By using this site, you agree to our updated Privacy Policy and our Terms of Use. Manage your Cookies Settings.
443,617 Members | 1,751 Online
Bytes IT Community
+ Ask a Question
Need help? Post your question and get tips & solutions from a community of 443,617 IT Pros & Developers. It's quick & easy.

Working on a log in script to my webpage

P: n/a
Hi all I am working on a log in script for my webpage.

I have the username and the password stored in a PostgreSQL database.

The first I do is I make a html form, where the user can type in his
username and code, when this is done I want to run the
script(testifcodeisokay) that verifies that the code and username are the
right ones ( that means if they match the particular entered username and
password) If they are then I want to load page1 if they are not I want to
load the loginpage again.

Login page:

print '''<form action=testifcodeisokay.py'><br>
<p>Username:<br> <INPUT type="text" NAME="username">
<p>Code:<br> <INPUT type="text" NAME="code"></p>'''

print '''<p><input type=submit value='Submit'></p></form>'''
print '''</body> </html>'''

This works.
Here I store the entered text in the variables "username" and "code"
I then get the entered value by

testifcodeisokay script

connect = PgSQL.connect(user="user", password="password", host="host",
database="databse")
cur = connect.cursor()

form = cgi.FieldStorage()
username = form["username"].value
code= form["code"].value

I then want to test if they match the ones in the database

insert_command = "SELECT username, code FROM codetable WHERE
codetable.username = '%s' AND codetable.code = '%s' " %(username, code)
cur.execute(insert_command)

I should then have found where the entered username,code (on the login page)
is the same as those in the database.

But now I am stuck.

Does any know how I can then do something like:

If the codes from the loginpage matches the users codes in the db
Then the user should be taken to page1
IF the codes arnt correct the login page should load again.

The program dosnt need to remember who the user is, after the user has been
loggen in, it is only used to log the user in.

Thanks for your time..

Jul 18 '05 #1
Share this Question
Share on Google+
8 Replies


P: n/a
Pete..... wrote:
Hi all I am working on a log in script for my webpage.

I have the username and the password stored in a PostgreSQL database.

The first I do is I make a html form, where the user can type in his
username and code, when this is done I want to run the
script(testifcodeisokay) that verifies that the code and username are the
right ones ( that means if they match the particular entered username and
password) If they are then I want to load page1 if they are not I want to
load the loginpage again.

Login page:

print '''<form action=testifcodeisokay.py'><br>
<p>Username:<br> <INPUT type="text" NAME="username">
<p>Code:<br> <INPUT type="text" NAME="code"></p>'''

print '''<p><input type=submit value='Submit'></p></form>'''
print '''</body> </html>'''

This works.
Here I store the entered text in the variables "username" and "code"
I then get the entered value by

testifcodeisokay script

connect = PgSQL.connect(user="user", password="password", host="host",
database="databse")
cur = connect.cursor()

form = cgi.FieldStorage()
username = form["username"].value
code= form["code"].value

I then want to test if they match the ones in the database

insert_command = "SELECT username, code FROM codetable WHERE
codetable.username = '%s' AND codetable.code = '%s' " %(username, code)
cur.execute(insert_command)
This is an amazingly bad choice of variable name, since the command
doesn't actually insert anything into the database!
I should then have found where the entered username,code (on the login page)
is the same as those in the database.

But now I am stuck.

Does any know how I can then do something like:

If the codes from the loginpage matches the users codes in the db
Then the user should be taken to page1
IF the codes arnt correct the login page should load again.

The program dosnt need to remember who the user is, after the user has been
loggen in, it is only used to log the user in.

Thanks for your time..
The Python you want is almost certainly something like

if len(curs.fetchall()) == 1:
# username/password was found in db

although unless your database is guarantees to contain only one of each
combination it might be better to test

if len(curs.fetchall()) != 0:
# username/password was found in db

There are other matters of concern, however, the most pressing of which is:

How am I going to stop user from navigating directly to page1?

Answering this question will involve learning about HTTP session state
and writing web applications. I could write a book on that subject :-)

regards
Steve

Jul 18 '05 #2

P: n/a
How am I going to stop user from navigating directly to page1?

Answering this question will involve learning about HTTP session state and
writing web applications. I could write a book on that subject :-)

regards
Steve


Thanks Steve

And yes I havnt thought about that, guess I have to figure something else
out.
Jul 18 '05 #3

P: n/a
Pete..... wrote:
Hi all I am working on a log in script for my webpage.

I have the username and the password stored in a PostgreSQL database.


You might want to look at Snakelets and CherryPy.

Snakelets is "a very simple-to-use Python web application server." One of the features is "Easy user
authentication and user login handling."
http://snakelets.sourceforge.net/

CherryPy is "a pythonic, object-oriented web development framework" that seems to be popular. A
recipe for password-protected pages in CherryPy is here:
http://www.cherrypy.org/wiki/PasswordProtectedPages

Kent
Jul 18 '05 #4

P: n/a
Thanks.

But I would really like to do this from scratch, so that I can learn it, I
dont think I need that much more, before it works.

I found an example with asp, where the save the session if the password is
correct. It isnt that long a code, so was wondering if it isnt possible to
make something like that in python. Cause when this code is applied to the
loginform, CODE2 will only have to be applied to every following page and
everything is good.

code is from:
http://tutorialized.com/tutorial/Cre...ea-in-ASP/2234
CODE1
Set objRS = objConn.Execute (strSQL)
'// see if there are any records returned
If objRS.EOF Then
'no username found
strError = "- Invalid username or password<br>" & vbNewLine
Else
'check password
If objRS("password")=Request.Form("password") Then
'username/password valid
'save session data
Session("loggedin") = True
Session("userid") = objRS("id")
'redirect to members area
Response.Redirect ("default.asp")
Response.End
Else
'invalid password
strError = "- Invalid username or password<br>" & vbNewLine

CODE2<%
If Session("loggedin") <> True Then Response.Redirect "login.asp"
%>
<html>
<head>
<title>Members Area</title>
</head>
<body>
<h1>Members Area</h1>
<p>Welcome to our members area!</p></body>
</html> In my code I have allready tested if the username and password is
correct, so I just need to do the cookie thing :D

Thanks all, hope all my questions dosnt make you tired, I just really wanna
figure this out, and I am doing this as a little hobby of mine, so I dont
have anyone else to ask, hope that is okay...

"Kent Johnson" <ke****@tds.net> wrote in message
news:42********@newspeer2.tds.net...
Pete..... wrote:
Hi all I am working on a log in script for my webpage.

I have the username and the password stored in a PostgreSQL database.


You might want to look at Snakelets and CherryPy.

Snakelets is "a very simple-to-use Python web application server." One of
the features is "Easy user authentication and user login handling."
http://snakelets.sourceforge.net/

CherryPy is "a pythonic, object-oriented web development framework" that
seems to be popular. A recipe for password-protected pages in CherryPy is
here:
http://www.cherrypy.org/wiki/PasswordProtectedPages

Kent

Jul 18 '05 #5

P: n/a
Hi all.

Unfortunaly it looks like I dont have to skill to make a secure log in, cant
figure out how the code has to look like, so guess my webpage has to live
with a security issue.

Thanks for the effort you put into teaching me the use of cookies.

Best wishes
Pete....

"Pete....." <he********@yahoo.com> wrote in message
news:42*********************@nntp05.dk.telia.net.. .
Thanks.

But I would really like to do this from scratch, so that I can learn it, I
dont think I need that much more, before it works.

I found an example with asp, where the save the session if the password is
correct. It isnt that long a code, so was wondering if it isnt possible to
make something like that in python. Cause when this code is applied to the
loginform, CODE2 will only have to be applied to every following page and
everything is good.

code is from:
http://tutorialized.com/tutorial/Cre...ea-in-ASP/2234
CODE1
Set objRS = objConn.Execute (strSQL)
'// see if there are any records returned
If objRS.EOF Then
'no username found
strError = "- Invalid username or password<br>" & vbNewLine
Else
'check password
If objRS("password")=Request.Form("password") Then
'username/password valid
'save session data
Session("loggedin") = True
Session("userid") = objRS("id")
'redirect to members area
Response.Redirect ("default.asp")
Response.End
Else
'invalid password
strError = "- Invalid username or password<br>" & vbNewLine

CODE2<%
If Session("loggedin") <> True Then Response.Redirect "login.asp"
%>
<html>
<head>
<title>Members Area</title>
</head>
<body>
<h1>Members Area</h1>
<p>Welcome to our members area!</p></body>
</html> In my code I have allready tested if the username and password is
correct, so I just need to do the cookie thing :D

Thanks all, hope all my questions dosnt make you tired, I just really
wanna figure this out, and I am doing this as a little hobby of mine, so I
dont have anyone else to ask, hope that is okay...

"Kent Johnson" <ke****@tds.net> wrote in message
news:42********@newspeer2.tds.net...
Pete..... wrote:
Hi all I am working on a log in script for my webpage.

I have the username and the password stored in a PostgreSQL database.


You might want to look at Snakelets and CherryPy.

Snakelets is "a very simple-to-use Python web application server." One of
the features is "Easy user authentication and user login handling."
http://snakelets.sourceforge.net/

CherryPy is "a pythonic, object-oriented web development framework" that
seems to be popular. A recipe for password-protected pages in CherryPy is
here:
http://www.cherrypy.org/wiki/PasswordProtectedPages

Kent


Jul 18 '05 #6

P: n/a
Pete:

Don;t give up, load Webware or similar and use that!

regards
Steve
Pete..... wrote:
Hi all.

Unfortunaly it looks like I dont have to skill to make a secure log in, cant
figure out how the code has to look like, so guess my webpage has to live
with a security issue.

Thanks for the effort you put into teaching me the use of cookies.

Best wishes
Pete....

"Pete....." <he********@yahoo.com> wrote in message
news:42*********************@nntp05.dk.telia.net.. .
Thanks.

But I would really like to do this from scratch, so that I can learn it, I
dont think I need that much more, before it works.

I found an example with asp, where the save the session if the password is
correct. It isnt that long a code, so was wondering if it isnt possible to
make something like that in python. Cause when this code is applied to the
loginform, CODE2 will only have to be applied to every following page and
everything is good.

code is from:
http://tutorialized.com/tutorial/Cre...ea-in-ASP/2234
CODE1
Set objRS = objConn.Execute (strSQL)
'// see if there are any records returned
If objRS.EOF Then
'no username found
strError = "- Invalid username or password<br>" & vbNewLine
Else
'check password
If objRS("password")=Request.Form("password") Then
'username/password valid
'save session data
Session("loggedin") = True
Session("userid") = objRS("id")
'redirect to members area
Response.Redirect ("default.asp")
Response.End
Else
'invalid password
strError = "- Invalid username or password<br>" & vbNewLine

CODE2<%
If Session("loggedin") <> True Then Response.Redirect "login.asp"
%>
<html>
<head>
<title>Members Area</title>
</head>
<body>
<h1>Members Area</h1>
<p>Welcome to our members area!</p></body>
</html> In my code I have allready tested if the username and password is
correct, so I just need to do the cookie thing :D

Thanks all, hope all my questions dosnt make you tired, I just really
wanna figure this out, and I am doing this as a little hobby of mine, so I
dont have anyone else to ask, hope that is okay...

"Kent Johnson" <ke****@tds.net> wrote in message
news:42********@newspeer2.tds.net...
Pete..... wrote:

Hi all I am working on a log in script for my webpage.

I have the username and the password stored in a PostgreSQL database.

You might want to look at Snakelets and CherryPy.

Snakelets is "a very simple-to-use Python web application server." One of
the features is "Easy user authentication and user login handling."
http://snakelets.sourceforge.net/

CherryPy is "a pythonic, object-oriented web development framework" that
seems to be popular. A recipe for password-protected pages in CherryPy is
here:
http://www.cherrypy.org/wiki/PasswordProtectedPages

Kent




Jul 18 '05 #7

P: n/a
Joe
Pete,

What web server are you using?

Take a look at Apache and use digest authentication. The password is not
sent in clear text and it's fairly easy to setup. Plus you won't have to do
anything in your web pages. Once you setup digest authentication on the web
server for the specified directories, the user will be prompted by their
browser for the user / pswd and as long as the directories they access are
using the same authentication the user will not be prompted again until they
close their session.

It's pretty easy to setup.

Joe

"Pete....." <he********@yahoo.com> wrote in message
news:42***********************@nntp03.dk.telia.net ...
Hi all.

Unfortunaly it looks like I dont have to skill to make a secure log in,
cant figure out how the code has to look like, so guess my webpage has to
live with a security issue.

Thanks for the effort you put into teaching me the use of cookies.

Best wishes
Pete....

"Pete....." <he********@yahoo.com> wrote in message
news:42*********************@nntp05.dk.telia.net.. .
Thanks.

But I would really like to do this from scratch, so that I can learn it,
I dont think I need that much more, before it works.

I found an example with asp, where the save the session if the password
is correct. It isnt that long a code, so was wondering if it isnt
possible to make something like that in python. Cause when this code is
applied to the loginform, CODE2 will only have to be applied to every
following page and everything is good.

code is from:
http://tutorialized.com/tutorial/Cre...ea-in-ASP/2234
CODE1
Set objRS = objConn.Execute (strSQL)
'// see if there are any records returned
If objRS.EOF Then
'no username found
strError = "- Invalid username or password<br>" & vbNewLine
Else
'check password
If objRS("password")=Request.Form("password") Then
'username/password valid
'save session data
Session("loggedin") = True
Session("userid") = objRS("id")
'redirect to members area
Response.Redirect ("default.asp")
Response.End
Else
'invalid password
strError = "- Invalid username or password<br>" & vbNewLine

CODE2<%
If Session("loggedin") <> True Then Response.Redirect "login.asp"
%>
<html>
<head>
<title>Members Area</title>
</head>
<body>
<h1>Members Area</h1>
<p>Welcome to our members area!</p></body>
</html> In my code I have allready tested if the username and password is
correct, so I just need to do the cookie thing :D

Thanks all, hope all my questions dosnt make you tired, I just really
wanna figure this out, and I am doing this as a little hobby of mine, so
I dont have anyone else to ask, hope that is okay...

"Kent Johnson" <ke****@tds.net> wrote in message
news:42********@newspeer2.tds.net...
Pete..... wrote:
Hi all I am working on a log in script for my webpage.

I have the username and the password stored in a PostgreSQL database.

You might want to look at Snakelets and CherryPy.

Snakelets is "a very simple-to-use Python web application server." One
of the features is "Easy user authentication and user login handling."
http://snakelets.sourceforge.net/

CherryPy is "a pythonic, object-oriented web development framework" that
seems to be popular. A recipe for password-protected pages in CherryPy
is here:
http://www.cherrypy.org/wiki/PasswordProtectedPages

Kent



Jul 18 '05 #8

P: n/a

Pete..... wrote:
Hi all.

Unfortunaly it looks like I dont have to skill to make a secure log in, cant figure out how the code has to look like, so guess my webpage has to live with a security issue.

Thanks for the effort you put into teaching me the use of cookies.

I've written a library called 'login_tools' that does login/user
management for CGI scripts. It doesn't use a database to store logins
though.

You can fins it at (with online example) :
http://www.voidspace.org.uk/python/logintools.html

If you want any help setting it up or working with it then feel free to
email me about it. It's possible to plug it in to existing CGI scripts
with literally two lines of code....

Regards,

Fuzzy
http://www.voidspace.org.uk/python/index.shtml
Best wishes
Pete....

"Pete....." <he********@yahoo.com> wrote in message
news:42*********************@nntp05.dk.telia.net.. .
Thanks.

But I would really like to do this from scratch, so that I can learn it, I dont think I need that much more, before it works.

I found an example with asp, where the save the session if the password is correct. It isnt that long a code, so was wondering if it isnt possible to make something like that in python. Cause when this code is applied to the loginform, CODE2 will only have to be applied to every following page and everything is good.

code is from:
http://tutorialized.com/tutorial/Cre...ea-in-ASP/2234 CODE1
Set objRS = objConn.Execute (strSQL)
'// see if there are any records returned
If objRS.EOF Then
'no username found
strError = "- Invalid username or password<br>" & vbNewLine Else
'check password
If objRS("password")=Request.Form("password") Then
'username/password valid
'save session data
Session("loggedin") = True
Session("userid") = objRS("id")
'redirect to members area
Response.Redirect ("default.asp")
Response.End
Else
'invalid password
strError = "- Invalid username or password<br>" & vbNewLine
CODE2<%
If Session("loggedin") <> True Then Response.Redirect "login.asp"
%>
<html>
<head>
<title>Members Area</title>
</head>
<body>
<h1>Members Area</h1>
<p>Welcome to our members area!</p></body>
</html> In my code I have allready tested if the username and password is correct, so I just need to do the cookie thing :D

Thanks all, hope all my questions dosnt make you tired, I just really wanna figure this out, and I am doing this as a little hobby of mine, so I dont have anyone else to ask, hope that is okay...

"Kent Johnson" <ke****@tds.net> wrote in message
news:42********@newspeer2.tds.net...
Pete..... wrote:
Hi all I am working on a log in script for my webpage.

I have the username and the password stored in a PostgreSQL database.
You might want to look at Snakelets and CherryPy.

Snakelets is "a very simple-to-use Python web application server." One of the features is "Easy user authentication and user login handling." http://snakelets.sourceforge.net/

CherryPy is "a pythonic, object-oriented web development framework" that seems to be popular. A recipe for password-protected pages in CherryPy is here:
http://www.cherrypy.org/wiki/PasswordProtectedPages

Kent



Jul 18 '05 #9

This discussion thread is closed

Replies have been disabled for this discussion.