A Python-based secure login and registration system with admin functionality, password hashing, and account lockout protection.
- User registration with strong password validation
- Passwords stored securely using bcrypt hashing
- Login system with progressive lockout after failed attempts
- Admin login with commands:
showlogs→ view audit logslistusers→ view all registered usersremoveuser <name>→ delete a user account
- Audit logging of all actions (registrations, logins, failures, admin actions)
Here’s a quick overview of how the system works:
Registration
- Users must create a username and a strong password.
- The password must contain at least:
- 1 uppercase letter
- 1 lowercase letter
- 1 number
- 1 special character (!@#$%^&*()-_)
- Usernames are unique (case-insensitive).
Login
- Users can log in with their registered credentials.
- After 3 failed attempts, the account is temporarily locked.
- Lockout time increases exponentially with repeated failures.
Admin Mode
- Admins can log in with their credentials.
- Admins can manage users and view logs through special commands.
-
Clone the repository: git clone https://github.com/gilladi/secure-login-system.git cd secure-login-system
-
Create a virtual environment and activate it:
- python -m venv venv
- source venv/bin/activate # macOS/Linux
- venv\Scripts\activate # Windows
-
Install dependencies: pip install -r requirements.txt
-
Run the Program: python secure_login.py
- Allow usernames to be case-sensitive to allow additional uniqueness
- Add support for multiple admin accounts with different roles
- Implement password reset via security questions or tokens
- Export audit logs to a file (CSV/JSON) for external analysis
- Add account deactivation/reactivation commands for admins