Python file help

[Oliver123456]

So i am trying to create a program where it will read a file and ask a user to enter a user name and password and if they get it right it will let them play the game. But i don't know how to make sure whatever user name or password they enter to be verified exactly with the file. For example if the user name is Jack and people enter Jac, my program will let them in anyway. The file i am trying to make will go something like:

username, password

And my current code is:

def authentication():
    file = open("users.txt")
    text = file.read()
    print(text)
    userNameInput = input("What is your user name?: ")
    if (userNameInput in text):
        userPasswordInput = input("What is you password?: ")
        if (userPasswordInput in text):
            print("You can now play the game")
        else:
            print("Wrong password, try again")
    else:
        newUsernameInput = input("That username is not in the system, would you like to create a new user by that name? (Y/N): ")
        if newUsernameInput == "Y":
            file = open("users.txt", "a")
            newUsernamePasswordInput = input("Please enter your password?: ")
            file.write("\n" + userNameInput + ", " + newUsernamePasswordInput)
            file.close()
        elif newUsernameInput == "N":
            print("Okay, username incorrect, try again")
    file.close()

def start():
    authentication()

start()

How could i do this?

 

Thanks!

[Meic]

Regex is your friend here

import re

...

userNameInput = input("What is your user name?: ")
re_res = re.search(r'^{}, (.*)$'.format(userNameInput), text, re.MULTILINE)
if re_res:
    password = re_res.group(1)
    userPasswordInput = input("What is you password?: ")
    ...

 

This checks if the username is in the file and get the password.

 

 

 

As you program gets more complicated, I would look at:

 - hashing (and salting) passwords

 - storing in a DB rather than file (e.g. sqllite)

 

[Oliver123456]

4 minutes ago, Meic said:

Regex is your friend here

import re

...

userNameInput = input("What is your user name?: ")
re_res = re.search(r'^{}, (.*)$'.format(userNameInput), text, re.MULTILINE)
if re_res:
    password = re_res.group(1)
    userPasswordInput = input("What is you password?: ")
    ...

 

This checks if the username is in the file and get the password.

 

 

 

As you program gets more complicated, I would look at:

 - hashing (and salting) passwords

 - storing in a DB rather than file (e.g. sqllite)

 

It's only for our coursework so this is the only user input and the program does not need to be that complicated, but thanks anyway it works now. But how could i do it for the password?

[Meic]

It already finds the password for you. The line:

password = re_res.group(1)

[vorticalbox]

You are you you are already using "in" you could probally log in using 1 letter.

 

You really shouldn't log in like this is isn't great from a security point of view.

[Oliver123456]

11 minutes ago, Meic said:

It already finds the password for you. The line:

password = re_res.group(1)

I'm kinda a noob at regex, so what do you mean and where do i put it?

 

11 minutes ago, vorticalbox said:

You are you you are already using "in" you could probally log in using 1 letter.

What do you mean?

12 minutes ago, vorticalbox said:

You really shouldn't log in like this is isn't great from a security point of view.

This is only just for coursework and it says just to validate the user's input so it is fine for its purpose.

[Ralphred]

 

21 minutes ago, Oliver123456 said:

What do you mean?

"a" in "abcd, password" returns true, as would "ab" "abc" "abcd", you need to add your delimiter to the search so you only match against whole usernames i.e. 

if (userPasswordInput+", " in text):

But then, you need to sanitise any input for new usernames to make sure is doesn't contain your delimiter.

But you are also checking for the password in the entire text file, so anyone who guesses any letter of a username can log in with ", " as a password because it matches every line that contains an entry.

 

So you should be iterating across all lines, converting each into username and password to match against pairs (so "jack" can't log in as "ack").

Meics regex is doing this for you, and returning an object where you can make a direct comparison between the password input and the password from the same line as the username (re_res.group(1)). By including the ^ and $ characters as part of the regex the result is bound to one line from the source text.

All that is left to do is sanitise your users input so as not to "corrupt" your file, i.e disallow ", " to be part of a username or password.

[Oliver123456]

2 minutes ago, Ralphred said:

 

"a" in "abcd, password" returns true, as would "ab" "abc" "abcd", you need to add your delimiter to the search so you only match against whole usernames i.e. 

if (userPasswordInput+", " in text):

But then, you need to sanitise any input for new usernames to make sure is doesn't contain your delimiter.

But you are also checking for the password in the entire text file, so anyone who guesses any letter of a username can log in with ", " as a password because it matches every line that contains an entry.

 

So you should be iterating across all lines, converting each into username and password to match against pairs (so "jack" can't log in as "ack").

Meics regex is doing this for you, and returning an object where you can make a direct comparison between the password input and the password from the same line as the username (re_res.group(1)). By including the ^ and $ characters as part of the regex the result is bound to one line from the source text.

All that is left to do is sanitise your users input so as not to "corrupt" your file, i.e disallow ", " to be part of a username or password.

As i said, i am a noob at regex so could you simplify it and tell me where i put it so i can learn how it works?

[Ralphred]

Slap the import at the top, replace 

    if (userNameInput in text):
        userPasswordInput = input("What is you password?: ")
        if (userPasswordInput in text):

with (observing white space rules)

re_res = re.search(r'^{}, (.*)$'.format(userNameInput), text, re.MULTILINE)
if re_res:
    password = re_res.group(1)
    userPasswordInput = input("What is you password?: ")
    if password == userPasswordInput:

and you've replaced all the if x in y with the regex.

 

If you want to be able to build the regex yourself, just import re on a python command line and run help(re) to start diving through it, it's quite verbose but a good habit to get into.

[Oliver123456]

2 minutes ago, Ralphred said:

Slap the import at the top, replace 

    if (userNameInput in text):
        userPasswordInput = input("What is you password?: ")
        if (userPasswordInput in text):

with (observing white space rules)

re_res = re.search(r'^{}, (.*)$'.format(userNameInput), text, re.MULTILINE)
if re_res:
    password = re_res.group(1)
    userPasswordInput = input("What is you password?: ")
    if password == userPasswordInput:

and you've replaced all the if x in y with the regex.

 

If you want to be able to build the regex yourself, just import re on a python command line and run help(re) to start diving through it, it's quite verbose but a good habit to get into.

Thanks, I'm out at the moment, but as soon as I get back I will try it out!

[vorticalbox]

I would be using a json file with the key as the usetnane and the value as the password.

 

{

 "user1":"password"

}

 

If input password = json[username]

 

Unable to write an example hopefully someone will understand and drip an example.

 

 

[Oliver123456]

19 hours ago, Ralphred said:

Slap the import at the top, replace 

    if (userNameInput in text):
        userPasswordInput = input("What is you password?: ")
        if (userPasswordInput in text):

with (observing white space rules)

re_res = re.search(r'^{}, (.*)$'.format(userNameInput), text, re.MULTILINE)
if re_res:
    password = re_res.group(1)
    userPasswordInput = input("What is you password?: ")
    if password == userPasswordInput:

and you've replaced all the if x in y with the regex.

 

If you want to be able to build the regex yourself, just import re on a python command line and run help(re) to start diving through it, it's quite verbose but a good habit to get into.

So i just added it in and it said 'invalid character in identifier', my code is:

import re
def authentication():
    file = open("users.txt")
    text = file.read()
    print(text)
    userNameInput = input("What is your user name?: ")
    re_res = re.search(r'^{}, (.*)$'.format(userNameInput), text, re.MULTILINE)
    if re_res:
        password = re_res.group(1)
        userPasswordInput = input("What is you password?: ")
        if password == userPasswordInput:
            print("You can now play the game")
        else:
            print("Wrong password, try again")
    else:
        newUsernameInput = input("That username is not in the system, would you like to create a new user by that name? (Y/N): ")
        if newUsernameInput == "Y":
            file = open("users.txt", "a")
            newUsernamePasswordInput = input("Please enter your password?: ")
            file.write("\n" + userNameInput + ", " + newUsernamePasswordInput)
            file.close()
        elif newUsernameInput == "N":
            print("Okay, username incorrect, try again")
    file.close()

def start():
    authentication()

start()

 

[Oliver123456]

*Bump*, just bumping this as I haven't got a response.

[Oliver123456]

I just put in the code again and now it works, thanks everyone who helped out! My code if you want it:

import re

def authentication():
    file = open("users.txt")
    text = file.read()
    userNameInput = input("What is your user name?: ")
    re_res = re.search(r'^{}, (.*)$'.format(userNameInput), text, re.MULTILINE)
    if re_res:
        password = re_res.group(1)
        userPasswordInput = input("What is you password?: ")
        if password == userPasswordInput:
            print("You can now play the game")
        else:
            print("Wrong password, try again")
    else:
       newUsernameInput = input("That username is not in the system, would you like to create a new user by that name? (Y/N): ")
       if newUsernameInput == "Y":
          file = open("users.txt", "a")
          newUsernamePasswordInput = input("Please enter your password?: ")
          file.write("\n" + userNameInput + ", " + newUsernamePasswordInput)
          file.close()
       elif newUsernameInput == "N":
          print("Okay, username incorrect, try again")
       else:
          print("That is not an input, please try again")
    file.close()

def start():
    authentication()

start()

 

[vorticalbox]

On 12/23/2018 at 1:52 PM, Oliver123456 said:

This is only just for coursework and it says just to validate the user's input so it is fine for its purpose. 

This is not a valid excuse for doing things at half effort.

 

 

[Oliver123456]

51 minutes ago, vorticalbox said:

This is not a valid excuse for doing things at half effort.

 

 

I have changed it to the new method and what would you like to put there instead?

[vorticalbox]

4 hours ago, Oliver123456 said:

I have changed it to the new method and what would you like to put there instead?

If I were to do it some flat file database with encrypted password, however the new function is fine and the comment was to your statement not the code.

 

I wouldn't start going do the road of "it'll do" we have people at work who are like this and their code is a horrible to work on.

 

 

[Meic]

1 hour ago, vorticalbox said:

encrypted password

Encryption is not the way to keep passwords secure. If you are talking about the best practice then a one-way hash, preferably with salt, is much better.

[vorticalbox]

22 hours ago, Meic said:

Encryption is not the way to keep passwords secure. If you are talking about the best practice then a one-way hash, preferably with salt, is much better.

My bad on using the wrong term that is what I meant. 

 

Bcrypt with 10 or more runs.

[Oliver123456]

On 12/24/2018 at 8:42 PM, vorticalbox said:

If I were to do it some flat file database with encrypted password, however the new function is fine and the comment was to your statement not the code.

 

I wouldn't start going do the road of "it'll do" we have people at work who are like this and their code is a horrible to work on.

 

 

 

Sorry for offending you and thanks, the new function is working perfectly.

[vorticalbox]

3 hours ago, Oliver123456 said:

 

Sorry for offending you and thanks, the new function is working perfectly.

You never offended me, just want to see everyone do well at programming.

 

At work we make sure to share the knowledge so no single person holds power over an area.