Skip to content
Branch: master
Find file Copy path
Find file Copy path
Fetching contributors…
Cannot retrieve contributors at this time
99 lines (83 sloc) 3.05 KB
#!C:\Python27\python.exe -u
#!/usr/bin/env python
import MySQLdb
import hashlib
import cgi
import uuid
def check_password(hashed_password, user_password):
password, salt = hashed_password.split(':')
return password == hashlib.sha256(salt.encode() + user_password.encode()).hexdigest()
def hash_password(password):
salt = uuid.uuid4().hex
return hashlib.sha256(salt.encode() + password.encode()).hexdigest() + ':' + salt
def show_update_ui():
print """
<div class="center">
<form method="post" action="#">
<p><input type="text" name="username" placeholder="Username" required autofocus autocomplete="username" /></p>
<p><input type="password" name="current_password" placeholder="Current Password" required autocomplete="current-password" /></p>
<p><input type="password" name="new_password" placeholder="New Password" required autocomplete="new-password" /></p>
<p><input type="password" name="confirm_new_password" placeholder="Confirm New Password" required autocomplete="new-password" /></p>
<p><input type="submit" value="Update" /></p>
print "Content-type: text/html\n"
print """
<meta charset="utf-8">
<meta http-equiv="X-UA-Compatible" content="IE=edge">
<meta name="viewport" content="width=device-width, initial-scale=1">
<title>Ultra Motivator Update Password</title>
<link rel="stylesheet" href="">
<link rel="stylesheet" href="style.css" />
<h1> Ultra Motivator Update Password </h1>
form = cgi.FieldStorage()
if "username" not in form or "current_password" not in form or "new_password" not in form or "confirm_new_password" not in form:
input_username = form.getvalue("username", "")
input_current_password = form.getvalue("current_password", "")
input_new_password = form.getvalue("new_password", "")
input_confirm_new_password = form.getvalue("confirm_new_password", "")
if input_new_password != input_confirm_new_password:
print """<h3>New Password Fields Did Not Match!</h3>"""
conn = MySQLdb.connect (
host = "my_host",
user = "my_user",
passwd = "my_password",
db = "my_db")
cur = conn.cursor()
cur.execute("SELECT username, password FROM User")
results = cur.fetchall()
signed_in = False;
for row in results :
name = str(row[0])
password = str(row[1])
if name == input_username and check_password(password, input_current_password):
command = "UPDATE User SET password = %s WHERE username = %s"
cur.execute(command, (hash_password(input_new_password), input_username))
print """<h1>Password Updated For %s</h1>""" % input_username
signed_in = True;
if signed_in == False:
print """<h3>invalid username and/or password</h3>"""
except MySQLdb.Error, e:
print "Error %d: %s" % (e.args[0], e.args[1])
if cur:
# close the cursor
if conn:
# close the connection
print """</body></html>"""
You can’t perform that action at this time.