Thread: New to C++

  1. #1
    Registered User
    Join Date
    Oct 2007
    Posts
    4

    New to C++

    i am trying to scirpt a loggin program for a project of mine i do not have that much programming experience and have only been using C++ for around 3 days, i think i have done ok to write this so far but you may not and this would really help me to know that what i have done is wrong,

    here is what i have so far

    Code:
    // Login program
     
    #include <iostream>
    #include <string>
    using namespace std;
    
    int main()
    {
    	string user;
    	string username = "john";
    	string pass;
    	string password = "hello";
    
    	cout << "\tWelcome to Login\n\n"; 
    	do
    {
    		cout << "Enter your Username: ";
    		cin >> user; // put Username into user
    		cout << "Enter your Password: ";
    		cin >> pass; // put passoword into pass
    
    		if (user + pass == username + password) // If Username & Password are correct then will state
    			cout << "Correct Username & Passowrd\n\n"; 
    		
    		if (user + pass != username + password) // If Usename & Password are incorrect then will state
    			cout << "Incorrect Username or Password\n\n";
    		 
    } 
    
    while (user + pass != username + password); // While User & Pass is not equal to the Username + Password 
    	cout << "\nConnecting to Login server.\n\n";
    	return 0;
    }
    ok i hope this is ok and all, BUT here is where i am stuck i do not want to have to store X amount of strings in this C++ document what i would like to be able to do is store them in a database and have say 200 logins and username and password pairs that can be accessed through the login program above, i do not know is his is even possible, the problem with me storing the passwords and usernames in this program is that they can get crossed eg

    User1 can use User2's password and this makes it unsecure and means that there is a higher chance that anyone can get in by just random guessing, also on most password/login programs the password dose not apper as letters but as * could anyone give me advice or show me to a link that will explain it all to me.

    Best wishes

    Oscardin

  2. #2
    Registered User
    Join Date
    Dec 2006
    Location
    Canada
    Posts
    3,229
    try std::vector

    have two vectors, one storing the usernames, the other one storing the passwords

    make sure their indexes are aligned (eg. usernames[1] corresponds to passwords[1])

    then you can iterate through the vectors to find a match.

    Also, I don't know if what you have written is valid (never seen it written like that, but my experience is rather limited), but I would have done it this way -

    Code:
    if (user == username && pass == password) // If Username & Password are correct then will state
            cout << "Correct Username & Passowrd\n\n";                 
    else // If Usename & Password are incorrect then will state
            cout << "Incorrect Username or Password\n\n";

  3. #3
    Kernel hacker
    Join Date
    Jul 2007
    Location
    Farncombe, Surrey, England
    Posts
    15,677
    Ok, so this is not so easy as it may seem.

    There was a rather lengthy discussion on how to enter passwords (without seeing the actual text). If you search for "password" in the Search function, then you should find it not so far back. Note that it will depend on your actual system how to solve this - the post I'm referring to is using Windows native calls, so it won't work on Unix/Linux.

    Forcing people to have a unique password is actually not increasing security - if you try to use password "Hello", and you get the message "This password is already in use" - wouldn't that give you some information you previously didn't have?

    You don't really need to store the password in a DATABASE [unless you have tens of thousands of users], but you do need to store them in some sort of persistant storage - such as a file. One method would be to store the MD5 as a base64 value. [look up those terms]

    If you store your passwords in a file, make sure you do that in a encrypted way, so that anyone reading the file can't see the passwords [although you may, for simplicity during development wait to implement this until you have the actual data structure of your user "database".]

    To do all of this, you'll need more experience, but I'm sure you can get some help here, and you will have to spend some time of your own on the problem.

    --
    Mats
    Compilers can produce warnings - make the compiler programmers happy: Use them!
    Please don't PM me for help - and no, I don't do help over instant messengers.

  4. #4
    Cat without Hat CornedBee's Avatar
    Join Date
    Apr 2003
    Posts
    8,895
    On basic principle, every password system where passwords are stored locally and you have access to them before authenticating is easily crackable. Just overwrite the passwords. That works even if the passwords are hashed in order to prevent reading them.

    Now. A password DB consists of pairs of usernames and passwords. E.g. a Unix shadow file contains something that looks roughly like
    Code:
    root:u9u0wufjskl39fm
    frank:c28398n3892cpn5q8
    bob:sm093un21n2390tus
    alice:13n329s3j30935s3m2
    Your program reads in a username and a password. (And sadly, there is no portable way to hide password input. On POSIX, you can use the readpass function to obtain a password, but the function is deprecated, apparently without replacement. (At least none I could find.))

    Then you look up the username and the associated password in the passdb. If you don't find the username, it is invalid and you give an error. If you find it, you compare the given password with the one you found in the passdb.

    A higher-level authentication mechanism on POSIX would be PAM, but that's a wholly different story.
    All the buzzt!
    CornedBee

    "There is not now, nor has there ever been, nor will there ever be, any programming language in which it is the least bit difficult to write bad code."
    - Flon's Law

  5. #5
    Registered User
    Join Date
    Oct 2007
    Posts
    4

    Confirmaion

    ok to use a vector i need to give the vector a name, size and type

    so
    Code:
    vector <string>  username (9)
    and this would store upto 10 strings

    then to set one of the elements in the sting i would need to do
    Code:
    username[0] = john
    username[1] = smith
    then i would also need to set the vector for password in the same fashion

    so this would do as my storing method

    seeking a little confermation a yes will do and please dont tell me exactly how to do i need to work it out for myself but someone saying im doing right or wrong is a big help

  6. #6
    Registered User
    Join Date
    Sep 2006
    Posts
    835
    > and this would store upto 10 strings

    No, 9 strings (in this case, the subscript ranges from 0 to 8).

  7. #7
    Kernel hacker
    Join Date
    Jul 2007
    Location
    Farncombe, Surrey, England
    Posts
    15,677
    Code:
    username[0] = john
    username[1] = david
    would make more sense. At least, I take it that you mean that username[0] is one user, and username[1] is a different one - your example looks a bit like the user could be "John Smith" and the first name is stored at one index and the password at another.

    And of course the same would apply to the password string, and of course, the username index and the password index are the same.

    An alternative solution is to have a struct [or class] that holds your pair of data:
    Code:
    struct userinfo {
       string username;
       string password;
    };
    
    vector <userinfo> users;
    This would help in the sense that you can easily get to the password directly.

    Oh, and finally:
    Your original code checks if username + password == user + pass. Let's say we have one user called "John" and the Password is "eHello", and another user "Johne" and a password "Hello" - both would then match! Test the password and username separately and you won't have that problem.

    Can I also suggest that you have a numeric user-id - it makes life much easier in other places.

    --
    Mats
    Compilers can produce warnings - make the compiler programmers happy: Use them!
    Please don't PM me for help - and no, I don't do help over instant messengers.

  8. #8
    Registered User
    Join Date
    Oct 2007
    Posts
    4
    so you mean use

    Code:
    if (user == username)
    if (pass == password)
         cout << "correct username and password"
    
    else 
         cout << "incorrect Username and password"

  9. #9
    Cat without Hat CornedBee's Avatar
    Join Date
    Apr 2003
    Posts
    8,895
    No. Enter a bad username and see what happens. You need to connect the two comparisons using a logical AND.
    All the buzzt!
    CornedBee

    "There is not now, nor has there ever been, nor will there ever be, any programming language in which it is the least bit difficult to write bad code."
    - Flon's Law

  10. #10
    Registered User
    Join Date
    Oct 2007
    Posts
    4
    silly me sorry about that
    Code:
    if (user == username && pass == password) // If Username & password are correct
    				cout << "Correct Username & Passowrd\n\n"; 
    		else // If Usename & Password are incorrect then will state
    			cout << "Incorrect Username or Password\n\n";
    so what they meant was this

  11. #11
    Registered User
    Join Date
    Oct 2007
    Posts
    23
    well your nested for loops should work. stylistically it should look like this though:

    Code:
    if (user == username)
         if (pass == password)
              cout << "correct username and password"
    
    else 
         cout << "incorrect Username and password"
    This way both would have to be true.

    I have a related anecdote. There was a text RPG that I played once that stored game saves to files. Well being the curious person that I am, I found the save file and started editing it. To my surprise, the next time I loaded the save file, it new I had cheated. I didn't see any traces of hashes or anything inside the file, so how did the app know? like passwords should be, the save file was kinda protected.

  12. #12
    Registered User
    Join Date
    Oct 2001
    Posts
    2,129
    that would be interpreted as:
    Code:
    if (user == username)
         if (pass == password)
              cout << "correct username and password";
         else 
              cout << "incorrect Username and password";
    to have it as you indented it, use braces:
    Code:
    if (user == username)
    {
         if (pass == password)
              cout << "correct username and password";
    } else 
         cout << "incorrect Username and password";
    Last edited by robwhit; 10-18-2007 at 08:59 PM.

  13. #13
    Registered User
    Join Date
    Oct 2007
    Posts
    23
    yeah, I just copied his thing and indented it. I'm pretty sure he understood what I was saying. Besides the way i had it would merely not declare that the pair was rejected.

  14. #14
    Registered User
    Join Date
    Jan 2005
    Posts
    7,366
    That actually doesn't work, though, because the error message only gets displayed if the username is wrong and not if the password is wrong.

Popular pages Recent additions subscribe to a feed