RosettaCodeData/Task/SQL-based-authentication/Python/sql-based-authentication.py

import mysql.connector
import hashlib

import sys	
import random	

DB_HOST = "localhost"	
DB_USER = "devel"
DB_PASS = "devel"	
DB_NAME = "test"	

def connect_db():	
    ''' Try to connect DB and return DB instance, if not, return False '''	
    try:	
        return mysql.connector.connect(host=DB_HOST, user=DB_USER, passwd=DB_PASS, db=DB_NAME)	
    except:	
        return False	

def create_user(username, passwd):	
    ''' if user was successfully created, returns its ID; returns None on error '''	
    db = connect_db()	
    if not db:	
        print "Can't connect MySQL!"
        return None

    cursor = db.cursor()	

    salt = randomValue(16)	 	
    passwd_md5 = hashlib.md5(salt+passwd).hexdigest()	

    # If username already taken, inform it	
    try:	
        cursor.execute("INSERT INTO users (`username`, `pass_salt`, `pass_md5`) VALUES (%s, %s, %s)", (username, salt, passwd_md5))
        cursor.execute("SELECT userid FROM users WHERE username=%s", (username,) )
        id = cursor.fetchone()
        db.commit()
        cursor.close()
        db.close()
        return id[0]	
    except:	
        print 'Username was already taken. Please select another'	
        return None

def authenticate_user(username, passwd):	
    db = connect_db()	
    if not db:	
        print "Can't connect MySQL!"
        return False

    cursor = db.cursor()	

    cursor.execute("SELECT pass_salt, pass_md5 FROM users WHERE username=%s", (username,))

    row = cursor.fetchone()
    cursor.close()
    db.close()
    if row is None:     # username not found
        return False
    salt = row[0]
    correct_md5 = row[1]
    tried_md5 = hashlib.md5(salt+passwd).hexdigest()
    return correct_md5 == tried_md5

def randomValue(length):	
    ''' Creates random value with given length'''	
    salt_chars = 'abcdefghijklmnopqrstuvwxyz0123456789'

    return ''.join(random.choice(salt_chars) for x in range(length))

if __name__ == '__main__':	
    user = randomValue(10)
    passwd = randomValue(16)	

    new_user_id = create_user(user, passwd)
    if new_user_id is None:
        print 'Failed to create user %s' % user
        sys.exit(1)
    auth = authenticate_user(user, passwd)	
    if auth:	
        print 'User %s authenticated successfully' % user	
    else:	
        print 'User %s failed' % user