# Enhanced User Authentication and Management System

Scenario:
In the context of a User Authentication and Management System, we have completed Exception handling, database operations, and learned how to connect to a database, create tables, and perform CRUD operations. Now, you are tasked with implementing a system for user registration, login, password update, and account deletion.

Requirements:
1. User Registration:
- Implement a function register_user(username, password) that registers a new user.
- Check if the username already exists in the database. If it does, raise a custom exception indicating that the username is already taken.
- Store the user's information (username and securely hashed password) in the database.
- Validate that the provided email follows a proper format during registration.

2. User Login:
- Implement a function login_user(username, password) that authenticates a user.
- Check if the user is already logged in. If yes, raise a custom exception indicating that the user is already logged in.
- Verify the entered username and password against the stored information in the database.
- If the login is successful, mark the user as logged in and provide a success message. If unsuccessful, raise an exception indicating invalid credentials.
- Password must be more than 7 characters with at least one symbol and one uppercase letter during login.

3. Password Update:
- Implement a function update_password(username, old_password, new_password) that allows a user to update their password.
- Check if the user is logged in. If not, raise an exception indicating that the user must be logged in to update the password.
- Verify the entered username and old password against the stored information in the database.
- Update the password with the new password, which must meet the specified criteria.

4. Account Deletion:
- Implement a function delete_account(username, password) that allows a user to delete their account.
- Check if the user is logged in. If not, raise an exception indicating that the user must be logged in to delete the account.
- Verify the entered username and password against the stored information in the database.
- Delete the user's information from the database.

5. Testing:
- Demonstrate the functionality of the system by performing user registration, log in, password update, and account deletion operations.
- Create scenarios where exceptions are expected (e.g., attempting to register with an existing username, logging in while already logged in).
- Validate and enforce security measures such as storing hashed passwords securely, proper email format during registration, and password complexity during login and registration.

Instructions for Everyone:
- Implement the functions based on the provided requirements.
- Test the functionality using example scenarios and handle exceptions as specified.
- Create scenarios to simulate various cases such as duplicate usernames, incorrect login credentials, updating passwords without being logged in, and attempting to delete an account without being logged in.
- Ensure that the system provides appropriate feedback and raises exceptions with meaningful messages.
- Pay attention to security aspects, such as storing hashed passwords securely, validating email formats, and enforcing password complexity during login and registration.
- Encourage students to think about potential security vulnerabilities and ways to mitigate them.

In [57]:
!pip install bcrypt




[notice] A new release of pip available: 22.3.1 -> 24.0
[notice] To update, run: python.exe -m pip install --upgrade pip


In [1]:
# to create database
import sqlite3
conn = sqlite3.Connection("Management_System.db")
cursor = conn.cursor()

In [2]:
# creating table
query = """
CREATE table userdetails
(
username varchar(50),
firstname varchar(50),
lastname varchar(50),
password varchar(500)
)
"""
cursor.execute(query)

<sqlite3.Cursor at 0x27804f6a540>

In [69]:
cursor.execute("ALTER TABLE userdetails ADD email varchar")

<sqlite3.Cursor at 0x27804f6a540>

In [74]:
# solution

class UserExist(Exception):
    pass
class ErrorEmail(Exception):
    pass
def register_user(username, password):
    exist_username = cursor.execute("SELECT username from userdetails").fetchall()
    try:
        for item in exist_username:
            new_item = list(item)
            if "".join(new_item) == username:
                raise UserExist("Username already exist.")
        password 
        first_name = input("Enter a first name:")
        last_name = input("Enter a last name:")
        # email = input("Enter a email:")
        # if email:
        #     raise ErrorEmail("Invalid email")
        data_to_be_inserted = (username, first_name, last_name, password)
        print(data_to_be_inserted)
        print("----------------")
        insert_query = """
        Insert into userdetails
        (username, firstname, lastname, password)
        values
        (?,?,?,?)
        """
        # cursor.execute(insert_query, data_to_be_inserted)
        print("User registered successfully!")
    except (UserExist, ErrorEmail) as e:
        print(e)

ModuleNotFoundError: No module named 'bcrypt'

In [52]:
register_user(username="ram12",password="123e")

Username already exist.
