From 5feb6cf5be8a2520110f046432c58f9e3016694e Mon Sep 17 00:00:00 2001 From: b3yond Date: Tue, 9 Jan 2018 23:00:00 +0100 Subject: [PATCH] check hashes at login (not tested) --- frontend/login.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/frontend/login.py b/frontend/login.py index c43b771..055c6e1 100644 --- a/frontend/login.py +++ b/frontend/login.py @@ -39,7 +39,7 @@ def login(): """ uname = bottle.request.forms.get('uname') psw = bottle.request.forms.get('psw') - if psw == db.cur.execute("SELECT pass FROM user WHERE email=?;", (uname, )): + if pylibscrypt.scrypt_mcf_check(db.cur.execute("SELECT pass FROM user WHERE email=?;", (uname, )), psw): # :todo Generate Session Cookie and give to user return bottle.static_file("../static/bot.html", root="../static") else: