#1
  1. No Profile Picture
    Junior Member
    Devshed Newbie (0 - 499 posts)

    Join Date
    Sep 2003
    Posts
    3
    Rep Power
    0

    noob CGI scripting question


    Hello, everyone. I am a newbie to Python, and I'm trying to create a login page for users of a CGI/MySQL-based web application.

    Basically, I have made a login screen that accepts a username and password. Python goes through all screen names and passwords in my database and checks to see if the entered username/password combo works anywhere. If so, It's supposed to link to a config page for the user, where the user who signed in gets to edit his account configuration, which will be controlled by config.py.

    MY problem is that I can't figure out a way to show config.py which user is logged in. I would think that there's some easy way to let my login.py communicate this information to config.py automatically, but I don't see how to do this. Here's my script for login.py, which gets its data from the form on login.html:

    Code:
    #!C:/Python23/python.exe
    import cgi
    import MySQLdb
    print "Content-Type: text/html"
    print
    form = cgi.FieldStorage()
    
    db = MySQLdb.connect(host="localhost", user="root", passwd="",  db="assignments")
    cursor = db.cursor()
    cursor.execute("SELECT * FROM users")
    verify = cursor.fetchall()
    for record in verify:
        if form["username"].value == record[0]:
            if form["password"].value == record[2]:
                what shall I do?
            else:
                print """Your password for the given user name is incorrect. 
    Please verify that you typed in the correct username and password. 
    If you have not signed up, please go back to the login page and sign up."""
  2. #2
  3. Hello World :)
    Devshed Frequenter (2500 - 2999 posts)

    Join Date
    Mar 2003
    Location
    Hull, UK
    Posts
    2,537
    Rep Power
    69
    There's a number of ways to pass data from one page to another, the simplest being by - in this case, passing the username - data as part of the pathstring.. Take a look at this thread for more info on this..

    http://forums.devshed.com/t81768/s.html

    Note: possibly not the best idea with usernames and passwords!

    Alternativly you can set a cookie and read the username from that.. You could use hidden form fields on post data from one to another, but this really depends on a form based design (and definatly isnt my fav')

    I'll send you a login script i created for a site a little latter so u can see how that work's

    Take care.
    Mark.
    programming language development: www.netytan.com Hula

  4. #3
  5. No Profile Picture
    Junior Member
    Devshed Newbie (0 - 499 posts)

    Join Date
    Sep 2003
    Posts
    3
    Rep Power
    0
    Thanks a lot for the advice! I'll look into cookies and pathstring data.
  6. #4
  7. No Profile Picture
    Junior Member
    Devshed Newbie (0 - 499 posts)

    Join Date
    Sep 2003
    Posts
    3
    Rep Power
    0
    Everything's great, now. I used teh URL passing technique.
  8. #5
  9. Hello World :)
    Devshed Frequenter (2500 - 2999 posts)

    Join Date
    Mar 2003
    Location
    Hull, UK
    Posts
    2,537
    Rep Power
    69
    sweet, i'm glad i could help. If you need anything else in future don't hesitate to ask, always willing to help if i can

    have fun,
    Mark.
    programming language development: www.netytan.com Hula

  10. #6
  11. No Profile Picture
    Hi, I'm Calvin
    Devshed Newbie (0 - 499 posts)

    Join Date
    Sep 2003
    Location
    LosAngeles, SanDiego, Houston
    Posts
    50
    Rep Power
    11
    just curious... isn't it generally a bad idea to use pathstring (GET) for login... because the user's username and password are available for viewing?

    of course, the user already knows their own username/password, but there's no telling if there's someone looking over the user's shoulder etc... that's pretty rare though, but nowadays there are a lot of shady people haha...

    oh, and one more thing... i'd like to ask: how are you storing the login data? I'm working on a web cataloging project right now that will eventually have to include administrative logins and so i figured i'd just store it all in a pickled dictionary, with the username as a key and the password as the corresponding value, but i'm not sure how secure that is...

    have a good day

    -Calvin
  12. #7
  13. Hello World :)
    Devshed Frequenter (2500 - 2999 posts)

    Join Date
    Mar 2003
    Location
    Hull, UK
    Posts
    2,537
    Rep Power
    69
    i mentioned that already, cookies are allot better choice but hey.. i'm sure there are a few methods of making this more secure i.e. encryption etc.

    In the example above the login data is being stored in MySQL , possibly overkill but if you have it might as well use it!

    Mark.
    programming language development: www.netytan.com Hula

  14. #8
  15. No Profile Picture
    Hi, I'm Calvin
    Devshed Newbie (0 - 499 posts)

    Join Date
    Sep 2003
    Location
    LosAngeles, SanDiego, Houston
    Posts
    50
    Rep Power
    11
    aren't there issues of different browsers handling cookies in diff ways, or even people disabling cookies?
  16. #9
  17. Hello World :)
    Devshed Frequenter (2500 - 2999 posts)

    Join Date
    Mar 2003
    Location
    Hull, UK
    Posts
    2,537
    Rep Power
    69
    Yes there are known issues regarding cookies, as you mentioned you can turn them off, and some browsers will handle cookies a little differntly anyway..

    Unfortunatly this is just one of those things that isn't easily avoided . You could try and implement some kind of simple session but i wouldn't like to try it myself

    I have been planning to write a session module but i cant imagin i'll get that one finished very soon . Cookies are just the best/easiest thing right now IMO

    Mark.
    programming language development: www.netytan.com Hula


IMN logo majestic logo threadwatch logo seochat tools logo