0

Im trying to make the user log in whereas if they type the correct username and password they will be able to do so but I keep getting an error when I enter the login details

def login(self):
    global con
    if self.txt_user.get() == "" or self.txt_pass.get() == "":
        messagebox.showerror("Error", "Please fill up all fields!")
    else:
        try :
            con=pymysql.connect(host="localhost",user="root",password="",database="employee")
            cur=con.cursor()
            cur.execute("select * from employeelist where username=%s",self.txt_user.get())
            row=cur.rowcount
            print(row)
            if row != None :
                cur.execute("select password from employeelist where username=%s", self.txt_pass.get())
                row1 = cur.rowcount
                print(row1)
                if(row1 != None):
                    messagebox.showinfo("Success", "Login Successful", parent=self.root)
                    m = menu
                    m.Menu(root) 
                else:
                    messagebox.showerror("Error", "Wrong Password. Please try again!")
            else:
                messagebox.showerror("Error, Wrong Username or Password. Please try again!")
        except Exception as ex:
            con.close()
            messagebox.showerror("Error",f"Error due to: {str(ex)}",parent=self.root)
Improve this question
1
  • What error are you getting? What have you done to debug this? Have you verified that self.txt_user.get() and self.txt_pass.get() are returning what you think they should be returning? Also, are you sure that cur.rowcount can return None rather than zero under certain circumstances? Commented Feb 1, 2021 at 17:33

3 Answers 3

Reset to default
1

There are following issues:

  • rowcount will be a number, never be None, so if row != None will be always True
  • used self.txt_pass.get() in SELECT ... WHERE username=%s is incorrect, should use self.txt_user.get() instead

Under security consideration, normally we don't tell the user whether username or password is incorrect. That will expose user information to hackers under brute force attack. Just tell them either successful or failed is enough. Also do not store plain text password in database. Password should be encrypted.

Also you can use single SELECT to check the credentials:

    def login(self):
        user = self.txt_user.get().strip()
        passwd = self.txt_pass.get().strip() 
        if user == "" or passwd == "":
            messagebox.showerror("Error", "Please fill up all fields!")
        else:
            try :
                con = pymysql.connect(host="localhost", user="root", password="", database="employee")
                cur = con.cursor()
                cur.execute("SELECT 1 from employeelist WHERE username = %s and password = %s", (user, passwd))
                if cur.rowcount == 1:
                    messagebox.showinfo("Success", "Login Successful", parent=self.root)
                else:
                    messagebox.showerror("Error", "Invalid credentials. Please try again!")
            except Exception as ex:
                messagebox.showerror("Error", f"Error due to: {str(ex)}", parent=self.root)
            finally:
                con.close()
Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

0 
cur.execute(
    "select password from employeelist where username=%s",
    self.txt_pass.get()
)

You are using password (i.e. self.txt_pass.get()) to find username, so it wont find any records hence you're getting error all the time.ez fix

Improve this answer

Comments

0

You can also use the callproc option. import pymysql

            try:
                conn = pymysql.Connect( 
                        host='localhost', 
                        user='root',  
                        passwd = '', 
                        db='testing' 
                        #,autocommit=True
                        )
                
                
                #pymysql.cursors.DictCursor
                cur = conn.cursor() 
                params = ('official',1)
                cur.callproc('getlogindetails',args=params)
                # cur.execute("call getlogindetails(?,?)", params)
                
                ls = list(cur.fetchall()) 

                #your logic here based on the list value

            finally:
                conn.close()

Procedure: DELIMITER $$

        DROP PROCEDURE IF EXISTS `testing`.`getlogindetails` $$
        CREATE DEFINER=`root`@`localhost` PROCEDURE `getlogindetails`(in inusername 
                                                 varchar(100),in inloginid integer)
        BEGIN
            select  fname,id,lname from details where id < 10;
        END $$

        DELIMITER ;
Improve this answer

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.