|
|||||||||
|
|||||||||
| |||||||||
|
|||||||||
|
|||||||||
| |||||||||
|
|
|
| |||||||||
 |
|
|
«
Previous Thread
|
Next Thread
»
|
Thread Tools | Search this Thread | Rate Thread | Display Modes |
Dev Shed Forums Sponsor:
|
|
Get inside! Sample the range of functionality easily built with JMSL Library for Time Series Data Analysis, Heat Maps, Portfolio Optimization, Monte Carlo Simulation, Stock Price Charting and more. Download Now! |
|
#1
September 20th, 2003, 11:15 PM
|
|||
|
|||
|
noob CGI scripting question
Hello, everyone. I am a newbie to Python, and I'm trying to create a login page for users of a CGI/MySQL-based web application.
Basically, I have made a login screen that accepts a username and password. Python goes through all screen names and passwords in my database and checks to see if the entered username/password combo works anywhere. If so, It's supposed to link to a config page for the user, where the user who signed in gets to edit his account configuration, which will be controlled by config.py. MY problem is that I can't figure out a way to show config.py which user is logged in. I would think that there's some easy way to let my login.py communicate this information to config.py automatically, but I don't see how to do this. Here's my script for login.py, which gets its data from the form on login.html: Code:
#!C:/Python23/python.exe
import cgi
import MySQLdb
print "Content-Type: text/html"
print
form = cgi.FieldStorage()
db = MySQLdb.connect(host="localhost", user="root", passwd="", db="assignments")
cursor = db.cursor()
cursor.execute("SELECT * FROM users")
verify = cursor.fetchall()
for record in verify:
if form["username"].value == record[0]:
if form["password"].value == record[2]:
what shall I do?
else:
print """Your password for the given user name is incorrect.
Please verify that you typed in the correct username and password.
If you have not signed up, please go back to the login page and sign up."""
|
|
#2
September 21st, 2003, 06:08 AM
|
||||
|
||||
|
There's a number of ways to pass data from one page to another, the simplest being by - in this case, passing the username - data as part of the pathstring.. Take a look at this thread for more info on this..
http://forums.devshed.com/t81768/s.html Note: possibly not the best idea with usernames and passwords! Alternativly you can set a cookie and read the username from that.. You could use hidden form fields on post data from one to another, but this really depends on a form based design (and definatly isnt my fav') I'll send you a login script i created for a site a little latter so u can see how that work's  Take care. Mark.
|
|
#5
September 21st, 2003, 08:09 PM
|
||||
|
||||
|
sweet, i'm glad i could help. If you need anything else in future don't hesitate to ask, always willing to help if i can
have fun, Mark.
|
|
#6
September 22nd, 2003, 09:27 AM
|
|||
|
|||
|
just curious... isn't it generally a bad idea to use pathstring (GET) for login... because the user's username and password are available for viewing?
of course, the user already knows their own username/password, but there's no telling if there's someone looking over the user's shoulder etc... that's pretty rare though, but nowadays there are a lot of shady people haha... oh, and one more thing... i'd like to ask: how are you storing the login data? I'm working on a web cataloging project right now that will eventually have to include administrative logins and so i figured i'd just store it all in a pickled dictionary, with the username as a key and the password as the corresponding value, but i'm not sure how secure that is... have a good day -Calvin
|
|
#7
September 22nd, 2003, 09:49 AM
|
||||
|
||||
|
i mentioned that already, cookies are allot better choice but hey.. i'm sure there are a few methods of making this more secure i.e. encryption etc. In the example above the login data is being stored in MySQL , possibly overkill but if you have it might as well use it!Mark.
|
|
#9
September 22nd, 2003, 03:46 PM
|
||||
|
||||
|
Yes there are known issues regarding cookies, as you mentioned you can turn them off, and some browsers will handle cookies a little differntly anyway..
Unfortunatly this is just one of those things that isn't easily avoided . You could try and implement some kind of simple session but i wouldn't like to try it myselfI have been planning to write a session module but i cant imagin i'll get that one finished very soon . Cookies are just the best/easiest thing right now IMO Mark.
|
|
| Viewing: Dev Shed Forums > Programming Languages > Python Programming > noob CGI scripting question |
| Thread Tools | Search this Thread |
| Display Modes | Rate This Thread |
|
|
 |
|
|
|
Del.icio.us
Digg
Google
Spurl
Blink
Furl
Simpy
Y! MyWeb
Linear Mode
