def wrapper():
login_data = loginfunc()
credentials = []
for value in login_data.values():
credentials.append(value)
email, password = credentials
get_user = self.user.query.filter_by(email=email).first()
if get_user:
hashed_password = get_user.password
if md5_crypt.verify(password, hashed_password):
# login
auth_token = uuid.uuid4()
token = self.token(token=auth_token,
user_id=get_user.id,
dateTime=time.time())
self.db.session.add(token)
get_user.pin_trial = 5
self.db.session.add(get_user)
self.db.session.commit()
login_message = {
"success": "you have logged in successfully",
"token": token.token
}
else:
login_message = {
"failure": "wrong email address or password"
}
else:
login_message = {"failure": "wrong email address or password"}
return login_message
def check_password(raw_password, md5_password=None):
"""
Returns a boolean of whether the raw_password was correct. Handles
hashing formats behind the scenes.
"""
from passlib.hash import md5_crypt
return md5_crypt.verify(raw_password, md5_password)
def restorePassword():
pwd = request.form["passwd"]
logged = False
#pwd = md5_crypt.encrypt(dec_pwd)
data = getData('easyrash/users/users.json')
if (hasattr(flask_login.current_user, 'id')):
mail = flask_login.current_user.id
old_pwd = request.form["old_passwd"]
logged = True
else:
mail = request.form["mail"]
req_file = getData("easyrash/requestSetPwd.json")
for i in range(len(req_file)):
if (req_file[i]['mail'] == mail):
req_file.pop(i)
modifyData(req_file, 'easyrash/requestSetPwd.json')
for key in data:
if (data[key]["email"] == mail):
if (logged
and md5_crypt.verify(old_pwd, data[key]['pass']) == False):
print("control password")
return (403)
data[key]["pass"] = md5_crypt.encrypt(pwd)
modifyData(data, "easyrash/users/users.json")
return render_template("login.html")
print("bad")
abort(400)
def post(self):
member_id = self.get_argument("member_id", None)
password = self.get_argument("password", None)
if not member_id or not password:
para_error = {"errcode": 1, "errmsg": "para_error"}
self.write(para_error)
return
coll = self.db[options.coll_members]
member = coll.find_one({"_id": member_id})
if not member:
not_found = {"errcode": 1, "errmsg": "not_found"}
self.write(not_found)
return
else:
password_hash = member["password_hash"]
if not md5_crypt.verify(password, password_hash):
login_fail = {"errcode": 1, "errmsg": "login_fail"}
self.write(login_fail)
return
else:
self.set_secure_cookie("member_id", member["_id"])
login_sucs = {"errcode": 0}
self.write(login_sucs)
def on_post(self, req, resp):
phone = req.get_param('phone')
pwd = req.get_param('pwd')
if (phone == None or pwd == None):
doc = {'Please try again'}
else:
cursor.execute('''SELECT pwd FROM users WHERE phone = ?''',
[phone])
row = cursor.fetchone()
if (row == None):
doc = {'Invalid phone and pwd'}
else:
if (md5_crypt.verify(pwd, row[0])):
cookie = ''.join(
random.SystemRandom().choice(string.ascii_uppercase +
string.digits)
for _ in range(6))
resp.set_cookie('sessiontoken',
cookie,
domain='.localhost',
secure=False)
cursor.execute(
'''UPDATE users SET sessiontoken = ? WHERE phone = ?''',
(cookie, phone))
db.commit()
doc = {'Session Started'}
else:
doc = {'Wrong pwd'}
resp.body = json.dumps(doc, cls=SetEncoder)
def login():
while True:
username = input("Username: "******"Enter User Type: ")
print("1-staff\n2-patient")
user_type = input("Your input:")
if (user_type == '1') or (user_type == '2'):
if (user_type == '1'):
username = username + " staff"
if (user_type == '2'):
username = username + " patient"
config_parser = configparser.ConfigParser()
config_parser.read('config.ini')
sections = config_parser.sections()
if (username in sections):
print("***user verfied***")
while True:
password = getpass.getpass(prompt="Password: "******"***password verified***")
session(username)
break
else:
print("***password is incorrect***")
continue
break
else:
print("invalid username or user type")
continue
else:
print("Wrong input..Please check again")
continue
def authenticate(self, username=None, password=None, **kwargs):
"""
Attempt to authenticate the given username/password combination.
"""
if not username or not password:
return None
# Try to retrieve a row from the ESGF user database with the given
# username and password
with connections['userdb'].cursor() as cursor:
cursor.execute(sql.SQL("SELECT password FROM {}.{} WHERE username = %s")
.format(sql.Identifier(settings.ESGF_USERDB_USER_SCHEMA),
sql.Identifier(settings.ESGF_USERDB_USER_TABLE)),
[username])
row = cursor.fetchone()
# Check if user exists
if row is not None:
# Verify password matches
has_esgf_user = md5_crypt.verify(password, row[0])
else:
has_esgf_user = False
# If there is no ESGF user matching the username/password, we are done
if not has_esgf_user:
return None
# Otherwise, return the user object associated with the username, creating
# one if required
# Note that we don't use get_or_create as we want to use create_user
User = get_user_model()
try:
return User.objects.get(username=username)
except User.DoesNotExist:
return User.objects.create_user(username)
def logged():
email = request.form['email']
password = request.form['password']
#looking if good credentials
username = User.query.filter_by(email=email).first()
if username:
hash = username.password
if md5_crypt.verify(password, hash):
registered_user = User.query.filter_by(email=email,
password=hash).first()
else:
return redirect(
url_for(
'error',
template='home',
error='Password is invalid. Please try again or register.')
)
login_user(registered_user)
session['logged_in'] = True
return redirect(url_for('data'))
return redirect(
url_for(
'error',
template='home',
error='Email address is invalid. Please try again or register.'))
def validatePasswordResetKey(self, hash):
try:
decoded = base64.urlsafe_b64decode(hash).decode('utf-8')
result = md5_crypt.verify(str(self.password), decoded)
return result
except ValueError:
return False
def validateActivationKey(self, hash):
try:
decoded = base64.urlsafe_b64decode(hash).decode('utf-8')
result = md5_crypt.verify(str(self.user_name), decoded)
return result
except ValueError:
return False
def reset():
if 'user' in session:
return redirect(url_for('home'))
'''To reset user password'''
if request.form.get("reg_username") != None:
r_username = request.form.get("reg_username")
r_answer = request.form.get("reg_answer")
r_password = request.form.get("reg_password")
check_pass = request.form.get("check_password")
all_usernames = db.qaDict() #Returns dict {user:answer_to_question}
if r_username not in db.get_all_users():
flash("Username not found")
elif r_password != check_pass:
flash("Passwords do not match!")
elif r_password.count(' ') != 0:
flash("Password can not contain spaces")
elif not r_username.isalnum():
flash("Username should be alphanumeric")
else:
session['user'] = r_username
# checks the question and answer in the db
if r_username in all_usernames:
# if the hashes match
if md5_crypt.verify(r_answer, all_usernames[r_username]):
# changes the user password
db.update_pass(r_username, md5_crypt.encrypt(r_password))
return redirect(url_for('home'))
else:
flash("Error occurred")
return render_template('reset.html')
def loginAuth():
#grabs information from the forms
ID = request.form['ID']
rawpwd = request.form['password']
userType = request.form['userType']
#cursor used to send queries
cursor = conn.cursor()
#executes query
attribute = 'username' if userType == 'airline_staff' else 'email'
query = 'SELECT * FROM ' + userType + ' WHERE ' + attribute + ' = %s'
cursor.execute(query, (ID))
exist = cursor.fetchone()
cursor.close()
error = None
if exist:
# check password
if md5_crypt.verify(rawpwd, exist['password']):
#creates a session for the the user
#session is a built in
session['ID'] = ID
session['userType'] = userType
session['airline_name'] = exist['airline_name'] if 'airline_name' in exist else None
return redirect(url_for('home'))
else:
error = 'Invalid password'
return render_template('login.html', error=error)
else:
error = 'Wrong email address or username or user type'
return render_template('login.html', error=error)
def __call__(self):
self.logged_in = False
message = ''
if 'form.submitted' in self.request.params:
login = self.request.params['login']
passwd = self.request.params['passwd']
member = get_member(login)
if member:
if member.mem_enc_pwd and md5_crypt.verify(
str(passwd), member.mem_enc_pwd):
self.logged_in = True
member.mem_cookie = str(
base64.urlsafe_b64encode(os.urandom(24)), "utf-8")
member.mem_ip = self.request.client_addr
headers = remember(self.request, member.mem_id)
if self.came_from == '/login':
self.came_from = '/'
self.came_from += ""
return HTTPFound(location=self.came_from, headers=headers)
else:
message += ' The password is not correct.'
else:
message += ' Member not found. '
message += ' The Login failed.'
return dict(msg=message, url=self.request.application_url + '/login')
def login(self):
print(request.form.get('email'))
user = db.Users.find_one({"email": request.form.get('email')})
if user and md5_crypt.verify(request.form.get('password'),
user['password']):
return self.start_session(user)
return jsonify({"error": "Invalid login credentials"}), 401
def compareHash(self, string):
if (self.type == "md5"):
return md5_crypt.verify(string, self.pwd_hash)
elif (self.type == "bcrypt"):
return bcrypt.verify(string, self.pwd_hash)
elif (self.type == "sha256"):
return sha256_crypt.verify(string, self.pwd_hash)
elif (self.type == "sha512"):
return sha512_crypt.verify(string, self.pwd_hash)
def get_block_propagate(json):
r = red.Redis()
block = json['block']
block_id = json['id']
block_hash = r.hget(block_id, 'hash')
if block_hash is None:
return
if md5_crypt.verify(block, block_hash):
r.set('temp_data_' + block_id, block)
else:
r.set('temp_data_' + block_id, 'Block Not Found')
def validate_user(email, password):
db = sqlite3.connect(DB_FILE)
c = db.cursor()
users = c.execute("SELECT * FROM users WHERE email = ?",
(email, )).fetchall()
if len(users) == 0 or not md5_crypt.verify(password, users[0][2]):
flash("Username or password incorrect")
db.close()
return False
db.close()
return True
def user_login(username, password):
login = False
details = db_details()
with DBcm.UseDatabase(details) as cursor:
cursor.execute("select uid, username, password from users where username != ''")
the_data = cursor.fetchall()
for row in the_data:
if row[1].lower() == username.lower() and md5_crypt.verify(password, row[2]) == True:
login = True
session['uid'] = row[0]
return login
def post(self):
name = request.form.get('name', None)
password = request.form.get('password', None)
if not name or not password:
return {'status': 'error', 'message': '用户名和密码不能为空'}
user = User.getOne(User.name == name)
if not user:
return {'status': 'error', 'message': '用户不存在'}
if not md5_crypt.verify(password, user.password):
return {'status': 'error', 'message': '密码错误'}
session['user'] = user
data = user.toJson()
data.pop('password')
return {'status': 'success', 'result': data}
def auth():
user_data = db.get_all_user_data()
username = request.form.get("username") # Get Username
password = request.form.get("password") # Get Password
if username in user_data: # check if the username is a valid username
if md5_crypt.verify(
password, user_data[username]
): # check if the password aligns with the username
session["username"] = username # login the user
else:
flash("Invalid password") # display error message
else:
flash("Invalid username") # display error message
return redirect(url_for('login')) # send back to login page
def authenticate():
'''Checks if the username and password entered match what's on file'''
user_data = db.get_all_user_data()
username = request.form.get("username")
password = request.form.get("password")
session["username"] = username
if username in user_data:
if md5_crypt.verify(password, user_data[username]):
id = db.get_user_id(username)
session["id"] = id
else:
flash("Invalid password, try again!")
else:
flash("Invalid username, try again!")
return redirect(url_for('home'))
def login():
if request.method == 'POST':
username = request.form['username']
password_attempt = request.form['password']
cur = connection.cursor()
result = cur.execute("SELECT * "
"FROM User "
"WHERE Username = %s"
, [username])
if result > 0:
data = cur.fetchone()
password = data['Password']
#checks if passwords match and logs you in if they do
if md5_crypt.verify(password_attempt, password):
session['logged_in'] = True
session['username'] = username
#sets admin session status from db query
cur.execute("SELECT IsAdmin "
"FROM User "
"WHERE Username = %s"
, [username])
if cur.fetchone()['IsAdmin'] == 1:
session['admin'] = True
else:
session['admin'] = False
flash('Welcome, ' + username + '. You are now logged in.', 'success')
return redirect(url_for('index'))
else:
error = 'Invalid login.'
return render_template('login.html', error=error)
cur.close()
else:
error = "Username not found."
return render_template('login.html', error=error)
return render_template('login.html')
def check_override(self) -> bool:
override_hash = get_setting('auth.override_password')
if override_hash:
for override in self.overrides:
try:
if md5_crypt.verify(override, override_hash):
return True
else:
logger.info(
'Found invalid override password, ignoring.')
except ValueError as ve:
logger.error(
f'Exception occurred while checking override password: {ve} (possible misconfigured hash?)'
)
elif self.overrides:
logger.info(
'Ignoring override password, auth.override_password not set.')
return False
def comparePasswords(password, stored):
hashAlg = stored[1:].split("$")[0]
if hashAlg == "1":
#MD5
print("MD5")
return md5_crypt.verify(password, stored)
elif hashAlg == "5":
#SHA256
print("SHA256")
return sha256_crypt.verify(password, stored)
elif hashAlg == "6":
#SHA512
print("SHA512")
return sha512_crypt.verify(password, stored)
elif hashAlg == "argon2id":
#Argon
print("ARGON")
return argon2.verify(password, stored)
def authenticate(self, username=None, password=None, **kw):
username = username.encode("utf-8")
password = password.encode("utf-8")
for auth in self._load_docuwiki_authfile():
try:
if auth.login == username and md5_crypt.verify(password, auth.hash):
try:
user = User.objects.get(username=username)
# if user is superuser authenticate using django password
if user.is_superuser or user.is_staff:
return super(DokuwikiAuthBackend,self).authenticate(username, password, **kw)
# update user
user.email = auth.email
# user invalidation
if not auth.is_member:
user.is_superuser = False
user.is_staff = False
user.save()
except User.DoesNotExist:
if auth.is_member:
try:
buddy = Buddy.objects.get(nickname__iexact=username)
user = User.objects.create(username=username, email=auth.email, password="")
buddy.user = user
buddy.save()
except Buddy.DoesNotExist:
logging.info("Buddy %s does not exist", username)
return None
else:
return None
return user
except ValueError: # md5_crypt - invalid hash format
logging.exception("Cannot verify user")
continue
# No user found, authenthication failed
return None
def login():
if (flask_login.current_user.is_authenticated):
return redirect('/')
else:
if (request.method == 'GET'):
return render_template('login.html')
email = request.form['email']
enc_passwd = request.form['passwd']
data = getData("easyrash/users/users.json")
for key in data:
if (email == data[key]['email']
and md5_crypt.verify(enc_passwd, data[key]['pass'])):
user = User()
user.id = email
flask_login.login_user(user, remember=True)
return jsonify(data[key])
abort(401) # se nel for non trova email e password validi
def run(self):
proc_id = self.id
print("Creating process %d" % self.id)
try:
num_procs = multiprocessing.cpu_count() * 2
for i in self.pwd_list:
if (not self.queue.empty()):
check = self.queue.get()
if (check is None):
print("[Process %d: Exiting...]\n" % proc_id)
return
if (pwd_context.verify(i, self.pwd_hash)):
print("[Process %d: Found: %s]\n" % (proc_id, i))
[self.queue.put(None) for j in range(num_procs - 1)]
return
except KeyboardInterrupt:
print("[Process %d : Shutdown by KeyboardInterrupt.]\n" % self.id)
pass
def authenticate():
'''Authenticates the username and password that the user has entered in the
login page. If either one of them is wrong, then it tells them to try again.
If they are correct, then it creates a session and redirects them to the homepage.'''
user_data = db.get_all_user_data(
) #for updating user_data when there is a new user
username_input = request.form.get("username")
password_input = request.form.get("password")
#Checks if user/pass is valid if not flash reasons why
if username_input in user_data:
#verifies the hashed password with given password
if md5_crypt.verify(password_input, user_data[username_input]):
id = db.get_user_id(username_input)
session["id"] = id
else:
flash("Invalid password, try again!")
else:
flash("Invalid username, try again!")
return redirect(url_for('home'))
def auth(username, server, password):
logging.info('auth request for {0!s}@{1!s}.'.format(username, server))
d = get_data(username, server)
if data is None:
logging.info('Unknown user: {0!s}@{1!s}.'.format(username, server))
return False
if '{0!s}@{1!s}'.format(username, server) == d[0]:
if md5_crypt.verify(password, d[1]):
logging.info('correct password for {0!s}@{1!s}.'.format(
username, server))
return True
else:
logging.warning('Wrong password for {0!s}@{1!s}.'.format(
username, server))
return False
else:
logging.error(
'Database did not return the correct data. This should not happen!'
)
return False
def login():
if current_user.is_authenticated:
return redirect(url_for('home'))
form = LoginForm()
if request.method == "POST" and form.validate_on_submit():
email = form.email.data
password = form.password.data
user = User.query.filter_by(email=email).first()
if user and md5_crypt.verify(password, user.password):
login_user(user)
next_page = request.args.get("next")
is_safe_url(next_page, request.url)
if is_safe_url(next_page, request.url):
return redirect(next_page)
return redirect("/dashboard")
else:
flash("e-mail or password is incorrect")
return redirect("/login")
else:
return render_template("login.html", form=form)
def auth():
'''Intermediate to authenticate login by user'''
if 'user' in session:
return redirect(url_for('game'))
# # # Authenticate
username_input = request.form.get("username")
password_input = request.form.get("password")
all_usernames = db.get_all_users()
if username_input in all_usernames:
# If the hashes match
if md5_crypt.verify(password_input, all_usernames[username_input]):
# Log them in
session['user'] = username_input
return redirect(url_for("game"))
# Failed password and username match
else:
flash("Invalid password")
else:
# Username doesnt exist
flash("Invalid username")
return redirect(url_for("login"))
def test_create(self):
'''
The NewMemberView only shows an empty form.
Creation is done in EditMemberView
'''
request = testing.DummyRequest()
request = self.fillin_dummy_data(request)
request.params['action'] = 'save'
view = EditMemberView(None, request)
request.params['mem_lname'] = 'NewLastname'
request.params['mem_household_size'] = '2'
# Make peter an admin, and let him be the user executing the view
peter = self.get_peter()
peter.mem_admin = True
view.user = peter
view()
# check if member exists
mem = self.DBSession.query(Member)\
.filter(Member.mem_lname==u'NewLastname').first()
self.assertIsNotNone(mem)
# check if password reset email was sent with expected key
mem_id, key = self.get_reset_info_from_mails()
self.assertEqual(mem_id, mem.mem_id)
self.assertEqual(key, mem.mem_pwd_url)
# visit password reset view with key from sent link
request = testing.DummyRequest()
password = '******'
request.params['pwd1'] = password
request.params['pwd2'] = password
request.matchdict['mem_id'] = mem_id
request.matchdict['key'] = key
view = ResetPasswordView(None, request)
response = view()
self.assertTrue('Password has been set' in response['msg'])
# check if password was saved and encrypted correctly
mem = self.DBSession.query(Member).filter(
Member.mem_id == mem_id).first()
assert md5_crypt.verify(str(password), mem.mem_enc_pwd)
def on_post(self, req, resp):
username = req.get_param('username')
password = req.get_param('password')
if (username == None or password == None):
doc = { 'Please try again' }
else:
cursor.execute('''SELECT password FROM users WHERE username = ?''', [username])
row = cursor.fetchone()
if (row == None):
doc = { 'Invalid username and password' }
else:
if (md5_crypt.verify(password, row[0])):
cookie = ''.join(random.SystemRandom().choice(string.ascii_uppercase +
string.digits) for _ in range(6))
resp.set_cookie('sessiontoken', cookie, domain='.localhost', secure = False)
cursor.execute('''UPDATE users SET sessiontoken = ? WHERE username = ?''',
(cookie, username))
db.commit()
doc = { 'Session Started' }
else: doc = { 'Wrong Password' }
resp.body = json.dumps(doc, cls=SetEncoder)
webbrowser.open('info.html')
# coding=utf-8 # pip install passlib # http://pythonhosted.org/passlib/genindex.html from passlib.hash import md5_crypt, sha256_crypt, sha512_crypt, sha1_crypt password = '******' sha1 = sha1_crypt.encrypt(password) md5 = md5_crypt.encrypt(password) # /etc/shadow sha256 = sha256_crypt.encrypt(password) sha512 = sha512_crypt.encrypt(password) print(md5,sha256,sha512,sha1) md5_crypt.verify(password, md5) # 验证password和hash值
def verify(self, clearvalue, hashed_value):
return md5_crypt.verify(clearvalue, hashed_value)
def helper():
hash = md5_crypt.encrypt(SECRET)
md5_crypt.verify(SECRET, hash)
md5_crypt.verify(OTHER, hash)
def verify_access_token(self, access_token):
return md5_crypt.verify(access_token, md5_crypt.encrypt(self.data['password']))
