Client Server User registration and logon

This is a discussion on Client Server User registration and logon within the Networking/Device Communication forums, part of the General Programming Boards category; I now have a functioning client server style chat written in C. However, the next part of functionality includes the ...

  1. #1
    Registered User
    Join Date
    Nov 2009
    Posts
    51

    Client Server User registration and logon

    I now have a functioning client server style chat written in C. However, the next part of functionality includes the ability for users to register themselves a user name and password and then be able to use these in the future.

    Can anyone give me any hints to get me started?

    Obviously the socket will have to be setup before this can take place so somehow the server has to recognize a login attempt and deal with it.

  2. #2
    Registered User
    Join Date
    Oct 2006
    Location
    Canada
    Posts
    1,243
    Well when you see "username" and "password", you should be thinking persistent storage, i.e. a database with something like a "users" table. If its small enough, you could just use a file, like .CSV, or some binary file that you design.

    Having a simple working client/server "chat" program already makes things easier. This can be modified without too much effort (at least less effort than the initial client/server program you wrote). Basically, when a connection is accepted on the socket, you need to ask whether its a new user (registering) or existing user (registered user). If its a new one, you do some function to ask for the info, get the info, store the info. If its an existing user, you ask for the login info, get the info, validate the info against your users file/database, and accept or deny them accordingly.

  3. #3
    Registered User
    Join Date
    Nov 2009
    Posts
    51
    So this would be before the socket is added to the list of file descriptors maintained by select?

    e.g. before

    Code:
    FD_SET(newfd, &master); // add to master set

  4. #4
    Registered User
    Join Date
    Oct 2006
    Location
    Canada
    Posts
    1,243
    I have no clue what you mean. My description was high-level, and did not mention those technical details. Also, I dont know how your entire program is laid out, so I dont know what any of these variables are, or what a "master set" is.

    I would start by modifying your program to prompt the user for new/existing user, and implement the new user part only (to start). Therefore you need to think of how youre storing the user information: database? plain text CSV file? binary file? Whatever method you use you will have to familiarize yourself with so thats the next step.

    After that, you ask for the user info (name,password whatever). You then have to check if the name is already taken, so you need a way to search your persistent storage. Another step. If it doesnt exist, you save this info. So you need a way to insert/write to your persistent storage. Another step.

    Jumping over all of these details to some specific line in your existing code I dont think is the correct way to approach problems/solutions.

  5. #5
    spurious conceit MK27's Avatar
    Join Date
    Jul 2008
    Location
    segmentation fault
    Posts
    8,300
    Quote Originally Posted by Martin_T View Post
    So this would be before the socket is added to the list of file descriptors maintained by select?
    I think you should make it a rule that if you have a connected socket, it is on that list. When you disconnect, you remove it. Even if it is just someone trying to log in and failing, the socket is still connected. When you disconnect the socket, you remove it.

    The way I have dealt with this is to use a "protocol" header method (again). Sometimes the header is like this:

    int length;
    char command;

    So that's a 5 byte header. In my web chat I didn't bother with the length (or rather, the length is an option following the command). The command is a single char:

    L = login request. This is formatted by your client.
    M = normal message. The client only does this if it succeeds logging in.
    D = disconnect. Could be from the server if your login is wrong.

    And so on. This is ALWAYS the first byte of EVERY transmission (that's how http works, and, in fact, the tcp/ip layer that you are already using -- just the socket API deals with the tcp/ip header, so you never see it. You can learn more about that stuff with pcap.) Anyway, sometimes that is the only byte, depending on the nature of the command.

    Here's a big tip, maybe: remember, you can get the IP address of who you are connected to (because that's in the tcp/ip header! always!). With C, that goes into the struct sockaddr *addr that's returned by accept(). This is crucial for non-persistant connects (such as a web chat must be), because otherwise, someone can spoof being someone who is already logged in. If you are keeping all logged in users connected, this is not an issue.

    So I would just make a login request a message formatted by the client:

    Lname//password

    You have to restrict names to insure they don't contain // or whatever you want to use as the seperator, since you use that to split the line.
    C programming resources:
    GNU C Function and Macro Index -- glibc reference manual
    The C Book -- nice online learner guide
    Current ISO draft standard
    CCAN -- new CPAN like open source library repository
    3 (different) GNU debugger tutorials: #1 -- #2 -- #3
    cpwiki -- our wiki on sourceforge

  6. #6
    Registered User
    Join Date
    Nov 2009
    Posts
    51
    the header suggestion really helped me. I now can sent a message from a client and the server will recognise the action required. However just wondering how to deal with the user registration request. Say for example if it comes through as "usersname@password". Obviously i need to seperate the username from the password but then whats the easiest method to save them? In a text file?

  7. #7
    spurious conceit MK27's Avatar
    Join Date
    Jul 2008
    Location
    segmentation fault
    Posts
    8,300
    Quote Originally Posted by Martin_T View Post
    the header suggestion really helped me. I now can sent a message from a client and the server will recognise the action required. However just wondering how to deal with the user registration request. Say for example if it comes through as "usersname@password". Obviously i need to seperate the username from the password but then whats the easiest method to save them? In a text file?
    Depends on how secure you want them, eg, if there is some possibility someone might be able to get that file, then you might want to encrypt it. But in any case, yeah, I would just use a text file for that.
    C programming resources:
    GNU C Function and Macro Index -- glibc reference manual
    The C Book -- nice online learner guide
    Current ISO draft standard
    CCAN -- new CPAN like open source library repository
    3 (different) GNU debugger tutorials: #1 -- #2 -- #3
    cpwiki -- our wiki on sourceforge

  8. #8
    Registered User
    Join Date
    Nov 2009
    Posts
    51
    Finally got some time to do some work on this... So where i'm upto.

    The client can request to register. This sends a packet to the server with a header 'R'. The server then stores the details in a text file.

    The client can then send a login request which is put into a packet headed with 'L'. The server recognises if the user is registered, if the password is correct etc. HOWEVER, I need to now 'inform' the client that they are signed in and therefore can send messages.

    All the clients are in one list which is cycled through using select(). How can I send a message to the logging on client only to tell then they are now logged on?

    Thanks in advance.

Popular pages Recent additions subscribe to a feed

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21