patterncppModerate
Basic OS login program
Viewed 0 times
loginprogrambasic
Problem
I have just finished the sololearn C++ course and wanted to create a basic login program in the vein of a basic operating system.
Header file:
Any help on improving my code by getting rid of useless code or replacing it with better code would be greatly appreciated.
#include "ubuntu_login"
#include
#include
using namespace std;
Ubuntu_Login::Ubuntu_Login()
{
cout
#include
using namespace std;
int main()
{
Ubuntu_Login UO;
UO.usr_login();
}Header file:
#ifndef UBUNTU_LOGIN_H
#define UBUNTU_LOGIN_H
#include
using namespace std;
class Ubuntu_Login
{
public:
Ubuntu_Login();
void usr_login();
private:
string username;
string password;
string username_input;
string password_input;
};
#endif // UBUNTU_LOGIN_HAny help on improving my code by getting rid of useless code or replacing it with better code would be greatly appreciated.
Solution
Never write login code
This is much harder than you think. Leave it to the experts you will get some security piece wrong.
Code Review
Don't use this:
See Why is “using namespace std;” considered bad practice?.
The reason the "standard namespace" is called
I don't see declarations for
You have used a while loop.
You may want to look at a
Hint
Passwords should NEVER be stored (or encrypted). You should only ever store the hash of the password (properly salted). When a user enters a password hash it with the appropriate salt and compare it to the stored hash of the password.
A hash can be though of as one way encryption. You can encrypt it, but because it is lossy you can not decrypt the hash back to a password. So if people get hold of the your password file all they have is a set of hashes and no passwords.
This is much harder than you think. Leave it to the experts you will get some security piece wrong.
Code Review
Don't use this:
using namespace std;See Why is “using namespace std;” considered bad practice?.
The reason the "standard namespace" is called
std is so that it is not a big deal to type std:: before each standard object/function/type. Don't be lazy type the extra 5 characters.I don't see declarations for
username or password I hope they are not global variables.cout << "Please enter a username" << endl;
getline(cin,username);
cout << "Please enter a password" << endl;
getline(cin,password);You have used a while loop.
while(username_input != username || password_input != password)
{
}You may want to look at a
do while loop. As the test is not done till the end of the input code. If somebody had an empty username and password then it would match before the loop was entered and you would never get asked.do
{
}
while(username_input != username || password_input != password);Hint
Passwords should NEVER be stored (or encrypted). You should only ever store the hash of the password (properly salted). When a user enters a password hash it with the appropriate salt and compare it to the stored hash of the password.
A hash can be though of as one way encryption. You can encrypt it, but because it is lossy you can not decrypt the hash back to a password. So if people get hold of the your password file all they have is a set of hashes and no passwords.
Code Snippets
using namespace std;cout << "Please enter a username" << endl;
getline(cin,username);
cout << "Please enter a password" << endl;
getline(cin,password);while(username_input != username || password_input != password)
{
}do
{
}
while(username_input != username || password_input != password);Context
StackExchange Code Review Q#92171, answer score: 12
Revisions (0)
No revisions yet.