Groups | Search | Server Info | Keyboard shortcuts | Login | Register [http] [https] [nntp] [nntps]
Groups > comp.lang.python > #104161
| Path | csiph.com!fu-berlin.de!uni-berlin.de!not-for-mail |
|---|---|
| From | Dennis Lee Bieber <wlfraed@ix.netcom.com> |
| Newsgroups | comp.lang.python |
| Subject | Re: password and username code |
| Date | Sun, 06 Mar 2016 12:44:18 -0500 |
| Organization | IISS Elusive Unicorn |
| Lines | 62 |
| Message-ID | <mailman.259.1457286250.20602.python-list@python.org> (permalink) |
| References | <1ed89545-f102-4538-bfe2-9d0e3dac8cf5@googlegroups.com> <cbebb763-e613-48cb-b68c-b126f1551dc2@googlegroups.com> |
| Mime-Version | 1.0 |
| Content-Type | text/plain; charset=ISO-8859-1 |
| Content-Transfer-Encoding | 8bit |
| X-Trace | news.uni-berlin.de ARjD18LQegiDtopprp9b/QyYGy3ZmTKKldKatZF0Bcng== |
| Return-Path | <python-python-list@m.gmane.org> |
| X-Original-To | python-list@python.org |
| Delivered-To | python-list@mail.python.org |
| X-Spam-Status | OK 0.000 |
| X-Spam-Evidence | '*H*': 1.00; '*S*': 0.00; 'else:': 0.03; '#if': 0.05; 'subject:password': 0.05; 'exit': 0.07; 'granted,': 0.07; 'skip:/ 10': 0.07; 'subject:code': 0.07; 'username,': 0.07; '#error': 0.09; 'cookies': 0.09; 'message-id:@4ax.com': 0.09; 'received:80.91': 0.09; 'received:80.91.229': 0.09; 'received:gmane.org': 0.09; 'received:list': 0.09; 'stored': 0.10; 'advance': 0.10; 'python': 0.10; '"new': 0.16; '(another': 0.16; '(read': 0.16; '2016': 0.16; 'forbid': 0.16; 'hashed': 0.16; 'one- way': 0.16; 'received:80.91.229.3': 0.16; 'received:io': 0.16; 'received:plane.gmane.org': 0.16; 'received:psf.io': 0.16; 'returned,': 0.16; 'uname': 0.16; 'usernames': 0.16; 'valid.': 0.16; 'hacking': 0.18; 'skip:l 30': 0.18; 'url:home': 0.18; '(in': 0.18; 'input': 0.18; 'library': 0.20; 'first,': 0.20; 'tried': 0.24; 'plain': 0.24; 'testing': 0.25; 'example': 0.26; 'header:X -Complaints-To:1': 0.26; 'error': 0.27; 'checking': 0.27; 'sequence': 0.27; 'record': 0.29; 'cookie': 0.29; 'hash': 0.29; 'site)': 0.29; 'spaces': 0.29; 'random': 0.29; 'checks': 0.30; "i'd": 0.31; 'statement': 0.32; 'maybe': 0.33; 'passwords': 0.33; 'username': 0.33; '(for': 0.34; 'server': 0.34; 'advice': 0.35; 'could': 0.35; 'text': 0.35; 'asking': 0.35; 'but': 0.36; 'should': 0.36; 'instead': 0.36; 'to:addr:python-list': 0.36; 'subject:: ': 0.37; 'received:org': 0.37; 'one,': 0.37; 'things': 0.38; 'button': 0.38; 'names': 0.38; 'stuff': 0.38; 'someone': 0.38; 'mean': 0.38; 'test': 0.39; 'does': 0.39; 'to:addr:python.org': 0.40; 'still': 0.40; 'some': 0.40; 'hope': 0.61; 'skip:u 10': 0.61; 'confirm': 0.62; 'back': 0.62; '(that': 0.63; 'more': 0.63; 'mar': 0.65; 'note:': 0.66; 'websites': 0.71; 'prompt': 0.79; 'cart,': 0.84; 'etc..': 0.84; 'shopping': 0.87; 'dennis': 0.91; 'passwords,': 0.91; 'time)': 0.91; 'login.': 0.93; 'received:108': 0.93 |
| X-Injected-Via-Gmane | http://gmane.org/ |
| X-Gmane-NNTP-Posting-Host | adsl-108-79-219-206.dsl.klmzmi.sbcglobal.net |
| X-Newsreader | Forte Agent 6.00/32.1186 |
| X-No-Archive | YES |
| X-BeenThere | python-list@python.org |
| X-Mailman-Version | 2.1.21 |
| Precedence | list |
| List-Id | General discussion list for the Python programming language <python-list.python.org> |
| List-Unsubscribe | <https://mail.python.org/mailman/options/python-list>, <mailto:python-list-request@python.org?subject=unsubscribe> |
| List-Archive | <http://mail.python.org/pipermail/python-list/> |
| List-Post | <mailto:python-list@python.org> |
| List-Help | <mailto:python-list-request@python.org?subject=help> |
| List-Subscribe | <https://mail.python.org/mailman/listinfo/python-list>, <mailto:python-list-request@python.org?subject=subscribe> |
| Xref | csiph.com comp.lang.python:104161 |
Show key headers only | View raw
On Sun, 6 Mar 2016 06:55:04 -0800 (PST), Ömer sar?
<sari.omer.1989@gmail.com> declaimed the following:
>for example : some websites ask for a password including some specific characters , like one letter, one ( /,%,*,),(,...) so my purpose is to create a program .first ask for username , then password , then check them , if they don't match with stored (username and password ) , make them register and during that , store "username " and "password" but "password must be including 1 letter , 1 sign , and less than 10 length , more than 4 . l don't know how to do it.as l tried many things but l got error . l hope it would be more explaintory as my English is not good enough.thanks for any advice in advance
A proper website will NOT "first ask for username, then password", but
will present a form with fields for both items -- and maybe a button for
new registrations.
Granted, testing algorithms using a console does mean having to prompt
for things in sequence (in which case I'd put "new register" first, since
asking for a username/password for someone not in the system before letting
them register is annoying)...
You should also not test the username for validity and then ask for
password -- that way leads to hacking as one can test names until they get
a valid one, and then test passwords with just that name. Instead you
accept both username and password before checking anything, and return
success/failure on the full combination.
Usernames and hashed passwords should be stored in some database, so
you can come back to it later. You do not store plain text passwords; you
store a one-way hash of the password (read the Python library reference on
"crypt").
If you forbid commas and spaces from usernames and passwords, you could
use a single console input statement for everything
login = raw_input("Enter username,password or 'register' if new=> ")
if login.lower().startswith("register"):
# do new user registration stuff
# get user name
# get password
# confirm password
# generate random salt
# crypt (salt+password)
#save uname, crypted hash in database
else:
uname, pword = login.split(",")
if not uname or not pword:
#user did not supply both fields
#error exit
#fetch record for "uname" from database
#if no record, error exit
#pull salt from hashed password,
#compute crypt(salt+pword)
#compare new hash to database record
#if no match, error exit
NOTE: a website will also be using cookies (another randomized value
that can be stored in a database with stuff like auto-logoff time) to
maintain session history of a valid login. All web pages after login will
request the cookie (that had been sent to the browser on successful login)
to be returned, the server than checks the cookie against the one it stored
in a database to see if the user is still valid. The database may also have
record of what page the user is one, links to (for an order site) the
current shopping cart, etc..
--
Wulfraed Dennis Lee Bieber AF6VN
wlfraed@ix.netcom.com HTTP://wlfraed.home.netcom.com/
Back to comp.lang.python | Previous | Next — Previous in thread | Find similar | Unroll thread
password and username code Ömer sarı <sari.omer.1989@gmail.com> - 2016-03-05 13:52 -0800
Re: password and username code Ben Finney <ben+python@benfinney.id.au> - 2016-03-06 10:36 +1100
Re: password and username code John Gordon <gordon@panix.com> - 2016-03-06 14:40 +0000
Re: password and username code Ömer sarı <sari.omer.1989@gmail.com> - 2016-03-06 06:55 -0800
Re: password and username code Dennis Lee Bieber <wlfraed@ix.netcom.com> - 2016-03-06 12:44 -0500
csiph-web