Answer the question
In order to leave comments, you need to log in
F
F
Foraho2021-03-28 15:19:01
Foraho, 2021-03-28 15:19:01
How to implement authorization in sql in python?
Hello, I want to implement authorization in SQLite 3 for python, but I don’t know how to check if the password belongs to the user, if so, then let it into the system, and if not, then send a message that the password is not correct
import sqlite3
from random import randint
global enter
help = "Command List: /help - Show full list of commands, /new_user - Create new user, /login - Login to user, /casino - Play casino"
global db
global sql
db = sqlite3.connect('data.db')
sql = db.cursor()
sql.execute("""CREATE TABLE IF NOT EXISTS users (
login TEXT,
password TEXT,
birthday_year BEGIN,
birthday_month BEGIN,
user_birthday_day BEGIN,
gender TEXT,
cash BEGIN
)""")
def login():
user_login = input("Enter login: ")
user_password = input("Enter password: ")
sql.execute(f"SELECT login FROM users WHERE login = '{user_login}'")
if sql.fetchone() is None:
print("This user does not exist")
main()
elif sql.execute(f"SELECT login FROM users WHERE login = '{user_login}'") != sql.fetchone() is None:
print('1')
def reg():
user_login = input("Enter login: ")
user_password = input("Enter password: ")
user_birthday_year = int(input("Enter birthday year: "))
user_birthday_month = int(input("Enter birthday month: "))
user_birthday_day = int(input("Enter birthday day: "))
user_gender = input("Enter gender (f-female or m-male): ")
if user_birthday_year > 1897 and user_birthday_year < 2022:
if user_birthday_month > 0 and user_birthday_month < 13:
if user_birthday_day > 0 and user_birthday_day < 32:
if user_gender == 'f' or user_gender == 'm':
abc(user_login, user_password, user_birthday_year, user_birthday_month, user_birthday_day,
user_gender)
else:
print('Carefully check the correctness of the data you entered')
reg()
db.commit()
def main():
print(help)
enter = input("Enter the command: ")
if enter == '/help':
print(help)
elif enter == '/new_user':
reg()
elif enter == '/login':
login
def abc (user_login, user_password,user_birthday_year, user_birthday_month, user_birthday_day, user_gender):
sql.execute(f"SELECT login FROM users WHERE login = '{user_login}'")
if sql.fetchone() is None:
sql.execute(f"INSERT INTO users VALUES (?, ?, ?, ?, ?, ?, ?)", (user_login, user_password, user_birthday_year, user_birthday_month, user_birthday_day, user_gender, 0))
db.commit()
print('You have successfully registered')
main()
else:
print('Such a record already exists')
main()
main() 1 answer(s)
@hottabxp
1) Don't use f-strings!
sqlite3 - DB-API 2.0 interface for SQLite databases
Pay particular attention to:
2) Usually, during registration, the password is hashed and added to the hash database, not the password. Then, during authorization, the password is again hashed and this hash is checked against the hash in the database.
What specifically is not working for you? Check value against value in database?
S
Sergey Karbivnichy, 2021-03-28 @hottabxp
global db???
global sql
1) Don't use f-strings!
sqlite3 - DB-API 2.0 interface for SQLite databases
Pay particular attention to:Usually your SQL operations will need to use values from Python variables. You shouldn't assemble your query using Python's string operations because doing so is insecure; it makes your program vulnerable to an SQL injection attack (see https://xkcd.com/327/ for a humorous example of what can go wrong).
2) Usually, during registration, the password is hashed and added to the hash database, not the password. Then, during authorization, the password is again hashed and this hash is checked against the hash in the database.
What specifically is not working for you? Check value against value in database?
Similar questions
B
D
A
D
V
Didn't find what you were looking for?
Ask your questionAsk a Question
731 491 924 answers to any question