Hey, I need help with setting up an authentication code. I am currently working on a project to build a blog server in python for an intro level python course. We are using the PESTO and POSTGRESQL wsgi and sql clients respectively. I am trying to authenticate against a user name and password in the database and myself and I suspect my partner are becoming incredibly frustrated with the lack of progress being made. If we could get the authentication script working, everything else would fall into place.

import time, os
import pesto
import logging

#import pgdb

os.environ['PATH'] +=";C:\\Program Files (x86)\\PostgreSQL\\8.4\\bin" #input the directory of your postgreSQL database program.

import pgdb

dispatcher = pesto.dispatcher_app()

""" Use this as necessary, if the database has already been loaded in another module, this can be excised.
    At the current moment, we just want to get the authentication module working. Otherwise, we won't need to worry
    about this particular strip of code. All we need is the authentication. """ 

def getConnection(self):
    try:
        connection = pgdb.connect(
            host="localhost:5432",
            database="project1",
            user="postgres",
            password="p0stgr3sq1")

        cursor = connection.cursor()

    except:
        # TODO: log
        print 'Error connecting to database > '
        print sys.exc_value
        return -1
    
    request.session['username'] = request.get('username')
    request.session['password'] = request.get('password')

    username = request.session['username']  # Switch to request.get as required. 
    password = request.session['password']  # Switch to request.get as required.
    
#datapull will call the data from a database query from the login procedure.
#It will compare the user input to 
@dispatcher.match('/auth', 'POST')
def datapull (username, password):
 
    cursor.execute('select %s from users') % username
    dbname = dbcur.fetchone()
    if dbname == username:
        cursor.execute('select %s from password') % password
        dbpass = dbcur.fetchone()
        if dbpass == password():
            dbpass = dbcur.fetchone()
            pesto.response.redirect('/admin-entry', 'POST')
        else:
            return "Password is invalid or does not exist."
            logging.error("Invalid Password Input.")
    else:
        return "We are sorry, there is no user matching that name in our database."
        logging.error("Invalid user name.")

When we try to input the stuff into 'pulldata', it throws an error regarding the use of tokens in the command line. Any help would be greatly appreciated. If I could just get this to work, that would be fantastic.

Some things that I see in datapull()

def datapull (username, password):
 
    ##--------------------------------------------------------------
    ## cursor is never passed to the function
    ## and there isn't any db table named 'users'
    cursor.execute('select %s from users') % username

    ##--------------------------------------------------------------
    ## dbcur is never passed to the function
    #
    ## and, username and password would have to be associated with one
    ## another so would be separate fields in the same record
    dbname = dbcur.fetchone()

    if dbname == username:

        ##--------------------------------------------------------------
        ## username and password would have to be associated with one
        ## another so would be separate fields in the same record
        cursor.execute('select %s from password') % password
        dbpass = dbcur.fetchone()

        ##-----------------------------------------------------------
        ## there is no function named password()
        if dbpass == password():
            dbpass = dbcur.fetchone()

            ##-------------------------------------------------------
            ## pesto has not been declared
            pesto.response.redirect('/admin-entry', 'POST')

            ##-------------------------------------------------------
            ## there is no return for a successful lookup so how does
            ## the calling function know that the lookup was successful
        else:
            return "Password is invalid or does not exist."
            logging.error("Invalid Password Input.")
    else:
        return "We are sorry, there is no user matching that name in our database."
        logging.error("Invalid user name.")

Time to Google for some tutorials. I doubt there will be many response to this thread as this code appears to be hacked together to present some code so someone else will write this for you (with the emphasis on "appears"). Start by opening the database successfully. Then print all records, if the DB is not too large, and/or lookup a known user and password successfully. Then create the functions one at a time and test each one before starting the next function.

Database opens successfully, but I'll strip it down and try something new. It's not hacked together, it's a module subsection of a larger group of files and we are trying to authenticate against a database. I've looked over a number of google tutorials and none have been particularly helpful. I just need a nudge in the right direction more than anything.

Ugh, I saw what I did.... I'm burnt out and definitely need a fresh set of eyes on this.

import time, os
import pesto
import logging

os.environ['PATH'] +=";C:\\Program Files (x86)\\PostgreSQL\\8.4\\bin" #input the directory of your postgreSQL database program.

import pgdb

dispatcher = pesto.dispatcher_app()

""" Use this as necessary, if the database has already been loaded in another module, this can be excised.
    At the current moment, we just want to get the authentication module working. Otherwise, we won't need to worry
    about this particular strip of code. All we need is the authentication. """ 

def getConnection(self):
    try:
        connection = pgdb.connect(
            host="localhost:5432",
            database="project1",
            user="postgres",
            password="p0stgr3sq1")

        cursor = connection.cursor()

    except:
        # TODO: log
        print 'Error connecting to database > '
        print sys.exc_value
        return -1
    
    request.session['username'] = request.get('username')
    request.session['password'] = request.get('password')

    username = request.session['username']  # Switch to request.get as required. 
    password = request.session['password']  # Switch to request.get as required.
    
#datapull will call the data from a database query from the login procedure.
#It will compare the user input to 
@dispatcher.match('/auth', 'POST')
def datapull (username, password):
 
    cursor.execute('select %s from users') % username
    dbname = cursor.fetchone()
    if dbname == username:
        cursor.execute('select %s from password') % password
        dbpass = cursor.fetchone()
        if dbpass == password()
            pesto.response.redirect('/admin-entry', 'POST')
        else:
            return "Password is invalid or does not exist."
            logging.error("Invalid Password Input.")
    else:
        return "We are sorry, there is no user matching that name in our database."
        logging.error("Invalid user name.")
Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.