From 1f77827f5442b8bf288112ba49b5731650c91b23 Mon Sep 17 00:00:00 2001 From: b3yond Date: Tue, 9 Jan 2018 23:00:00 +0100 Subject: [PATCH] check hashes at login (not tested) --- frontend/login.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/frontend/login.py b/frontend/login.py index c43b771..055c6e1 100644 --- a/frontend/login.py +++ b/frontend/login.py @@ -39,7 +39,7 @@ def login(): """ uname = bottle.request.forms.get('uname') psw = bottle.request.forms.get('psw') - if psw == db.cur.execute("SELECT pass FROM user WHERE email=?;", (uname, )): + if pylibscrypt.scrypt_mcf_check(db.cur.execute("SELECT pass FROM user WHERE email=?;", (uname, )), psw): # :todo Generate Session Cookie and give to user return bottle.static_file("../static/bot.html", root="../static") else: