Python login script help

drumdogg · 21 Nov 2013 at 18:29

Hi Guys, I'm new to python so apologies for any stupid bits of code.

So basically im trying to get a login script to work, which checks to see if that user is in the users table in the database. So if your name and password input matches database entry then proceed.

Not sure how to check the values against the database.

But here is what what i have got so far:

Code:

@route('/login')
def login_form():
	return template ('login.tpl')

@route('/checkLogin', method='post')
def login_submit():
        
	name = request.forms.get('name')
	password = request.forms.get('password')
	connect = sqlite3.connect('project1.db')
        cursor = connect.cursor()
        cursor.execute("SELECT name,password FROM users")
        connect.commit()
        cursor.close()
        connect.close()
        if((name==request.forms.get('name')) & (password==request.forms.get('password'))):
                return template('loggedIn.tpl', message='Successfully logged in!')
        else:
                return template('loggedIn.tpl', message='Unlucky! Try again.')

Currently it is displaying "Successfully logged in" no matter what i enter.
I know the if statement is wrong but not sure what to change it to.

Any suggestions folks

Thanks

drumdogg · 21 Nov 2013 at 19:24

Ok, have got it working but it will only check the first name and password in the table instead of checking them all.

Code:

@route('/checkLogin', method='post')
def login_submit():
        
	name = request.forms.get('name')
	password = request.forms.get('password')
	connect = sqlite3.connect('project1.db')
        cursor = connect.cursor()
        cursor.execute("SELECT ALL name,password FROM users")
        result=cursor.fetchone()
	name=result[0]
	password=result[1]
        connect.commit()
        cursor.close()
        connect.close()
        if((name==request.forms.get('name')) & (password==request.forms.get('password'))):
                return template('loggedIn.tpl', message='Successfully logged in!')
        else:
                return template('loggedIn.tpl', message='Unlucky! Try again.')

drumdogg · 21 Nov 2013 at 20:17

Anyone??

Not sure how to loop through each one.

drumdogg · 21 Nov 2013 at 20:45

If you can post an example of what result looks like (ie the data returned from the db query) then I can help you out.

I am trying to get the names and passwords from the query in results. Currently results[0] is the name and results[1] is the password for the first entry.

If that's what you mean??

Code:

def login_submit():
	name = request.forms.get('name')
	password = request.forms.get('password')
	connect = sqlite3.connect('ytPlaylist_V3.db')
        cursor = connect.cursor()
        cursor.execute("SELECT name,password FROM users")
        result=cursor.fetchone()
        name=result[0]
        password=result[1]
        if((result[0]==request.forms.get('name')) & (result[1]==request.forms.get('password'))):
                return template('loggedIn.tpl', message='Successfully logged in!')
        else:
                return template('loggedIn.tpl', message='Unlucky! Try again.')

Thanks

drumdogg · 21 Nov 2013 at 21:25

Getting the following error on the query - Incorrect number of bindings supplied. The current statement uses 1, and there a 4 supplied. If i change the (Name) to (Name,) the error goes away but it still displays the 'Unlucky' message.

drumdogg · 21 Nov 2013 at 21:42

Code:

def login_submit():
	Name = request.forms.get('name')
	Password = request.forms.get('password')
	connect = sqlite3.connect('project1.db')
        cursor = connect.cursor()
        cursor.execute("SELECT password FROM users WHERE name=? LIMIT 1", (Name,))
        result=cursor.fetchall()
        if(len(result) != 1):
                return template('loggedIn.tpl', message='Unlucky! Try again.')
        else:
                result_password=result[0]
                if(result_password==Password):
		
                        return template('loggedIn.tpl', message='Successfully logged in!')
                else:
		
                        return template('loggedIn.tpl', message='Unlucky! Try again.')

        
        cursor.close()
        connect.close()

drumdogg · 21 Nov 2013 at 22:11

Ok, printed out the len of result which is 1 and printed out password.

This is where i am getting confused now! The password that prints out is what I type into the password field. So i type in the correct password 'mikem' or if i type in '1234' it prints out.

Should it not be the password coming from the database that prints out?? (have been sitting at this too long!! lol)

drumdogg · 22 Nov 2013 at 10:08

But it might also return a list of objects with attributes (in your case, each one only has a single attribute), so you might need to do:

result_password=result[0][0]

touch - changed it to the above and it is now working

Not quite sure why but at least now its working.

Thanks

drumdogg · 22 Nov 2013 at 10:37

Ok guys here is a different thing I would like an opinion on please.

How can I carry a variable through different routes in python like PHP used the SESSION variable. I would like to have the name of the user logged in held in a variable throughout a session in python.

Is that possible?

cheers

drumdogg · 22 Nov 2013 at 10:47

Here is an example to try and explain why it works like this:
If you change your SQL query to this ("SELECT name, password, email FROM users WHERE name=? LIMIT 1", (Name,))
Then an example of a returned row would be something like this:

Code:
name password email
-------------------
touch pass1 [email protected]o, when you do result[0], it selects the first row (with all 3 fields in that row).
You could then dig deeper into it to get the single fields out:
result[0][0] = touch
result[0][1] = pass1
result[0][2] = [email protected]

It's a little more confusing in your case where the query returns a single field for each row.
Your results would look like:

Code:
password
---------
pass1So, where you had result[0], it would select the whole row with all the fields in that row (which happens to be just 1 field).
Then when you compare it to a string "password == result[0]" it is false because a string is not the same as a row (even if the row only contains a single value). You need to go into the row and select the actual field value to compare.
So result[0][0] selects the first row, then selects the first value from that row, which is a string and can be compared to the user inputted string.

Thanks for this. I understand it better now with that good explanation

drumdogg · 22 Nov 2013 at 12:10

drumdogg - See if your framework (looks like Bottle iirc) supports session management; if not then i'd have a look at using Beaker's (or another framework) session management class.

Decided I would try and save the name to text file on submission and read it back when I need it.

So when reading it back to insert into table I get the following error:

Error binding parameter 4 - probably unsupported type

There was never an issue with the 4th parameter(position 0) before until I tried to add the user.

Here the code:

Code:

def addToPlaylist():
        user=open("user.txt", "r")
        user.readline()
	url=request.query.url
	title=request.query.title
	image=request.query.image
	connect = sqlite3.connect('ytPlaylist_V3.db')
	cursor = connect.cursor()
	cursor.execute("INSERT INTO videos (url,title,image,position,user) VALUES (?,?,?,?,?)", (url,title,image,0,user))
	cursor.execute("UPDATE videos set position=? WHERE id=?", (cursor.lastrowid, cursor.lastrowid))
	connect.commit()
	cursor.close()
	connect.close()
	return fetchPlaylist()

Any suggestions would be great thanks

drumdogg · 22 Nov 2013 at 13:33

You'll need to store some session info as well as the username otherwise when the next person comes along and logs in it will overwrite with the new username.

Yea I know, but for what im doing its fine that it overwrites the values each time.
Im just looking to hold the users name who is logged in and use it to use in a query later.

drumdogg · 22 Nov 2013 at 13:58

You can't reliably store info like that even if it's for very short times. What if 1 user logs in 0.01 seconds after the previous user? The text document is updated with the second username and you won't be able to read back the first username.

I know it not practical but there will only be one user logged in at one time.

drumdogg · 22 Nov 2013 at 15:26

Error binding parameter 4 - probably unsupported type

There was never an issue with the 4th parameter(position 0) before until I tried to add the user.

Here the code:

Code:
def addToPlaylist():
user=open("user.txt", "r")
user.readline()
url=request.query.url
title=request.query.title
image=request.query.image
connect = sqlite3.connect('ytPlaylist_V3.db')
cursor = connect.cursor()
cursor.execute("INSERT INTO videos (url,title,image,position,user) VALUES (?,?,?,?,?)", (url,title,image,0,user))
cursor.execute("UPDATE videos set position=? WHERE id=?", (cursor.lastrowid, cursor.lastrowid))
connect.commit()
cursor.close()
connect.close()
return fetchPlaylist()

Anyone??

drumdogg · 22 Nov 2013 at 15:51

Can you try printing the 'user' variable to standard output and let us know what it is?

In this case it is 'Steven'. It will always be the name of the user that has logged in.

drumdogg · 22 Nov 2013 at 17:49

What sb89 was meaning was to add a print statement to check if the variable is actually what you think it is.
Add the line: "print user" somewhere to see if your 'user' variable is what you expect.

Should have said before, but yes I have printed it out and it is what it should be

drumdogg · 24 Nov 2013 at 18:02

Apologies for keeping this thread going with a different question.

I am now trying the create a drop down menu which the values will come from my SQLite database with an AJAX onChange function.

Firstly im not sure how to set the values of the drop down to come from the database. I know how you would do it in PHP and SQL but not sure about this way.

So im looking to set up a drop down menu in my .tpl file, but how do i query the SQLite database from there??