Python Application Login Tutorial

Snayer

Hi, I'm Snayer
Messages
540
Reaction score
183
Hi, I'm Snayer, back again with my fourth (and not final) Python Tutorial. If you would like the other Python tutorials, look in the stickied thread "Programming Resources" under "Other". The full example of the script I am using can be found HERE. I would suggest looking at it and making sure you understand a majority of it before continuing.

The first thing we are going to is import "urllib" and what this does is gives us the ability to read web pages inside the application itself. This is how we are going to read the web page with the password and bring the whole script together. We are also going to put in some definitions that we will access later for executing what will happen later. This is what you should have
Code:
import urllib
 
def starter():
 
def login():
 
def logged():
We are now going give it a nice starter message, which is going to looking something like this
Code:
def starter():
       print "Welcome to Snayer's App"
       print "Please enter the password to continue"
def login():
Now comes the tricky part with the login system itself. The main project is getting and storing user input, opening the password page, reading it, seeing if its the same, and executing something after checking, so lets first start off with the user input.

If you have been following my Python tutorials you will know that the code for user input is raw_input("> "). This will give the program ability for user input.

The second part is a variable that is holding the URL, that contains the password. The best way of doing this is using pastebin's "raw" feature to give us JUST the password and nothing else. My password link is going to be http://pastebin.com/raw.php?i=G1b1RZ9b. If we put the URL and the user input into variables we should have something like this:

Code:
def login():
      pass_guess = raw_input("> ")
      url = "[URL]http://pastebin.com/raw.php?i=G1b1RZ9b[/URL]"
We are now going to be using the urllib function in order to read the web page. In order to do so we are going to make a variable that contains "urllib.urlopen(url). What this does is opens the variable "url" which if you look back contains the password link. You should have something like this:
Code:
def login():
      pass_guess = raw_input("> ")
      url = "[URL]http://pastebin.com/raw.php?i=G1b1RZ9b[/URL]"
      resp = urllib.urlopen(url)
The next step is creating another variable that will read "resp" (which contains the web page data). In this example I am using the name "data" to read "resp". To read a variable, you just put the variable followed by ".read()" This will read what is inside the variable. Here is an example:
Code:
def login():
        pass_guess = raw_input("> ")
        url = "[URL]http://pastebin.com/raw.php?i=G1b1RZ9b[/URL]"
        resp = urllib.urlopen(url)
        data = resp.read()
The next part of this is creating an If \ Else statement to determine if the password is correct or not. We can use the operators "==" and "!=" to determine if the password we guessed is equal to the one on the web page. "==" means "Is equal to", while "!=" means "does not equal". The way of seeing if pass_guess == data is by creating an if statement, which is very easy if you followed my past tutorials. I am also going to show that if the password is correct, its going to go into our "logged" function if the password is right. Here is what the if statement should resemble done correctly"
Code:
def login():
        pass_guess = raw_input("> ")
        url = "http://pastebin.com/raw.php?i=AhNN6q84"
        resp = urllib.urlopen(url)
        data = resp.read()
        if pass_guess == data:
                print "Password correct. Now logging in"
                logged()
This next part has 2 ways of doing it, but I performed the "elif" function to see if the password is wrong. We are going to the same thing we did before, except just change "==" to "!=" and change what happens if it is incorrect. I am going to loop it back to the "login" def to create an infinite so if someone gets the password wrong, they can keep guessing. It should look like this when done:
Code:
def login():
        pass_guess = raw_input("> ")
        url = "http://pastebin.com/raw.php?i=AhNN6q84"
        resp = urllib.urlopen(url)
        data = resp.read()
        if pass_guess == data:
                print "Password correct. Now logging in"
                logged()
        elif pass_guess != data:
                print "Password Incorrect. Please try again"
                login()
The last step for this program is to create what happens if the password is right. This is done inside the def "Logged". You can put your main code here, or just a simple message, which is what I did to say it logged in. Don't forget to call "starter" at the end to begin the script.
Code:
def login():
        pass_guess = raw_input("> ")
        url = "http://pastebin.com/raw.php?i=AhNN6q84"
        resp = urllib.urlopen(url)
        data = resp.read()
        if pass_guess == data:
                print "Password correct. Now logging in"
                logged()
        elif pass_guess != data:
                print "Password Incorrect. Please try again"
                login()
def logged():
         print "You successfully logged in!"
starter_message()
Please note when giving out applications that contain this: If you give out the script as a .py, it is VERY easy for them to see that password, since they can view code. If you give the script out as a .pyc , they can still view code since Python Compiler doesn't hide variables and the user can see the URL. A full proof way of making this secure is to convert Python to EXE. The most recent tutorial on Se7ensins can be found here. The tutorial doesn't cover everything, but my comment should help anyone having errors with it (It is still great though).
Well I hope you enjoyed my fourth Python tutorial. If you have followed all of them, great, and if you are just now joining I suggest you keep looking if you are interested, as I do enjoy sharing programming knowledge with people who don't know much about it.
-Snayer
 

Snayer

Hi, I'm Snayer
Messages
540
Reaction score
183
How would I use this with multiple passwords?
Well it depends on what you mean. If you want the program to have multiple passwords that may be chosen at random, you could create a random int and if the int matches password 1's number, then make it that with a small hint?

Is this what you mean?
 

Onlineweare

Inspiration is key
Messages
1,478
Reaction score
555
Well it depends on what you mean. If you want the program to have multiple passwords that may be chosen at random, you could create a random int and if the int matches password 1's number, then make it that with a small hint?

Is this what you mean?
Example:
Code:
password1
password2
password3
 

Onlineweare

Inspiration is key
Messages
1,478
Reaction score
555
Well the only way I would think of having multiple layers of security would just be to keep having input text on different pastebin pages
So I couldn't use the one pastebin to have mine and my friends password, and both passwords would work from the one login?
 

S7 Pro

Seasoned Member
Messages
2,515
Reaction score
1,601
Any type of HTML request to read a raw password is insecure. Simply by using Fiddler I can check the raw text password. A some what more secure method would be using a PHP page and doing "/login.php?password=pwhere", whereas your PHP page will return 0 or 1, being the password is valid or not.
 

MatthewH

Member
Messages
1,612
Reaction score
628
Any type of HTML request to read a raw password is insecure. Simply by using Fiddler I can check the raw text password. A some what more secure method would be using a PHP page and doing "/login.php?password=pwhere", whereas your PHP page will return 0 or 1, being the password is valid or not.
^ This.

However, no one said it was a "secure" method of doing things. :smile:
 

Snayer

Hi, I'm Snayer
Messages
540
Reaction score
183
Any type of HTML request to read a raw password is insecure. Simply by using Fiddler I can check the raw text password. A some what more secure method would be using a PHP page and doing "/login.php?password=pwhere", whereas your PHP page will return 0 or 1, being the password is valid or not.
I figured if someone is making an application in Python and attempting to "lock it", it wouldn't be some type of national security program. This was meant to be basic and to teach people ways to read HTML Pages.
 
Top Bottom