Re: Working on a log in script to my webpage
Pete. wrote: Hi all. Unfortunaly it looks like I dont have to skill to make a secure log in, cant figure out how the code has to look like, so guess my webpage has to live with a security issue. Thanks for the effort you put into teaching me the use of cookies. I've written a library called 'login_tools' that does login/user management for CGI scripts. It doesn't use a database to store logins though. You can fins it at (with online example) : http://www.voidspace.org.uk/python/logintools.html If you want any help setting it up or working with it then feel free to email me about it. It's possible to plug it in to existing CGI scripts with literally two lines of code Regards, Fuzzy http://www.voidspace.org.uk/python/index.shtml Best wishes Pete Pete. [EMAIL PROTECTED] wrote in message news:[EMAIL PROTECTED] Thanks. But I would really like to do this from scratch, so that I can learn it, I dont think I need that much more, before it works. I found an example with asp, where the save the session if the password is correct. It isnt that long a code, so was wondering if it isnt possible to make something like that in python. Cause when this code is applied to the loginform, CODE2 will only have to be applied to every following page and everything is good. code is from: http://tutorialized.com/tutorial/Creating-a-Members-Area-in-ASP/2234 CODE1 Set objRS = objConn.Execute (strSQL) '// see if there are any records returned If objRS.EOF Then 'no username found strError = - Invalid username or passwordbr vbNewLine Else 'check password If objRS(password)=Request.Form(password) Then 'username/password valid 'save session data Session(loggedin) = True Session(userid) = objRS(id) 'redirect to members area Response.Redirect (default.asp) Response.End Else 'invalid password strError = - Invalid username or passwordbr vbNewLine CODE2% If Session(loggedin) True Then Response.Redirect login.asp % html head titleMembers Area/title /head body h1Members Area/h1 pWelcome to our members area!/p/body /html In my code I have allready tested if the username and password is correct, so I just need to do the cookie thing :D Thanks all, hope all my questions dosnt make you tired, I just really wanna figure this out, and I am doing this as a little hobby of mine, so I dont have anyone else to ask, hope that is okay... Kent Johnson [EMAIL PROTECTED] wrote in message news:[EMAIL PROTECTED] Pete. wrote: Hi all I am working on a log in script for my webpage. I have the username and the password stored in a PostgreSQL database. You might want to look at Snakelets and CherryPy. Snakelets is a very simple-to-use Python web application server. One of the features is Easy user authentication and user login handling. http://snakelets.sourceforge.net/ CherryPy is a pythonic, object-oriented web development framework that seems to be popular. A recipe for password-protected pages in CherryPy is here: http://www.cherrypy.org/wiki/PasswordProtectedPages Kent -- http://mail.python.org/mailman/listinfo/python-list
Re: Working on a log in script to my webpage
Hi all. Unfortunaly it looks like I dont have to skill to make a secure log in, cant figure out how the code has to look like, so guess my webpage has to live with a security issue. Thanks for the effort you put into teaching me the use of cookies. Best wishes Pete Pete. [EMAIL PROTECTED] wrote in message news:[EMAIL PROTECTED] Thanks. But I would really like to do this from scratch, so that I can learn it, I dont think I need that much more, before it works. I found an example with asp, where the save the session if the password is correct. It isnt that long a code, so was wondering if it isnt possible to make something like that in python. Cause when this code is applied to the loginform, CODE2 will only have to be applied to every following page and everything is good. code is from: http://tutorialized.com/tutorial/Creating-a-Members-Area-in-ASP/2234 CODE1 Set objRS = objConn.Execute (strSQL) '// see if there are any records returned If objRS.EOF Then 'no username found strError = - Invalid username or passwordbr vbNewLine Else 'check password If objRS(password)=Request.Form(password) Then 'username/password valid 'save session data Session(loggedin) = True Session(userid) = objRS(id) 'redirect to members area Response.Redirect (default.asp) Response.End Else 'invalid password strError = - Invalid username or passwordbr vbNewLine CODE2% If Session(loggedin) True Then Response.Redirect login.asp % html head titleMembers Area/title /head body h1Members Area/h1 pWelcome to our members area!/p/body /html In my code I have allready tested if the username and password is correct, so I just need to do the cookie thing :D Thanks all, hope all my questions dosnt make you tired, I just really wanna figure this out, and I am doing this as a little hobby of mine, so I dont have anyone else to ask, hope that is okay... Kent Johnson [EMAIL PROTECTED] wrote in message news:[EMAIL PROTECTED] Pete. wrote: Hi all I am working on a log in script for my webpage. I have the username and the password stored in a PostgreSQL database. You might want to look at Snakelets and CherryPy. Snakelets is a very simple-to-use Python web application server. One of the features is Easy user authentication and user login handling. http://snakelets.sourceforge.net/ CherryPy is a pythonic, object-oriented web development framework that seems to be popular. A recipe for password-protected pages in CherryPy is here: http://www.cherrypy.org/wiki/PasswordProtectedPages Kent -- http://mail.python.org/mailman/listinfo/python-list
Re: Working on a log in script to my webpage
Pete: Don;t give up, load Webware or similar and use that! regards Steve Pete. wrote: Hi all. Unfortunaly it looks like I dont have to skill to make a secure log in, cant figure out how the code has to look like, so guess my webpage has to live with a security issue. Thanks for the effort you put into teaching me the use of cookies. Best wishes Pete Pete. [EMAIL PROTECTED] wrote in message news:[EMAIL PROTECTED] Thanks. But I would really like to do this from scratch, so that I can learn it, I dont think I need that much more, before it works. I found an example with asp, where the save the session if the password is correct. It isnt that long a code, so was wondering if it isnt possible to make something like that in python. Cause when this code is applied to the loginform, CODE2 will only have to be applied to every following page and everything is good. code is from: http://tutorialized.com/tutorial/Creating-a-Members-Area-in-ASP/2234 CODE1 Set objRS = objConn.Execute (strSQL) '// see if there are any records returned If objRS.EOF Then 'no username found strError = - Invalid username or passwordbr vbNewLine Else 'check password If objRS(password)=Request.Form(password) Then 'username/password valid 'save session data Session(loggedin) = True Session(userid) = objRS(id) 'redirect to members area Response.Redirect (default.asp) Response.End Else 'invalid password strError = - Invalid username or passwordbr vbNewLine CODE2% If Session(loggedin) True Then Response.Redirect login.asp % html head titleMembers Area/title /head body h1Members Area/h1 pWelcome to our members area!/p/body /html In my code I have allready tested if the username and password is correct, so I just need to do the cookie thing :D Thanks all, hope all my questions dosnt make you tired, I just really wanna figure this out, and I am doing this as a little hobby of mine, so I dont have anyone else to ask, hope that is okay... Kent Johnson [EMAIL PROTECTED] wrote in message news:[EMAIL PROTECTED] Pete. wrote: Hi all I am working on a log in script for my webpage. I have the username and the password stored in a PostgreSQL database. You might want to look at Snakelets and CherryPy. Snakelets is a very simple-to-use Python web application server. One of the features is Easy user authentication and user login handling. http://snakelets.sourceforge.net/ CherryPy is a pythonic, object-oriented web development framework that seems to be popular. A recipe for password-protected pages in CherryPy is here: http://www.cherrypy.org/wiki/PasswordProtectedPages Kent -- http://mail.python.org/mailman/listinfo/python-list
Re: Working on a log in script to my webpage
Pete, What web server are you using? Take a look at Apache and use digest authentication. The password is not sent in clear text and it's fairly easy to setup. Plus you won't have to do anything in your web pages. Once you setup digest authentication on the web server for the specified directories, the user will be prompted by their browser for the user / pswd and as long as the directories they access are using the same authentication the user will not be prompted again until they close their session. It's pretty easy to setup. Joe Pete. [EMAIL PROTECTED] wrote in message news:[EMAIL PROTECTED] Hi all. Unfortunaly it looks like I dont have to skill to make a secure log in, cant figure out how the code has to look like, so guess my webpage has to live with a security issue. Thanks for the effort you put into teaching me the use of cookies. Best wishes Pete Pete. [EMAIL PROTECTED] wrote in message news:[EMAIL PROTECTED] Thanks. But I would really like to do this from scratch, so that I can learn it, I dont think I need that much more, before it works. I found an example with asp, where the save the session if the password is correct. It isnt that long a code, so was wondering if it isnt possible to make something like that in python. Cause when this code is applied to the loginform, CODE2 will only have to be applied to every following page and everything is good. code is from: http://tutorialized.com/tutorial/Creating-a-Members-Area-in-ASP/2234 CODE1 Set objRS = objConn.Execute (strSQL) '// see if there are any records returned If objRS.EOF Then 'no username found strError = - Invalid username or passwordbr vbNewLine Else 'check password If objRS(password)=Request.Form(password) Then 'username/password valid 'save session data Session(loggedin) = True Session(userid) = objRS(id) 'redirect to members area Response.Redirect (default.asp) Response.End Else 'invalid password strError = - Invalid username or passwordbr vbNewLine CODE2% If Session(loggedin) True Then Response.Redirect login.asp % html head titleMembers Area/title /head body h1Members Area/h1 pWelcome to our members area!/p/body /html In my code I have allready tested if the username and password is correct, so I just need to do the cookie thing :D Thanks all, hope all my questions dosnt make you tired, I just really wanna figure this out, and I am doing this as a little hobby of mine, so I dont have anyone else to ask, hope that is okay... Kent Johnson [EMAIL PROTECTED] wrote in message news:[EMAIL PROTECTED] Pete. wrote: Hi all I am working on a log in script for my webpage. I have the username and the password stored in a PostgreSQL database. You might want to look at Snakelets and CherryPy. Snakelets is a very simple-to-use Python web application server. One of the features is Easy user authentication and user login handling. http://snakelets.sourceforge.net/ CherryPy is a pythonic, object-oriented web development framework that seems to be popular. A recipe for password-protected pages in CherryPy is here: http://www.cherrypy.org/wiki/PasswordProtectedPages Kent -- http://mail.python.org/mailman/listinfo/python-list
Re: Working on a log in script to my webpage
Hi again. This question might sound a bit strange, but here I go anyway. I found a tutorial on how to make member areas with ASP. ( It looked very complicated the info I found about making and using cookies to store session ID's with python) Can I use python code and SQL statements in ASP. The example only shows how to log in to a member area if the password is written in the asp code ( I mean the program dosnt connect to a my postgresql database to see if the username/password are correct. I was thinking if I can use some of the code from the tutorial and put my own python code in, I will have solved my problem. I dont know that much about asp but I also found a tutorial on that, which in going to read.. Thanks for your time. The members area tutorial can be found here. http://www.theukwebdesigncompany.com/article.php?id=392 bruce [EMAIL PROTECTED] wrote in message news:[EMAIL PROTECTED] pete... simply use google and search for php scripts login user authentication mysql session etc... these terms will give you lots of examples... you could also look at some of the bulletin board/forum apps that are open source to se what they use. or, you could also look through the code for some of the php content management apps... of course, there are also the open source ecommerce solutions. all of these types of apps have functionality to deal with the user login/registration issues... -regards,,, -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Pete. Sent: Tuesday, March 08, 2005 6:26 PM To: python-list@python.org Subject: Re: Working on a log in script to my webpage The 2 scripts I made is actually working the way they where meant to. So im kindda happy :) The problem is, that I didnt think about the problem: as Steve wrote: There are other matters of concern, however, the most pressing of which is: How am I going to stop user from navigating directly to page1? Maybee I can find some premade feature, that prevents users to go to page1 without logging in. Any ideas as to where I can find some information about this. Nice that you all take time to help a newbie, so thanks to the helpfull people :) hi... regarding the issue of creating a login (user/passwd) script... there are numerous example scripts/apps written that use php/mysql... i suggest that you take a look at a few and then incoporate the features that you want into your script. from your questions, it seems like this approach will give you a better/faster solution to your problem. -regards -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Steve Holden Sent: Tuesday, March 08, 2005 4:02 PM To: python-list@python.org Subject: Re: Working on a log in script to my webpage Pete. wrote: Hi all I am working on a log in script for my webpage. I have the username and the password stored in a PostgreSQL database. The first I do is I make a html form, where the user can type in his username and code, when this is done I want to run the script(testifcodeisokay) that verifies that the code and username are the right ones ( that means if they match the particular entered username and password) If they are then I want to load page1 if they are not I want to load the loginpage again. Login page: print '''form action=testifcodeisokay.py'br pUsername:br INPUT type=text NAME=username pCode:br INPUT type=text NAME=code/p''' print '''pinput type=submit value='Submit'/p/form''' print '''/body /html''' This works. Here I store the entered text in the variables username and code I then get the entered value by testifcodeisokay script connect = PgSQL.connect(user=user, password=password, host=host, database=databse) cur = connect.cursor() form = cgi.FieldStorage() username = form[username].value code= form[code].value I then want to test if they match the ones in the database insert_command = SELECT username, code FROM codetable WHERE codetable.username = '%s' AND codetable.code = '%s' %(username, code) cur.execute(insert_command) This is an amazingly bad choice of variable name, since the command doesn't actually insert anything into the database! I should then have found where the entered username,code (on the login page) is the same as those in the database. But now I am stuck. Does any know how I can then do something like: If the codes from the loginpage matches the users codes in the db Then the user should be taken to page1 IF the codes arnt correct the login page should load again. The program dosnt need to remember who the user is, after the user has been loggen in, it is only used to log the user in. Thanks for your time.. The Python you want is almost certainly something like if len(curs.fetchall()) == 1: # username/password was found in db although unless your database is guarantees to contain only one
Re: Working on a log in script to my webpage
I better mention, that I rather make it all in python and html (found out that python somehow works with asp) I know that what I have to do is the following: 1) When the user logs in, I have to store a session ID in a cookie 2) When page1 is loaded(upon correctly entered username/password) the cookie has to be sent to page 1 and on page one there should be a tjeck to see if the cookies has the right values. 3) everytime a page is loaded, there has to be a tjeck, to see if the cookies has the right value, if not the page shouldt be loaded, and the user should be redirected back to login page. It does sound very easy to make: Create a store-holder(cookies), create a session ID upon log in, tjeck if it is the right sessionID in the cookies everytime a page is loaded, if not redirect back to log in page. But eventhough it sounds easy, I cant quite get the hold of if.. I tried googling, but didnt really find anything, that helpfull... Any more advice... Once again thanks for your time Sincerly Pete Pete. [EMAIL PROTECTED] wrote in message news:[EMAIL PROTECTED] Hi again. This question might sound a bit strange, but here I go anyway. I found a tutorial on how to make member areas with ASP. ( It looked very complicated the info I found about making and using cookies to store session ID's with python) Can I use python code and SQL statements in ASP. The example only shows how to log in to a member area if the password is written in the asp code ( I mean the program dosnt connect to a my postgresql database to see if the username/password are correct. I was thinking if I can use some of the code from the tutorial and put my own python code in, I will have solved my problem. I dont know that much about asp but I also found a tutorial on that, which in going to read.. Thanks for your time. The members area tutorial can be found here. http://www.theukwebdesigncompany.com/article.php?id=392 bruce [EMAIL PROTECTED] wrote in message news:[EMAIL PROTECTED] pete... simply use google and search for php scripts login user authentication mysql session etc... these terms will give you lots of examples... you could also look at some of the bulletin board/forum apps that are open source to se what they use. or, you could also look through the code for some of the php content management apps... of course, there are also the open source ecommerce solutions. all of these types of apps have functionality to deal with the user login/registration issues... -regards,,, -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Pete. Sent: Tuesday, March 08, 2005 6:26 PM To: python-list@python.org Subject: Re: Working on a log in script to my webpage The 2 scripts I made is actually working the way they where meant to. So im kindda happy :) The problem is, that I didnt think about the problem: as Steve wrote: There are other matters of concern, however, the most pressing of which is: How am I going to stop user from navigating directly to page1? Maybee I can find some premade feature, that prevents users to go to page1 without logging in. Any ideas as to where I can find some information about this. Nice that you all take time to help a newbie, so thanks to the helpfull people :) hi... regarding the issue of creating a login (user/passwd) script... there are numerous example scripts/apps written that use php/mysql... i suggest that you take a look at a few and then incoporate the features that you want into your script. from your questions, it seems like this approach will give you a better/faster solution to your problem. -regards -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Steve Holden Sent: Tuesday, March 08, 2005 4:02 PM To: python-list@python.org Subject: Re: Working on a log in script to my webpage Pete. wrote: Hi all I am working on a log in script for my webpage. I have the username and the password stored in a PostgreSQL database. The first I do is I make a html form, where the user can type in his username and code, when this is done I want to run the script(testifcodeisokay) that verifies that the code and username are the right ones ( that means if they match the particular entered username and password) If they are then I want to load page1 if they are not I want to load the loginpage again. Login page: print '''form action=testifcodeisokay.py'br pUsername:br INPUT type=text NAME=username pCode:br INPUT type=text NAME=code/p''' print '''pinput type=submit value='Submit'/p/form''' print '''/body /html''' This works. Here I store the entered text in the variables username and code I then get the entered value by testifcodeisokay script connect = PgSQL.connect(user=user, password=password, host=host, database=databse) cur = connect.cursor() form =
Re: Working on a log in script to my webpage
Pete. wrote: Hi all I am working on a log in script for my webpage. I have the username and the password stored in a PostgreSQL database. You might want to look at Snakelets and CherryPy. Snakelets is a very simple-to-use Python web application server. One of the features is Easy user authentication and user login handling. http://snakelets.sourceforge.net/ CherryPy is a pythonic, object-oriented web development framework that seems to be popular. A recipe for password-protected pages in CherryPy is here: http://www.cherrypy.org/wiki/PasswordProtectedPages Kent -- http://mail.python.org/mailman/listinfo/python-list
Re: Working on a log in script to my webpage
Thanks. But I would really like to do this from scratch, so that I can learn it, I dont think I need that much more, before it works. I found an example with asp, where the save the session if the password is correct. It isnt that long a code, so was wondering if it isnt possible to make something like that in python. Cause when this code is applied to the loginform, CODE2 will only have to be applied to every following page and everything is good. code is from: http://tutorialized.com/tutorial/Creating-a-Members-Area-in-ASP/2234 CODE1 Set objRS = objConn.Execute (strSQL) '// see if there are any records returned If objRS.EOF Then 'no username found strError = - Invalid username or passwordbr vbNewLine Else 'check password If objRS(password)=Request.Form(password) Then 'username/password valid 'save session data Session(loggedin) = True Session(userid) = objRS(id) 'redirect to members area Response.Redirect (default.asp) Response.End Else 'invalid password strError = - Invalid username or passwordbr vbNewLine CODE2% If Session(loggedin) True Then Response.Redirect login.asp % html head titleMembers Area/title /head body h1Members Area/h1 pWelcome to our members area!/p/body /html In my code I have allready tested if the username and password is correct, so I just need to do the cookie thing :D Thanks all, hope all my questions dosnt make you tired, I just really wanna figure this out, and I am doing this as a little hobby of mine, so I dont have anyone else to ask, hope that is okay... Kent Johnson [EMAIL PROTECTED] wrote in message news:[EMAIL PROTECTED] Pete. wrote: Hi all I am working on a log in script for my webpage. I have the username and the password stored in a PostgreSQL database. You might want to look at Snakelets and CherryPy. Snakelets is a very simple-to-use Python web application server. One of the features is Easy user authentication and user login handling. http://snakelets.sourceforge.net/ CherryPy is a pythonic, object-oriented web development framework that seems to be popular. A recipe for password-protected pages in CherryPy is here: http://www.cherrypy.org/wiki/PasswordProtectedPages Kent -- http://mail.python.org/mailman/listinfo/python-list
Re: Working on a log in script to my webpage
Pete. wrote: I better mention, that I rather make it all in python and html (found out that python somehow works with asp) I know that what I have to do is the following: 1) When the user logs in, I have to store a session ID in a cookie In actual fact it's best not to wait until the user logs in: every request that comes in for the service should be examined for the cookie (which the browser will always return once it's received it). If there's no cookie then the server should include one in its response. That way, each session is identified by a unique cookie value, which can be used (among other things) to locate any state that's associated with the sessions (such as a who is this user variable). 2) When page1 is loaded(upon correctly entered username/password) the cookie has to be sent to page 1 and on page one there should be a tjeck to see if the cookies has the right values. Not quite: the cookie (retained on the client and sent to the server with each request) just identifies the session, and the session state storage (maintained on the server, one per active session) holds the information about the session like whether the user has logged in, what's in their shopping cart, and so on. Each page (or, if you are using an application framework like Webware, the framework) can examine state memory to determine whether the conditions for access have been met, and redirect to an error page if not. For this purpose ASP maintained a Session object for each session's state memory. 3) everytime a page is loaded, there has to be a tjeck, to see if the cookies has the right value, if not the page shouldt be loaded, and the user should be redirected back to login page. Almost, see above. It does sound very easy to make: Create a store-holder(cookies), create a session ID upon log in, tjeck if it is the right sessionID in the cookies everytime a page is loaded, if not redirect back to log in page. But eventhough it sounds easy, I cant quite get the hold of if.. I tried googling, but didnt really find anything, that helpfull... It's true that there isn't actually much on the web that explains sessions with specific reference to Python. I can, however, after quite a lot of searching, thoroughly recommend http://webapparch.sourceforge.net/ for an overview of what happens in a session-oriented web service. I would suggest you start with Section 8, and then read the whole thing, or at least all parts that interest you. Any more advice... Of course usually some mechanism supported by the specific server in use is involved. http://aspn.activestate.com/ASPN/Cookbook/Python/Recipe/65110 does show how to generate session IDs, but then you have to deliver them as cookies (of course, for security reasons you don't want session IDs to be easily guessed, as this would allow someone to hijack an existing session by impersonating a browser holding the right cookie value). If you are prepared to read a bit of PHP (sorry ...) then http://www.phpbuilder.com/columns/paul20020729.php3 explains the details of session maintenance sufficiently clearly that you would get a good idea of how to implement the same ideas in Python. Once again thanks for your time Sincerly Pete [...] You're welcome. regards Steve -- http://mail.python.org/mailman/listinfo/python-list
Working on a log in script to my webpage
Hi all I am working on a log in script for my webpage. I have the username and the password stored in a PostgreSQL database. The first I do is I make a html form, where the user can type in his username and code, when this is done I want to run the script(testifcodeisokay) that verifies that the code and username are the right ones ( that means if they match the particular entered username and password) If they are then I want to load page1 if they are not I want to load the loginpage again. Login page: print '''form action=testifcodeisokay.py'br pUsername:br INPUT type=text NAME=username pCode:br INPUT type=text NAME=code/p''' print '''pinput type=submit value='Submit'/p/form''' print '''/body /html''' This works. Here I store the entered text in the variables username and code I then get the entered value by testifcodeisokay script connect = PgSQL.connect(user=user, password=password, host=host, database=databse) cur = connect.cursor() form = cgi.FieldStorage() username = form[username].value code= form[code].value I then want to test if they match the ones in the database insert_command = SELECT username, code FROM codetable WHERE codetable.username = '%s' AND codetable.code = '%s' %(username, code) cur.execute(insert_command) I should then have found where the entered username,code (on the login page) is the same as those in the database. But now I am stuck. Does any know how I can then do something like: If the codes from the loginpage matches the users codes in the db Then the user should be taken to page1 IF the codes arnt correct the login page should load again. The program dosnt need to remember who the user is, after the user has been loggen in, it is only used to log the user in. Thanks for your time.. -- http://mail.python.org/mailman/listinfo/python-list
Re: Working on a log in script to my webpage
Pete. wrote: Hi all I am working on a log in script for my webpage. I have the username and the password stored in a PostgreSQL database. The first I do is I make a html form, where the user can type in his username and code, when this is done I want to run the script(testifcodeisokay) that verifies that the code and username are the right ones ( that means if they match the particular entered username and password) If they are then I want to load page1 if they are not I want to load the loginpage again. Login page: print '''form action=testifcodeisokay.py'br pUsername:br INPUT type=text NAME=username pCode:br INPUT type=text NAME=code/p''' print '''pinput type=submit value='Submit'/p/form''' print '''/body /html''' This works. Here I store the entered text in the variables username and code I then get the entered value by testifcodeisokay script connect = PgSQL.connect(user=user, password=password, host=host, database=databse) cur = connect.cursor() form = cgi.FieldStorage() username = form[username].value code= form[code].value I then want to test if they match the ones in the database insert_command = SELECT username, code FROM codetable WHERE codetable.username = '%s' AND codetable.code = '%s' %(username, code) cur.execute(insert_command) This is an amazingly bad choice of variable name, since the command doesn't actually insert anything into the database! I should then have found where the entered username,code (on the login page) is the same as those in the database. But now I am stuck. Does any know how I can then do something like: If the codes from the loginpage matches the users codes in the db Then the user should be taken to page1 IF the codes arnt correct the login page should load again. The program dosnt need to remember who the user is, after the user has been loggen in, it is only used to log the user in. Thanks for your time.. The Python you want is almost certainly something like if len(curs.fetchall()) == 1: # username/password was found in db although unless your database is guarantees to contain only one of each combination it might be better to test if len(curs.fetchall()) != 0: # username/password was found in db There are other matters of concern, however, the most pressing of which is: How am I going to stop user from navigating directly to page1? Answering this question will involve learning about HTTP session state and writing web applications. I could write a book on that subject :-) regards Steve -- http://mail.python.org/mailman/listinfo/python-list
Re: Working on a log in script to my webpage
How am I going to stop user from navigating directly to page1? Answering this question will involve learning about HTTP session state and writing web applications. I could write a book on that subject :-) regards Steve Thanks Steve And yes I havnt thought about that, guess I have to figure something else out. -- http://mail.python.org/mailman/listinfo/python-list
RE: Working on a log in script to my webpage
pete... simply use google and search for php scripts login user authentication mysql session etc... these terms will give you lots of examples... you could also look at some of the bulletin board/forum apps that are open source to se what they use. or, you could also look through the code for some of the php content management apps... of course, there are also the open source ecommerce solutions. all of these types of apps have functionality to deal with the user login/registration issues... -regards,,, -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Pete. Sent: Tuesday, March 08, 2005 6:26 PM To: python-list@python.org Subject: Re: Working on a log in script to my webpage The 2 scripts I made is actually working the way they where meant to. So im kindda happy :) The problem is, that I didnt think about the problem: as Steve wrote: There are other matters of concern, however, the most pressing of which is: How am I going to stop user from navigating directly to page1? Maybee I can find some premade feature, that prevents users to go to page1 without logging in. Any ideas as to where I can find some information about this. Nice that you all take time to help a newbie, so thanks to the helpfull people :) hi... regarding the issue of creating a login (user/passwd) script... there are numerous example scripts/apps written that use php/mysql... i suggest that you take a look at a few and then incoporate the features that you want into your script. from your questions, it seems like this approach will give you a better/faster solution to your problem. -regards -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Steve Holden Sent: Tuesday, March 08, 2005 4:02 PM To: python-list@python.org Subject: Re: Working on a log in script to my webpage Pete. wrote: Hi all I am working on a log in script for my webpage. I have the username and the password stored in a PostgreSQL database. The first I do is I make a html form, where the user can type in his username and code, when this is done I want to run the script(testifcodeisokay) that verifies that the code and username are the right ones ( that means if they match the particular entered username and password) If they are then I want to load page1 if they are not I want to load the loginpage again. Login page: print '''form action=testifcodeisokay.py'br pUsername:br INPUT type=text NAME=username pCode:br INPUT type=text NAME=code/p''' print '''pinput type=submit value='Submit'/p/form''' print '''/body /html''' This works. Here I store the entered text in the variables username and code I then get the entered value by testifcodeisokay script connect = PgSQL.connect(user=user, password=password, host=host, database=databse) cur = connect.cursor() form = cgi.FieldStorage() username = form[username].value code= form[code].value I then want to test if they match the ones in the database insert_command = SELECT username, code FROM codetable WHERE codetable.username = '%s' AND codetable.code = '%s' %(username, code) cur.execute(insert_command) This is an amazingly bad choice of variable name, since the command doesn't actually insert anything into the database! I should then have found where the entered username,code (on the login page) is the same as those in the database. But now I am stuck. Does any know how I can then do something like: If the codes from the loginpage matches the users codes in the db Then the user should be taken to page1 IF the codes arnt correct the login page should load again. The program dosnt need to remember who the user is, after the user has been loggen in, it is only used to log the user in. Thanks for your time.. The Python you want is almost certainly something like if len(curs.fetchall()) == 1: # username/password was found in db although unless your database is guarantees to contain only one of each combination it might be better to test if len(curs.fetchall()) != 0: # username/password was found in db There are other matters of concern, however, the most pressing of which is: How am I going to stop user from navigating directly to page1? Answering this question will involve learning about HTTP session state and writing web applications. I could write a book on that subject :-) regards Steve -- http://mail.python.org/mailman/listinfo/python-list -- http://mail.python.org/mailman/listinfo/python-list -- http://mail.python.org/mailman/listinfo/python-list
Re: Working on a log in script to my webpage
The 2 scripts I made is actually working the way they where meant to. So im kindda happy :) The problem is, that I didnt think about the problem: as Steve wrote: There are other matters of concern, however, the most pressing of which is: How am I going to stop user from navigating directly to page1? Maybee I can find some premade feature, that prevents users to go to page1 without logging in. Any ideas as to where I can find some information about this. Nice that you all take time to help a newbie, so thanks to the helpfull people :) hi... regarding the issue of creating a login (user/passwd) script... there are numerous example scripts/apps written that use php/mysql... i suggest that you take a look at a few and then incoporate the features that you want into your script. from your questions, it seems like this approach will give you a better/faster solution to your problem. -regards -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Steve Holden Sent: Tuesday, March 08, 2005 4:02 PM To: python-list@python.org Subject: Re: Working on a log in script to my webpage Pete. wrote: Hi all I am working on a log in script for my webpage. I have the username and the password stored in a PostgreSQL database. The first I do is I make a html form, where the user can type in his username and code, when this is done I want to run the script(testifcodeisokay) that verifies that the code and username are the right ones ( that means if they match the particular entered username and password) If they are then I want to load page1 if they are not I want to load the loginpage again. Login page: print '''form action=testifcodeisokay.py'br pUsername:br INPUT type=text NAME=username pCode:br INPUT type=text NAME=code/p''' print '''pinput type=submit value='Submit'/p/form''' print '''/body /html''' This works. Here I store the entered text in the variables username and code I then get the entered value by testifcodeisokay script connect = PgSQL.connect(user=user, password=password, host=host, database=databse) cur = connect.cursor() form = cgi.FieldStorage() username = form[username].value code= form[code].value I then want to test if they match the ones in the database insert_command = SELECT username, code FROM codetable WHERE codetable.username = '%s' AND codetable.code = '%s' %(username, code) cur.execute(insert_command) This is an amazingly bad choice of variable name, since the command doesn't actually insert anything into the database! I should then have found where the entered username,code (on the login page) is the same as those in the database. But now I am stuck. Does any know how I can then do something like: If the codes from the loginpage matches the users codes in the db Then the user should be taken to page1 IF the codes arnt correct the login page should load again. The program dosnt need to remember who the user is, after the user has been loggen in, it is only used to log the user in. Thanks for your time.. The Python you want is almost certainly something like if len(curs.fetchall()) == 1: # username/password was found in db although unless your database is guarantees to contain only one of each combination it might be better to test if len(curs.fetchall()) != 0: # username/password was found in db There are other matters of concern, however, the most pressing of which is: How am I going to stop user from navigating directly to page1? Answering this question will involve learning about HTTP session state and writing web applications. I could write a book on that subject :-) regards Steve -- http://mail.python.org/mailman/listinfo/python-list -- http://mail.python.org/mailman/listinfo/python-list
