Thread: Input a password and replace with *s

>1. I have an output (printf) before the password is input, and it only appears after it has been input.
This is a buffering problem. You need to print a newline or flush the stream (or pray the buffer gets filled up at the right time):

Code:

printf ( "Blah blah blah\n" ); /* Flushes automagically */

printf ( "Ask for input: " ); /* Doesn't flush automatically */
fflush ( stdout ); /* Force a flush */

>2. The stars are output with the output above, after the whole password is input.
>3. If the maximum number of characters is input, the program just continues.
Post your code. These sound like flaws in your logic.

Originally Posted by Abda92

OK. Everything went good except for a few issues:
1. I have an output (printf) before the password is input, and it only appears after it has been input.

Code:

fflush(stdout);

before the password request.

2. The stars are output with the output above, after the whole password is input.
3. If the maximum number of characters is input, the program just continues. I would like it to continue only after enter is input.

Thanks for the help

You'll have to show the code for password input for this to be answerable - I presume it is one of the several varieties posted above, but I don't know which version you are currently using.

I think #2 may be solved by same method as #1 - you need to fflush(stdout) after each star is printed.

--
Mats

MAN! Each time I fix a problem, another one comes out of nowhere!
I fixed the backspace, I just needed to decrement i twice.
but now when the user inputs more than 12 characters, it keeps on taking characters in, which is not bad. The problem is that the last of these unwanted characters replaces the last of the wanted characters.
e.g. If the user inputs "abcdefghijklmnop" the password is saved as "abcdefghijkp".

Now what ?

EDIT: btw, here's the new code:

Code:

void getpassword(char password[], int maxlength)
{
	int i;
	char c;

	printf("Please input password (max. %d characters): ", KEYLENGTH);
	fflush(stdout);

	for (i=0; i<maxlength+1; i++)	/* maxlength+1 just to allow the user to press enter. If not +1 program continues as soon as 12th char is input */
	{
		if ((c=mygetch()) == '\r') break;
		if (i<maxlength && c != '\b')	/* save character in password */
		{
			password[i] = c;
			putchar('*');
		}
		else if (c == '\b')		/* perform backspace */
		{
			putchar('\b');
			i -= 2;
		}
		else if (c != '\b')		/* just to let the program continue looping. all extra characters are IGNORED */
		{
			putchar('\b');
			i--;
		}
		fflush(stdout);
	}
	password[i] = '\0';
}

Using your last:
void getpassword(char password[], int maxlength)
...and
char mygetch(void)
...from above along with the following main():

Code:

#include <stdio.h>
#include <windows.h>
#define  KEYLENGTH 15

void PAUSE(void){int c; while( (c=getchar()) != '\n' && c != EOF);}
void getpassword(char password[], int maxlength);
char mygetch(void);

int main(void)
{
  int  maxlength = 15;
  char password[KEYLENGTH + 1]      = {0};

  void PAUSE(void){int c; while( (c=getchar()) != '\n' && c != EOF);}
  getpassword(password, maxlength);
  printf("\n\npassword= &#37;s \n", password);
  getchar();
  return 0;
}

I get the following:

Code:

/* I type letters a thru q: */

Please input password (max. 15 characters): ***************
password= abcdefghijklmno
/*******************************************************/
/* I type digits 1 thru 0 twice (20 characters)

Please input password (max. 15 characters): ***************
password= 123456789012345

The cursor moves back after 15 chars, but nothing is erased.
(why are you doing that anyhow....)
Also, in getpassword() :
'i' may never reach maxlength because of all the decrementing.

I get same behavior with or without fflush(stdout):
program overruns the getchar() at end of main because of (stdin) leftovers.
Try that PAUSE() function up there instead of fflush() at end of your getpassword():

Code:

...snip...
        /* fflush(stdout); */
    }
    password[i] = '\0';
    PAUSE();
}                    /* end of getpassword() */

So... What's the problem?
I am on a '98 msdos console. Perhaps XP or Vista consoles behave differently.

If you want to do a "proper" backspace, you should probably do

Code:

puts("\b \b");

Also, don't use a for-loop for the password entry, use a while-loop.

Only increment the chars when accepted, and if backspace is entered, remove one letter (if there's anything already entered), by printing a backspace and decrementing the length of the string.

When you see an enter, it's finished.

I'm pretty sure the fflush is needed at each iteration of the loop, so don't listen to HowardL on that one.



--
Mats

Code:

puts("\b \b");

Actually, since puts() prints a newline at the end, perhaps this would be more appropriate:

Code:

printf("\b \b");

Originally Posted by dwks

Code:

puts("\b \b");

Actually, since puts() prints a newline at the end, perhaps this would be more appropriate:

Code:

printf("\b \b");

Yeah, ok, if you insist :-)

--
Mats

re:' \b's
Oh , I see. You are giving the user the ability to correct input... and it works. Nifty. Sorry, I did not get that before...

I'm pretty sure the fflush is needed at each iteration of the loop, so don't listen to HowardL on that one.

I still notice no difference with or without fflush(stdout)'s.
I don't understand, could you explain:
what might be left unprinted in stdout and why it would be there?

I was suggesting PAUSE(); to unload stdin which still contains at least one character as it leaves getpassword() (...at least the last one posted above does).
It might be the' \n' after '\r' from the '\r\n' produced when pressing ENTER to end input.
Does the XP console behave differently in these respects than my 98 console?
Thanks, Howard;

Originally Posted by HowardL

re:' \b's
Oh , I see. You are giving the user the ability to correct input... and it works. Nifty. Sorry, I did not get that before...


I still notice no difference with or without fflush(stdout)'s.
I don't understand, could you explain:
what might be left unprinted in stdout and why it would be there?

It is common for implementations of file-io (stdio.h) to not flush every single write immediately, but to buffer up several operations together. It depends on which compiler (and related library functions you use). fflush(stdout) won't hurt and it makes it safe - this isn't a performance critical section of the code anwyays, right?

I was suggesting PAUSE(); to unload stdin which still contains at least one character as it leaves getpassword() (...at least the last one posted above does).
It might be the' \n' after '\r' from the '\r\n' produced when pressing ENTER to end input.
Does the XP console behave differently in these respects than my 98 console?
Thanks, Howard;

Well, yes, clearing the input buffer if the password was too long for the valid input is a good idea, indeed. But it's not a replacement for fflush().

--
Mats

I would use a switch instead of several if-statements, something like this:

Code:

   int done = 0;
... 
   while(!done) {
      c=mygetch();
      switch(c) {
         case '\r':
         case '\n':   // Just in case. 
            done = 1;
            break;
         case '\b':
            if (i > 0)  {
                .. 
            }
            break;
         default:
             if (isprint(c) && i < maxlength) {
                ... 
             }
             break;
...

Note that the above code is designed to ALWAYS exit when the user presses enter, rather than leaving some "leftovers" in the input buffer, no matter how much input is given - it is just ignored. So if someone types in
SomeReallyVeyLongPasswordThatDoesntFit
you won't have some parts of it still sitting in the input buffer.

Also, this comment doesn't make sense (in relation to the code):

Code:

/* just to allow the user to press enter or enter extra IGNORED characters. If not +1 program continues as soon as 12th char is input */

I use "isprint()" to see if something is a valid character, rather than checking ascii values. It is better out of two perspectives:
1. it allows any printable character, which is probably what you want - even if they aren't in the original ascii table, such as ä, å etc. No reason NOT to allow those.
2. It is much more straight forward a check than the two numeric values you use, and doesn't need any explanation to anyone else reading the code that may not be quite so clued up on ascii characters.
3. [For the benefit of the pedants that like pointing these things out] it works for other character sets than ASCII.

If you explicitly don't want spaces in the password, you may want to add "!iswhite(c)" on to the conditions for adding characters to the string. I personally would prefer to just allow spaces, here, and if spaces are a nuisance (or some other way not valid as part of a password), make sure that spaces aren't allowed when you SET the password - it improves the security somewhat to not give away which characters are valid and invalid when you enter the password.

--
Mats

Originally Posted by matsp

I use "isprint()" to see if something is a valid character, rather than checking ascii values. It is better out of two perspectives:
1. it allows any printable character, which is probably what you want - even if they aren't in the original ascii table, such as ä, å etc. No reason NOT to allow those.
2. It is much more straight forward a check than the two numeric values you use, and doesn't need any explanation to anyone else reading the code that may not be quite so clued up on ascii characters.
3. [For the benefit of the pedants that like pointing these things out] it works for other character sets than ASCII.

You should also add:
4. The code has already been written and thoroughly tested, so you know it works. There's no point in reinventing the wheel. Unlike code that you write, the standard functions are virtually guaranteed not to have bugs.