def signup_get():
return render_template("signup.html")
-def _check_password(password, password_confirm):
+def _validate_password(password, password_confirm):
error = False
if password != password_confirm:
flash_and_log("Passwords do not match", "error")
error = True
return error
+def _check_password(user_data, password):
+ if not user_data:
+ return False
+
+ # Password has must be bytes
+ pwhash = user_data["password"]
+ if isinstance(pwhash, str):
+ pwhash = pwhash.encode()
+
+ return bcrypt.checkpw(password.encode(), pwhash)
+
def _hash_password(password):
return bcrypt.hashpw(password.encode(), bcrypt.gensalt())
flash_and_log("Username cannot be more than 30 characters", "error")
error = True
- error = error or _check_password(password, password_confirm)
+ error = error or _validate_password(password, password_confirm)
if db.query("select * from users where username = ?", [username], one=True):
flash_and_log(f"Username '{username}' is already taken", "error")
user_data = db.query("select * from users where username = ?", [username], one=True)
- if user_data and bcrypt.checkpw(password.encode(), user_data["password"]):
+ if _check_password(user_data, password):
# Successful login
session["username"] = username
session["userid"] = user_data["userid"]
error = True
# Check old password
- elif not bcrypt.checkpw(old_password.encode(), user_data["password"]):
+ if not _check_password(user_data, old_password):
flash("Invalid username/password", "error")
error = True
# Check new password
- error = error or _check_password(password, password_confirm)
+ error = error or _validate_password(password, password_confirm)
# Reload page on error
if error:
projects / littlesongplace.git / commitdiff