The database stores 2 data lines

  1. login = admin, password = admin
  2. login = Twiss, password = 2332c623

when executing this code

import sqlite3 a = input('логин') b = input('пароль') conn = sqlite3.connect('client.db') try: sql = "SELECT Login, Password, Surname FROM authentication" cur = conn.cursor() cur.execute(sql) data = cur.fetchall() for row in data: if a in str(row[0]): if b in str(row[1]): print('Авторизован') else: print("Не верный пароль") else: print("Не верный логин") finally: conn.close()

If you enter login = Twiss, password = 2332c623, the value is not the correct login and is authorized, and if you enter login = admin, password = admin then everything is fine. How to make it so that when entering other data besides admin, it is displayed only authorized and worked so that according to the logic of authorization

  • it is necessary to display the message "invalid login" at the end of the cycle, if the correct one was not found. And now you output something for each line - splash58
  • @ splash58 is not quite clear how you can implement this using the example of this code - Twiss
  • Wrote something similar to Python code :) - splash58
  • one
    do you write code for educational purposes? If not, use prebuilt auth libraries. There are a lot of problems in your code (why show the password on the screen (use getpass instead of input) Why save the password in plain text? (At least use crypt) Why write a loop in Python instead of checking in the database? (The database supports searching, use its capabilities) And on the little things: the cycle is not working (try the built-in functions all, any to implement to get comfortable), unnecessary str, __getitem__ calls. __getitem__ / finally instead of with you with the construction. Example - jfs
  • @jfs can write how best to do without jambs - Twiss

1 answer 1

To check the username and password stored in the sqlite database:

 #!/usr/bin/env python3 import sqlite3 from crypt import crypt from getpass import getpass from secrets import compare_digest as compare_hash def authenticated(): with sqlite3.connect('client.db') as db: name = input('Your user name: ').strip() [password_hash] = next(db.execute( 'select password_hash from users where name = ?', [name]), [None]) if password_hash: password = getpass() return compare_hash(crypt(password, password_hash), password_hash) else: # no user return False print(authenticated())
  • use select + where to find a record by user name, instead of a loop in Python
  • the database hash hash password with a root, and not the password itself in clear text
  • when you enter a password, it is not shown - getpass() instead of input()

This fixes some problems with your code. In terms of access and provision of authority, it is better to use ready-made solutions that suit your situation in terms of convenience / risk of use.