_integrity(): # get hash of the previous block # again count its hash # compare results blocks_dict = {} results = [] for filename in reversed(files[1:]): block = json.load(open(blockchain_dir + str(filename), 'rb')) blocks_dict[filename] = block file_hash = block['hash'] prev_file = str(filename - 1) actual_hash = get_hash(prev_file) if file_hash == actual_hash: result = 'ok' else: result = 'corrupted' results.append({prev_file: result}) return render_template('integrity.html', results=results)
e_mail = form.getvalue('email') password = form.getvalue('password') mydb = functions.connect() if e_mail is None: print("location: ../login.html?err=1") print("") sql = "SELECT salt, password_hash, id FROM users WHERE email = '" + e_mail + "'" mycursor = mydb.cursor() mycursor.execute(sql) try: user_details = mycursor.fetchone() salt = user_details[0] password_hash = functions.get_hash(password, salt) if password_hash == user_details[1]: # OK, password correct, create a cookie, find the ip + user_agent, save it in the data base, and set-cookie(sid:cookie) user_ip = os.environ["REMOTE_ADDR"] user_agent = os.environ["HTTP_USER_AGENT"] cookie_id = functions.random_sequence(10) user_id = str(user_details[2]) update_time = str(datetime.datetime.now()) # Insert data into the sessions table insert_query = "INSERT INTO `sessions`(`sid`, `uid`, `create_time`, `update_time`, `ip_address`, `user_agent`) VALUES ('" + cookie_id + "','" + user_id + "','" + update_time + "','" + update_time + "','" + user_ip + "','" + user_agent + "')" mycursor.execute(insert_query) mydb.commit() mydb.close()
err() # check if the temporary password is true uid = functions.get_user_id() try: sql = "SELECT salt, password_hash FROM users WHERE id = '" +str(uid) + "'" mydb = functions.connect() mycursor = mydb.cursor() mycursor.execute(sql) user_details = mycursor.fetchone() except: err() old_salt = user_details[0] old_password_hash = functions.get_hash(old_password, old_salt) if old_password_hash == user_details[1]: salt = str(random.randint(1000, 9999)) password_hash = functions.get_hash(password1, salt) sql = "UPDATE users SET salt = '" + salt + "', password_hash='" + password_hash + "' WHERE id = '" + str(uid) + "' " mycursor.execute(sql) mydb.commit() json_res = {"ok": True,} print(json.dumps(json_res)) else: err() mydb.close()