**Problem Statement**

You want to be safe online and use different passwords for different websites. However, you are forgetful at times and want to make a program that can match which password belongs to which website without storing the actual password!

This can be done via something called hashing. Hashing is when we take something and convert it into a different, unique identifier. This is done using a hash function. Luckily, there are several resources that can help us with this.

For example, using a hash function called SHA256(...) something as simple as

hello

can be hashed into a much more complex

2cf24dba5fb0a30e26e83b2ac5b9e29e1b161e5c1fa7425e73043362938b9824

Fill out the login(...) function for a website that hashes their passwords. Login should return True if an email's stored password hash in stored_logins is the same as the hash of password_to_check.

(Hint. You will need to use the provided hash_password(...) function. You don't necessarily need to know how it works, just know that hash_password(...) returns the hash for the password!)

In [2]:
# Import SHA256 hashing algorithm from hashlib
from hashlib import sha256

def login(email, stored_logins, password_to_check):
    """
    Returns True if the hash of the password we are checking matches the one in stored_logins
    for a specific email. Otherwise, returns False.

    Parameters:
        email: The email address to check (key in stored_logins dictionary)
        stored_logins: Dictionary mapping emails to hashed passwords
        password_to_check: Plain text password to verify
    """
    # Hash the provided password and compare with stored hash
    if stored_logins[email] == hash_password(password_to_check):
        return True
    return False

def hash_password(password):
    """
    Takes in a password and returns the SHA256 hashed value for that specific password.
    
    Parameters:
        password: Plain text password to hash
    
    Returns:
        Hexadecimal string representation of the hashed password
    """
    # Convert password to bytes, hash it, and return hex string
    return sha256(password.encode()).hexdigest()

def main():
    # Dictionary of email:hashed_password pairs
    # Note: These are real SHA256 hashes of actual passwords:
    # example@gmail.com -> "password"
    # code_in_placer@cip.org -> "karel"
    # student@stanford.edu -> "123!456?789"
    stored_logins = {
        "example@gmail.com": "5e884898da28047151d0e56f8dc6292773603d0d6aabbdd62a11ef721d1542d8",
        "code_in_placer@cip.org": "973607a4ae7b4cf7d96a100b0fb07e8519cc4f70441d41214a9f811577bb06cc",
        "student@stanford.edu": "882c6df720fd99f5eebb1581a1cf975625cea8a160283011c0b9512bb56c95fb"
    }

    # Test cases for login function
    # Test case 1: incorrect and correct password for example@gmail.com
    print(login("example@gmail.com", stored_logins, "word"))          # Should print False
    print(login("example@gmail.com", stored_logins, "password"))      # Should print True
    
    # Test case 2: case-sensitive password test for code_in_placer@cip.org
    print(login("code_in_placer@cip.org", stored_logins, "Karel"))   # Should print False
    print(login("code_in_placer@cip.org", stored_logins, "karel"))   # Should print True
    
    # Test case 3: complex password test for student@stanford.edu
    print(login("student@stanford.edu", stored_logins, "password"))   # Should print False
    print(login("student@stanford.edu", stored_logins, "123!456?789")) # Should print True

# Python boilerplate to ensure main() only runs if this file is run directly
if __name__ == "__main__":
    main()

False
True
False
True
False
True
