1

Im getting the following error expected sha256_crypt hash, got sha256_crypt config string instead.

expected sha256_crypt hash, got sha256_crypt config string instead

This is my code what am i doing wrong?

code :

@app.route('/login' , methods=['GET' ,'POST'])
def login():
    if request.method == 'POST':

        #Get form fields
        username = request.form['username']
        password_candidate = request.form['password']


        #Create cursor
        cur = mysql.connection.cursor()

        #Get user by username
        result = cur.execute("SELECT * FROM users WHERE username = (%s)", [username])
        app.logger.info(result)

        if result > 0:
            #Get stored hash
            data = cur.fetchone()
            password = data['password']
            app.logger.info(password)

            #Comparing the passwords
            if sha256_crypt.verify(password_candidate, password):
                app.logger.info('PASSWORD MATCHED')
                app.logger.info(password_candidate)
                #Passed
                sesion['logged_in'] = True
                session['username'] = username
                flash('You are now logged in', 'succes')
                return redirect(url_for('about'))

            else:
                error = "Invalid login"
                return render_template('login.html', error=error)
            #Close connection
            cur.close()
        else:
            error = 'Username not found'    
            return render_template('login.html', error=error)
davidism
  • 121,510
  • 29
  • 395
  • 339
Tim Boom
  • 11
  • 1
  • You're logging a password, there's a typo (`sesion`), and it's unclear what you have actually stored in the database. From the naming, it sounds as if you've stored plain text passwords rather than salted hashes, and you're trying to use a crypto function which expects a hash. – Roland Weber Mar 26 '18 at 11:38
  • I use salted hashes to store passwords password = sha256_crypt.encrypt(str(form.password.data)) – Tim Boom Mar 26 '18 at 12:07

1 Answers1

-1

The real problem here is in database table setup. The sha256 is of 256 in length. Maybe you use less than 256 for password field. so, some data of password hash is lossed when you insert into database. This makes error during sha256_crypt.verify() function exection. So, you need to alter password column and increase the size of password field.5

Sachin Maharjan
  • 68
  • 1
  • 9