I’m working on a login page and I’m having issues with the checkpw() component of the application. Believe it or not the login checkpw() did work for 3 weeks and then it stopped working and lost as to how to fix the issue.
Hashed pwd =>: b'$2b$12$hksDsz2ujK3UfybNgKrGHunjsIJufWQFxAouwWFlecSE7OwixLUcu'
Traceback (most recent call last):
File "D:\xampp\htdocs\pythontesting\auth.py", line 25, in <module>
loginYesNo = is_PWDvalid(userEnteredPwd, encPwd)
File "D:\xampp\htdocs\pythontesting\auth.py", line 18, in is_PWDvalid
stage1 = decPwd.encode('utf-8')
AttributeError: 'bytes' object has no attribute 'encode'. Did you mean: 'decode'?
Thank you for the reply back. I should have noticed that before copy/pasting the code but it looks like there’s a bigger issue with the way the hashpwd code is generated and the the format its saves to the database. I think there’s something strange going on when saving the hashed code to the database (xampp). my test code, if I bypass the database it works but if i save the hashed password to the database i think there’s change happening that i cant seem to pin point.
Part of the registration code that appends data to the table and this works.
Part of the login code that. it always fails at wdIsValid. the database query works but there is a format or conversion that taking place when i save the password in the registration process
The value copy/pasted from the database table is the salted, encrypted password. I’d assume it’s correct.
Your login code should be something like this (please forgive any typos or syntax errors, it’s been a minute since I’ve done python…)
# connecting to db and cursor creation already done above...
# get form values
username = form.username.data.encode('utf-8')
password = form.password.data.encode('utf-8')
# look for user on database
strSQL = "SELECT password from userTable where username = {username}"
cur.execute(strSQL)
encPassword = cur.fetchone()[0]
if (len(encPassword) == 0):
print "Login failed" # no such user
else if (bcrypt.checkpw(password, encPassword)::
print "Login successful"
else
print "Login failed" # invalid password