Working on a log in script to my webpage

Tue Mar 8 19:41:17 EST 2005

hi...

regarding the issue of creating a login (user/passwd) script... there are
numerous example scripts/apps written that use php/mysql... i suggest that
you take a look at a few and then incoporate the features that you want into
your script.

from your questions, it seems like this approach will give you a
better/faster solution to your problem.

-regards

-----Original Message-----
From: python-list-bounces+bedouglas=earthlink.net at python.org
[mailto:python-list-bounces+bedouglas=earthlink.net at python.org]On Behalf
Of Steve Holden
Sent: Tuesday, March 08, 2005 4:02 PM
To: python-list at python.org
Subject: Re: Working on a log in script to my webpage

Pete..... wrote:
> Hi all I am working on a log in script for my webpage.
>
> I have the username and the password stored in a PostgreSQL database.
>
> The first I do is I make a html form, where the user can type in his
> username and code, when this is done I want to run the
> script(testifcodeisokay) that verifies that the code and username are the
> right ones ( that means if they match the particular entered username and
> password) If they are then I want to load page1 if they are not I want to
> load the loginpage again.
>
> Login page:
>
> print '''<form action=testifcodeisokay.py'><br>
>          <p>Username:<br> <INPUT type="text" NAME="username">
>          <p>Code:<br> <INPUT type="text" NAME="code"></p>'''
>
> print '''<p><input type=submit value='Submit'></p></form>'''
> print '''</body> </html>'''
>
> This works.
> Here I store the entered text in the variables "username" and "code"
> I then get the entered value by
>
> testifcodeisokay script
>
> connect = PgSQL.connect(user="user", password="password", host="host",
> database="databse")
> cur = connect.cursor()
>
> form = cgi.FieldStorage()
> username = form["username"].value
> code= form["code"].value
>
> I then want to test if they match the ones in the database
>
> insert_command = "SELECT username, code FROM codetable WHERE
> codetable.username = '%s' AND codetable.code = '%s' " %(username, code)
> cur.execute(insert_command)
>
This is an amazingly bad choice of variable name, since the command
doesn't actually insert anything into the database!

> I should then have found where the entered username,code (on the login
page)
> is the same as those in the database.
>
> But now I am stuck.
>
> Does any know how I can then do something like:
>
> If the codes from the loginpage matches the users codes in the db
> Then the user should be taken to page1
> IF the codes arnt correct the login page should load again.
>
> The program dosnt need to remember who the user is, after the user has
been
> loggen in, it is only used to log the user in.
>
> Thanks for your time..
>
The Python you want is almost certainly something like

   if len(curs.fetchall()) == 1:
     # username/password was found in db

although unless your database is guarantees to contain only one of each
combination it might be better to test

   if len(curs.fetchall()) != 0:
     # username/password was found in db
>
>
There are other matters of concern, however, the most pressing of which is:

   How am I going to stop user from navigating directly to page1?

Answering this question will involve learning about HTTP session state
and writing web applications. I could write a book on that subject :-)

regards
  Steve

--
http://mail.python.org/mailman/listinfo/python-list