Home > Mobile >  Tried using Python flask to make data sent from HTML <form> a tuple to match selected data fro
Tried using Python flask to make data sent from HTML <form> a tuple to match selected data fro

Time:02-08

// SELECT 
myDatabaseCursor.execute("SELECT username, password FROM member")
myDatabase.commit()

// get data from form to make a tuple
userCheck = (request.form["signInUsername"], request.form["signInPassword"])
   
// iterate selected data tuple into a list
results = []
for selectedData in myDatabaseCursor:
    results.append(selectedData)

// check if there is a match in MySQL database 
if userCheck in results:
    session["status"]="logged"
    session["user_name"]=request.form["signInUsername"]
    return redirect("/member")
else:
    return redirect("/error/?message=wrong username or password")

When I ran my server and tried typing in the username and the right password, successfully logged in; tried typing in the username and the wrong password, which, didn't have any match in the database, got rejected logging in. ALL GOOD...

BUT, when I tried typing in the username and the wrong password, which, HAS A MATCH IN THE PASSWORD COLUMN THOUGH DOESN'T BELONG TO THE RIGHT USERNAME, still successfully logged in.

I am really confused now, hope you guys have any idea about this situation.

Thanks, appreciate your replies.

CodePudding user response:

You could change your query to support WHERE clause. Something along the lines of:

# get data from form to make a tuple
username, password = (
    request.form["signInUsername"],
    request.form["signInPassword"]
)

# SELECT 
myDatabaseCursor.execute(
    """
        SELECT username, password
        FROM member
        WHERE username = '{username}' AND password = '{password}'
    """.format(username=username, password=password)
)

myDatabase.commit()
   
# set userCheck to True or False if the myDatabaseCursor result is not empty..
# TODO

# if row was in returned table 
if userCheck:
    session["status"]="logged"
    session["user_name"]=request.form["signInUsername"]
    return redirect("/member")
else:
    return redirect("/error/?message=wrong username or password")

CodePudding user response:

Probably the problem lies in the session['status']. You never set it to e.g. "unlogged", so if you don't close the browser, the status will always be 'logged' after first successful login.

Try to initialize your variable at the beginning of the script, i.e. session["status"]=None and then in every other page check that the status is actually 'Logged' as you're probably already doing.

session["status"]=None

// SELECT 
myDatabaseCursor.execute("SELECT username, password FROM member")
myDatabase.commit()

// get data from form to make a tuple
userCheck = (request.form["signInUsername"], request.form["signInPassword"])
   
// iterate selected data tuple into a list
results = []
for selectedData in myDatabaseCursor:
    results.append(selectedData)

// check if there is a match in MySQL database 
if userCheck in results:
    session["status"]="logged"
    session["user_name"]=request.form["signInUsername"]
    return redirect("/member")
else:
    return redirect("/error/?message=wrong username or password")

In any case, for the sake of best practice, you should amend your code to apply the logic depicted by @matthewking, retrieving just the password you need to check.

Page link:https//www.codepudding.com/Mobile/292865.html

Prev:How to write code to query sequelize model with where parameter in nested table
Next:MySQL: Extract all Keys from a nested JSON String
  •  Tags:  
  • Related

About Us:  Contact Us      Terms of Service       Privacy Policy

Copyright © 2010-2023,Powered By CodePudding