SQL-based authentication: Difference between revisions
Content added Content deleted
(→{{header|Perl}}: ++ C) |
(→{{header|Raven}}: ++ reintegrated python with fixes (creation of salt); random gen of user-pwd for testing kept) |
||
Line 307: | Line 307: | ||
} |
} |
||
</lang> |
</lang> |
||
=={{header|Python}}== |
|||
<lang python>'''with Python 2.6, gives a deprecation warning for sets module, but works''' |
|||
import MySQLdb |
|||
import hashlib |
|||
import sys |
|||
import random |
|||
DB_HOST = "localhost" |
|||
DB_USER = "devel" |
|||
DB_PASS = "" |
|||
DB_NAME = "test" |
|||
def connect_db(): |
|||
''' Try to connect DB and return DB instance, if not, return False ''' |
|||
try: |
|||
return MySQLdb.connect(host=DB_HOST, user=DB_USER, passwd=DB_PASS, db=DB_NAME) |
|||
except: |
|||
return False |
|||
def create_user(username, passwd): |
|||
''' if user was successfully created, returns its ID ''' |
|||
db = connect_db() |
|||
if not db: |
|||
print 'Can\'t connect MySQL!' |
|||
sys.exit(1) |
|||
cursor = db.cursor() |
|||
salt = randomValue(16) |
|||
passwd_md5 = hashlib.md5(salt+passwd).hexdigest() |
|||
# If username already taken, inform it |
|||
try: |
|||
cursor.execute("INSERT INTO users (`username`, `pass_salt`, `pass_md5`) VALUES ('%s', '%s', '%s')" % (username, salt, passwd_md5)) |
|||
cursor.execute("SELECT userid FROM users WHERE username='%s'" % username) |
|||
id = cursor.fetchall() |
|||
return id[0][0] |
|||
except: |
|||
print 'Username was already taken. Please select another' |
|||
sys.exit(1) |
|||
def authenticate_user(username, passwd): |
|||
db = connect_db() |
|||
if not db: |
|||
print 'Can\'t connect MySQL!' |
|||
sys.exit(1) |
|||
cursor = db.cursor() |
|||
try: |
|||
scheck = cursor.execute("SELECT pass_salt FROM users WHERE username='%s'" % (username)) |
|||
except: |
|||
return False |
|||
salt = cursor.fetchone()[0] |
|||
passwd = hashlib.md5(salt+passwd).hexdigest() |
|||
# cursor returns 1 if query is successfull else it returns 0 |
|||
user = cursor.execute("SELECT userid, username FROM users WHERE username='%s' AND pass_md5='%s'" % (username, passwd)) |
|||
if user != 0: |
|||
return True |
|||
else: |
|||
return False |
|||
def randomValue(length): |
|||
''' Creates random value with given length''' |
|||
salt_chars = 'abcdefghijklmnopqrstuvwxyz0123456789' |
|||
output = "" |
|||
for x in range(length): |
|||
rand = random.randrange(0, 35) |
|||
output = output + salt_chars[rand] |
|||
return output |
|||
if __name__ == '__main__': |
|||
user = randomValue(10) |
|||
passwd = randomValue(16) |
|||
create_user(user, passwd) |
|||
auth = authenticate_user(user, passwd) |
|||
if auth: |
|||
print 'User %s authenticated successfully' % user |
|||
else: |
|||
print 'User %s failed' % user</lang> |
|||
=={{header|Raven}}== |
=={{header|Raven}}== |