|
Remy C. Cool
modpython at smartology.nl
Fri May 3 11:21:09 EST 2002
I'm experimenting with python/mod_python and run into a problem with
autentication...
I use the following code:
# authenticate user
import psycopg
import string
import time
from mod_python import apache
def authenhandler(req):
pw = req.get_basic_auth_pw()
user = req.connection.user
# create database connection
connectstring = "dbname=testbase user=tester password=test
port=5432"
dbconn = psycopg.connect(connectstring)
dbhandle = dbconn.cursor()
# define query
dbhandle.execute("SELECT user_id,password FROM users WHERE
username = %s", (user,))
# retrieve results
results = dbhandle.fetchall()
total = len(results)
if total < 1:
# user not known on this system
return apache.HTTP_UNAUTHORIZED
else:
if total > 2:
# database corrupted
return apache.HTTP_UNAUTHORIZED
else:
# extract user_id from list
user_id = results[0][0]
# get host info
curhost = req.get_remote_host(apache.REMOTE_NAME)
# register login try
dbhandle.execute("""INSERT INTO login (user_id,host) VALUES
( %d,%s )""", (user_id,curhost))
dbconn.commit()
# extract password from list
passwd = string.strip(results[0][1])
# compare password with given
if pw == passwd:
# user authenticated
return apache.OK
else:
# incorrect password
return apache.HTTP_UNAUTHORIZED
Authentication works. The username is looked up in the database and
if the password is OK, access is granted. The problem is that for
every login attempt (or page refresh) I get 4 entry's in my login
table ond not one. What am I doing wrong here ?
Regards,
Remy Cool
|