current community

your communities

more stack exchange communities

Stack Exchange
tour help
stack overflow careers
Take the 2-minute tour ×
Stack Overflow is a question and answer site for professional and enthusiast programmers. It's 100% free, no registration required.
up vote 0 down vote favorite

i am new on python and just started learning, i want to create a simple script to run a program by authenticating user, valid or not... main problem, i am facing is that i have a file "users" in which i mentioned all valid users, so i need a program which searches the input given by user in "users" file, if found then continue otherwise "authentication failed" what i tried is ...

fp = open("users", "r")

for line in fp.readlines():

 if "michel" in line :  # user michel is available in users file
    print "true"
 else :
    print "false"

it works, prints 'true' because michel is in file.. but in case of when user enters "mic" .. also prints true ...... so what will be the solution...

share|improve this question

2 Answers 2

up vote 0 down vote accepted

You can use re to make sure the whole line is a match:

import re

    fp = open("users", "r")
    for line in fp.readlines():
        if re.match('^michel$', line, re.I):
            print "true"
        else :
            print "false"
share|improve this answer
up vote 0 down vote

For starters, it is probably best for security purposes to use os.getlogin() to determine the user's login name rather than prompting the user to type their username. This will at least guarantee that the user logged in via some authentication mechanism to get onto the system, meaning that they have a known & consistent username.

So if you wanted to turn this into a function you could write:

def is_valid_user(username):
   fp = open("users", "r")
   for line in fp.readlines():
      if username in line:
        fp.close()
        return True
   fp.close()
   return False

You could then call the function using:

import os
is_valid = is_valid_user(os.getlogin())
if is_valid:
   print("valid user")
else:
   print("invalid user")

Some suggestions for added security now and in the future:

  1. Modify your "users" file to contain names surrounded by delimiters such as ":jonesj:" rather than "jonesj" and search for ":" + username + ":" in line which will avoid false positives in situations where a user "jones" is currently logged in and a username "jonesj" is in your "users" file but "jones" is not, and you incorrectly identify "jones" as being an authorized user (since "jones" is a subset of the string "jonesj").
  2. Make sure the permissions on your "users" file is set to read-only so that users can't go add their username to the file to grant permissions to themselves.
  3. Sometime in the future you may want to consider using LDAP or Kerberos server or some other more formal authentication mechanism rather than a "users" file. There are good python client libraries for quite a number of authentication backend servers.
share|improve this answer

Your Answer

 
discard

By posting your answer, you agree to the privacy policy and terms of service.

Not the answer you're looking for? Browse other questions tagged or ask your own question.