In [None]:
import hashlib
import random
import string
import re
import time

# Simulate a database for demo purposes
user_db = {
    "password_hash": None,
    "security_answer": None,
    "last_login_attempt": None,
    "failed_attempts": 0,
    "lockout_until": None
}

# Constants
PASSWORD_EXPIRATION_DAYS = 90
MAX_FAILED_ATTEMPTS = 3
LOCKOUT_DURATION_MINUTES = 5
SALT = 's3cr3t_salt'  # Ideally, generate a random salt for each user

# Level 1: Textual Password
def validate_password_format(password):
    """Validate the password format."""
    if (len(password) >= 8 and
        re.search(r'[A-Z]', password) and  # At least one uppercase letter
        re.search(r'\d', password) and  # At least one digit
        re.search(r'[@$!%*?&#]', password)):  # At least one special character
        return True
    return False

def hash_password(password):
    """Hash the password using SHA-256 with salt."""
    salted_password = password + SALT
    return hashlib.sha256(salted_password.encode()).hexdigest()

def verify_password(stored_password_hash, provided_password):
    """Verify a provided password against the stored hash."""
    return stored_password_hash == hash_password(provided_password)

# Level 2: CAPTCHA Verification
def generate_captcha():
    """Generate a random CAPTCHA string."""
    letters = string.ascii_letters + string.digits
    captcha = ''.join(random.choice(letters) for _ in range(6))
    return captcha

def verify_captcha(user_captcha, actual_captcha):
    """Verify the CAPTCHA entered by the user."""
    return user_captcha == actual_captcha

# Level 3: Security Question
def verify_security_question(stored_answer, provided_answer):
    """Verify the answer to the security question."""
    return stored_answer.lower() == provided_answer.lower()

# Level 4: Account Lockout
def is_account_locked():
    """Check if the account is locked due to failed attempts."""
    if user_db['lockout_until'] and time.time() < user_db['lockout_until']:
        return True
    return False

def handle_login_attempt(successful):
    """Handle login attempts, including lockout."""
    if successful:
        user_db['failed_attempts'] = 0
        user_db['lockout_until'] = None
    else:
        user_db['failed_attempts'] += 1
        if user_db['failed_attempts'] >= MAX_FAILED_ATTEMPTS:
            user_db['lockout_until'] = time.time() + (LOCKOUT_DURATION_MINUTES * 60)

def register_user():
    """Handle user registration."""
    while True:
        user_password = input("Create a secure password (at least 8 characters, 1 uppercase, 1 number, 1 special character): ")
        if validate_password_format(user_password):
            confirm_password = input("Confirm your password: ")
            if user_password != confirm_password:
                print("Passwords do not match. Please try again.")
            else:
                user_db['password_hash'] = hash_password(user_password)
                print("Password successfully set.")
                break
        else:
            print("Password must include at least 8 characters, an uppercase letter, a number, and a special character.")

    # Security question setup
    security_question = "What was the name of your first pet?"
    security_answer = input(f"Answer this security question to set up your account: {security_question} ")
    user_db['security_answer'] = security_answer
    print("Security question answer has been saved.")

def login_user():
    """Handle user login."""
    while True:
        if is_account_locked():
            print("Your account is temporarily locked due to multiple failed login attempts. Please try again later.")
            time.sleep(LOCKOUT_DURATION_MINUTES * 60)  # Wait during lockout
            continue

        provided_password = input("Enter your password: ")
        if verify_password(user_db['password_hash'], provided_password):
            handle_login_attempt(True)

            # Level 2: CAPTCHA
            actual_captcha = generate_captcha()
            print(f"CAPTCHA Code: {actual_captcha}")
            user_captcha = input("Enter the CAPTCHA code: ")
            if verify_captcha(user_captcha, actual_captcha):
                print("CAPTCHA code verified.")

                # Level 3: Security Question
                security_question = "What was the name of your first pet?"
                provided_answer = input(f"Please answer the following security question: {security_question} ")
                if verify_security_question(user_db['security_answer'], provided_answer):
                    print("Security question verified. Access granted.")
                    break
                else:
                    print("Incorrect answer to the security question. Access denied.")
            else:
                print("Incorrect CAPTCHA code. Access denied.")
        else:
            handle_login_attempt(False)
            print("Incorrect password. Access denied.")

if __name__ == "__main__":
    # Registration Process
    register_user()

    # Login Process
    login_user()


Create a secure password (at least 8 characters, 1 uppercase, 1 number, 1 special character):  Password@123
Confirm your password:  Password@123


Password successfully set.


Answer this security question to set up your account: What was the name of your first pet?  bill


Security question answer has been saved.


Enter your password:  Password@123


CAPTCHA Code: gKXhH6
