Currently, I am trying to make my login page functional, without the use of javascript. Here is my html form for my code.
<form name="login" action="secure112020014431.html" method="get" onsubmit="return validate(this);" accept-charset="utf-8" >
<ul>
<li>
<label for="user_account"></label>
<div>
<input type="text" name="username"
placeholder="Your Username" required>
</div>
</li>
<li>
<label for="password"></label>
<div>
<input type="password" name="password"
placeholder="Password" required>
</div>
</li>
<br></br>
<li>
<input id="login" type="submit" name="submit" value="Fazer Login">
</li>
</ul>
</form>
and this is my main.py file
import webapp2
import os
import jinja2
import urllib2
jinja_environment = jinja2.Environment(autoescape=True,
loader=jinja2.FileSystemLoader(os.path.join(os.path.dirname(__file__))))
class SignIn(webapp2.RequestHandler):
def get (self):
template = jinja_environment.get_template('signin.html')
self.response.write(template.render())
class Secure(webapp2.RequestHandler):
def get(self):
"""
username: Get the username from POST dict
password: Get the password from POST dict
"""
username = self.request.POST.get('username')
password = self.request.POST.get('password')
# Try to login user with password
key='admin'
passkey='password'
if username and password==key and passkey:
template = jinja_environment.get_template('secure112020014431.html')
self.response.write(template.render())
else:
template = jinja_environment.get_template('signin.html')
self.response.write(template.render('/signin.html'))
application = webapp2.WSGIApplication([
(,('/signin.html',SignIn)
,('/secure112020014431',Secure)
], debug=True)
and this is my app.yaml
- url: /secure112020014431
script: main.application
login: required
- url: /.*
script: main.application
What I am trying to do is this. Pass off the information from my form to my main.py file. Then, for my main.py to take in the information and compare it to the key and passkey. If the condition is fulfilled take me to the secure page, if not, send me back to the main. Any help would be greatly appreciated.
The problem (or at least a problem) is here:
username and password
doesn't give you a pair of objects that you can compare to another pair of objects; it gives you a single value that's truthy if both objects are truthy and falsey otherwise.The way to create a pair of objects that you can compare to another pair of objects is by creating a tuple, which you do just by putting commas between them:
Or, of course, you could just two separate checks with an
and
between them:As a side note, this kind of thing is generally a very bad idea. Sending a username and password in plain text as part of the form means that anyone who can see the packets can steal the password. The usual way to do this is with a challenge-response protocol. If you don't want to implement one yourself, there's a mechanism built into HTTP for that, or you can rely on external authentication (e.g., anyone who can prove he owns one of a list of approved OpenID accounts is accepted), or you can probably find JS and Jinja/Python libraries that wrap it up for you.