Here’s what we are doing in the preceding code:
- On line 84, we create the hashing of the inputted password
- On line 85, we save it in the database, together with its related username
At this point, we’ve finished coding. We can try out the entire set of features of the web application, starting with creating a new account with a username of user2 and a password of 09876:
Figure 13.21: Creating a new account
As we can see, in the database browser, the new password has been saved as a hashing code:
Figure 13.22: The new password in its hashing version
Anybody who gets the database file can read its content but cannot understand what the password is since getting the plain text from the hashing is quite impossible.
Let’s try to log in:
Figure 13.23: Logging in with the new account
The inputted password is converted into its hash and compared with the one stored in the database; since the two hashes match, we get the following result:
Figure 13.24: The login was successful
The login process has been completed with success, and the user can access the application’s tasks.
It’s very interesting to understand that even if the given text differs in a very small element from another, its hashing will be completely different. Add another account to the database, this time with a password such as 09875, and check how different its hashing is from the one coming from the 09876 password.
This chapter was full of complex information, but the result we got is very valuable: a complete app skeleton that can be used in all our web applications that need to manage signing up, logging in, hashing, and saving data permanently in a database.
As usual, here is all the code we developed:
Figure 13.25: Signup/login skeleton – part 1
In the first part of the code, we started importing the libraries (lines 1-5) and then created the connection and the cursor to the database (lines 6-7). After that, we imported the hashlib library (line 10) and created the make_hashes and check_hashes functions (lines 12 and 15). On lines 22 and 26, we defined two functions to create new tables and add data to the database, and on line 31, we defined the function that manages user login.
On line 37, we defined the main function, introduced some HTML code just to make the app more beautiful, and implemented the application menu:
Figure 13.26: Signup/login skeleton – part 2
In the second part of the code, we managed the menu. So, if the user selects Login, we implement the proper code (lines 57-74). When the user selects Sign Up, we implement the code dedicated to this function (lines 77-87). Finally, on line 90, we have the About section.
This chapter is very important because an application almost always needs to manage accounts and therefore usernames and passwords. To accomplish this task properly, encrypting the password very securely is the key.
Summary
In this chapter, we understood the logic behind login and signup pages and learned a very solid way of implementing and managing accounts according to the best practices summarized here.
When users sign up on our web apps, they provide a username and a password. The username serves as their unique identifier, while the password is a secret known only to them. For security, these credentials are stored in a database, but the passwords are not kept as plain text. Instead, they are converted into a hash, a one-way function that is easy to compute from a password but hard to reverse. This ensures that even if a hacker accesses the database, they can’t easily decipher the passwords.
During login, the user’s entered password is hashed and compared with the stored hash; if they match, the user is granted access. Storing these hashes is crucial for allowing users to log in and recover passwords. Although hacking these hashes is possible, it is much more difficult than cracking plain text passwords.Implementing robust business code is the main target of any web application since by doing this, it is possible to address any kind of problem that the code is supposed to solve. Giving customers more beautiful interfaces, well-designed applications, and very customized tools is another key skill that a real web application designer should have. This is exactly what we are going to discuss in the next chapter.