def change_password(self): user = People.query.get_or_404(self.current_user.id) password = self.get_argument('password', None) # password_md5 = self.get_argument('password_md5', None) password_md5 = to_md5(to_md5(password)) if not user.check_password(password_md5): self.flash_message("Invalid old password", "error") self.render('account/password.html', token=None) return password1 = self.get_argument('password1', None) password2 = self.get_argument('password2', None) self._change_password(user, password1, password2)
def create_password(raw): md5_raw = to_md5(to_md5(raw)) salt = People.create_token(8) hsh = hashlib.sha1(salt + md5_raw + options.password_secret).hexdigest() return "%s$%s" % (salt, hsh)