web.py Sessions, Jinja2, Password Hashing
Mar. 5 and 7:
The following WSGI applications will only work on Goucher's internal
wired and wireless networks (i.e., not GoucherGuest).
text of pageCount.py,
text of pageCount.html,
text of pageCountReset.html.
text of dbdemo.py,
text of login.html,
text of logout.html,
text of query.html,
text of result.html.
Standalone Python program demonstrating database queries:
NOTE: See web.py Resources Section below for how to avoid SQL injection
attacks when using db.query().
Exercise: Modify the following todo app to add this functionality:
- Works with multiple users. Add registration and login
functions. Each user should have their own todo list.
- At a minimum, the users table will have to have username and
password hash attributes. It will ease things if you set the table
up so that it automagically generates a unique user id.
- Only store hashed passwords. Only store hashed passwords.
Only store hashed passwords. See the python code under the Welcome
Passslib to see how simple this is to do.
- The todo table has a boolean done attribute. Use it to mark a
task done. A user should be able to either mark an active task done
or to delete it.
- Add the capability of displaying either the active tasks or the
- Add whatever additional functionality that time permits. For
example, you could allow users to assign priorities or due dates to
tasks. Tasks could be displayed sorted on a particular attribute of
the user's choosing.
text of todo.py,
text of todo.html,
schema for original todo table.
If necessary, use these SQL commands to drop the original todo table
and todo id sequence from your database:
drop sequence todo_id_seq;
drop table todo;
Look below for resources.