Python login script help

[touch]

Here is an example to try and explain why it works like this:
If you change your SQL query to this ("SELECT name, password, email FROM users WHERE name=? LIMIT 1", (Name,))
Then an example of a returned row would be something like this:

name password email
-------------------
touch pass1 [email protected]

So, when you do result[0], it selects the first row (with all 3 fields in that row).
You could then dig deeper into it to get the single fields out:
result[0][0] = touch
result[0][1] = pass1
result[0][2] = [email protected]

It's a little more confusing in your case where the query returns a single field for each row.
Your results would look like:

password
---------
pass1

So, where you had result[0], it would select the whole row with all the fields in that row (which happens to be just 1 field).
Then when you compare it to a string "password == result[0]" it is false because a string is not the same as a row (even if the row only contains a single value). You need to go into the row and select the actual field value to compare.
So result[0][0] selects the first row, then selects the first value from that row, which is a string and can be compared to the user inputted string.

 

[drumdogg]

Here is an example to try and explain why it works like this:
If you change your SQL query to this ("SELECT name, password, email FROM users WHERE name=? LIMIT 1", (Name,))
Then an example of a returned row would be something like this:

Code:
name password email
-------------------
touch pass1 [email protected]o, when you do result[0], it selects the first row (with all 3 fields in that row).
You could then dig deeper into it to get the single fields out:
result[0][0] = touch
result[0][1] = pass1
result[0][2] = [email protected]

It's a little more confusing in your case where the query returns a single field for each row.
Your results would look like:

Code:
password
---------
pass1So, where you had result[0], it would select the whole row with all the fields in that row (which happens to be just 1 field).
Then when you compare it to a string "password == result[0]" it is false because a string is not the same as a row (even if the row only contains a single value). You need to go into the row and select the actual field value to compare.
So result[0][0] selects the first row, then selects the first value from that row, which is a string and can be compared to the user inputted string.

Thanks for this. I understand it better now with that good explanation

 

[visibleman]

*snip*

Sorry to hijack but is the need for selecting the row and field indexes due to the use of fetchall()?
If it was changed to fetchone(), would you only have to supply a single index (the field), ie - result[0]?


drumdogg - See if your framework (looks like Bottle iirc) supports session management; if not then i'd have a look at using Beaker's (or another framework) session management class.

 

[drumdogg]

drumdogg - See if your framework (looks like Bottle iirc) supports session management; if not then i'd have a look at using Beaker's (or another framework) session management class.

Decided I would try and save the name to text file on submission and read it back when I need it.

So when reading it back to insert into table I get the following error:

Error binding parameter 4 - probably unsupported type

There was never an issue with the 4th parameter(position 0) before until I tried to add the user.

Here the code:

def addToPlaylist():
        user=open("user.txt", "r")
        user.readline()
	url=request.query.url
	title=request.query.title
	image=request.query.image
	connect = sqlite3.connect('ytPlaylist_V3.db')
	cursor = connect.cursor()
	cursor.execute("INSERT INTO videos (url,title,image,position,user) VALUES (?,?,?,?,?)", (url,title,image,0,user))
	cursor.execute("UPDATE videos set position=? WHERE id=?", (cursor.lastrowid, cursor.lastrowid))
	connect.commit()
	cursor.close()
	connect.close()
	return fetchPlaylist()

Any suggestions would be great thanks

 

[touch]

Sorry to hijack but is the need for selecting the row and field indexes due to the use of fetchall()?
If it was changed to fetchone(), would you only have to supply a single index (the field), ie - result[0]?

Yep, I think you're right. Fetchone would work with result [0]

Decided I would try and save the name to text file

You'll need to store some session info as well as the username otherwise when the next person comes along and logs in it will overwrite with the new username.

 

[drumdogg]

You'll need to store some session info as well as the username otherwise when the next person comes along and logs in it will overwrite with the new username.

Yea I know, but for what im doing its fine that it overwrites the values each time.
Im just looking to hold the users name who is logged in and use it to use in a query later.

 

[touch]

You can't reliably store info like that even if it's for very short times. What if 1 user logs in 0.01 seconds after the previous user? The text document is updated with the second username and you won't be able to read back the first username.

 

[drumdogg]

You can't reliably store info like that even if it's for very short times. What if 1 user logs in 0.01 seconds after the previous user? The text document is updated with the second username and you won't be able to read back the first username.

I know it not practical but there will only be one user logged in at one time.

 

[drumdogg]

Error binding parameter 4 - probably unsupported type

There was never an issue with the 4th parameter(position 0) before until I tried to add the user.

Here the code:

Code:
def addToPlaylist():
user=open("user.txt", "r")
user.readline()
url=request.query.url
title=request.query.title
image=request.query.image
connect = sqlite3.connect('ytPlaylist_V3.db')
cursor = connect.cursor()
cursor.execute("INSERT INTO videos (url,title,image,position,user) VALUES (?,?,?,?,?)", (url,title,image,0,user))
cursor.execute("UPDATE videos set position=? WHERE id=?", (cursor.lastrowid, cursor.lastrowid))
connect.commit()
cursor.close()
connect.close()
return fetchPlaylist()

Anyone??

 

[sb89]

Can you try printing the 'user' variable to standard output and let us know what it is?

 

[drumdogg]

Can you try printing the 'user' variable to standard output and let us know what it is?

In this case it is 'Steven'. It will always be the name of the user that has logged in.

 

[visibleman]

Looks like the user variable is assigned a file pointer rather than the contents of the first line in the file.

So i suspect you need to do something like -

user_file=open("user.txt", "r")
user=user_file.readline()

Also make sure you have some sort of 'garbage collection' on your 'session' management so it times out the 'session'; or alternatively use global variables. But personally, these are both a little bodgy and i would really recommend using a decent session management class - even Bottle recommend using Beaker's session class http://bottlepy.org/docs/dev/recipes.html.


And on another note and from a security POV, you really need to be doing some sanitising/checks on form data.

 

[touch]

In this case it is 'Steven'. It will always be the name of the user that has logged in.

This is what you want it to be, not what it actually is. Checking that each of your variables are what you expect them to be is the first step in debugging your code.

What sb89 was meaning was to add a print statement to check if the variable is actually what you think it is.
Add the line: "print user" somewhere to see if your 'user' variable is what you expect.

 

[drumdogg]

What sb89 was meaning was to add a print statement to check if the variable is actually what you think it is.
Add the line: "print user" somewhere to see if your 'user' variable is what you expect.

Should have said before, but yes I have printed it out and it is what it should be

 

[drumdogg]

Apologies for keeping this thread going with a different question.

I am now trying the create a drop down menu which the values will come from my SQLite database with an AJAX onChange function.

Firstly im not sure how to set the values of the drop down to come from the database. I know how you would do it in PHP and SQL but not sure about this way.

So im looking to set up a drop down menu in my .tpl file, but how do i query the SQLite database from there??