Search code examples
pythonmysqlpython-3.xmysql-pythonmysql-connector

Error when checking if username, hash, and key exists in a table stored in mysql

The output of the program:

WELCOME, PLEASE ENTER YOUR USERNAME AND PASSWORD Enter username:Manas Enter password:123456 error2 Error3

Below is a minimal code of the program:

import mysql.connector
import hashlib
import os
mycon=mysql.connector.connect(host="localhost",user="root",passwd="123456",database="library",use_unicode=True,charset="utf8")
cursor=mycon.cursor()
stmt = "SHOW TABLES LIKE 'users'"
cursor.execute(stmt)
result = cursor.fetchone()
if result:
    pass
else:
    cursor.execute("create table users(username varchar(20),key varbinary(100),salt varbinary(100));")
def users(username,password):
    cursor.execute("select * from users where username='{}'".format(username))
    data=cursor.fetchone()
    if data=="(NULL)":
        return False
    elif data==True:
        salt=data[2]
        key=hashlib.pbkdf2_hmac('sha256', password.encode('utf-8'), salt, 100000)
        if data[1]==key:
            return True
        elif data[1]!=key:
            return False
        else:
            print("error1")
    else:
        print("error2")
        return False
#Main program
print("WELCOME, PLEASE ENTER YOUR USERNAME AND PASSWORD")
username=input("Enter username:")
password=input("Enter password:")
users(username,password)
if users==True:
    print("user exists")
elif users==False:
    print("user does not exist")
else:
    print("Error3")

The table it was being referred to:

mysql> use library;
Database changed
mysql> select * from users;
+----------+--------------------------------------------------------------------+--------------------------------------------------------------------+
| username | key                                                                | salt                                                               |
+----------+--------------------------------------------------------------------+--------------------------------------------------------------------+
| Manas    | 0xE42AB9B18A8F144EA7933FFA8E69E1FE28F20DA67B3E0FF3F1A0C2203D6148B2 | 0xF68894D924A69D035CC096C497F933B29A08E075F6DA2B19D955D08A33C0CAB4 |
+----------+--------------------------------------------------------------------+--------------------------------------------------------------------+
1 row in set (0.00 sec)

Print(Data):

WELCOME, PLEASE ENTER YOUR USERNAME AND PASSWORD
Enter username:Manas
Enter password:12345
('Manas', bytearray(b'\xe4*\xb9\xb1\x8a\x8f\x14N\xa7\x93?\xfa\x8ei\xe1\xfe(\xf2\r\xa6{>\x0f\xf3\xf1\xa0\xc2 =aH\xb2'), bytearray(b'\xf6\x88\x94\xd9$\xa6\x9d\x03\\\xc0\x96\xc4\x97\xf93\xb2\x9a\x08\xe0u\xf6\xda+\x19\xd9U\xd0\x8a3\xc0\xca\xb4'))
error2
Error3

Why does this happen?

Solution

  • You have to make also the connection so that it uses utf8

    Assuming that you have uft8mb4

    mycon=mysql.connector.connect(host="localhost"
                                   ,user="root"
                                   ,passwd="123456"
                                   ,database="library"
                                   ,charset="utf8mb4")

    the character set cpould also be utf8, thqat yoiu have to check

    and use prepared statements when hadling parameters

    cursor.execute("select * from users where username=%s",(username,))

    Update

    Addidtional your table definion has a problem key is a reserved word in MySQL so oyu ned to encapsule it in backticks like below

    cursor.execute("create table users(username varchar(20),`key` varbinary(100),salt varbinary(100));")

    Update 2

    after testing your code i found some problems in it

    Your function retuns a value ut you never assign it

    And the data IS NULL if there are no users

    import mysql.connector
import hashlib
import os
mycon=mysql.connector.connect(host="localhost",user="root",passwd="123456",database="library",use_unicode=True,charset="utf8mb4")
cursor=mycon.cursor()
stmt = "SHOW TABLES LIKE 'users'"
cursor.execute(stmt)
result = cursor.fetchone()
if result:
    pass
else:
    cursor.execute("create table users(username varchar(20),`key` varbinary(100),salt varbinary(100));")
def users(username,password):
    cursor.execute("select * from users where username=%s",(username,))
    data=cursor.fetchone()
    if data  is None :
        return False
    elif data is not None:
        salt=data[2]
        key=hashlib.pbkdf2_hmac('sha256', password.encode('utf-8'), salt, 100000)
        if data[1]==key:
            return True
        elif data[1]!=key:
            return False
        else:
            print("error1")
    else:
        print("error2")
        return False
#Main program
print("WELCOME, PLEASE ENTER YOUR USERNAME AND PASSWORD")
username=input("Enter username:")
password=input("Enter password:")
users = users(username,password)
if users==True:
    print("user exists")
elif users==False:
    print("user does not exist")
else:
    print("Error3")