Does anyone have information on a standard or best practice for checking matching passwords (for example, Gmail passwords do not match “feedback”)? Is it an internal, external, or client process? Or is it completely dependent on other factors?
Here is an example of the code that I use (Python with Bottle ) to register a user. The code works, but I'm not sure if I should provide a flash message from an external one (where it returns "Passwords do not match")) or would it be better to use something like JS? I know there are scripts to test this, but they are all JS. My question is not how to do this with JS, but what is the preferred method.
@route('/suser', method='POST')
def sign_suser():
cemail = request.forms.get('semail')
cpassword1 = request.forms.get('spass1')
cpassword2 = request.forms.get('spass2')
ctype = request.forms.get('stype')
if cpassword1 != cpassword2:
return "<p>Passwords do not match</p>"
else:
pwhash = crypt(cpassword1)
connection = sqlite3.connect("whatever.db")
cursor_v = connection.cursor()
cursor_v.execute("insert into users (cemail, cpassword, atype) values (?,?,?)", (cemail,pwhash,ctype))
connection.commit()
cursor_v.close()
info = {'status': 'User Added',
'type': 'success'}
return template('whatever',info)