Hash password

forms/login.py

@@ -56,9 +56,8 @@ class User(UserMixin):
 		SELECT *
 		FROM Bruker
 		WHERE Epost = %s
-			AND Passord = %s
 		LIMIT 1;
-		""", login)
+		""", (login[0],))
 
 		user = cur.fetchone()
 
@@ -67,6 +66,9 @@ class User(UserMixin):
 		if user is None:
 			raise Exception("Invalid login")
 
+		if not glob.check_password(login[1], user[2]):
+			raise Exception("Incorrect password")
+
 		self.id, self.email, self.password, self.firstname, self.surname = user
 
 def register_account(email, password, firstname, surname):
@@ -77,7 +79,7 @@ def register_account(email, password, firstname, surname):
 	INSERT INTO
 	Bruker (Epost, Passord, Fornavn, Etternavn)
 	VALUES (%s, %s, %s, %s);
-	""", (email, password, firstname, surname))
+	""", (email, glob.hash_password(password), firstname, surname))
 
 	conn.commit()
 	cur.close()

objects/glob.py

@@ -2,6 +2,7 @@ import os
 import json
 import shutil
 import mysql.connector
+import bcrypt
 
 # ------------------------------------------------------------------------------
 # Global variables that is None by default and gets overwritten in other modules
@@ -27,3 +28,9 @@ def get_sql_connection():
 	if sql_conn is None or not sql_conn.is_connected():
 		sql_conn = make_sql_connection()
 	return sql_conn
+
+def hash_password(password):
+	return bcrypt.hashpw(password.encode(), bcrypt.gensalt(10, prefix=b"2a")).decode()
+
+def check_password(p1, p2):
+	return bcrypt.checkpw(p1.encode(), p2.encode())

requirements.txt

@@ -1,3 +1,4 @@
 Flask>=1.0.2
 Flask-WTF>=0.14.2
 flask_login>=0.4.1
+bcrypt