how to validate credentials in flask/python with mysql?

Question

Flask/python validation for login is not working for me with mysql, i was searching google and documentations and i have seen few questions on stack-overflow on same thing but haven't been answered yet.

from flask import Flask, render_template, flash, request, url_for, redirect, session
from content_management import Content

#form validations
from wtforms import Form, BooleanField, TextField, PasswordField, validators
#to encrypt the password
from passlib.hash import sha256_crypt
#for SQL injection
from MySQLdb import escape_string as thwart
import gc
from functools import wraps
from mysql_connect import connection

app = Flask(__name__)

@app.route('/login/', methods=['GET','POST'])
def login_page():
    error = ''
    try:
        c, conn = connection()
        if request.method == "POST":
            d = c.execute("SELECT * FROM clients WHERE email = (%s)", (thwart(request.form['email']),))
            d = c.fetchone()[2]

            if request.form['password'] == d:
                email = request.form['email']
                c.execute("SELECT * FROM clients WHERE email = (%s)", (thwart(email),))
                clients_table = c.fetchall()
                clientcid = clients_table[0]
                flash(clientcid)
                phone = clients_table[1]
                rating = clients_table[4]
                conn.commit()

                c.execute("SELECT * FROM cpersonals WHERE cid = (%s)", (clientcid,))
                cpersonals_table = c.fetchall()
                first_name = cpersonals_table[1]
                last_name = cpersonals_table[2]
                address = cpersonals_table[3]
                czip = cpersonals_table[4]
                reg_date = cpersonals_table[5] 
                conn.commit()

                c.close()
                conn.close()

                session['logged_in'] = 'client'
                session['clientcid'] = clientcid
                session['email'] = email
                session['phone'] = phone
                session['rating'] = rating
                session['first_name'] = first_name
                session['last_name'] = last_name
                session['address'] = address
                session['czip'] = czip
                session['reg_date'] = reg_date
                flash("You are now logged in.")
                return redirect(url_for("dashborad"))

            else:
                error = "Invalid credentials, try again."

        return render_template("login.html")

is there an easy way to validate credentials in MySQL without frameworks

Answer 1

This isn't a full answer (that gives code examples of what you should do to solve your problem), rather a few suggestions:

You are using flask with a database but not using a flask extension such as flask-sqlalchemmy , which is a library that makes SQLAlchemy (a database toolkit) easier to use with python. With something like flask-login (which handles logging in and out as well as the common "remember me" feature), what your trying to do is pretty easy. If you'd like an example file that handles logging in a user by checking their credentials from a database using flask-sqlalchemy and flask-login I can make one, but there are lots of examples of applications using these tools around.

Using a database toolkit such as the one I mentioned has lots of other advantages as well, the least of which is database system portability (code using sqlalchemy will usually work on multiple database backends like mysql, postgreSQL, sqlite, etc).