在登录 function 中使用 Python、ZF754876303939E78E6A5

Question

EDIT: I have rewritten the code, partly based on suggestions below, and partly through other solutions using bcrypt, and am still having no luck.

I am writing a login function for a Python program, and am trying to ensure that when a password is entered, it is matched with its hash that is stored in the user database. I have tried several different versions of this - initially I used hashlib and md5, and then switched to bcrypt when I realised that that would be more effective at hashing passwords.

Anyway, I have tried several iterations of this code, and none of them seem to work. This is the login module:

def login():  # the module which allows existing users to login
    while True:
        username = input("Please enter your username: ")  # prompts the user to enter their username
        password = input("Please enter your password: ")  # prompts the user to enter their password
        with sqlite3.connect("C:\sqlite\db\SUTHATusers.db") as db:
            # connects to the database 'SUTHATusers.db', linking to its file path on the hard drive
            cursor = db.cursor()  # cursor allows the database to be traversed
        cursor.execute("SELECT password FROM users WHERE username = ?", (username,))
        # cursor executes the above SQL command
        stored_hash = cursor.fetchone()  # returns the results of the SQL command
        password_encoded = password.encode("utf-8")
        stored_hash_encoded = stored_hash.encode("utf-8")
        # encodes the password input by the user so that bcrypt can understand it
        salt = bcrypt.gensalt()  # gets the salt
        hashed = bcrypt.hashpw(password_encoded, salt)  # hashes the password that has been encoded

        if bcrypt.checkpw(password_encoded, stored_hash_encoded) == stored_hash_encoded:
            # checks the encoded password entered by the user against its hash
            # if they match, the user is logged in
            print("Welcome " + username)  # prints a welcome message and the username
            break  # ends the if statement

        else:  # this is run if no matching username and password has been found in the 'users' table
            # if no passwords are found or the password entered is incorrect, this if statement is run
            print("Username and password not recognized ")
            # message telling the user that their details have not been recognised
            again = input("Do you want to try again? y/n: ")  # asks the user if they want to re-enter their details
            if again == "n":  # if the user chooses not to re-enter their details, the program restarts
                print("Bye bye")  # goodbye message is displayed to the user
                time.sleep(1)  # program pauses for one second
                sys.exit()

The create user function works just fine - it asks for a username, a password which must be entered twice, and then stores the username and a hash of the password in a database.

I've probably made a right hash (?) of this login function - could someone please help set me on the right path. I am thoroughly confused. Thanks in advance.

Answer 1

bcrypt.checkpw returns a boolean, so your code is comparing that boolean to hashed which will be False

if bcrypt.checkpw(password_hash, hashed) == hashed:

Remove the comparison like this

if bcrypt.checkpw(password_hash, hashed):

Here is the example from the documentation:

>>> if bcrypt.checkpw(password, hashed):
...     print("It Matches!")
... else:
...     print("It Does not Match :(")