-def valid_login(username, password):
- return query_db('select * from users where email = ? and password = ?', [username, crypt(password)], one=True)
+def valid_login(email, password):
+ # get user key
+ user_key = query_db('select key from users where email = ?', (email,),
+ one=True)
+ if not user_key:
+ # no such user
+ return None
+ user_key = user_key['key']
+ # try password
+ return query_db('select * from users where email = ? and password = ?',
+ [email, crypt(password, user_key)], one=True)