CODEWITHSUNDEEP
pythonpasslib
Raptr3x
Raptr3x

Reputation: 13

Can't verify password using passlib

So I'm back working on old project and I cant find whats wrong. This is the part where the password is first time created, this is from the main script:

def first():
    if os.path.isfile("secret.txt"):
        folder()
    else:
        os.system("echo > secret.txt")
        password = getpass.getpass("Set your password please --> ")
        while len(password) < 4:
            print("Password must have more then 4 characters!")
        else:
            password1 = getpass.getpass("repeat your password please --> ")
            while password1 != password:
                print("Password don't match")
                password1 = getpass.getpass("repeat your password please --> ")
            if password1 == password:
                a = open('secret.txt', 'w').close()
                f = open('secret.txt', 'w')
                hashed_password = pbkdf2_sha256.hash(password)
                f.write(hashed_password)
                os.system("attrib +h secret.txt")
                folder()

This is the login script and from here is password checked:

def log_in():
    f = open("secret.txt", "r")
    Password = f.read()
    x = 0
    while x < 5:
        getPass = getpass.getpass("Password:")
        if not pbkdf2_sha256.verify("getPass", Password):
            print("Password is invalid")
            x = x + 1
        else:
            f.close()
            os.system('cls')
            print("Welcome back sir\n")
            x = 10
            time.sleep(2)
    if x == 5:
        print("acces denied")
        time.sleep(5)
        os.system("nothing.bat")

So the problem is when I try to verify the password it says its not correct but the password is the same. In doc it says:

Note that since each call generates a new salt, the contents of the resulting hash will differ between calls (despite using the same password as input):

If this is the problem at .verify() then what should I do?

I'm not sure if this is enough info, if not I will post whole source code

I am probably missing some stupid thing but I just cant seem to find it..

Upvotes: 0

Views: 646

Answers (1)

Hendri Tobing
Hendri Tobing

Reputation: 371

I think the problem is:

if not pbkdf2_sha256.verify("getPass", Password):

Change it to:

if not pbkdf2_sha256.verify(getPass, Password):

You have called a str "getPass" not the password that user input.

Upvotes: 0

Related Questions