无法使用Python从PostgreSQL数据库检索哈希密码
[英]Can't retrieve hashed password from postgreSQL Database with Python
问题描述
So I'm writing a simple login script in python cgi. 
所以我在python cgi中编写一个简单的登录脚本。 It wasn't working on the localhost, (showing 500 error) so running the code on its own revealed there were code issues. 它在localhost上不起作用(显示500错误),因此单独运行代码会发现存在代码问题。 The code is as follows: 代码如下:
#!/usr/bin/python2.7
import cgi
import cgitb
import hashlib
import psycopg2
from dbconfig import *
cgitb.enable()
print "Content-Type: text/html"
def checkPass():
email = "person@gmail.com"
password = "blahblah"
password = hashlib.sha224(password.encode()).hexdigest()
result = cursor.execute('SELECT * FROM logins WHERE email=%s passhash=%s') % (email, password)
print str(result)
if __name__ == "__main__":
conn_string = "host=%s dbname=%s user=%s password=%s" % (host, database, dbuser, dbpassword)
conn = psycopg2.connect(conn_string)
cursor = conn.cursor()
checkPass()
The line that the program gets stuck on is the cursor.execute of the postgre query. 程序卡住的行是postgre查询的cursor.execute。 The error that is shown is as follows: 显示的错误如下:
Traceback (most recent call last):
File "login.py", line 28, in <module>
checkPass()
File "login.py", line 20, in checkPass
result = cursor.execute('SELECT * FROM logins WHERE email=%s passhash=%s') % (email, password)
ProgrammingError: syntax error at or near "passhash"
LINE 1: SELECT * FROM logins WHERE email=%s passhash=%s
And it should be noted that it points to passhash. 应当指出,它指向密码。 I tried entering the query directly into the db in psql console as: 我尝试将查询直接输入到psql控制台中的db中,如下所示:
SELECT * FROM logins WHERE passhash=storedhashedcode;
However, this returns an error about a column of the name of the hash (ie e342hefheh43hfhfhefherf....etc) not existing. 但是,这将返回有关哈希名称(即e342hefheh43hfhfhefherf .... etc)不存在的列的错误。 What am I doing wrong here? 我在这里做错了什么? The only thing I can think of is hashes being stored differently. 我唯一能想到的就是哈希存储方式不同。
Note - here's the code I used to store the password etc, if that helps: 注意-这是我用来存储密码等的代码,如果有帮助的话:
email = "person@gmail.com"
allpass = "blahblah"
password = hashlib.sha224(allpass.encode()).hexdigest()
cursor.execute('INSERT INTO logins (email, passhash) VALUES (%s, %s);', (email, password))
conn.commit()
Any help would be greatly appreciated! 任何帮助将不胜感激!
UPDATE: 更新:
As suggested by Decly, I've changed the query to: 根据Decly的建议,我将查询更改为:
result = cursor.execute('SELECT * FROM logins WHERE email=%s AND passhash=%s') % (email, password)
This now produces the error: 现在会产生错误:
ProgrammingError: column "s" does not exist
LINE 1: SELECT * FROM logins WHERE email=%s AND passhash=%s
So it's obviously using s as a column for some reason. 因此,出于某种原因,显然使用s作为列。 Why is it not taking in my variable names? 为什么不使用我的变量名?
1 个解决方案
解决方案1
1 已采纳 2017-04-18 01:20:57
In: 在:
'SELECT * FROM logins WHERE email=%s passhash=%s'
You are missing a AND in the boolean expression: 您在布尔表达式中缺少AND:
'SELECT * FROM logins WHERE email=%s AND passhash=%s'
When you write the query in psql you are missing the quotes for the string literal, so postgresql is inferring a column name, you should write: 当您在psql中编写查询时,缺少字符串文字的引号,因此postgresql会推断列名,您应该编写:
SELECT * FROM logins WHERE passhash='storedhashedcode';
You are also putting the parentesis in the wrong place, the python sentence should be: 您还将括号放在错误的位置,python语句应为:
result = cursor.execute('SELECT * FROM logins WHERE email= %s AND passhash= %s', (email, password))
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.