-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathSQLite_main.py
217 lines (193 loc) · 7.69 KB
/
SQLite_main.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
import sqlite3
import random
import string
import bcrypt
from AES_encryption import encrypt as aes_encrypt, decrypt as aes_decrypt
import os
from os import path
# pip install -r requirements.txt
# for this file, MySQL is NOT needed.
if path.exists('SQLite_PWD.db'):
mydb = sqlite3.connect('SQLite_PWD.db')
mycursor = mydb.cursor()
else:
mydb = sqlite3.connect('SQLite_PWD.db')
mycursor = mydb.cursor()
print("Creating tables")
mycursor.execute("""CREATE TABLE accounts (
account_id INT NOT NULL UNIQUE PRIMARY key,
username TEXT NOT NULL,
password TEXT NOT NULL,
salt TEXT NOT NULL
)""")
mydb.commit()
mycursor.execute("""CREATE TABLE stored_passwords (
account_id INT NOT NULL REFERENCES accounts(account_id),
username TEXT NOT NULL,
location TEXT NOT NULL,
website_username TEXT NOT NULL,
the_password TEXT NOT NULL,
salt TEXT NOT NULL,
notes TEXT NULL
)""")
mydb.commit()
print(""" Done """)
os.system("clear")
def create_account():
username = input("""Username
>""").lower()
if 3 < len(username) < 15:
mycursor.execute(f"""SELECT username FROM accounts WHERE username = '{username}' """)
myresult = mycursor.fetchone()
# in order to see if that username already exists in the database
if not myresult:
password = input("""Password
>""")
if 20 > len(password) > 5:
def get_random_string(length):
# Random string with the combination of lower and upper case
letters = string.ascii_letters
result_str = ''.join(random.choice(letters) for i in range(length))
return result_str
salt_letter = get_random_string(12)
salt_number = random.randint(99999999999, 999999999999)
salt = salt_letter + str(salt_number)
pwd_salt = password + salt
password = pwd_salt.encode('utf-8')
hashed = bcrypt.hashpw(password, bcrypt.gensalt(16))
hashed = hashed.decode()
mycursor.execute("""SELECT MAX(account_id) FROM accounts""")
# retrieves the row with the highest message_id number
old_max_id = mycursor.fetchone()
try:
new_max_id = old_max_id[0] + 1
# creates the highest id number that is one larger from the second largest.
except TypeError:
new_max_id = 1
# used for if the database has no rows/is wiped clean
mycursor.execute(f"""
INSERT INTO accounts (account_id, username, password, salt)
VALUES ("{new_max_id}", "{username}", "{hashed}", "{salt}");""")
mydb.commit()
elif len(password) <= 5:
print("Password is too short")
create_account()
elif len(password) >= 20:
print("Password is too large")
create_account()
else:
print("username already exists. Try another \n")
create_account()
else:
print("Invalid username length. Try again")
def store_password():
username = input("""Username
>""").lower()
if len(username) > 20 or len(username) < 2:
return print("invalid password length")
mycursor.execute(f"""SELECT * FROM accounts WHERE username = '{username}' """)
myresult = mycursor.fetchone()
if not myresult:
return print("Failure")
hashed = myresult[2]
salt = myresult[3]
hashed_password = hashed.encode('utf-8')
password = input("""Password
>""")
password = password + salt
if bcrypt.checkpw(password.encode('utf-8'), hashed_password):
account_id = myresult[0]
location = input("""Website name
>""").lower()
mycursor.execute(f"""
SELECT username FROM stored_passwords WHERE location = '{location}'
and username = '{username}'""")
myresult = mycursor.fetchone()
# in order to see if that username already exists in the database
if not myresult:
sub_username = input("""What is your username for that website?
>""")
the_password = input("""What is your password for that website?
>""")
notes = input("""Any personal notes? Such as the website link?
>""")
notes_encrypt = aes_encrypt(password.encode(), notes.encode())
notes_encrypt_x2 = aes_encrypt(password.encode(), notes_encrypt.encode())
def get_random_string(length):
# Random string with the combination of lower and upper case
letters = string.ascii_letters
result_str = ''.join(random.choice(letters) for i in range(length))
return result_str
salt_letter = get_random_string(12)
salt_number = random.randint(99999999999, 999999999999)
salt = salt_letter + str(salt_number)
pwd_salt = the_password + salt
encrypted_pwd = aes_encrypt(password.encode(), pwd_salt.encode())
encrypted_pwd_x2 = aes_encrypt(password.encode(), encrypted_pwd.encode())
if account_id != "" and location != "" and sub_username != "" and the_password != "":
mycursor.execute(f"""
INSERT INTO stored_passwords (account_id, username, location, website_username, the_password, salt, notes)
VALUES ("{account_id}", "{username}", "{location}", "{sub_username}", "{encrypted_pwd_x2}", "{salt}",
"{notes_encrypt_x2}")""")
mydb.commit()
else:
print("failure")
else:
print("That website name already exists")
else:
print("failure")
def read_password():
username = input("""Username
>""").lower()
mycursor.execute(f"""SELECT * FROM accounts WHERE username = '{username}' """)
myresult = mycursor.fetchone()
if not myresult:
return print("Failure")
hashed = myresult[2]
salt = myresult[3]
hashed_password = hashed.encode('utf-8')
password = input("""Password
>""")
password = password + salt
if bcrypt.checkpw(password.encode('utf-8'), hashed_password):
account_id = myresult[0]
location = input("""Website name
>""").lower()
mycursor.execute(f"""
SELECT * FROM stored_passwords WHERE username = '{username}' AND location = '{location}';
""")
myresult = mycursor.fetchone()
decrypt_web_pwd = aes_decrypt(password.encode(), (myresult[4]))
decrypt_web_pwd_x2 = aes_decrypt(password.encode(), decrypt_web_pwd)
salt = myresult[5]
web_pwd_no_salt = decrypt_web_pwd_x2.replace(salt, "")
decrypt_notes = aes_decrypt(password.encode(), myresult[6])
decrypt_notes_x2 = aes_decrypt(password.encode(), decrypt_notes)
print(f"""
Website Name: {myresult[2]}
Website Username: {myresult[3]}
Website Password: {web_pwd_no_salt}
Notes: {decrypt_notes_x2}
""")
else:
print("Failure")
request = input("""
Commands
- "Create" : Create a master account. That password is used to encrypt
and decrypt passwords for websites.
- "Store" : Save website credentials in database
- "Read" : View credentials for website
>""").lower()
if __name__ == '__main__':
if request == "create":
create_account()
mydb.close()
elif request == "store":
store_password()
mydb.close()
elif request == "read":
read_password()
mydb.close()
else:
print("failure")
mydb.close()