Home > database >  password verification or checker in c programming
password verification or checker in c programming

Time:03-06

I have created a password checker in c programming but it is not working can anyone please check it and say what is wrong in this.‎‎‎‎‎‎‎‎‎‎‎‎‎‎‎‎‎‎‎‎‎‎‎‎‎‎‎‎‎‎‎‎‎‎‎‎‎‎‎‎‎‎‎‎

#include<stdio.h>
#include<stdbool.h>

int main() {
    int otp[4];   //array for storing the true password entered by user at first
    int pto[4];   //array for storing password for login
    int count = 4,i;
    bool pass = true;

    printf("enter a new password:  ");

    for (int i = 0; i < count; i  ) {
        scanf("%d", & otp[i]);  //for storing the true password
    }

    printf("\n\n --- Login page --- ");
    printf("\nenter your password : ");

    for (i = 0; i < count; i  ) {
        scanf(" %d", & pto[i]);   //asking for password for login
    }

    for (i = 0; i < count; i  ) {   //check for password
        if (otp[i] == pto[i]) {
            pass = true;
        } else {
            pass = false;
        }
    }

    while (pass == false) {     //if password is wrong
        printf("\n---- password din't match ----\nenter your password again : ");

        for (i = 0; i < count; i  ) {
            scanf(" %d", & pto[i]);
        }

        for (i = 0; i < count; i  ) {
            if (otp[i] == pto[i]) {
                pass = true;
            } else {
                pass = false;
            }
        }
    }


    printf("\n Your password is correct!");

    return 0;
}

And should I use int or char to store passwords,if i use int also that part works if char also it works but sometimes it wont work,

CodePudding user response:

This loop ultimately only cares if the last value in each array match or not.

for (i = 0; i < count; i  ) {
    if (otp[i] == pto[i]) {
        pass = true;
    } else {
        pass = false;
    }
}

For example, comparing { 1, 2, 3, 4 } and { 4, 4, 4, 4 } would result in pass being true after the loop, despite the obvious differences.

Instead, set the flag to false, and break from your loop as soon as a mismatch occurs.

bool matching = true;

for (size_t i = 0; i < length; i  ) {
    if (array_one[i] != array_two[i]) {
        matching = false;
        break;
    }
}

If a mismatch never occurs, the flag will remain true afterwards.


Usually passwords are text that is hashed (with a salt) before being stored. Password verification is done by comparing hashes. For example, take a look at the man 3 crypt library function.

The use of a fixed-length series of plain integers for a 'password' is atypical, but for a toy program it is fine.


Here is an example program to study.

#include <stdbool.h>
#include <stdio.h>
#include <stdlib.h>

#define KEY_LENGTH 4

void get_key(int *key, size_t length) {
    for (size_t i = 0; i < length; i  ) {
        if (1 != scanf("%d", &key[i])) {
            fprintf(stderr, "Could not read integer input.\n");
            exit(EXIT_FAILURE);
        }
    }
}

bool match_key(int *one, int *two, size_t length) {
    for (size_t i = 0; i < length; i  )
        if (one[i] != two[i])
            return false;

    return true;
}

int main(void) {
    int key[KEY_LENGTH];
    int user_key[KEY_LENGTH];

    printf("Set the key (%d integers): ", KEY_LENGTH);
    get_key(key, KEY_LENGTH);

    puts("--- LOGIN ---");

    while (1) {
        printf("Enter the key (%d integers): ", KEY_LENGTH);
        get_key(user_key, KEY_LENGTH);

        if (match_key(key, user_key, KEY_LENGTH))
            break;

        puts("Key mismatch. Retrying...");
    }

    puts("Welcome to the system.");

}

CodePudding user response:

Since you didn’t specify your problem (besides “it’s not working”), I’ll do my best to list all the possible issues.

Reading integers

scanf("%d", & otp[i]);

Will read a single decimal integer into a position in otp. If the password is 1024, the first time through the loop (iteration) will read 1024 into otp[0]. In the second iteration, scanf() will wait until another number is available on standard input. Once it’s available, it will read it into otp[1], and so on. This scanf() loop really reads in 4 different integers, separated by newlines. It would be much easier to do only one scanf() for one integer, like this:

int main() {
    int otp;
    int pto;
    bool pass = true;
    
    printf("enter a new password:  ");
    
    scanf("%d", &otp);

You could also scan a 4-character string by using char arrays:

int main() {
    char otp[5]; //4 digits and 1 NUL-terminator
    char pto[5];
    bool pass = true;
    
    printf("enter a new password:  ");
    
    scanf("%4s", otp);

Password-checking logic error

As @Oka explained, your checker has a logic error. If using an integer, you could simply check

if (opt == pto) {
    //correct
} else {
    //incorrect
}

If using a char array (string), you could use

if (!strcmp(otp, pto)) {
    //correct
} else {
    //incorrect
}

You would have to #include <string.h> for strcmp().

Standard output buffer

The “enter a new password: ” prompt is not printed until the stdout buffer is flushed. This usually only happens when a newline is printed. You have to

fflush(stdout);

right after printing the prompt if you want it to appear.

  • Related