[mod_python] problem with mod_python authentication via postgresql

Remy C. Cool modpython at smartology.nl
Fri May 3 11:21:09 EST 2002

I'm experimenting with python/mod_python and run into a problem with 

I use the following code:

# authenticate user
import psycopg
import string
import time
from mod_python import apache

def authenhandler(req):

   pw = req.get_basic_auth_pw()
   user = req.connection.user

   # create database connection
   connectstring = "dbname=testbase user=tester password=test 
   dbconn = psycopg.connect(connectstring)
   dbhandle = dbconn.cursor()
   # define query
   dbhandle.execute("SELECT user_id,password FROM users WHERE 		   
username = %s", (user,))
   # retrieve results
   results = dbhandle.fetchall()
   total = len(results)

   if total < 1:
      # user not known on this system
      return apache.HTTP_UNAUTHORIZED
      if total > 2:
         # database corrupted
         return apache.HTTP_UNAUTHORIZED
         # extract user_id from list
         user_id = results[0][0]
         # get host info
         curhost = req.get_remote_host(apache.REMOTE_NAME)
         # register login try
         dbhandle.execute("""INSERT INTO login (user_id,host) VALUES 
( %d,%s )""", (user_id,curhost))
         # extract password from list
         passwd = string.strip(results[0][1])
         # compare password with given
         if pw == passwd:
            # user authenticated
            return apache.OK
            # incorrect password
            return apache.HTTP_UNAUTHORIZED

Authentication works. The username is looked up in the database and 
if the password is OK, access is granted. The problem is that for 
every login attempt (or page refresh) I get 4 entry's in my login 
table ond not one. What am I doing wrong here ?

Remy Cool

More information about the Mod_python mailing list