def wrapper(): login_data = loginfunc() credentials = [] for value in login_data.values(): credentials.append(value) email, password = credentials get_user = self.user.query.filter_by(email=email).first() if get_user: hashed_password = get_user.password if md5_crypt.verify(password, hashed_password): # login auth_token = uuid.uuid4() token = self.token(token=auth_token, user_id=get_user.id, dateTime=time.time()) self.db.session.add(token) get_user.pin_trial = 5 self.db.session.add(get_user) self.db.session.commit() login_message = { "success": "you have logged in successfully", "token": token.token } else: login_message = { "failure": "wrong email address or password" } else: login_message = {"failure": "wrong email address or password"} return login_message
def check_password(raw_password, md5_password=None): """ Returns a boolean of whether the raw_password was correct. Handles hashing formats behind the scenes. """ from passlib.hash import md5_crypt return md5_crypt.verify(raw_password, md5_password)
def restorePassword(): pwd = request.form["passwd"] logged = False #pwd = md5_crypt.encrypt(dec_pwd) data = getData('easyrash/users/users.json') if (hasattr(flask_login.current_user, 'id')): mail = flask_login.current_user.id old_pwd = request.form["old_passwd"] logged = True else: mail = request.form["mail"] req_file = getData("easyrash/requestSetPwd.json") for i in range(len(req_file)): if (req_file[i]['mail'] == mail): req_file.pop(i) modifyData(req_file, 'easyrash/requestSetPwd.json') for key in data: if (data[key]["email"] == mail): if (logged and md5_crypt.verify(old_pwd, data[key]['pass']) == False): print("control password") return (403) data[key]["pass"] = md5_crypt.encrypt(pwd) modifyData(data, "easyrash/users/users.json") return render_template("login.html") print("bad") abort(400)
def post(self): member_id = self.get_argument("member_id", None) password = self.get_argument("password", None) if not member_id or not password: para_error = {"errcode": 1, "errmsg": "para_error"} self.write(para_error) return coll = self.db[options.coll_members] member = coll.find_one({"_id": member_id}) if not member: not_found = {"errcode": 1, "errmsg": "not_found"} self.write(not_found) return else: password_hash = member["password_hash"] if not md5_crypt.verify(password, password_hash): login_fail = {"errcode": 1, "errmsg": "login_fail"} self.write(login_fail) return else: self.set_secure_cookie("member_id", member["_id"]) login_sucs = {"errcode": 0} self.write(login_sucs)
def on_post(self, req, resp): phone = req.get_param('phone') pwd = req.get_param('pwd') if (phone == None or pwd == None): doc = {'Please try again'} else: cursor.execute('''SELECT pwd FROM users WHERE phone = ?''', [phone]) row = cursor.fetchone() if (row == None): doc = {'Invalid phone and pwd'} else: if (md5_crypt.verify(pwd, row[0])): cookie = ''.join( random.SystemRandom().choice(string.ascii_uppercase + string.digits) for _ in range(6)) resp.set_cookie('sessiontoken', cookie, domain='.localhost', secure=False) cursor.execute( '''UPDATE users SET sessiontoken = ? WHERE phone = ?''', (cookie, phone)) db.commit() doc = {'Session Started'} else: doc = {'Wrong pwd'} resp.body = json.dumps(doc, cls=SetEncoder)
def login(): while True: username = input("Username: "******"Enter User Type: ") print("1-staff\n2-patient") user_type = input("Your input:") if (user_type == '1') or (user_type == '2'): if (user_type == '1'): username = username + " staff" if (user_type == '2'): username = username + " patient" config_parser = configparser.ConfigParser() config_parser.read('config.ini') sections = config_parser.sections() if (username in sections): print("***user verfied***") while True: password = getpass.getpass(prompt="Password: "******"***password verified***") session(username) break else: print("***password is incorrect***") continue break else: print("invalid username or user type") continue else: print("Wrong input..Please check again") continue
def authenticate(self, username=None, password=None, **kwargs): """ Attempt to authenticate the given username/password combination. """ if not username or not password: return None # Try to retrieve a row from the ESGF user database with the given # username and password with connections['userdb'].cursor() as cursor: cursor.execute(sql.SQL("SELECT password FROM {}.{} WHERE username = %s") .format(sql.Identifier(settings.ESGF_USERDB_USER_SCHEMA), sql.Identifier(settings.ESGF_USERDB_USER_TABLE)), [username]) row = cursor.fetchone() # Check if user exists if row is not None: # Verify password matches has_esgf_user = md5_crypt.verify(password, row[0]) else: has_esgf_user = False # If there is no ESGF user matching the username/password, we are done if not has_esgf_user: return None # Otherwise, return the user object associated with the username, creating # one if required # Note that we don't use get_or_create as we want to use create_user User = get_user_model() try: return User.objects.get(username=username) except User.DoesNotExist: return User.objects.create_user(username)
def logged(): email = request.form['email'] password = request.form['password'] #looking if good credentials username = User.query.filter_by(email=email).first() if username: hash = username.password if md5_crypt.verify(password, hash): registered_user = User.query.filter_by(email=email, password=hash).first() else: return redirect( url_for( 'error', template='home', error='Password is invalid. Please try again or register.') ) login_user(registered_user) session['logged_in'] = True return redirect(url_for('data')) return redirect( url_for( 'error', template='home', error='Email address is invalid. Please try again or register.'))
def validatePasswordResetKey(self, hash): try: decoded = base64.urlsafe_b64decode(hash).decode('utf-8') result = md5_crypt.verify(str(self.password), decoded) return result except ValueError: return False
def validateActivationKey(self, hash): try: decoded = base64.urlsafe_b64decode(hash).decode('utf-8') result = md5_crypt.verify(str(self.user_name), decoded) return result except ValueError: return False
def reset(): if 'user' in session: return redirect(url_for('home')) '''To reset user password''' if request.form.get("reg_username") != None: r_username = request.form.get("reg_username") r_answer = request.form.get("reg_answer") r_password = request.form.get("reg_password") check_pass = request.form.get("check_password") all_usernames = db.qaDict() #Returns dict {user:answer_to_question} if r_username not in db.get_all_users(): flash("Username not found") elif r_password != check_pass: flash("Passwords do not match!") elif r_password.count(' ') != 0: flash("Password can not contain spaces") elif not r_username.isalnum(): flash("Username should be alphanumeric") else: session['user'] = r_username # checks the question and answer in the db if r_username in all_usernames: # if the hashes match if md5_crypt.verify(r_answer, all_usernames[r_username]): # changes the user password db.update_pass(r_username, md5_crypt.encrypt(r_password)) return redirect(url_for('home')) else: flash("Error occurred") return render_template('reset.html')
def loginAuth(): #grabs information from the forms ID = request.form['ID'] rawpwd = request.form['password'] userType = request.form['userType'] #cursor used to send queries cursor = conn.cursor() #executes query attribute = 'username' if userType == 'airline_staff' else 'email' query = 'SELECT * FROM ' + userType + ' WHERE ' + attribute + ' = %s' cursor.execute(query, (ID)) exist = cursor.fetchone() cursor.close() error = None if exist: # check password if md5_crypt.verify(rawpwd, exist['password']): #creates a session for the the user #session is a built in session['ID'] = ID session['userType'] = userType session['airline_name'] = exist['airline_name'] if 'airline_name' in exist else None return redirect(url_for('home')) else: error = 'Invalid password' return render_template('login.html', error=error) else: error = 'Wrong email address or username or user type' return render_template('login.html', error=error)
def __call__(self): self.logged_in = False message = '' if 'form.submitted' in self.request.params: login = self.request.params['login'] passwd = self.request.params['passwd'] member = get_member(login) if member: if member.mem_enc_pwd and md5_crypt.verify( str(passwd), member.mem_enc_pwd): self.logged_in = True member.mem_cookie = str( base64.urlsafe_b64encode(os.urandom(24)), "utf-8") member.mem_ip = self.request.client_addr headers = remember(self.request, member.mem_id) if self.came_from == '/login': self.came_from = '/' self.came_from += "" return HTTPFound(location=self.came_from, headers=headers) else: message += ' The password is not correct.' else: message += ' Member not found. ' message += ' The Login failed.' return dict(msg=message, url=self.request.application_url + '/login')
def login(self): print(request.form.get('email')) user = db.Users.find_one({"email": request.form.get('email')}) if user and md5_crypt.verify(request.form.get('password'), user['password']): return self.start_session(user) return jsonify({"error": "Invalid login credentials"}), 401
def compareHash(self, string): if (self.type == "md5"): return md5_crypt.verify(string, self.pwd_hash) elif (self.type == "bcrypt"): return bcrypt.verify(string, self.pwd_hash) elif (self.type == "sha256"): return sha256_crypt.verify(string, self.pwd_hash) elif (self.type == "sha512"): return sha512_crypt.verify(string, self.pwd_hash)
def get_block_propagate(json): r = red.Redis() block = json['block'] block_id = json['id'] block_hash = r.hget(block_id, 'hash') if block_hash is None: return if md5_crypt.verify(block, block_hash): r.set('temp_data_' + block_id, block) else: r.set('temp_data_' + block_id, 'Block Not Found')
def validate_user(email, password): db = sqlite3.connect(DB_FILE) c = db.cursor() users = c.execute("SELECT * FROM users WHERE email = ?", (email, )).fetchall() if len(users) == 0 or not md5_crypt.verify(password, users[0][2]): flash("Username or password incorrect") db.close() return False db.close() return True
def user_login(username, password): login = False details = db_details() with DBcm.UseDatabase(details) as cursor: cursor.execute("select uid, username, password from users where username != ''") the_data = cursor.fetchall() for row in the_data: if row[1].lower() == username.lower() and md5_crypt.verify(password, row[2]) == True: login = True session['uid'] = row[0] return login
def post(self): name = request.form.get('name', None) password = request.form.get('password', None) if not name or not password: return {'status': 'error', 'message': '用户名和密码不能为空'} user = User.getOne(User.name == name) if not user: return {'status': 'error', 'message': '用户不存在'} if not md5_crypt.verify(password, user.password): return {'status': 'error', 'message': '密码错误'} session['user'] = user data = user.toJson() data.pop('password') return {'status': 'success', 'result': data}
def auth(): user_data = db.get_all_user_data() username = request.form.get("username") # Get Username password = request.form.get("password") # Get Password if username in user_data: # check if the username is a valid username if md5_crypt.verify( password, user_data[username] ): # check if the password aligns with the username session["username"] = username # login the user else: flash("Invalid password") # display error message else: flash("Invalid username") # display error message return redirect(url_for('login')) # send back to login page
def authenticate(): '''Checks if the username and password entered match what's on file''' user_data = db.get_all_user_data() username = request.form.get("username") password = request.form.get("password") session["username"] = username if username in user_data: if md5_crypt.verify(password, user_data[username]): id = db.get_user_id(username) session["id"] = id else: flash("Invalid password, try again!") else: flash("Invalid username, try again!") return redirect(url_for('home'))
def login(): if request.method == 'POST': username = request.form['username'] password_attempt = request.form['password'] cur = connection.cursor() result = cur.execute("SELECT * " "FROM User " "WHERE Username = %s" , [username]) if result > 0: data = cur.fetchone() password = data['Password'] #checks if passwords match and logs you in if they do if md5_crypt.verify(password_attempt, password): session['logged_in'] = True session['username'] = username #sets admin session status from db query cur.execute("SELECT IsAdmin " "FROM User " "WHERE Username = %s" , [username]) if cur.fetchone()['IsAdmin'] == 1: session['admin'] = True else: session['admin'] = False flash('Welcome, ' + username + '. You are now logged in.', 'success') return redirect(url_for('index')) else: error = 'Invalid login.' return render_template('login.html', error=error) cur.close() else: error = "Username not found." return render_template('login.html', error=error) return render_template('login.html')
def check_override(self) -> bool: override_hash = get_setting('auth.override_password') if override_hash: for override in self.overrides: try: if md5_crypt.verify(override, override_hash): return True else: logger.info( 'Found invalid override password, ignoring.') except ValueError as ve: logger.error( f'Exception occurred while checking override password: {ve} (possible misconfigured hash?)' ) elif self.overrides: logger.info( 'Ignoring override password, auth.override_password not set.') return False
def comparePasswords(password, stored): hashAlg = stored[1:].split("$")[0] if hashAlg == "1": #MD5 print("MD5") return md5_crypt.verify(password, stored) elif hashAlg == "5": #SHA256 print("SHA256") return sha256_crypt.verify(password, stored) elif hashAlg == "6": #SHA512 print("SHA512") return sha512_crypt.verify(password, stored) elif hashAlg == "argon2id": #Argon print("ARGON") return argon2.verify(password, stored)
def authenticate(self, username=None, password=None, **kw): username = username.encode("utf-8") password = password.encode("utf-8") for auth in self._load_docuwiki_authfile(): try: if auth.login == username and md5_crypt.verify(password, auth.hash): try: user = User.objects.get(username=username) # if user is superuser authenticate using django password if user.is_superuser or user.is_staff: return super(DokuwikiAuthBackend,self).authenticate(username, password, **kw) # update user user.email = auth.email # user invalidation if not auth.is_member: user.is_superuser = False user.is_staff = False user.save() except User.DoesNotExist: if auth.is_member: try: buddy = Buddy.objects.get(nickname__iexact=username) user = User.objects.create(username=username, email=auth.email, password="") buddy.user = user buddy.save() except Buddy.DoesNotExist: logging.info("Buddy %s does not exist", username) return None else: return None return user except ValueError: # md5_crypt - invalid hash format logging.exception("Cannot verify user") continue # No user found, authenthication failed return None
def login(): if (flask_login.current_user.is_authenticated): return redirect('/') else: if (request.method == 'GET'): return render_template('login.html') email = request.form['email'] enc_passwd = request.form['passwd'] data = getData("easyrash/users/users.json") for key in data: if (email == data[key]['email'] and md5_crypt.verify(enc_passwd, data[key]['pass'])): user = User() user.id = email flask_login.login_user(user, remember=True) return jsonify(data[key]) abort(401) # se nel for non trova email e password validi
def run(self): proc_id = self.id print("Creating process %d" % self.id) try: num_procs = multiprocessing.cpu_count() * 2 for i in self.pwd_list: if (not self.queue.empty()): check = self.queue.get() if (check is None): print("[Process %d: Exiting...]\n" % proc_id) return if (pwd_context.verify(i, self.pwd_hash)): print("[Process %d: Found: %s]\n" % (proc_id, i)) [self.queue.put(None) for j in range(num_procs - 1)] return except KeyboardInterrupt: print("[Process %d : Shutdown by KeyboardInterrupt.]\n" % self.id) pass
def authenticate(): '''Authenticates the username and password that the user has entered in the login page. If either one of them is wrong, then it tells them to try again. If they are correct, then it creates a session and redirects them to the homepage.''' user_data = db.get_all_user_data( ) #for updating user_data when there is a new user username_input = request.form.get("username") password_input = request.form.get("password") #Checks if user/pass is valid if not flash reasons why if username_input in user_data: #verifies the hashed password with given password if md5_crypt.verify(password_input, user_data[username_input]): id = db.get_user_id(username_input) session["id"] = id else: flash("Invalid password, try again!") else: flash("Invalid username, try again!") return redirect(url_for('home'))
def auth(username, server, password): logging.info('auth request for {0!s}@{1!s}.'.format(username, server)) d = get_data(username, server) if data is None: logging.info('Unknown user: {0!s}@{1!s}.'.format(username, server)) return False if '{0!s}@{1!s}'.format(username, server) == d[0]: if md5_crypt.verify(password, d[1]): logging.info('correct password for {0!s}@{1!s}.'.format( username, server)) return True else: logging.warning('Wrong password for {0!s}@{1!s}.'.format( username, server)) return False else: logging.error( 'Database did not return the correct data. This should not happen!' ) return False
def login(): if current_user.is_authenticated: return redirect(url_for('home')) form = LoginForm() if request.method == "POST" and form.validate_on_submit(): email = form.email.data password = form.password.data user = User.query.filter_by(email=email).first() if user and md5_crypt.verify(password, user.password): login_user(user) next_page = request.args.get("next") is_safe_url(next_page, request.url) if is_safe_url(next_page, request.url): return redirect(next_page) return redirect("/dashboard") else: flash("e-mail or password is incorrect") return redirect("/login") else: return render_template("login.html", form=form)
def auth(): '''Intermediate to authenticate login by user''' if 'user' in session: return redirect(url_for('game')) # # # Authenticate username_input = request.form.get("username") password_input = request.form.get("password") all_usernames = db.get_all_users() if username_input in all_usernames: # If the hashes match if md5_crypt.verify(password_input, all_usernames[username_input]): # Log them in session['user'] = username_input return redirect(url_for("game")) # Failed password and username match else: flash("Invalid password") else: # Username doesnt exist flash("Invalid username") return redirect(url_for("login"))
def test_create(self): ''' The NewMemberView only shows an empty form. Creation is done in EditMemberView ''' request = testing.DummyRequest() request = self.fillin_dummy_data(request) request.params['action'] = 'save' view = EditMemberView(None, request) request.params['mem_lname'] = 'NewLastname' request.params['mem_household_size'] = '2' # Make peter an admin, and let him be the user executing the view peter = self.get_peter() peter.mem_admin = True view.user = peter view() # check if member exists mem = self.DBSession.query(Member)\ .filter(Member.mem_lname==u'NewLastname').first() self.assertIsNotNone(mem) # check if password reset email was sent with expected key mem_id, key = self.get_reset_info_from_mails() self.assertEqual(mem_id, mem.mem_id) self.assertEqual(key, mem.mem_pwd_url) # visit password reset view with key from sent link request = testing.DummyRequest() password = '******' request.params['pwd1'] = password request.params['pwd2'] = password request.matchdict['mem_id'] = mem_id request.matchdict['key'] = key view = ResetPasswordView(None, request) response = view() self.assertTrue('Password has been set' in response['msg']) # check if password was saved and encrypted correctly mem = self.DBSession.query(Member).filter( Member.mem_id == mem_id).first() assert md5_crypt.verify(str(password), mem.mem_enc_pwd)
def on_post(self, req, resp): username = req.get_param('username') password = req.get_param('password') if (username == None or password == None): doc = { 'Please try again' } else: cursor.execute('''SELECT password FROM users WHERE username = ?''', [username]) row = cursor.fetchone() if (row == None): doc = { 'Invalid username and password' } else: if (md5_crypt.verify(password, row[0])): cookie = ''.join(random.SystemRandom().choice(string.ascii_uppercase + string.digits) for _ in range(6)) resp.set_cookie('sessiontoken', cookie, domain='.localhost', secure = False) cursor.execute('''UPDATE users SET sessiontoken = ? WHERE username = ?''', (cookie, username)) db.commit() doc = { 'Session Started' } else: doc = { 'Wrong Password' } resp.body = json.dumps(doc, cls=SetEncoder) webbrowser.open('info.html')
# coding=utf-8 # pip install passlib # http://pythonhosted.org/passlib/genindex.html from passlib.hash import md5_crypt, sha256_crypt, sha512_crypt, sha1_crypt password = '******' sha1 = sha1_crypt.encrypt(password) md5 = md5_crypt.encrypt(password) # /etc/shadow sha256 = sha256_crypt.encrypt(password) sha512 = sha512_crypt.encrypt(password) print(md5,sha256,sha512,sha1) md5_crypt.verify(password, md5) # 验证password和hash值
def verify(self, clearvalue, hashed_value): return md5_crypt.verify(clearvalue, hashed_value)
def helper(): hash = md5_crypt.encrypt(SECRET) md5_crypt.verify(SECRET, hash) md5_crypt.verify(OTHER, hash)
def verify_access_token(self, access_token): return md5_crypt.verify(access_token, md5_crypt.encrypt(self.data['password']))