I need a function that will create and store usernames and passwords for different students. Their programme should ask the user for their name and age and a username should be created, consisted of their name and age eg. Jack16. They then can make up their own password which then will be stored in an external file using pickle maybe. The programme should then be able to check if the username and password is valid from the external list in a log in section. If they are valid they should be allowed in. I'm sort of stuck on this and would appreciate any help.
Jack_30
0
Newbie Poster
Recommended Answers
Jump to PostWhen this question comes up, I reply with "never store passwords in a database." You can store the names but never the passwords.
So you may wonder how to verify that password? We store the one way encrypted password and then encrypt the offered password and then compare.
This …
All 3 Replies
JamesCherrill
4,733
Most Valuable Poster
Team Colleague
Featured Poster
DaniWeb Member Rules (which you agreed to when you signed up) include:
"Do provide evidence of having done some work yourself if posting questions from school or work assignments"
https://www.daniweb.com/welcome/rules
Post what you have done so far and someone will help you from there.
rproffitt
2,580
"Nothing to see here."
Moderator
When this question comes up, I reply with "never store passwords in a database." You can store the names but never the passwords.
So you may wonder how to verify that password? We store the one way encrypted password and then encrypt the offered password and then compare.
This way if your database is leaked they don't get the passwords that as you know folk tend to use the same all over.
More at https://www.google.com/search?q=never+store+passwords
rubberman
commented:
This is the approach I used when developing FACTORYworks back in the 1990's. Doubly encrypted passwords are pretty hard to crack.
+14
benanamen
69
Light Poster
Just to be more precise, it is not a "one way encrypted password" but a "one-way hashing algorithm using "password_hash.
Per the manual:
password_hash() creates a new password hash using a strong one-way hashing algorithm.
You would then use password_verify to "Verify that the given hash matches the given password."
More info on Password Hashing from the Manual.
OP, as stated, you need to make an attempt at coding this. If you are going to just grab some code off the net that uses a database, stay away from anything that has mysql_* in the code.
For a Database, you optimally will want to use PDO. Here is a tutorial to get you going.
Be a part of the DaniWeb community
We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.