Working on a log in script to my webpage

Tue Mar 8 19:01:35 EST 2005

Pete..... wrote:
> Hi all I am working on a log in script for my webpage.
> 
> I have the username and the password stored in a PostgreSQL database.
> 
> The first I do is I make a html form, where the user can type in his 
> username and code, when this is done I want to run the 
> script(testifcodeisokay) that verifies that the code and username are the 
> right ones ( that means if they match the particular entered username and 
> password) If they are then I want to load page1 if they are not I want to 
> load the loginpage again.
> 
> Login page:
> 
> print '''<form action=testifcodeisokay.py'><br>
>          <p>Username:<br> <INPUT type="text" NAME="username">
>          <p>Code:<br> <INPUT type="text" NAME="code"></p>'''
> 
> print '''<p><input type=submit value='Submit'></p></form>'''
> print '''</body> </html>'''
> 
> This works.
> Here I store the entered text in the variables "username" and "code"
> I then get the entered value by
> 
> testifcodeisokay script
> 
> connect = PgSQL.connect(user="user", password="password", host="host", 
> database="databse")
> cur = connect.cursor()
> 
> form = cgi.FieldStorage()
> username = form["username"].value
> code= form["code"].value
> 
> I then want to test if they match the ones in the database
> 
> insert_command = "SELECT username, code FROM codetable WHERE 
> codetable.username = '%s' AND codetable.code = '%s' " %(username, code)
> cur.execute(insert_command)
> 
This is an amazingly bad choice of variable name, since the command 
doesn't actually insert anything into the database!

> I should then have found where the entered username,code (on the login page) 
> is the same as those in the database.
> 
> But now I am stuck.
> 
> Does any know how I can then do something like:
> 
> If the codes from the loginpage matches the users codes in the db
> Then the user should be taken to page1
> IF the codes arnt correct the login page should load again.
> 
> The program dosnt need to remember who the user is, after the user has been 
> loggen in, it is only used to log the user in.
> 
> Thanks for your time..
> 
The Python you want is almost certainly something like

   if len(curs.fetchall()) == 1:
     # username/password was found in db

although unless your database is guarantees to contain only one of each 
combination it might be better to test

   if len(curs.fetchall()) != 0:
     # username/password was found in db
> 
> 
There are other matters of concern, however, the most pressing of which is:

   How am I going to stop user from navigating directly to page1?

Answering this question will involve learning about HTTP session state 
and writing web applications. I could write a book on that subject :-)

regards
  Steve