问题登录系统 Python 和 Mysql
[英]Issue Login System Python and Mysql
问题描述
Hello .
你好 。 I created a login system with the help of python and MySQL but it does not works correctly because if I input a username which is found in db that username can works with all passwords from 'listforPw ' Please read the following code and see the image that I've uploaded:我在 python 和 MySQL 的帮助下创建了一个登录系统,但它无法正常工作,因为如果我输入一个在 db 中找到的用户名,该用户名可以与“listforPw”中的所有密码一起使用请阅读以下代码并查看图像我已经上传:
mycursor.execute('SELECT * FROM users')
myresult = mycursor.fetchall()
listforName = []
listforPw = []
checkUsername = input('Insert your username : ' )
checkPassword = input('Insert your password : ')
for row in myresult:
listforName.append(row[3])
listforPw.append(row[4])
if checkUsername in listforName and checkPassword in listforPw:
print('You have logged in with succes !')
else:
print('Your credentials do not exist !')
So the question is I do not know how can I check if a username is equal with the password from username's line.所以问题是我不知道如何检查用户名是否与用户名行中的密码相同。
1 个解决方案
解决方案1
0 2018-09-03 07:58:24
Your code does check for what you described.您的代码会检查您所描述的内容。 if checkPassword in listforPw . if checkPassword in listforPw 。
Instead of this, query only the user you are interested in and compare the password for the single returned user.而不是这样,只查询您感兴趣的用户并比较单个返回用户的密码。 Like喜欢
mycursor.execute('SELECT * FROM users WHERE username = %s', 'theUserName')
Also, NEVER store passwords this way.此外,切勿以这种方式存储密码。 Use hashes https://en.wikipedia.org/wiki/Cryptographic_hash_function使用哈希https://en.wikipedia.org/wiki/Cryptographic_hash_function
Basically, you always hash the user's password when he inputs it, and you also store the passwrod in the hashed format, so when you compare them, they will be equal.基本上,您总是在用户输入密码时对其进行散列,并且您还将密码以散列格式存储,因此当您比较它们时,它们将相等。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.