I am trying to get data out of a sqlite3 database which I know returns a tuple using cursor.fetchone() but for some reason when the user on the other program which is a CGI script submits the data and I take it in and print it the 2 match up as in their passwords so when I try to compare them they never match:
#!/usr/bin/python
import sqlite3 as lite
import cgi
db = lite.connect('qwerty0987654321.db')
usrnme = "none"
passwd = "none"
passver = "none"
def main():
global usrnme
global passwd
print "Content-type:text/html\r\n\r\n"
print "<html>"
print "<head><title>Profile</title></head>"
print "<body>"
form = cgi.FieldStorage()
if form.getvalue('username'):
usrnme = form.getvalue('username')
if form.getvalue('passwd'):
passwd = form.getvalue('passwd')
if isauth() is True:
print "Welcome %s" % usrnme
elif isauth() is False:
print "Wrong username or password!"
else:
print "No Password!"
else:
print "No Username!"
print '</body>'
print '</html>'
def isauth():
global usrnme, passwd, passver
c = db.cursor()
c.execute("SELECT password FROM Users WHERE username = ?",(usrnme,))
passver = c.fetchone()[0]
passver = tuple(passver,)
passwd = tuple(passwd[0],)
if cmp(passwd,passver) == 0:
return True
else:
print(passver,passwd)
return False
if __name__ == '__main__':
main()
It looks like your error is here:passwd[0]. Because str's can be indexed, it would refer to the character at the first position in the str. That would be 'n':
passver = c.fetchone()[0] # get the first field in the first item in the result set
passver = tuple(passver,) # add it to a tuple.
passwd = tuple(passwd[0],) # add passwd[0] (n) to a tuple
That won't work. Try instead:
passver = c.fetchone()[0] # get the first field in the first item in the result set
passver = tuple(passver,) # add it to a tuple.
passwd = tuple(passwd,) # add all of passwd to a tuple
# comparrison should succeed depending on contents of Users