User Login With Extra Snakes



How To Create A Simple Login System With Python

We'll need to get the username and password from the user.

username = input('Username: ')
password = input('Password: ')

print(f'{username}:{password}')

Let's use getpass to hide the users input on the password field to stop any stray eyes.

import getpass

username = input('Username: ')
password = getpass.getpass('Password: ')

print(f'{username}:{password}')

Now we want to check if the username exists in the database and if it does we'll check if the password matches what we have in our database. I'll just be using a dictionary here for example purposes.

import getpass

database = {'user': 'pass', 'marp': 'parp'}

username = input('Username: ')
password = getpass.getpass('Password: ')

if username in database:
    if database[username] == password:
        print(f'Welcome back {username}')
    else:
        print('Access denied')
else:
    print('User does not exist')

We need to only allow 3 attempts so what we'll do is slam all this into a function and then into a loop to return True/False.

import getpass

database = {'user': 'pass', 'marp': 'parp'}

def login():
    for i in range(3):
        username = input('Username: ')
        password = getpass.getpass('Password: ')

        if username in database:
            if database[username] == password:
                print(f'Welcome back {username}')
                return True
            else:
                print('Access denied')
        else:
            print('User does not exist')

    print('3 incorrect attempts')

if login():
    print('Start doing another task...')

But what about encryption? We don't want to store passwords as plain text do we now? Let's encrypt the passwords that we already have in the database with passlib.

from passlib.hash import sha256_crypt

password = input('Password to encrypt: ')
password = sha256_crypt.encrypt(password)
print(password)

Which when replaced will look like this.

database = {'user': '$5$rounds=535000$K3zbAbtXer3tVZqr$Ervjv1hsGzsz4aad21YD2iOmP/3eDyccGuG5jrmME25', 'marp': '$5$rounds=535000$aBnDiM7Z3LX3/low$qMvetpHNCO6csbPYlVuv5beMZKseEnHBjnWdYKCk5J.'}

Let's verify!

import getpass
from passlib.hash import sha256_crypt

database = {'user': '$5$rounds=535000$K3zbAbtXer3tVZqr$Ervjv1hsGzsz4aad21YD2iOmP/3eDyccGuG5jrmME25', 'marp': '$5$rounds=535000$aBnDiM7Z3LX3/low$qMvetpHNCO6csbPYlVuv5beMZKseEnHBjnWdYKCk5J.'}

def login():
    for i in range(3):
        username = input('Username: ')
        password = getpass.getpass('Password: ')

        if username in database:
            if sha256_crypt.verify(password, database[username]):
                print(f'Welcome back {username}')
                return True
            else:
                print('Access denied')
        else:
            print('User does not exist')

    print('3 incorrect attempts')

if login():
    print('Start doing another task...')

Thanks for reading. x

Resources