def handler_checking_password(user):
u"""Handle the login account password."""
- import md5
+ import password
# get the next waiting line of input
input_data = user.input_queue.pop(0)
# does the hashed input equal the stored hash?
- if unicode(
- md5.new(
- ( user.account.get(u"name") + input_data ).encode(u"utf-8")
- ).hexdigest()
- ) == user.account.get(u"passhash"):
+ if password.verify( input_data, user.account.get(u"passhash") ):
# if so, set the username and load from cold storage
if not user.replace_old_connections():
def handler_entering_new_password(user):
u"""Handle a new password entry."""
- import md5
+ import password
# get the next waiting line of input
input_data = user.input_queue.pop(0)
):
# hash and store it, then move on to verification
- user.account.set(
- u"passhash",
- unicode(
- md5.new(
- ( user.account.get(u"name") + input_data ).encode(u"utf-8")
- ).hexdigest()
- )
- )
+ user.account.set( u"passhash", password.create(input_data) )
user.state = u"verifying_new_password"
# the password was weak, try again if you haven't tried too many times
def handler_verifying_new_password(user):
u"""Handle the re-entered new password for verification."""
- import md5
+ import password
# get the next waiting line of input
input_data = user.input_queue.pop(0)
# hash the input and match it to storage
- if unicode(
- md5.new(
- ( user.account.get(u"name") + input_data ).encode(u"utf-8")
- ).hexdigest()
- ) == user.account.get(u"passhash"):
+ if password.verify( input_data, user.account.get(u"passhash") ):
user.authenticate()
# the hashes matched, so go active