HiveBrain v1.2.0
Get Started
← Back to all entries
patternpythonModerate

Thrice nested "OS" in Python

Submitted by: @import:stackexchange-codereview··
0
Viewed 0 times
thricenestedpython

Problem

This Python main is what greets the user to a thrice nested super duper barebones OS. The entire rest of my code isn't bug free but this section is, and it feels dirty anyway. I'd like to know how to make it better, by adhering to conventions, or by removal of fatty code.

NOTE: I am not looking to use classes with any of this, because part of the challenge of this program is structuring it with procedural means.

from functions import *

innerLoopFlag = False
while True:
 if innerLoopFlag:
     break
 makeNew = raw_input("Login || Create New Account... ")
 if makeNew == "c-na":
     ui = createAccount()
     createFileSyst(ui)
     break
 if makeNew == "l-a":
     ui = [raw_input("Username... ").strip(),pw("Password... ").strip()]
     if not os.path.isdir(ui[0]):
         print "It appears that this username doesn't exist, please log in legitimately or create an account"
         continue
     if ui:
         while True:
             if takeCheck(ui):
                 print "Successful login..."
                 innerLoopFlag = True
                 break
             else:
                 print "Failure logging in, retrying..."

all()
print "Goodbye", ui[0]

Solution

I don't understand what you mean by "thrice nested", or why you call this an OS. I'm reviewing it as a login prompt.


The entire rest of my code isn't bug free but this section is

Beware of believing something is bug-free. It never is. This is especially important for code which needs to be secure, as this presumably does.

Now for the review:

Many variables need names that say what they mean:

  • What does innerLoopFlag mean? Something like successful_login, right?



  • makeNew: command?



  • ui: credentials?



  • createFileSyst: (There's no need to abbreviate such a rarely used name.) Something like createUserDirectory? But it should be called from createAccount, not here.



  • takeCheck: What does this do? Is it isValidLogin?



  • all: Is it something like runUserSession?



Simplifications:

  • The conditional break at beginning of the loop can become the loop condition: while not innerLoopFlag.



  • The if ui test is always true.



-
The inner loop can be simplified by making the loop condition do the work:

while not takeCheck(ui):
    print "Failure logging in, retrying..."
print "Successful login..."
break


This also makes innerLoopFlag unnecessary. However, why are you retrying at all? Do you expect login to fail and then succeed?

Bugs:

  • Stripping the password is not safe, because passwords can contain whitespace.



  • Security hole: the isdir call lets anyone test for the existence of arbitrary directories. Imagine trying to log in with a username like '../../../some/private/directory'. Also, it depends on the current directory. Is there a user table you could look the user up in instead?



  • (Revealing whether a user exists is also sometimes considered a security hole, but that's debatable.)



Usability:

  • Are "c-na" and "l-a" user-supplied strings, or generated by raw_input, or what?



  • Output ending in "... " looks like a progress message ("Please wait..."), not a prompt. "Login: " and "Password: " are the standard prompts.

Code Snippets

while not takeCheck(ui):
    print "Failure logging in, retrying..."
print "Successful login..."
break

Context

StackExchange Code Review Q#49565, answer score: 10

Revisions (0)

No revisions yet.