Tag: flask

Having probles logging in when hashing a password with bcrypt

Trying to hash passwords sent to my database but having trouble logging in, Im not sure why it isnt working ive looke everywhere and it seems what I have should work, when stored into the database all myn passwords are hashed but I am unable to now login because of this. Heres what I have for my login:

@app.route('/', methods=['GET', 'POST'])
def index():
    session['loginsuccess'] = False
    if request.method == 'POST':
        if 'email' in request.form and 'password' in request.form:
            email = request.form['email']
            password = request.form['password']


            cursor = db.connection.cursor(MySQLdb.cursors.DictCursor)
            cursor.execute("SELECT * FROM users WHERE email=%s AND password =%s", (email, password))
            info = cursor.fetchone()
            hashed = info['password']
            if info is not None:
                #if info['email'] == email and info['password'] == password:
                if info['email'] == email and bcrypt.checkpw(password, hashed):
                    #save variables
                    session['loginsuccess'] = True
                    session['user_id'] = info['user_id']
                    session['name'] = info['name']
                    session['username'] = info['username']
                    session['email'] = info['email']
                    session['iot_id'] = info['iot_id']
                    return redirect(url_for('home'))
            else:
                print("Failed Login")
                return redirect(url_for('index'))

    return render_template("index.html")

and heres what I have for my register:

@app.route('/new', methods=['GET', 'POST'])
def registration():
    if request.method == "POST":
        if "name" in request.form and "username" in request.form and "email" in request.form and "password" in request.form:
            name = request.form['name']
            username = request.form['username']
            email = request.form['email']
            password = request.form['password']

            hashed = bcrypt.hashpw(password.encode('utf-8'), bcrypt.gensalt())
            cursor = db.connection.cursor(MySQLdb.cursors.DictCursor)
            cursor.execute("INSERT INTO azurcam.users(name, username, email, hashed)VALUES(%s, %s, %s, %s)",
                           (name, username, email, hashed))

            db.connection.commit()
            return redirect(url_for('index'))
    return render_template("registration.html")

Ive been scratching my head with this one for awhile any help would be much appreciated