I am making a simple web application that requires a login for the admin page. I came across this spell on web.py ( http://webpy.org/cookbook/userauth ):
import hashlib
import web
def POST(self):
i = web.input()
authdb = sqlite3.connect('users.db')
pwdhash = hashlib.md5(i.password).hexdigest()
check = authdb.execute('select * from users where username=? and password=?', (i.username, pwdhash))
if check:
session.loggedin = True
session.username = i.username
raise web.seeother('/results')
else: return render.base("Those login details don't work.")
However, the page also gives a somewhat ominous warning: "Do not use this code on a real site - this is just for illustration." I was wondering if there were any serious flaws in this, I was somewhat unfamiliar with web programming, so I just wanted to make sure that using this code would inadvertently make the application open for trivial attack vectors?
Many thanks