Question

我需要一个帮助。我需要在使用Python登录时使用用户输入密码验证散列密码。我在下面解释我的代码。

from bcrypt import hashpw, gensalt
def signsave(request):
    """This function helps to save signup data"""

    if request.method == 'POST':
        name = request.POST.get('uname')
        password = request.POST.get('pass')
        con_pass = request.POST.get('conpass')
        if password == con_pass:
            hashed = hashpw(password.encode('utf8'), gensalt(13))
            passw = User(
                uname=name,
                password=hashed
            )
            passw.save()
            message = "Registered successfully"
            return render(request, 'bookingservice/login.html',
                          {'msg': message})
        else:
            message = "The password did not match "
            return render(request, 'bookingservice/signup.html',
                          {'msg': message})

这里我使用Bcrypt散列用户输入密码并将其存储到数据库中。

def loginsave(request):
    """This function helps to login the user """

    if request.method == 'POST':
        password = request.POST.get('pass')
        uname = request.POST.get('uname')
        if password == '':
            return render(request, 'bookingservice/login.html', {})
        else:
            per = User.objects.all().filter(Q(uname__icontains=uname)).count()
            if per > 0:
                user = User.objects.filter(Q(uname__icontains=uname))
                for use in user:
                    uid = use.id
                    user_name = use.uname
                    enc_pass = use.password
                hashed = hashpw(password.encode('utf8'), gensalt(13))
                if hashpw(password.encode('utf8'), hashed) == enc_pass:
                    request.session['id'] = uid
                    return render(request, 'bookingservice/home.html',
                                  {'count': per, 'username': user_name})
                else:
                    return render(request, 'bookingservice/login.html', {})
            else:
                return render(request, 'bookingservice/login.html', {})

这里我从DB检索散列密码并将其与用户输入值进行匹配。在这种情况下，有效密码在用户登录时也不匹配。我需要在DB中以密码格式存储的密码，当用户登录时，密码将再次匹配。请帮忙。

Answer 1

盐通过bcrypt存储在密码哈希中。

在bcrypt中使用checkpw方法。


from bcrypt import hashpw, gensalt, checkpw

def loginsave(request):
    """This function helps to login the user """

    if request.method == 'POST':
        password = request.POST.get('pass')
        uname = request.POST.get('uname')
        if password == '':
            return render(request, 'bookingservice/login.html', {})
        else:
        per = User.objects.all().filter(Q(uname__icontains=uname)).count()
        if per > 0:
            user = User.objects.filter(Q(uname__icontains=uname))
            for use in user:
                uid = use.id
                user_name = use.uname
                enc_pass = use.password
            hashed = hashpw(password.encode('utf8'), user_salt)
            if hashpw(password.encode('utf8'), hashed) == enc_pass:
            if checkpw(password, enc_pass):
                request.session['id'] = uid
                return render(request, 'bookingservice/home.html',
                              {'count': per, 'username': user_name})
            else:
                return render(request, 'bookingservice/login.html', {})
        else:
            return render(request, 'bookingservice/login.html', {})

无法使用Python验证散列密码

1 个答案: