Shinyshell Community Forums > Coding >
A Python Question, As Usual


[1]


June 07 02010, 21:21 GMT
Peter*
A Pythonic One

Peter's avatar
Location: US
Post count: 99
us
I'm writing a login system, using a MySQL database, for a website. I'm using SQLAlchemy, and I don't know if you'll need to be familiar with it or not. You can probably get the basic idea from this code. The biggest problem right now is that the following statement passes and it shouldn't:
if session.query(User).filter(User.user == username) and session.query(User).filter(User.password == password): 
if session.query(User).filter(User.user == username) and session.query(User).filter(User.password == password):
]]>


If I type in a username and password that is in the database, it logs in correctly (:D). If I type in a wrong username, a wrong password, or both, it comes up with an error (cgitb is enabled, so you can view the error if you wish). If I leave both fields blank, a 500 error presents itself. This I am also wondering about. If you're reading this, Electron, you registered on the last version of the site; your username and password are still in the database; you can log in if you want to see that it works when you've got the correct username and password.

Here's the entire file.
#!/usr/bin/env python 

import cgi, cgitb, sys, Cookie, time, os, md5
cgitb.enable()
sys.path.append("/home/toxic_elegant/python")
from sqlalchemy import create_engine, MetaData, Table, Column, desc, asc, and_
from sqlalchemy.orm import mapper, sessionmaker
from sqlalchemy.types import Integer, Unicode, Date, Text

form = cgi.FieldStorage()

engine = create_engine('mysql://username:password@server/database_name')
metadata = MetaData(engine)

Session = sessionmaker(bind=engine)
session = Session()

users = Table('users', metadata,
Column('id', Integer(11), primary_key=True),
Column('user', Unicode(10)),
Column('password', Unicode(150)),
Column('usergroup', Unicode(10)),
Column('regdate', Date)
)

class User(object):
def __init__(self, id, user, password, usergroup, regdate):
self.id = id
self.user = user
self.password = password
self.usergroup = usergroup
self.regdate = regdate

def __repr__(self):
return "<User('%s', '%s', '%s', '%s', '%s')>" % (self.id,
self.user,
self.password,
self.usergroup,
self.regdate)

mapper(User, users)

if "username" in form and "password" in form:
username = form.getfirst("username")
password = form.getfirst("password")
password = md5.new(password).hexdigest()

if session.query(User).filter(User.user == username) and session.query(User).filter(User.password == password):
query = session.query(User).filter(and_(User.user == username, User.password == password))

userid = query[0].id
password = query[0].password

now = time.time()

timeish = time.gmtime(now + 60*60*24*365)

expires = time.strftime('%a, %d %b %Y %H:%M:%S', timeish)

print "set-cookie: userid=%s; expires=%s" % (userid, expires)
print "set-cookie: password=%s; expires=%s" % (password, expires)

print "Content-type: text/html\n\n"
print """<!DOCTYPE html
PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<meta http-equiv="content-type" content="text/html;charset=UTF-8" />
<title>Elegance</title>
</head>
<body>
<script type="text/javascript">
alert("You've been sucessfully logged in! Click OK to go back to the main page.");
window.location = "http://elegance.chanlu.org/home.py?id=main";
</script>
</body>
</html>"""
else:
print """<!DOCTYPE html
PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<meta http-equiv="content-type" content="text/html;charset=UTF-8" />
<title>Elegance</title>
</head>
<body>
<script type="text/javascript">
alert("The username or password you entered are incorrect; click OK to try again.");
window.location = "http://elegance.chanlu.org/home.py?id=login";
</script>
</body>
</html>"""
#!/usr/bin/env python

import cgi, cgitb, sys, Cookie, time, os, md5
cgitb.enable()
sys.path.append("/home/toxic_elegant/python")
from sqlalchemy import create_engine, MetaData, Table, Column, desc, asc, and_
from sqlalchemy.orm import mapper, sessionmaker
from sqlalchemy.types import Integer, Unicode, Date, Text

form = cgi.FieldStorage()

engine = create_engine('mysql://username:password@server/database_name')
metadata = MetaData(engine)

Session = sessionmaker(bind=engine)
session = Session()

users = Table('users', metadata,
Column('id', Integer(11), primary_key=True),
Column('user', Unicode(10)),
Column('password', Unicode(150)),
Column('usergroup', Unicode(10)),
Column('regdate', Date)
)

class User(object):
def __init__(self, id, user, password, usergroup, regdate):
self.id = id
self.user = user
self.password = password
self.usergroup = usergroup
self.regdate = regdate

def __repr__(self):
return "<User('%s', '%s', '%s', '%s', '%s')>" % (self.id,
self.user,
self.password,
self.usergroup,
self.regdate)

mapper(User, users)

if "username" in form and "password" in form:
username = form.getfirst("username")
password = form.getfirst("password")
password = md5.new(password).hexdigest()

if session.query(User).filter(User.user == username) and session.query(User).filter(User.password == password):
query = session.query(User).filter(and_(User.user == username, User.password == password))

userid = query[0].id
password = query[0].password

now = time.time()

timeish = time.gmtime(now + 60*60*24*365)

expires = time.strftime('%a, %d %b %Y %H:%M:%S', timeish)

print "set-cookie: userid=%s; expires=%s" % (userid, expires)
print "set-cookie: password=%s; expires=%s" % (password, expires)

print "Content-type: text/html\n\n"
print """<!DOCTYPE html
PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<meta http-equiv="content-type" content="text/html;charset=UTF-8" />
<title>Elegance</title>
</head>
<body>
<script type="text/javascript">
alert("You've been sucessfully logged in! Click OK to go back to the main page.");
window.location = "http://elegance.chanlu.org/home.py?id=main";
</script>
</body>
</html>"""
else:
print """<!DOCTYPE html
PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<meta http-equiv="content-type" content="text/html;charset=UTF-8" />
<title>Elegance</title>
</head>
<body>
<script type="text/javascript">
alert("The username or password you entered are incorrect; click OK to try again.");
window.location = "http://elegance.chanlu.org/home.py?id=login";
</script>
</body>
</html>"""
]]>

September 16 02010, 00:04 GMT
lec**
Supra stultitiam

lec's avatar
Location: Varaždin, Croatia
Post count: 172
hr
Damn. I'm so slow to see things like these xO

Sorry, Pete.

November 27 02010, 19:54 GMT
Peter*
A Pythonic One

Peter's avatar
Location: US
Post count: 99
us
No problem. I already fixed it. ;) I'm not too bad at this Python stuff now.


[1]



Forum Information
  Currently Active Members [detailed] (0 members and ? guests)
-
Forum Statistics
Topics: 0, Posts: 0, Members: 107.
Welcome to our newest member, DarylJohn
Most members online was 5, on August 28 2009, at 21:49:28.
Legend
    Forums with unread topics in them are indicated by a strong yellow colouring around the forum icon.
    Forums with no unread topics have the standard pale yellow colouring around the forum icon.
    Forums with a blue arrow icon will redirect you to a non-forum page.
    Locked forums have a little padlock by their icon. You won't be able to post in these forums.
Shinyshell Home | Contact | Staff List | Archive | Top 

Conventional Login
User:
Pass:

Don't have an account? You may want to create one.

OpenID Login
OpenID login and registration is usable, but not finished.
What is OpenID?
Search

(advanced search)
Site Stats
  Total members: 107
  Latest member: DarylJohn
  Members currently online: 0
  Most online: 5 - Aug 28, 2009 (21:49)
  Front page hits: 69047
Developer info
  Site version: 3.5 Alpha
  16 queries - 9 templates
Under the Spotlight
Collide Site
Collide make fabulously dreamy electronic-industrial music, they're one of my favourite bands! Give them a chance to take control of your life - myspace | youtube - "Euphoria".

Collide Site - Hits: 2608

5/5 (2) | Rate this site?
Sponsored Links