0

I have a sqlite table with 3 columns (id, username, password). There is 1 row in the table. I am trying to run a sqlite query to select the id where the username and password match what the user entered. My code for login.py is as follows:

import sqlite3 as lite


def login(userinput, userpass):
con = lite.connect('console.db')

with con:
    cur = con.cursor()
    cur.execute("SELECT id FROM users WHERE username == :userinput & password == :userpass", {"userinput": userinput, "userpass": userpass})
    con.commit()
    row = cur.fetchone()
    print row[0]

my code for main.py is as follows:

import login
from getpass import getpass
import hashlib


username = raw_input("username >>")
password1 = getpass("password >>")
password1 = hashlib.sha224(password1).hexdigest()
login.login(username, password1)

I get the error message as follows:

Traceback (most recent call last):
  File "/home/wip/PycharmProjects/console/main.py", line 9, in <module>
    login.login(username, password1)
  File "/home/wip/PycharmProjects/console/login.py", line 12, in login
    print row[0]
TypeError: 'NoneType' object has no attribute '__getitem__'

My password that is stored in the table is stored using sha224 encryption, just as the user inputted password when prompted. Any help with this would be greatly appreciated!

Improve this question
6
  • fetchone() returns None when no matching row is found. Commented Jul 23, 2015 at 0:41
  • If you print the password1 after hashing it, is it the same as the one stored in the database? The query seems not to return anything. Commented Jul 23, 2015 at 0:43
  • @mehtunguh I have checked my table multiple times. There is a row there and I am entering the correct data when prompted from main.py Commented Jul 23, 2015 at 0:44
  • @DJanssens it returns the same exact hash. Commented Jul 23, 2015 at 0:44
  • What if you print the query in your code, before executing it and querying it manually? Perhaps some nasty hidden symbol from the input is messing it up? Cause apart from that your query looks straight forward and correct. Commented Jul 23, 2015 at 0:48

1 Answer 1

Reset to default
1

Your query is not returning any rows, and fetchone() therefore returns None.

Try using and instead of & in your query:

cur.execute("SELECT id FROM users WHERE username == :userinput and password == :userpass", {"userinput": userinput, "userpass": userpass})

I don't think that == is normally valid SQL, so you should probably use = instead.

One other thing, you don't need to call commit() for a select query.

Improve this answer
Sign up to request clarification or add additional context in comments.

3 Comments

I just tried running this and it returns the same error message. Thank you for letting me know that you don't need to call commit() for a select query!
Well, the & is definitely a problem, and your query is definitely not returning any rows. You must be using the wrong username and/or password, or the password stored in your database is incorrect, or even perhaps the wrong database is being used.
Try executing cur.execute("select * from users").fetchall() and see what comes back. Make sure that the values for the user name and the hashed password match.

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.