Python - username and password authentication











up vote
3
down vote

favorite












How can I reduce the amount of if statements in this program to make it more robust and any other tips for improvement would be grateful.



# importing pickle

import pickle



# defining variables

create_username = 0

create_password = 0

password = 0

username = 0



# this variable allows the user or denies the user to the rest of the program (will only run if access is 1)

access = 0





# creates a users dictionary

with open('users.pickle', 'rb') as f:

    users = pickle.load(f)



print(users)



# sign up (creating new account)

while username not in users and username != 'signup':

    username = input("enter username(type signup to create an account): ")



    # add new user to dictionary

    if username == "signup" or username == "Signup":

        create_username = input("enter a new username: ")

        create_password = input("enter a new password (Your password cannot be the same as your username !!!!!!!): ")



    if create_password in users:

        create_password = input("password taken re-enter: ")

    # then adds the new username to the users dictionary

    if username == 'signup':

        users[create_username] = create_password



if username in users:

    password = input("enter password: ")



if password in users:

    print("access granted")



    access = 1

if username not in users and username != 'signup':

    username = input("enter username: ")



    if username in users:

        password = input("enter password")



    if password in users:

        print("access granted")

        access = 1



if password not in users:

    print("access denied")



with open('users.pickle', 'wb') as f:

    # Pickle the 'data' dictionary using the highest protocol available.

    pickle.dump(users, f, pickle.HIGHEST_PROTOCOL)



print(users)





python







share|improve this question


























    up vote
    3
    down vote

    favorite












    How can I reduce the amount of if statements in this program to make it more robust and any other tips for improvement would be grateful.



    # importing pickle
    
import pickle
    

    
# defining variables
    
create_username = 0
    
create_password = 0
    
password = 0
    
username = 0
    

    
# this variable allows the user or denies the user to the rest of the program (will only run if access is 1)
    
access = 0
    

    

    
# creates a users dictionary
    
with open('users.pickle', 'rb') as f:
    
    users = pickle.load(f)
    

    
print(users)
    

    
# sign up (creating new account)
    
while username not in users and username != 'signup':
    
    username = input("enter username(type signup to create an account): ")
    

    
    # add new user to dictionary
    
    if username == "signup" or username == "Signup":
    
        create_username = input("enter a new username: ")
    
        create_password = input("enter a new password (Your password cannot be the same as your username !!!!!!!): ")
    

    
    if create_password in users:
    
        create_password = input("password taken re-enter: ")
    
    # then adds the new username to the users dictionary
    
    if username == 'signup':
    
        users[create_username] = create_password
    

    
if username in users:
    
    password = input("enter password: ")
    

    
if password in users:
    
    print("access granted")
    

    
    access = 1
    
if username not in users and username != 'signup':
    
    username = input("enter username: ")
    

    
    if username in users:
    
        password = input("enter password")
    

    
    if password in users:
    
        print("access granted")
    
        access = 1
    

    
if password not in users:
    
    print("access denied")
    

    
with open('users.pickle', 'wb') as f:
    
    # Pickle the 'data' dictionary using the highest protocol available.
    
    pickle.dump(users, f, pickle.HIGHEST_PROTOCOL)
    

    
print(users)





    python







    share|improve this question
























      up vote
      3
      down vote

      favorite









      up vote
      3
      down vote

      favorite











      How can I reduce the amount of if statements in this program to make it more robust and any other tips for improvement would be grateful.



      # importing pickle
      
import pickle
      

      
# defining variables
      
create_username = 0
      
create_password = 0
      
password = 0
      
username = 0
      

      
# this variable allows the user or denies the user to the rest of the program (will only run if access is 1)
      
access = 0
      

      

      
# creates a users dictionary
      
with open('users.pickle', 'rb') as f:
      
    users = pickle.load(f)
      

      
print(users)
      

      
# sign up (creating new account)
      
while username not in users and username != 'signup':
      
    username = input("enter username(type signup to create an account): ")
      

      
    # add new user to dictionary
      
    if username == "signup" or username == "Signup":
      
        create_username = input("enter a new username: ")
      
        create_password = input("enter a new password (Your password cannot be the same as your username !!!!!!!): ")
      

      
    if create_password in users:
      
        create_password = input("password taken re-enter: ")
      
    # then adds the new username to the users dictionary
      
    if username == 'signup':
      
        users[create_username] = create_password
      

      
if username in users:
      
    password = input("enter password: ")
      

      
if password in users:
      
    print("access granted")
      

      
    access = 1
      
if username not in users and username != 'signup':
      
    username = input("enter username: ")
      

      
    if username in users:
      
        password = input("enter password")
      

      
    if password in users:
      
        print("access granted")
      
        access = 1
      

      
if password not in users:
      
    print("access denied")
      

      
with open('users.pickle', 'wb') as f:
      
    # Pickle the 'data' dictionary using the highest protocol available.
      
    pickle.dump(users, f, pickle.HIGHEST_PROTOCOL)
      

      
print(users)





      python







      share|improve this question













      How can I reduce the amount of if statements in this program to make it more robust and any other tips for improvement would be grateful.



      # importing pickle
      
import pickle
      

      
# defining variables
      
create_username = 0
      
create_password = 0
      
password = 0
      
username = 0
      

      
# this variable allows the user or denies the user to the rest of the program (will only run if access is 1)
      
access = 0
      

      

      
# creates a users dictionary
      
with open('users.pickle', 'rb') as f:
      
    users = pickle.load(f)
      

      
print(users)
      

      
# sign up (creating new account)
      
while username not in users and username != 'signup':
      
    username = input("enter username(type signup to create an account): ")
      

      
    # add new user to dictionary
      
    if username == "signup" or username == "Signup":
      
        create_username = input("enter a new username: ")
      
        create_password = input("enter a new password (Your password cannot be the same as your username !!!!!!!): ")
      

      
    if create_password in users:
      
        create_password = input("password taken re-enter: ")
      
    # then adds the new username to the users dictionary
      
    if username == 'signup':
      
        users[create_username] = create_password
      

      
if username in users:
      
    password = input("enter password: ")
      

      
if password in users:
      
    print("access granted")
      

      
    access = 1
      
if username not in users and username != 'signup':
      
    username = input("enter username: ")
      

      
    if username in users:
      
        password = input("enter password")
      

      
    if password in users:
      
        print("access granted")
      
        access = 1
      

      
if password not in users:
      
    print("access denied")
      

      
with open('users.pickle', 'wb') as f:
      
    # Pickle the 'data' dictionary using the highest protocol available.
      
    pickle.dump(users, f, pickle.HIGHEST_PROTOCOL)
      

      
print(users)





      python




      python






      share|improve this question













      share|improve this question











      share|improve this question




      share|improve this question










      asked Dec 11 at 18:13









      Krishna

      312




      312






















          2 Answers
          2






          active

          oldest

          votes

















          up vote
          1
          down vote













          # importing pickle


          Obviously. Don't clutter your code with comments unless they add something we don't already know.



          # defining variables
          
create_username = 0
          
create_password = 0
          
password = 0
          
username = 0


          This is generally a bad idea, and you aren't in mid-1990s C. Don't predeclare your variables. Initialize them where they're actually used.



          print(users)


          If users is a plain-old dictionary, I recommend the use of pprint instead of print.



          "enter username(type signup to create an account): "


          This is called in-band control, and is a bad idea. What if someone's username is called "signup"? You want out-of-band control. Ask explicitly whether the user wants to sign up or log in.



          if username == "signup" or username == "Signup":


          Don't do two comparisons. Convert username to lowercase and compare with 'signup'.






          share|improve this answer





















          • Can you please explain why predeclaring variables is a bad idea, and something to avoid?
            – van der Zon Stef
            Dec 12 at 6:52






          • 1




            @vanderZonStef It's a habit from pre-99 C. It's not necessary in nearly all languages, now. Programs read easier if the variables aren't introduced until they're actually used. Plus, Python doesn't really have the concept of variable declaration at all; only variable assignment with implicit declaration.
            – Reinderien
            Dec 12 at 15:31


















          up vote
          1
          down vote













          Bugs



          Both your check for an existing user and checking if the user entered the correct password are not working correctly:



          if create_password in users:
          
    create_password = input("password taken re-enter: ")


          This just checks if the just entered password is also a username already in use. in for dictionaries checks only if a value is present in the keys of the dictionary, not the values.



          But even if this would be working like you intended (checking if this is the password of another user), checking if another user has the same password is very dangerous. First of all it gives away the fact that you are saving your passwords in clear text, which you shouldn't, anyway. In the best case the user will not want to use your system for that reason alone, in the worst case they will want to crack it.



          And for this second case there is even more information now, because now they know the password of one other user! They just don't know which one, but if they keep on trying passwords and save them whenever they are already taken, they get a nice dictionary of passwords, where they know that each one is some users password. If they want to crack some specific users account, they just try all of them.



          if username in users:
          
    password = input("enter password")
          

          
if password in users:
          
    print("access granted")
          
    access = 1


          This checks if the user exists (good) and if another user with the username of the just entered password also exists, but not if the password is the password of the user who wants to login (bad).



          This means that you can login to your system by knowing a single username! Just enter the username as both the username and the password and you are guaranteed access.



          Instead, you want to check if the password is that users password:



          if username in users:
          
    password = input("enter password: ")
          
    if password == users[username]:
          
        print("access granted")
          
        access = 1


          This also makes sure that the check for the password is only performed if the user actually entered a password. Otherwise it will check if the user 0 exists in users (in your current version) or it will raise a KeyError, since user[username] does not exist (in this version where the if is not nested).



          Style



          Using 1 and 0 for logged-in and not logged-in, respectively, sounds like you will mess this up at least once. Instead used logged_in = False in the beginning and then later set it to logged_in = True if the login is successful.



          Indeed, you should probably move all of your code to separate functions, one of which, the login function, returns True or False depending on whether or not the login was successful.






          share|improve this answer

















          • 1




            Thanks didn't know about the bug with the user just needing to enter the username twice! quite a big bug actually come to think of it.
            – Krishna
            Dec 12 at 19:41













          Your Answer





          StackExchange.ifUsing("editor", function () {
          return StackExchange.using("mathjaxEditing", function () {
          StackExchange.MarkdownEditor.creationCallbacks.add(function (editor, postfix) {
          StackExchange.mathjaxEditing.prepareWmdForMathJax(editor, postfix, [["\$", "\$"]]);
          });
          });
          }, "mathjax-editing");

          StackExchange.ifUsing("editor", function () {
          StackExchange.using("externalEditor", function () {
          StackExchange.using("snippets", function () {
          StackExchange.snippets.init();
          });
          });
          }, "code-snippets");

          StackExchange.ready(function() {
          var channelOptions = {
          tags: "".split(" "),
          id: "196"
          };
          initTagRenderer("".split(" "), "".split(" "), channelOptions);

          StackExchange.using("externalEditor", function() {
          // Have to fire editor after snippets, if snippets enabled
          if (StackExchange.settings.snippets.snippetsEnabled) {
          StackExchange.using("snippets", function() {
          createEditor();
          });
          }
          else {
          createEditor();
          }
          });

          function createEditor() {
          StackExchange.prepareEditor({
          heartbeatType: 'answer',
          autoActivateHeartbeat: false,
          convertImagesToLinks: false,
          noModals: true,
          showLowRepImageUploadWarning: true,
          reputationToPostImages: null,
          bindNavPrevention: true,
          postfix: "",
          imageUploader: {
          brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
          contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
          allowUrls: true
          },
          onDemand: true,
          discardSelector: ".discard-answer"
          ,immediatelyShowMarkdownHelp:true
          });


          }
          });














          draft saved

          draft discarded


















          StackExchange.ready(
          function () {
          StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fcodereview.stackexchange.com%2fquestions%2f209464%2fpython-username-and-password-authentication%23new-answer', 'question_page');
          }
          );

          Post as a guest















          Required, but never shown

























          2 Answers
          2






          active

          oldest

          votes








          2 Answers
          2






          active

          oldest

          votes









          active

          oldest

          votes






          active

          oldest

          votes








          up vote
          1
          down vote













          # importing pickle


          Obviously. Don't clutter your code with comments unless they add something we don't already know.



          # defining variables
          
create_username = 0
          
create_password = 0
          
password = 0
          
username = 0


          This is generally a bad idea, and you aren't in mid-1990s C. Don't predeclare your variables. Initialize them where they're actually used.



          print(users)


          If users is a plain-old dictionary, I recommend the use of pprint instead of print.



          "enter username(type signup to create an account): "


          This is called in-band control, and is a bad idea. What if someone's username is called "signup"? You want out-of-band control. Ask explicitly whether the user wants to sign up or log in.



          if username == "signup" or username == "Signup":


          Don't do two comparisons. Convert username to lowercase and compare with 'signup'.






          share|improve this answer





















          • Can you please explain why predeclaring variables is a bad idea, and something to avoid?
            – van der Zon Stef
            Dec 12 at 6:52






          • 1




            @vanderZonStef It's a habit from pre-99 C. It's not necessary in nearly all languages, now. Programs read easier if the variables aren't introduced until they're actually used. Plus, Python doesn't really have the concept of variable declaration at all; only variable assignment with implicit declaration.
            – Reinderien
            Dec 12 at 15:31















          up vote
          1
          down vote













          # importing pickle


          Obviously. Don't clutter your code with comments unless they add something we don't already know.



          # defining variables
          
create_username = 0
          
create_password = 0
          
password = 0
          
username = 0


          This is generally a bad idea, and you aren't in mid-1990s C. Don't predeclare your variables. Initialize them where they're actually used.



          print(users)


          If users is a plain-old dictionary, I recommend the use of pprint instead of print.



          "enter username(type signup to create an account): "


          This is called in-band control, and is a bad idea. What if someone's username is called "signup"? You want out-of-band control. Ask explicitly whether the user wants to sign up or log in.



          if username == "signup" or username == "Signup":


          Don't do two comparisons. Convert username to lowercase and compare with 'signup'.






          share|improve this answer





















          • Can you please explain why predeclaring variables is a bad idea, and something to avoid?
            – van der Zon Stef
            Dec 12 at 6:52






          • 1




            @vanderZonStef It's a habit from pre-99 C. It's not necessary in nearly all languages, now. Programs read easier if the variables aren't introduced until they're actually used. Plus, Python doesn't really have the concept of variable declaration at all; only variable assignment with implicit declaration.
            – Reinderien
            Dec 12 at 15:31













          up vote
          1
          down vote










          up vote
          1
          down vote









          # importing pickle


          Obviously. Don't clutter your code with comments unless they add something we don't already know.



          # defining variables
          
create_username = 0
          
create_password = 0
          
password = 0
          
username = 0


          This is generally a bad idea, and you aren't in mid-1990s C. Don't predeclare your variables. Initialize them where they're actually used.



          print(users)


          If users is a plain-old dictionary, I recommend the use of pprint instead of print.



          "enter username(type signup to create an account): "


          This is called in-band control, and is a bad idea. What if someone's username is called "signup"? You want out-of-band control. Ask explicitly whether the user wants to sign up or log in.



          if username == "signup" or username == "Signup":


          Don't do two comparisons. Convert username to lowercase and compare with 'signup'.






          share|improve this answer












          # importing pickle


          Obviously. Don't clutter your code with comments unless they add something we don't already know.



          # defining variables
          
create_username = 0
          
create_password = 0
          
password = 0
          
username = 0


          This is generally a bad idea, and you aren't in mid-1990s C. Don't predeclare your variables. Initialize them where they're actually used.



          print(users)


          If users is a plain-old dictionary, I recommend the use of pprint instead of print.



          "enter username(type signup to create an account): "


          This is called in-band control, and is a bad idea. What if someone's username is called "signup"? You want out-of-band control. Ask explicitly whether the user wants to sign up or log in.



          if username == "signup" or username == "Signup":


          Don't do two comparisons. Convert username to lowercase and compare with 'signup'.







          share|improve this answer












          share|improve this answer



          share|improve this answer










          answered Dec 11 at 21:01









          Reinderien

          2,047616




          2,047616












          • Can you please explain why predeclaring variables is a bad idea, and something to avoid?
            – van der Zon Stef
            Dec 12 at 6:52






          • 1




            @vanderZonStef It's a habit from pre-99 C. It's not necessary in nearly all languages, now. Programs read easier if the variables aren't introduced until they're actually used. Plus, Python doesn't really have the concept of variable declaration at all; only variable assignment with implicit declaration.
            – Reinderien
            Dec 12 at 15:31


















          • Can you please explain why predeclaring variables is a bad idea, and something to avoid?
            – van der Zon Stef
            Dec 12 at 6:52






          • 1




            @vanderZonStef It's a habit from pre-99 C. It's not necessary in nearly all languages, now. Programs read easier if the variables aren't introduced until they're actually used. Plus, Python doesn't really have the concept of variable declaration at all; only variable assignment with implicit declaration.
            – Reinderien
            Dec 12 at 15:31
















          Can you please explain why predeclaring variables is a bad idea, and something to avoid?
          – van der Zon Stef
          Dec 12 at 6:52




          Can you please explain why predeclaring variables is a bad idea, and something to avoid?
          – van der Zon Stef
          Dec 12 at 6:52




          1




          1




          @vanderZonStef It's a habit from pre-99 C. It's not necessary in nearly all languages, now. Programs read easier if the variables aren't introduced until they're actually used. Plus, Python doesn't really have the concept of variable declaration at all; only variable assignment with implicit declaration.
          – Reinderien
          Dec 12 at 15:31




          @vanderZonStef It's a habit from pre-99 C. It's not necessary in nearly all languages, now. Programs read easier if the variables aren't introduced until they're actually used. Plus, Python doesn't really have the concept of variable declaration at all; only variable assignment with implicit declaration.
          – Reinderien
          Dec 12 at 15:31












          up vote
          1
          down vote













          Bugs



          Both your check for an existing user and checking if the user entered the correct password are not working correctly:



          if create_password in users:
          
    create_password = input("password taken re-enter: ")


          This just checks if the just entered password is also a username already in use. in for dictionaries checks only if a value is present in the keys of the dictionary, not the values.



          But even if this would be working like you intended (checking if this is the password of another user), checking if another user has the same password is very dangerous. First of all it gives away the fact that you are saving your passwords in clear text, which you shouldn't, anyway. In the best case the user will not want to use your system for that reason alone, in the worst case they will want to crack it.



          And for this second case there is even more information now, because now they know the password of one other user! They just don't know which one, but if they keep on trying passwords and save them whenever they are already taken, they get a nice dictionary of passwords, where they know that each one is some users password. If they want to crack some specific users account, they just try all of them.



          if username in users:
          
    password = input("enter password")
          

          
if password in users:
          
    print("access granted")
          
    access = 1


          This checks if the user exists (good) and if another user with the username of the just entered password also exists, but not if the password is the password of the user who wants to login (bad).



          This means that you can login to your system by knowing a single username! Just enter the username as both the username and the password and you are guaranteed access.



          Instead, you want to check if the password is that users password:



          if username in users:
          
    password = input("enter password: ")
          
    if password == users[username]:
          
        print("access granted")
          
        access = 1


          This also makes sure that the check for the password is only performed if the user actually entered a password. Otherwise it will check if the user 0 exists in users (in your current version) or it will raise a KeyError, since user[username] does not exist (in this version where the if is not nested).



          Style



          Using 1 and 0 for logged-in and not logged-in, respectively, sounds like you will mess this up at least once. Instead used logged_in = False in the beginning and then later set it to logged_in = True if the login is successful.



          Indeed, you should probably move all of your code to separate functions, one of which, the login function, returns True or False depending on whether or not the login was successful.






          share|improve this answer

















          • 1




            Thanks didn't know about the bug with the user just needing to enter the username twice! quite a big bug actually come to think of it.
            – Krishna
            Dec 12 at 19:41

















          up vote
          1
          down vote













          Bugs



          Both your check for an existing user and checking if the user entered the correct password are not working correctly:



          if create_password in users:
          
    create_password = input("password taken re-enter: ")


          This just checks if the just entered password is also a username already in use. in for dictionaries checks only if a value is present in the keys of the dictionary, not the values.



          But even if this would be working like you intended (checking if this is the password of another user), checking if another user has the same password is very dangerous. First of all it gives away the fact that you are saving your passwords in clear text, which you shouldn't, anyway. In the best case the user will not want to use your system for that reason alone, in the worst case they will want to crack it.



          And for this second case there is even more information now, because now they know the password of one other user! They just don't know which one, but if they keep on trying passwords and save them whenever they are already taken, they get a nice dictionary of passwords, where they know that each one is some users password. If they want to crack some specific users account, they just try all of them.



          if username in users:
          
    password = input("enter password")
          

          
if password in users:
          
    print("access granted")
          
    access = 1


          This checks if the user exists (good) and if another user with the username of the just entered password also exists, but not if the password is the password of the user who wants to login (bad).



          This means that you can login to your system by knowing a single username! Just enter the username as both the username and the password and you are guaranteed access.



          Instead, you want to check if the password is that users password:



          if username in users:
          
    password = input("enter password: ")
          
    if password == users[username]:
          
        print("access granted")
          
        access = 1


          This also makes sure that the check for the password is only performed if the user actually entered a password. Otherwise it will check if the user 0 exists in users (in your current version) or it will raise a KeyError, since user[username] does not exist (in this version where the if is not nested).



          Style



          Using 1 and 0 for logged-in and not logged-in, respectively, sounds like you will mess this up at least once. Instead used logged_in = False in the beginning and then later set it to logged_in = True if the login is successful.



          Indeed, you should probably move all of your code to separate functions, one of which, the login function, returns True or False depending on whether or not the login was successful.






          share|improve this answer

















          • 1




            Thanks didn't know about the bug with the user just needing to enter the username twice! quite a big bug actually come to think of it.
            – Krishna
            Dec 12 at 19:41















          up vote
          1
          down vote










          up vote
          1
          down vote









          Bugs



          Both your check for an existing user and checking if the user entered the correct password are not working correctly:



          if create_password in users:
          
    create_password = input("password taken re-enter: ")


          This just checks if the just entered password is also a username already in use. in for dictionaries checks only if a value is present in the keys of the dictionary, not the values.



          But even if this would be working like you intended (checking if this is the password of another user), checking if another user has the same password is very dangerous. First of all it gives away the fact that you are saving your passwords in clear text, which you shouldn't, anyway. In the best case the user will not want to use your system for that reason alone, in the worst case they will want to crack it.



          And for this second case there is even more information now, because now they know the password of one other user! They just don't know which one, but if they keep on trying passwords and save them whenever they are already taken, they get a nice dictionary of passwords, where they know that each one is some users password. If they want to crack some specific users account, they just try all of them.



          if username in users:
          
    password = input("enter password")
          

          
if password in users:
          
    print("access granted")
          
    access = 1


          This checks if the user exists (good) and if another user with the username of the just entered password also exists, but not if the password is the password of the user who wants to login (bad).



          This means that you can login to your system by knowing a single username! Just enter the username as both the username and the password and you are guaranteed access.



          Instead, you want to check if the password is that users password:



          if username in users:
          
    password = input("enter password: ")
          
    if password == users[username]:
          
        print("access granted")
          
        access = 1


          This also makes sure that the check for the password is only performed if the user actually entered a password. Otherwise it will check if the user 0 exists in users (in your current version) or it will raise a KeyError, since user[username] does not exist (in this version where the if is not nested).



          Style



          Using 1 and 0 for logged-in and not logged-in, respectively, sounds like you will mess this up at least once. Instead used logged_in = False in the beginning and then later set it to logged_in = True if the login is successful.



          Indeed, you should probably move all of your code to separate functions, one of which, the login function, returns True or False depending on whether or not the login was successful.






          share|improve this answer












          Bugs



          Both your check for an existing user and checking if the user entered the correct password are not working correctly:



          if create_password in users:
          
    create_password = input("password taken re-enter: ")


          This just checks if the just entered password is also a username already in use. in for dictionaries checks only if a value is present in the keys of the dictionary, not the values.



          But even if this would be working like you intended (checking if this is the password of another user), checking if another user has the same password is very dangerous. First of all it gives away the fact that you are saving your passwords in clear text, which you shouldn't, anyway. In the best case the user will not want to use your system for that reason alone, in the worst case they will want to crack it.



          And for this second case there is even more information now, because now they know the password of one other user! They just don't know which one, but if they keep on trying passwords and save them whenever they are already taken, they get a nice dictionary of passwords, where they know that each one is some users password. If they want to crack some specific users account, they just try all of them.



          if username in users:
          
    password = input("enter password")
          

          
if password in users:
          
    print("access granted")
          
    access = 1


          This checks if the user exists (good) and if another user with the username of the just entered password also exists, but not if the password is the password of the user who wants to login (bad).



          This means that you can login to your system by knowing a single username! Just enter the username as both the username and the password and you are guaranteed access.



          Instead, you want to check if the password is that users password:



          if username in users:
          
    password = input("enter password: ")
          
    if password == users[username]:
          
        print("access granted")
          
        access = 1


          This also makes sure that the check for the password is only performed if the user actually entered a password. Otherwise it will check if the user 0 exists in users (in your current version) or it will raise a KeyError, since user[username] does not exist (in this version where the if is not nested).



          Style



          Using 1 and 0 for logged-in and not logged-in, respectively, sounds like you will mess this up at least once. Instead used logged_in = False in the beginning and then later set it to logged_in = True if the login is successful.



          Indeed, you should probably move all of your code to separate functions, one of which, the login function, returns True or False depending on whether or not the login was successful.







          share|improve this answer












          share|improve this answer



          share|improve this answer










          answered Dec 12 at 11:00









          Graipher

          23.3k53485




          23.3k53485








          • 1




            Thanks didn't know about the bug with the user just needing to enter the username twice! quite a big bug actually come to think of it.
            – Krishna
            Dec 12 at 19:41
















          • 1




            Thanks didn't know about the bug with the user just needing to enter the username twice! quite a big bug actually come to think of it.
            – Krishna
            Dec 12 at 19:41










          1




          1




          Thanks didn't know about the bug with the user just needing to enter the username twice! quite a big bug actually come to think of it.
          – Krishna
          Dec 12 at 19:41






          Thanks didn't know about the bug with the user just needing to enter the username twice! quite a big bug actually come to think of it.
          – Krishna
          Dec 12 at 19:41




















          draft saved

          draft discarded




















































          Thanks for contributing an answer to Code Review Stack Exchange!


          • Please be sure to answer the question. Provide details and share your research!

          But avoid



          • Asking for help, clarification, or responding to other answers.

          • Making statements based on opinion; back them up with references or personal experience.


          Use MathJax to format equations. MathJax reference.


          To learn more, see our tips on writing great answers.





          Some of your past answers have not been well-received, and you're in danger of being blocked from answering.


          Please pay close attention to the following guidance:


          • Please be sure to answer the question. Provide details and share your research!

          But avoid



          • Asking for help, clarification, or responding to other answers.

          • Making statements based on opinion; back them up with references or personal experience.


          To learn more, see our tips on writing great answers.




          draft saved


          draft discarded














          StackExchange.ready(
          function () {
          StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fcodereview.stackexchange.com%2fquestions%2f209464%2fpython-username-and-password-authentication%23new-answer', 'question_page');
          }
          );

          Post as a guest















          Required, but never shown





















































          Required, but never shown














          Required, but never shown












          Required, but never shown







          Required, but never shown

































          Required, but never shown














          Required, but never shown












          Required, but never shown







          Required, but never shown







          -

          Popular posts from this blog

          Сан-Квентин

          Image
          Сан-Квентин Местоположение Сан-Квентин, Калифорния Координаты 37°56′13″ с. ш. 122°29′20″ з. д. H G Я O L Текущий статус Действует Режим безопасности минимальный и максимальный Количество мест 3 302 Открытие Июнь 1852 Находится в ведомстве California Department of Corrections and Rehabilitation Начальник Mike Martel, начальник  Сан-Квентин на Викискладе Сан-Квентин (англ.  San Quentin ) — тюрьма, располагающаяся на 432 акрах (около 1,7 км²), на мысе Сан-Квентин, в округе Марин, штат Калифорния, США. Тюрьма штата Калифорния Сан-Квентин была открыта в июле 1852 года и является старейшей в штате. Она была построена заключёнными, которые проживали в течение строительства на тюремном судне Вабан. В Сан-Квентине отбывали наказание и мужчины, и женщины до 1934 года, когда построили женскую тюрьму в Техачапи и туда перевели всех заключённых женщин. В Сан-Квентине приводятся в исполнение смертные казни, для этого имеется газовая камера, но
          Read more

          Алькесар

          Image
          Муниципалитет Алькесар Alquézar Герб 42°10′16″ с. ш. 0°01′27″ в. д. H G Я O L Страна Испания   Испания Автономное сообщество Арагон Провинция Уэска Комарка Сомонтано-де-Барбастро Алькальд Хосе Марияно Альтемир Ласкорс (ИСРП) История и география Площадь 32,36 км² Высота НУМ 660 м Часовой пояс UTC+1, летом UTC+2 Население Население 313 человек ( 2010 ) Плотность 9,92 чел./км² Этнохороним alquezarano/-a Цифровые идентификаторы Телефонный код +34 974 Почтовые индексы 22112 Автомобильный код HU alquezar.org   (исп.) Показать/скрыть карты Алькесар Алькесар Алькесар  Аудио, фото и видео на Викискладе Алькесар (исп.  Alquézar ) — муниципалитет в Испании, входит в провинцию Уэска, в составе автономного сообщества Арагон. Муниципалитет находится в составе района (комарки) Сомонтано-де-Барбастро. Занимает площадь 32,36 км². Население — 321 челове
          Read more

          Josef Freinademetz

          Image
          San Ujöp (Giuseppe/Josef) Freinademetz Josef Freinademetz in abiti cinesi   Religioso e missionario   Nascita 15 aprile 1852 Morte 28 gennaio 1908 Venerato da Chiesa cattolica Beatificazione 1975 Canonizzazione 5 ottobre 2003 Ricorrenza 28 gennaio Manuale Ujöp Freinademetz noto anche come Giuseppe o Josef Freinademetz (Oies, 15 aprile 1852 – Taikia, 28 gennaio 1908) è stato un presbitero austriaco, membro della Società del Verbo Divino, fu missionario in Cina; è venerato come santo dalla Chiesa cattolica. .mw-parser-output .citazione-table{margin-bottom:.5em;font-size:95%}.mw-parser-output .citazione-table td{padding:0 1.2em 0 2.4em}.mw-parser-output .citazione-lang{vertical-align:top}.mw-parser-output .citazione-lang td{width:50%}.mw-parser-output .citazione-lang td:first-child{padding:0 0 0 2.4em}.mw-parser-output .citazione-lang td:nth-child(2){padding:0 1.2em} «Io amo la Cina e i cinesi; voglio morire in mezzo a loro, e tra loro
          Read more