login.py

`login.py`

This Python script exercises a "login" capability
01: #!/usr/bin/python
02: import cgi, cgitb, sys
03: import MySQLdb
04: import dbname
05: cgitb.enable() # formats errors in HTML
06: 
07: sys.stderr = sys.stdout
08: print "Content-type: text/html"
09: print
10: print '''<html>
11: <head>
12: <title>Login</title>
13: </head>
14: <body>'''
15: 
16: login_form = '''<form action="login.py" method="POST">
17: <p>Please enter your username  and password
18: <p><table>
19: <tr><td>Username&nbsp;&nbsp;<td><input type="text" name="username">
20: <tr><td>Password<td><input type="password" name="password">
21: </table>
22: <p><input type="submit" value="Login">
23: </form>
24: </body></html>'''
25: 
26: form = cgi.FieldStorage()
27: 
28: fields = ["username", "password"]
29: errors = False
30: 
31: print '<dir><pre>'
32: for field in fields:
33:     if (not form.has_key(field)):
34:         print 'missing <b>%s</b>' % field
35:         errors = True
36: print '</pre></dir>'
37: if (errors):
38:     print login_form;
39:     sys.exit();
40: 
41: db = dbname.dbopen()
42: cur = db.cursor()
43: 
44: try:
45:     cur.execute("""SELECT fullname from users
46:         where username='%s' and password='%s'""" % (form["username"].value, form["password"].value) )
47:     rows = cur.fetchall()
48:     if (cur.rowcount > 0):
49:         print '<p>%s is logged on' % rows[0]
50:         ready = True
51:     else:
52:         print '<p>login failed, please try again.'
53:         ready = False
54:         
55:     cur.close()
56:     db.close()
57: except MySQLdb.Error, e:
58:     print e
59: 
60: if (not ready):
61:     print login_form
62:     sys.exit(1)
63: 
64: print '</body></html>'
Maintained by John Loomis, updated Sun Mar 02 22:51:34 2008