def create(cls, fname, lname, username, email, password, image=None, dob=None):
salt = generate_salt()
password_hash = hash_password(password, salt)
dob = dob or None
image = image or 'default.gif'
_conn.execute('''INSERT INTO tbl_users (fname, lname, username, email, image, password, salt, dob) VALUES (?, ?, ?, ?, ?, ?, ?, ?)''', (fname, lname, username, email, image, password_hash, salt, dob))
_conn.commit()
return cls.find(username)
def check_password(cls, username, password):
cur = _conn.execute('''SELECT password, salt FROM tbl_users WHERE username = ? LIMIT 1''', (username,))
row = cur.fetchone()
if not row:
return False
salt = row['salt']
password_hash = hash_password(password, salt)
if password_hash == row['password']:
return True
return False
