September 21st, 2003, 12:15 AM
noob CGI scripting question
Hello, everyone. I am a newbie to Python, and I'm trying to create a login page for users of a CGI/MySQL-based web application.
Basically, I have made a login screen that accepts a username and password. Python goes through all screen names and passwords in my database and checks to see if the entered username/password combo works anywhere. If so, It's supposed to link to a config page for the user, where the user who signed in gets to edit his account configuration, which will be controlled by config.py.
MY problem is that I can't figure out a way to show config.py which user is logged in. I would think that there's some easy way to let my login.py communicate this information to config.py automatically, but I don't see how to do this. Here's my script for login.py, which gets its data from the form on login.html:
print "Content-Type: text/html"
form = cgi.FieldStorage()
db = MySQLdb.connect(host="localhost", user="root", passwd="", db="assignments")
cursor = db.cursor()
cursor.execute("SELECT * FROM users")
verify = cursor.fetchall()
for record in verify:
if form["username"].value == record:
if form["password"].value == record:
what shall I do?
print """Your password for the given user name is incorrect.
Please verify that you typed in the correct username and password.
If you have not signed up, please go back to the login page and sign up."""
September 21st, 2003, 07:08 AM
There's a number of ways to pass data from one page to another, the simplest being by - in this case, passing the username - data as part of the pathstring.. Take a look at this thread for more info on this..
Note: possibly not the best idea with usernames and passwords!
Alternativly you can set a cookie and read the username from that.. You could use hidden form fields on post data from one to another, but this really depends on a form based design (and definatly isnt my fav')
I'll send you a login script i created for a site a little latter so u can see how that work's
September 21st, 2003, 10:05 AM
Thanks a lot for the advice! I'll look into cookies and pathstring data.
September 21st, 2003, 08:52 PM
Everything's great, now. I used teh URL passing technique.
September 21st, 2003, 09:09 PM
sweet, i'm glad i could help. If you need anything else in future don't hesitate to ask, always willing to help if i can
September 22nd, 2003, 10:27 AM
just curious... isn't it generally a bad idea to use pathstring (GET) for login... because the user's username and password are available for viewing?
of course, the user already knows their own username/password, but there's no telling if there's someone looking over the user's shoulder etc... that's pretty rare though, but nowadays there are a lot of shady people haha...
oh, and one more thing... i'd like to ask: how are you storing the login data? I'm working on a web cataloging project right now that will eventually have to include administrative logins and so i figured i'd just store it all in a pickled dictionary, with the username as a key and the password as the corresponding value, but i'm not sure how secure that is...
have a good day
September 22nd, 2003, 10:49 AM
i mentioned that already, cookies are allot better choice but hey.. i'm sure there are a few methods of making this more secure i.e. encryption etc.
In the example above the login data is being stored in MySQL , possibly overkill but if you have it might as well use it!
September 22nd, 2003, 11:14 AM
aren't there issues of different browsers handling cookies in diff ways, or even people disabling cookies?
September 22nd, 2003, 04:46 PM
Yes there are known issues regarding cookies, as you mentioned you can turn them off, and some browsers will handle cookies a little differntly anyway..
Unfortunatly this is just one of those things that isn't easily avoided . You could try and implement some kind of simple session but i wouldn't like to try it myself
I have been planning to write a session module but i cant imagin i'll get that one finished very soon . Cookies are just the best/easiest thing right now IMO