3

I am trying to verify that the correct password has been entered into the password input box on my site. The aim is to return true if the password entered matches the password in the SQLite table that corresponds the "usernick" entered in the username input box.

def check_login(db, usernick, password):
    """returns True if password matches stored"""
    cursor = db.cursor()
    cursor.execute("SELECT password FROM users WHERE nick='%s'" % usernick)
    passcheck = cursor.fetchone()
    print(usernick)
    print(password)
    print(passcheck)
    if password == passcheck:
        return True
    else:
        return False

I used the print's to see where my code was going wrong. The correct username and passwords are being inputted into the function, but print(passcheck) is outputting: ['48181acd22b3edaebc8a447868a7df7ce629920a']

I now realise that this is because the password is decrypted. How do i decrypt the password?

Improve this question

1 Answer 1

Reset to default
4

You don't. You encrypt the password the user has entered and check that it matches the encrypted version in the database.

However without any details of how the database certain was originally created, there is no way to help you further.

Edit

Remember that fetchone() always returns a tuple, even if you only selected a single column. Do passcheck = cursor.fetchone()[0].

Improve this answer
Sign up to request clarification or add additional context in comments.

2 Comments

ah ok thanks. This is what i should have been doing. So i encrypted the password going into the function. But the password im retrieving from the database is not being matched because the password im retreiving from the database comes enclosed like so: ('48181acd22b3edaebc8a447868a7df7ce629920a',). Is there a way to remove the brackets and quotations ?
When i use passcheck = cursor.fetchone()[0] i get an error that says 'nonetype' object is not subscriptable. and my print for passcheck shows all the passwords and usernames in the database with 2 encrypted pass values per username.

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.