如何解决我如何验证用户输入的密码与散列密码表单数据库相同
当我运行代码并输入一个旧的且尚未散列的密码时,它告诉我它是元组,这不是问题,但是当我尝试验证散列密码时,我发现我的密码错误,所以我想知道我的代码有什么问题。我是 python 新手,对 MysqL 没有特别的经验,但我认为问题在于我如何选择散列密码并执行 if 语句。
'''
from flask import Flask,render_template,request,redirect,url_for,session
from flask_MysqLdb import MysqL
from passlib.hash import sha256_crypt
import MysqLdb.cursors
import re
import hashlib
import os
salt = os.urandom(32)
app = Flask(__name__)
app.secret_key = 'ý{Hå<\x95ùã\x96.5Ñ\x01O<!Õ¢\xa0\x9fR"¡¨'
# Enter your database connection details below
app.config['MysqL_HOST'] = 'localhost'
app.config['MysqL_USER'] = 'root'
app.config['MysqL_PASSWORD'] = ''
app.config['MysqL_DB'] = 'pythonlogin'
# Intialize MysqL
MysqL = MysqL(app)
@app.route('/pythonlogin/',methods=['GET','POST'])
def login():
# Output message if something goes wrong...
msg = ''
# Check if "username" and "password" POST requests exist (user submitted form)
if request.method == 'POST' and 'username' in request.form and 'password' in request.form:
# Create variables for easy access
username = request.form['username']
password = request.form['password']
# Check if account exists using MysqL
cursor = MysqL.connection.cursor(MysqLdb.cursors.DictCursor)
cursor.execute('SELECT * FROM accounts WHERE username = %s AND password = %s',(username,password,))
# Fetch one record and return result
account = cursor.fetchone()
hashedPass = ('SELECT password FROM accounts WHERE username = %s',(username))
# If account exists in accounts table in out database
if account and sha256_crypt.verify(password,hashedPass):
# Create session data,we can access this data in other routes
session['loggedin'] = True
session['id'] = account['id']
session['username'] = account['username']
# Redirect to home page
return redirect(url_for('home'))
else:
# Account doesnt exist or username/password incorrect
msg = 'Incorrect username/password!'
# Show the login form with message (if any)
return render_template('index.html',msg=msg)
''' 以上是我认为问题是标签/评论的地方,因为我已经按照教程学习,现在我尝试在它上面进行构建,这就是我现在卡住的地方
这就是我对它进行哈希处理的方式,我相信它是正确完成的: '''
@app.route('/pythonlogin/register','POST'])
def register():
# Output message if something goes wrong...
msg = ''
# Check if "username","password" and "email" POST requests exist (user submitted form)
if request.method == 'POST' and 'username' in request.form and 'password' in request.form and 'email' in request.form:
# Create variables for easy access
username = request.form['username']
password = sha256_crypt.encrypt(request.form['password']) #Sha 256 encryptering med hash och salt
email = request.form['email']
# Check if account exists using MysqL
cursor = MysqL.connection.cursor(MysqLdb.cursors.DictCursor)
cursor.execute('SELECT * FROM accounts WHERE username = %s',))
account = cursor.fetchone()
# If account exists show error and validation checks
if account:
msg = 'Account already exists!'
elif not re.match(r'[^@]+@[^@]+\.[^@]+',email):
msg = 'Invalid email address!'
elif not re.match(r'[A-Za-z0-9]+',username):
msg = 'Username must contain only characters and numbers!'
elif not username or not password or not email:
msg = 'Please fill out the form!'
else:
# Account doesnt exists and the form data is valid,Now insert new account into accounts table
cursor.execute('INSERT INTO accounts VALUES (NULL,%s,%s)',email,))
MysqL.connection.commit()
msg = 'You have successfully registered!'
'''
我可以在数据库中看到用户使用散列和加盐密码注册。 感谢您的帮助:)
解决方法
好的,所以我想出了我应该如何进行验证,现在它像黄油一样工作:
cursor = mysql.connection.cursor(MySQLdb.cursors.DictCursor)
cursor.execute("SELECT * FROM accounts WHERE username = %s",(username,))
# Fetch one record and return result
account = cursor.fetchone()
validatePassword = sha256_crypt.verify(password,account['password'])
# If account exists in accounts table in out database
if account and validatePassword:
如果我遗漏了什么,请纠正我,但我相信它已经完成了:)
版权声明:本文内容由互联网用户自发贡献,该文观点与技术仅代表作者本人。本站仅提供信息存储空间服务,不拥有所有权,不承担相关法律责任。如发现本站有涉嫌侵权/违法违规的内容, 请发送邮件至 dio@foxmail.com 举报,一经查实,本站将立刻删除。