<a href="https://colab.research.google.com/github/ArpulaAnjali/AI_Assistent_1319/blob/main/Task1_Assignment5.3.ipynb" target="_parent"><img src="https://colab.research.google.com/assets/colab-badge.svg" alt="Open In Colab"/></a>

# Task
Generate a simple Python login system in the selected cell.

## Generate Initial Login System

### Subtask:
Generate a simple Python login system in the selected cell as requested by the user.


**Reasoning**:
Generate a Python code block for a simple login system as requested by the user, defining credentials, taking user input, and providing success or error messages.



In [1]:
username = 'admin'
password = 'password123'

input_username = input('Enter username: ')
input_password = input('Enter password: ')

if input_username == username and input_password == password:
    print('Login successful!')
else:
    print('Invalid username or password.')

Enter username: anjali
Enter password: kinnu
Invalid username or password.


## Identify Security Risks

### Subtask:
Analyze the generated login system code to identify security risks such as hardcoded credentials, plain text password storage/comparison, and other insecure logic.


### Identified Security Risks

Based on the analysis of the provided login system code, the following security risks have been identified:

1.  **Hardcoded Credentials**: The username (`'admin'`) and password (`'password123'`) are directly embedded in the code. This is a significant security risk as it makes the credentials easily discoverable and unchangeable without modifying the source code.
2.  **Plain Text Password Comparison**: The system compares the user-entered password directly with the hardcoded plain text password (`input_password == password`). This is highly insecure because if the code is ever compromised, the password would be exposed in plain text. Best practices dictate that passwords should always be hashed and the comparison should be against the hashed version.

## Revise Code for Security

### Subtask:
Revise the login system code to address the identified security risks, incorporating best practices like secure password hashing, and avoiding hardcoded credentials.


**Reasoning**:
The user wants to revise the existing login system code to incorporate secure password hashing and use a dictionary for credentials, which addresses the identified security risks. I will provide a code block that implements these changes.



In [2]:
import hashlib

# Define a dictionary to store user credentials (username: hashed_password)
users = {
    'admin': hashlib.sha256('password123'.encode('utf-8')).hexdigest()
}

# Prompt for username and password input
input_username = input('Enter username: ')
input_password = input('Enter password: ')

# Check if the entered username exists
if input_username in users:
    # Hash the input password for comparison
    hashed_input_password = hashlib.sha256(input_password.encode('utf-8')).hexdigest()

    # Compare the hashed input password with the stored hashed password
    if hashed_input_password == users[input_username]:
        print('Login successful!')
    else:
        print('Invalid username or password.')
else:
    print('Invalid username or password.')

Enter username: admin
Enter password: password123
Login successful!


## User Registration

### Subtask:
Generate code for user registration to expand the login system. This will allow new users to be added to the system with their passwords securely hashed.

**Reasoning**:
The user wants to add a registration functionality. This code block will prompt for a new username and password, hash the password using `hashlib.sha256`, and add the new user and their hashed password to the `users` dictionary. It will also include a check to ensure the username doesn't already exist.

In [4]:
import hashlib

# Assuming 'users' dictionary is already defined from the previous cell
# If not, you might need to re-run the previous cell or redefine it:
# users = {
#     'admin': hashlib.sha256('password123'.encode('utf-8')).hexdigest()
# }

print("\n--- User Registration ---")
new_username = input('Enter new username: ')

# Check if username already exists
if new_username in users:
    print(f'Username \'{new_username}\' already exists. Please try logging in or choose a different username.')
else:
    new_password = input('Enter new password: ')
    hashed_new_password = hashlib.sha256(new_password.encode('utf-8')).hexdigest()
    users[new_username] = hashed_new_password
    print(f'User \'{new_username}\' registered successfully!')

    # --- Attempt Login immediately after successful registration ---
    print("\n--- Attempting Login with New Credentials ---")
    # No need to input again, use the new_username and the hashed_new_password
    if new_username in users and hashed_new_password == users[new_username]:
        print(f'Login successful for user \'{new_username}\'!')
    else:
        # This case should ideally not be reached if registration was successful
        print('An error occurred during login after registration.')

print('\nCurrent registered users (hashed passwords):', users)


--- User Registration ---
Enter new username: anjali
Username 'anjali' already exists. Please choose a different username.

Current registered users (hashed passwords): {'admin': 'ef92b778bafe771e89245b89ecbc08a44a4e166c06659911881f383d4473e94f', 'anjali': '70cb7e5d290385c73b0ef2b9305c3104bcabe9c3eff235770911c8113cf50f25'}


## Explain Improvements

### Subtask:
Provide a brief explanation of the security improvements implemented in the revised code.


## Summary:

### Q&A
The security improvements implemented in the revised code include:
1.  **Password Hashing**: Passwords are no longer stored or compared in plain text. Instead, the `hashlib.sha256` algorithm is used to hash passwords, and only the hashed values are stored and compared.
2.  **Avoidance of Hardcoded Credentials**: While the example still initializes a user, the structure allows for credentials to be managed more securely (e.g., loaded from a secure configuration or database) rather than being directly embedded in the code. The revised code uses a dictionary to store user credentials, mapping usernames to their hashed passwords.

### Data Analysis Key Findings
*   The initial login system hardcoded the username as 'admin' and the password as 'password123', performing a direct plain text comparison, which was identified as a significant security risk.
*   Two primary security risks were identified in the initial system: hardcoded credentials and plain text password comparison.
*   The revised code successfully implemented password hashing using the `hashlib.sha256` module.
*   User credentials are now stored in a dictionary where usernames are keys and values are SHA256 hashed passwords.
*   Input passwords are also hashed before comparison with the stored hashed values, preventing plain text exposure.
*   The revised system correctly authenticated a user with the username 'admin' and the password 'password123', indicating the secure login logic is functional.

### Insights or Next Steps
*   For a production-ready system, consider using more robust password hashing algorithms like bcrypt or Argon2, which are designed to be more resistant to brute-force attacks due to their computational cost.
*   Implement secure storage for user credentials, such as a database, rather than hardcoding them in the application or storing them in a simple dictionary.


# Task
Generate Python code for a secure login system that uses `bcrypt` for password hashing, handles user registration, and implements secure input handling with basic validation. This system should not hardcode credentials.

## Generate Secure Login System

### Subtask:
Generate Python code for a login system that uses password hashing (e.g., bcrypt), handles user registration, and implements secure input handling with basic validation. The system will not hardcode credentials.


**Reasoning**:
The user wants a comprehensive Python code block for a secure login system incorporating bcrypt for password hashing, getpass for secure input, user registration, and login functionalities. I will implement the functions and the main loop as per the instructions.



In [5]:
import bcrypt
import getpass
import re

# Initialize an empty dictionary to store user credentials (username: hashed_password)
users = {}

def register_user():
    print("\n--- User Registration ---")
    while True:
        new_username = input('Enter new username: ')
        if not new_username:
            print('Username cannot be empty. Please try again.')
            continue
        if new_username in users:
            print(f'Username \'{new_username}\' already exists. Please choose a different username or log in.')
            return
        break

    while True:
        new_password = getpass.getpass('Enter new password: ')
        if not new_password:
            print('Password cannot be empty. Please try again.')
            continue
        if len(new_password) < 8:
            print('Password must be at least 8 characters long.')
            continue
        if not re.search(r'[A-Z]', new_password):
            print('Password must contain at least one uppercase letter.')
            continue
        if not re.search(r'[a-z]', new_password):
            print('Password must contain at least one lowercase letter.')
            continue
        if not re.search(r'[0-9]', new_password):
            print('Password must contain at least one digit.')
            continue
        if not re.search(r'[!@#$%^&*(),.?":{}|<>]', new_password):
            print('Password must contain at least one special character.')
            continue
        break

    # Hash the password using bcrypt
    hashed_password = bcrypt.hashpw(new_password.encode('utf-8'), bcrypt.gensalt()).decode('utf-8')
    users[new_username] = hashed_password
    print(f'User \'{new_username}\' registered successfully!')

def login_user():
    print("\n--- User Login ---")
    input_username = input('Enter username: ')
    input_password = getpass.getpass('Enter password: ')

    if input_username not in users:
        print('Invalid username or password.')
        return

    # Check if the entered password matches the stored hashed password
    stored_hashed_password = users[input_username].encode('utf-8')
    if bcrypt.checkpw(input_password.encode('utf-8'), stored_hashed_password):
        print(f'Login successful for user \'{input_username}\'!')
    else:
        print('Invalid username or password.')

def main():
    while True:
        print("\n--- Main Menu ---")
        print("1. Register")
        print("2. Login")
        print("3. Exit")
        choice = input('Enter your choice: ')

        if choice == '1':
            register_user()
        elif choice == '2':
            login_user()
        elif choice == '3':
            print('Exiting program. Goodbye!')
            break
        else:
            print('Invalid choice. Please try again.')

if __name__ == '__main__':
    main()


ModuleNotFoundError: No module named 'bcrypt'

**Reasoning**:
The previous execution failed because the `bcrypt` module was not found. I need to install it first using `!pip install bcrypt`.



In [6]:
!pip install bcrypt

Collecting bcrypt
  Downloading bcrypt-5.0.0-cp39-abi3-manylinux_2_34_x86_64.whl.metadata (10 kB)
Downloading bcrypt-5.0.0-cp39-abi3-manylinux_2_34_x86_64.whl (278 kB)
[2K   [90m━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━[0m [32m278.2/278.2 kB[0m [31m6.5 MB/s[0m eta [36m0:00:00[0m
[?25hInstalling collected packages: bcrypt
Successfully installed bcrypt-5.0.0


**Reasoning**:
The `bcrypt` module has been successfully installed. Now I can re-execute the previous code block which implements the secure login system with `bcrypt` for password hashing, user registration, and login functionalities.



In [None]:
import bcrypt
import getpass
import re

# Initialize an empty dictionary to store user credentials (username: hashed_password)
users = {}

def register_user():
    print("\n--- User Registration ---")
    while True:
        new_username = input('Enter new username: ')
        if not new_username:
            print('Username cannot be empty. Please try again.')
            continue
        if new_username in users:
            print(f'Username \'{new_username}\' already exists. Please choose a different username or log in.')
            return
        break

    while True:
        new_password = getpass.getpass('Enter new password: ')
        if not new_password:
            print('Password cannot be empty. Please try again.')
            continue
        if len(new_password) < 8:
            print('Password must be at least 8 characters long.')
            continue
        if not re.search(r'[A-Z]', new_password):
            print('Password must contain at least one uppercase letter.')
            continue
        if not re.search(r'[a-z]', new_password):
            print('Password must contain at least one lowercase letter.')
            continue
        if not re.search(r'[0-9]', new_password):
            print('Password must contain at least one digit.')
            continue
        if not re.search(r'[!@#$%^&*(),.?":{}|<>]', new_password):
            print('Password must contain at least one special character.')
            continue
        break

    # Hash the password using bcrypt
    hashed_password = bcrypt.hashpw(new_password.encode('utf-8'), bcrypt.gensalt()).decode('utf-8')
    users[new_username] = hashed_password
    print(f'User \'{new_username}\' registered successfully!')

def login_user():
    print("\n--- User Login ---")
    input_username = input('Enter username: ')
    input_password = getpass.getpass('Enter password: ')

    if input_username not in users:
        print('Invalid username or password.')
        return

    # Check if the entered password matches the stored hashed password
    stored_hashed_password = users[input_username].encode('utf-8')
    if bcrypt.checkpw(input_password.encode('utf-8'), stored_hashed_password):
        print(f'Login successful for user \'{input_username}\'!')
    else:
        print('Invalid username or password.')

def main():
    while True:
        print("\n--- Main Menu ---")
        print("1. Register")
        print("2. Login")
        print("3. Exit")
        choice = input('Enter your choice: ')

        if choice == '1':
            register_user()
        elif choice == '2':
            login_user()
        elif choice == '3':
            print('Exiting program. Goodbye!')
            break
        else:
            print('Invalid choice. Please try again.')

if __name__ == '__main__':
    main()


--- Main Menu ---
1. Register
2. Login
3. Exit
