Path: csiph.com!fu-berlin.de!uni-berlin.de!not-for-mail From: Dennis Lee Bieber Newsgroups: comp.lang.python Subject: Re: password and username code Date: Sun, 06 Mar 2016 12:44:18 -0500 Organization: IISS Elusive Unicorn Lines: 62 Message-ID: References: <1ed89545-f102-4538-bfe2-9d0e3dac8cf5@googlegroups.com> Mime-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 8bit X-Trace: news.uni-berlin.de ARjD18LQegiDtopprp9b/QyYGy3ZmTKKldKatZF0Bcng== Return-Path: X-Original-To: python-list@python.org Delivered-To: python-list@mail.python.org X-Spam-Status: OK 0.000 X-Spam-Evidence: '*H*': 1.00; '*S*': 0.00; 'else:': 0.03; '#if': 0.05; 'subject:password': 0.05; 'exit': 0.07; 'granted,': 0.07; 'skip:/ 10': 0.07; 'subject:code': 0.07; 'username,': 0.07; '#error': 0.09; 'cookies': 0.09; 'message-id:@4ax.com': 0.09; 'received:80.91': 0.09; 'received:80.91.229': 0.09; 'received:gmane.org': 0.09; 'received:list': 0.09; 'stored': 0.10; 'advance': 0.10; 'python': 0.10; '"new': 0.16; '(another': 0.16; '(read': 0.16; '2016': 0.16; 'forbid': 0.16; 'hashed': 0.16; 'one- way': 0.16; 'received:80.91.229.3': 0.16; 'received:io': 0.16; 'received:plane.gmane.org': 0.16; 'received:psf.io': 0.16; 'returned,': 0.16; 'uname': 0.16; 'usernames': 0.16; 'valid.': 0.16; 'hacking': 0.18; 'skip:l 30': 0.18; 'url:home': 0.18; '(in': 0.18; 'input': 0.18; 'library': 0.20; 'first,': 0.20; 'tried': 0.24; 'plain': 0.24; 'testing': 0.25; 'example': 0.26; 'header:X -Complaints-To:1': 0.26; 'error': 0.27; 'checking': 0.27; 'sequence': 0.27; 'record': 0.29; 'cookie': 0.29; 'hash': 0.29; 'site)': 0.29; 'spaces': 0.29; 'random': 0.29; 'checks': 0.30; "i'd": 0.31; 'statement': 0.32; 'maybe': 0.33; 'passwords': 0.33; 'username': 0.33; '(for': 0.34; 'server': 0.34; 'advice': 0.35; 'could': 0.35; 'text': 0.35; 'asking': 0.35; 'but': 0.36; 'should': 0.36; 'instead': 0.36; 'to:addr:python-list': 0.36; 'subject:: ': 0.37; 'received:org': 0.37; 'one,': 0.37; 'things': 0.38; 'button': 0.38; 'names': 0.38; 'stuff': 0.38; 'someone': 0.38; 'mean': 0.38; 'test': 0.39; 'does': 0.39; 'to:addr:python.org': 0.40; 'still': 0.40; 'some': 0.40; 'hope': 0.61; 'skip:u 10': 0.61; 'confirm': 0.62; 'back': 0.62; '(that': 0.63; 'more': 0.63; 'mar': 0.65; 'note:': 0.66; 'websites': 0.71; 'prompt': 0.79; 'cart,': 0.84; 'etc..': 0.84; 'shopping': 0.87; 'dennis': 0.91; 'passwords,': 0.91; 'time)': 0.91; 'login.': 0.93; 'received:108': 0.93 X-Injected-Via-Gmane: http://gmane.org/ X-Gmane-NNTP-Posting-Host: adsl-108-79-219-206.dsl.klmzmi.sbcglobal.net X-Newsreader: Forte Agent 6.00/32.1186 X-No-Archive: YES X-BeenThere: python-list@python.org X-Mailman-Version: 2.1.21 Precedence: list List-Id: General discussion list for the Python programming language List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Xref: csiph.com comp.lang.python:104161 On Sun, 6 Mar 2016 06:55:04 -0800 (PST), Ömer sar? declaimed the following: >for example : some websites ask for a password including some specific characters , like one letter, one ( /,%,*,),(,...) so my purpose is to create a program .first ask for username , then password , then check them , if they don't match with stored (username and password ) , make them register and during that , store "username " and "password" but "password must be including 1 letter , 1 sign , and less than 10 length , more than 4 . l don't know how to do it.as l tried many things but l got error . l hope it would be more explaintory as my English is not good enough.thanks for any advice in advance A proper website will NOT "first ask for username, then password", but will present a form with fields for both items -- and maybe a button for new registrations. Granted, testing algorithms using a console does mean having to prompt for things in sequence (in which case I'd put "new register" first, since asking for a username/password for someone not in the system before letting them register is annoying)... You should also not test the username for validity and then ask for password -- that way leads to hacking as one can test names until they get a valid one, and then test passwords with just that name. Instead you accept both username and password before checking anything, and return success/failure on the full combination. Usernames and hashed passwords should be stored in some database, so you can come back to it later. You do not store plain text passwords; you store a one-way hash of the password (read the Python library reference on "crypt"). If you forbid commas and spaces from usernames and passwords, you could use a single console input statement for everything login = raw_input("Enter username,password or 'register' if new=> ") if login.lower().startswith("register"): # do new user registration stuff # get user name # get password # confirm password # generate random salt # crypt (salt+password) #save uname, crypted hash in database else: uname, pword = login.split(",") if not uname or not pword: #user did not supply both fields #error exit #fetch record for "uname" from database #if no record, error exit #pull salt from hashed password, #compute crypt(salt+pword) #compare new hash to database record #if no match, error exit NOTE: a website will also be using cookies (another randomized value that can be stored in a database with stuff like auto-logoff time) to maintain session history of a valid login. All web pages after login will request the cookie (that had been sent to the browser on successful login) to be returned, the server than checks the cookie against the one it stored in a database to see if the user is still valid. The database may also have record of what page the user is one, links to (for an order site) the current shopping cart, etc.. -- Wulfraed Dennis Lee Bieber AF6VN wlfraed@ix.netcom.com HTTP://wlfraed.home.netcom.com/