From cf55ad7e9651ad4eb05390d6f72361ad0f90b30c Mon Sep 17 00:00:00 2001
From: jakobsn <jakob_sn_@hotmail.com>
Date: Thu, 28 Nov 2019 11:12:05 +0100
Subject: [PATCH] Store password hash instead of plain password in database

---
 src/app/models/database.py |  4 ++--
 src/app/views/login.py     | 10 ++++++----
 src/app/views/register.py  |  3 ++-
 3 files changed, 10 insertions(+), 7 deletions(-)

diff --git a/src/app/models/database.py b/src/app/models/database.py
index d3ef6df..771bf4d 100644
--- a/src/app/models/database.py
+++ b/src/app/models/database.py
@@ -3,8 +3,8 @@ import mysql.connector
 db = mysql.connector.connect(
     user='root', 
     password='root',
-    host='10.5.0.5',   # Docker address
-    #host='0.0.0.0',    # Local address
+    #host='10.5.0.5',   # Docker address
+    host='0.0.0.0',    # Local address
     database='db'
 )
     
\ No newline at end of file
diff --git a/src/app/views/login.py b/src/app/views/login.py
index 1fec6a3..dbb6fb3 100644
--- a/src/app/views/login.py
+++ b/src/app/views/login.py
@@ -3,6 +3,7 @@ from views.forms import login_form
 import models.login
 from views.utils import get_nav_bar
 import os, hmac, base64, pickle
+import hashlib
 
 # Get html templates
 render = web.template.render('templates/')
@@ -57,9 +58,12 @@ class Login():
             :return:  The login page showing other users if logged in
         """
         session = web.ctx.session
+        friends = [[],[]]
         # Validate login credential with database query
-        data = web.input()
-        user = models.login.match_user(data.username, data.password)
+        data = web.input(username="", password="")
+        password_hash = hashlib.md5(b'TDT4237' + data.password.encode('utf-8')).hexdigest()
+        print("hash", password_hash)
+        user = models.login.match_user(data.username, password_hash)
         # If there is a matching user/password in the database the user is logged in
         if len(user):
             friends = models.login.get_users()
@@ -68,8 +72,6 @@ class Login():
             if data.remember:
                 remember = self.rememberme()
                 web.setcookie('remember', remember , 12000000)
-        else:
-            friends = [[],[]]
         nav = get_nav_bar(session)
         return render.login(nav, login_form, friends)
 
diff --git a/src/app/views/register.py b/src/app/views/register.py
index 52bef93..b3f83ee 100644
--- a/src/app/views/register.py
+++ b/src/app/views/register.py
@@ -2,6 +2,7 @@ import web
 from views.forms import register_form
 import models.register
 from views.utils import get_nav_bar
+import hashlib
 
 # Get html templates
 render = web.template.render('templates/')
@@ -26,7 +27,7 @@ class Register:
             :return: Main page
         """
         data = web.input()
-        models.register.set_user(data.username, data.password, 
+        models.register.set_user(data.username, hashlib.md5(b'TDT4237' + data.password.encode('utf-8')).hexdigest(), 
         data.full_name, data.company, data.phone_number, data.street_address, 
         data.city, data.state, data.postal_code, data.country)
         raise web.seeother('/')