I am trying to make a login page, how can I pass through my username and password and lead it to a redirected site?

Question

Currently, I am trying to make my login page functional, without the use of javascript. Here is my html form for my code.

<form name="login" action="secure112020014431.html" method="get" onsubmit="return validate(this);" accept-charset="utf-8" > <ul> <li> <label for="user_account"></label> <div> <input type="text" name="username" placeholder="Your Username" required> </div> </li> <li> <label for="password"></label> <div> <input type="password" name="password" placeholder="Password" required> </div> </li> <br></br> <li> <input id="login" type="submit" name="submit" value="Fazer Login"> </li> </ul> </form>

and this is my main.py file

    import webapp2
    import os
    import jinja2
    import urllib2

    jinja_environment = jinja2.Environment(autoescape=True,
      loader=jinja2.FileSystemLoader(os.path.join(os.path.dirname(__file__))))

    class SignIn(webapp2.RequestHandler):
      def get (self):
        template = jinja_environment.get_template('signin.html')
        self.response.write(template.render())  
    class Secure(webapp2.RequestHandler):   
      def get(self):
        """
        username: Get the username from POST dict
        password: Get the password from POST dict
        """
        username = self.request.POST.get('username')
        password = self.request.POST.get('password')
        # Try to login user with password
        key='admin'
        passkey='password'
        if username and password==key and passkey:
          template = jinja_environment.get_template('secure112020014431.html')
          self.response.write(template.render())    
        else:
          template = jinja_environment.get_template('signin.html')
          self.response.write(template.render('/signin.html'))
     application = webapp2.WSGIApplication([
                                    (,('/signin.html',SignIn)
                                    ,('/secure112020014431',Secure)
                                    ], debug=True)

and this is my app.yaml

- url: /secure112020014431
  script: main.application
  login: required

- url: /.*
  script: main.application

What I am trying to do is this. Pass off the information from my form to my main.py file. Then, for my main.py to take in the information and compare it to the key and passkey. If the condition is fulfilled take me to the secure page, if not, send me back to the main. Any help would be greatly appreciated.

Answer 1

The problem (or at least a problem) is here:

if username and password==key and passkey:

username and password doesn't give you a pair of objects that you can compare to another pair of objects; it gives you a single value that's truthy if both objects are truthy and falsey otherwise.

The way to create a pair of objects that you can compare to another pair of objects is by creating a tuple, which you do just by putting commas between them:

if (username, password) == (key, passkey):

Or, of course, you could just two separate checks with an and between them:

if username == key and password == passkey:

---

As a side note, this kind of thing is generally a very bad idea. Sending a username and password in plain text as part of the form means that anyone who can see the packets can steal the password. The usual way to do this is with a challenge-response protocol . If you don't want to implement one yourself, there's a mechanism built into HTTP for that, or you can rely on external authentication (eg, anyone who can prove he owns one of a list of approved OpenID accounts is accepted), or you can probably find JS and Jinja/Python libraries that wrap it up for you.