0

I'm writing a python script that allows for sign up and log in, the signup works fine, but the login and authentication doesn't work even if the user is registered.

def userlogin(self, ID, password):
        try:
            statement = conn.execute('SELECT ID FROM USERS')
            conn.commit()
            for row in statement:
                if ID in statement:
                    print "%d" % ID
                    pas = conn.execute('SELECT PASSWORD FROM USERS WHERE ID = %d' % (ID))
                    conn.commit()
                    if password in pas:
                        print "welcome user %d" % ID
                        conn.close()
                    else:
                        print "username/password incorrect!"
                        conn.close()
                else:
                    print "Incorrect ID! If you are not a user, please register here."
        except IOError:
                print "Select statement could not execute!"

I know this is not the best way to write this function, I'm doing it for practice. Even if the password and ID are entered correctly, it always prints Incorrect ID. Is there anything wrong with the if statement?

Improve this question
2
  • What do you mean "doesn't work"? Please show the results and what you expect Commented Nov 30, 2015 at 16:17
  • Don't use string formatting on query strings; it's dangerous! Use SQL parameters! pas = conn.execute("SELECT password FROM users WHERE ID = ?", (ID,)) Commented Nov 30, 2015 at 16:28

3 Answers 3

Reset to default
1

The problems I see at first glance: (there may be more)

  • No need for commit statements since you only read data
  • Your first select statement should filter on something; a user name perhaps?
  • You close the connexion in the middle of the loop, so event if you find the right user you may have an exception
  • Bonus: are your passwords in clear text?? (not so important since you say it is only practice; but it is good practice to encrypt passwords anyway)
Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

0

for your code, it should be if ID in row rather than if ID in statement and your need break the for loop if a user is valid.

def userlogin(self, ID, password):
        try:
            statement = conn.execute('SELECT ID FROM USERS')

            for row in statement:
                if ID in row:  # compare one by one
                    print "%d" % ID
                    pas = conn.execute('SELECT PASSWORD FROM USERS WHERE ID = %d' % (ID))

                    if password in pas:
                        print "welcome user %d" % ID

                    else:
                        print "password incorrect!" # ID is matched
                    conn.close()
                    return 
            print "Incorrect ID! If you are not a user, please register here."
        except IOError:
                print "Select statement could not execute!"
        finally:
                conn.close()
Improve this answer

Comments

0

Instead of so many checks, you can just use a query like

SELECT COUNT(*) FROM USERS WHERE PASSWORD = %s AND ID=%d

Now if the count is 0 then the password/id combo is wrong, else, if the count is non-zero, the password/id combination is correct.

Improve this answer

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.