0
    def changePassword(self,NewPassword,adminId):
        def Hash(NewPassword,adminId):
            print("adgjadg")
            salt = os.urandom(32) # A new salt for this user
            key = hashlib.pbkdf2_hmac('sha256',NewPassword.encode('utf-8'),salt,100000)
            NewPassword = {'salt': salt,'key': key} # stores salt and key
            print(NewPassword)

            storage = salt + key
            print(storage)

            saltFromStorage = storage[:32]
            keyFromStorage = storage[32:]


            storage = str(storage)

            print(adminId)

            updatePassword = f"UPDATE users SET password = ? WHERE username = '{adminId}'"
            cur.execute(updatePassword,storage)
            con.commit()

The hashing algorithm is perfectly functional but trying to store the salt and key in the database doesn't seem to work. I don't think it likes all the symbols like ' and / included in the key.

Here' an example of a key and salt put together: b'n\x8d\x9a\x8c\xb6b5.\xd4\x18^\x9c\xc9\x1e\x86\\xf6\xb0\x90\x1d\n\xa3x$C\xe2\xec\xcd+\xa694\xcf\xaa\x00<\xa2\xf2vC\x00\xba\x97I&\x96\x10\x15i\x19\xb3z\xea\xa1m\xd7\x84c\x08\xb8\x14u\xc7N'

Is it even possible to store a string the complex into a binary db file or am I doing something wrong?

File "/Users/kevinoo/Desktop/cpsc nea/NEAMainPage.py", line 209, in Hash cur.execute(updatePassword,storage) sqlite3.ProgrammingError: Incorrect number of bindings supplied. The current statement uses 1, and there are 189 supplied.

Gives me this error, 189 supplied??? cmon now

Kevin412
  • 1

1 Answers1

0

The parameterised query takes a tuple of values. The 189 values are probably the length of your string as it thinks each character is a parameter. To fix this, change cur.execute(updatePassword,storage) to cur.execute(updatePassword,(storage,)). Now storage is in a tuple of length 1.
Whilst this works, I'd also recommend parameterising adminId as well: updatePassword = "UPDATE users SET password = ? WHERE username = ?" and then cur.execute(updatePassword, (storage, adminId)).
You could also store the hash in the database as a blob instead of text. A blob is just binary data, which is ideal for this as storage is a bytes object. You would have to alter the column to do this but then you don't have to convert to and from a string when writing/reading.

Henry
  • 3,472
  • 2
  • 12
  • 36