[英]Getting a password to matches with its hash in a login function using Python, SQlite and bcrypt
EDIT: I have rewritten the code, partly based on suggestions below, and partly through other solutions using bcrypt, and am still having no luck.编辑:我已经重写了代码,部分基于以下建议,部分通过使用 bcrypt 的其他解决方案,但我仍然没有运气。
I am writing a login function for a Python program, and am trying to ensure that when a password is entered, it is matched with its hash that is stored in the user database.我正在为 Python 程序编写登录 function,并试图确保在输入密码时,它与存储在用户数据库中的 hash 匹配。 I have tried several different versions of this - initially I used hashlib and md5, and then switched to bcrypt when I realised that that would be more effective at hashing passwords.
我已经尝试了几个不同的版本 - 最初我使用 hashlib 和 md5,然后当我意识到这在散列密码方面会更有效时切换到 bcrypt。
Anyway, I have tried several iterations of this code, and none of them seem to work.无论如何,我已经尝试了这段代码的几次迭代,但它们似乎都不起作用。 This is the login module:
这是登录模块:
def login(): # the module which allows existing users to login
while True:
username = input("Please enter your username: ") # prompts the user to enter their username
password = input("Please enter your password: ") # prompts the user to enter their password
with sqlite3.connect("C:\sqlite\db\SUTHATusers.db") as db:
# connects to the database 'SUTHATusers.db', linking to its file path on the hard drive
cursor = db.cursor() # cursor allows the database to be traversed
cursor.execute("SELECT password FROM users WHERE username = ?", (username,))
# cursor executes the above SQL command
stored_hash = cursor.fetchone() # returns the results of the SQL command
password_encoded = password.encode("utf-8")
stored_hash_encoded = stored_hash.encode("utf-8")
# encodes the password input by the user so that bcrypt can understand it
salt = bcrypt.gensalt() # gets the salt
hashed = bcrypt.hashpw(password_encoded, salt) # hashes the password that has been encoded
if bcrypt.checkpw(password_encoded, stored_hash_encoded) == stored_hash_encoded:
# checks the encoded password entered by the user against its hash
# if they match, the user is logged in
print("Welcome " + username) # prints a welcome message and the username
break # ends the if statement
else: # this is run if no matching username and password has been found in the 'users' table
# if no passwords are found or the password entered is incorrect, this if statement is run
print("Username and password not recognized ")
# message telling the user that their details have not been recognised
again = input("Do you want to try again? y/n: ") # asks the user if they want to re-enter their details
if again == "n": # if the user chooses not to re-enter their details, the program restarts
print("Bye bye") # goodbye message is displayed to the user
time.sleep(1) # program pauses for one second
sys.exit()
The create user function works just fine - it asks for a username, a password which must be entered twice, and then stores the username and a hash of the password in a database.创建用户 function 工作得很好 - 它要求输入用户名、必须输入两次的密码,然后将用户名和密码的 hash 存储在数据库中。
I've probably made a right hash (?) of this login function - could someone please help set me on the right path.我可能已经做了正确的 hash (?)这个登录 function - 有人可以帮我设置正确的路径。 I am thoroughly confused.
我彻底糊涂了。 Thanks in advance.
提前致谢。
bcrypt.checkpw returns a boolean, so your code is comparing that boolean to hashed which will be False bcrypt.checkpw 返回 boolean,因此您的代码将 boolean 与散列值进行比较,这将是 False
if bcrypt.checkpw(password_hash, hashed) == hashed:
Remove the comparison like this删除这样的比较
if bcrypt.checkpw(password_hash, hashed):
Here is the example from the documentation:这是文档中的示例:
>>> if bcrypt.checkpw(password, hashed):
... print("It Matches!")
... else:
... print("It Does not Match :(")
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.