I'm working on a Chat program using a server and clients. I have all of that working fine but now I'm trying to setup accounts for the server to use and I'm having problems with checking if the password entered on login matches the password for the account.

When the client goes to login, it sends a message to the server with the UserName and Password the person entered separated by a ~ symbol. The server then splits up the message sent using the ~ symbol as a place to split from and saves the UserName and Password to the serverside. It then calls Accounts and checks if the password on file matches what was sent by the client.

Here is the part of code that has to do with the password checking...

// Check for Login or Account Creation
    int Lines=0;
    char *Data[80]; 
    char szPlayerMsg[1024];
    string MsgRecieved;
         MsgRecieved = szIncoming;
         strcpy(szPlayerMsg, MsgRecieved.c_str());
    Data[0] = strtok(szPlayerMsg, "~"); 
    while(Data[Lines]!= NULL) {   
        Lines++;
        Data[Lines] = strtok(NULL, " ");         
    }                      
      // Data[0] = Acc Name
      // Data[1] = Acc Pass     
if (Data[1] > NULL){ // Display Message to server only and check account info 
    Accounts(Data[0], Data[1]);
        Data[0] = NULL;
    Data[1] = NULL;
}

void Accounts(char Name[80], char Password[80]){ // Account Saving/Loading
    FILE *OUTPUT_FILE;
         char szFileName[80];
         string zsFileInfo;
              zsFileInfo = "C:\\ZE-Admin\\Accounts\\";
              zsFileInfo.append( Name );
              zsFileInfo.append( ".txt" ); 
         strcpy(szFileName, zsFileInfo.c_str());    

           SendMessage(hEditIn, EM_REPLACESEL,0,(LPARAM)"[Checking Password]\r\n"); // Display what is going on in the Server Console  
 ifstream ReadPass;
 ReadPass.open(szFileName);
 char EnteredPass[80];
    if (ReadPass.is_open()) {
      while (!ReadPass.eof()) {
         ReadPass >> EnteredPass;
      }
    }
       ReadPass.close();  
            SendMessage(hEditIn, EM_REPLACESEL,0,(LPARAM)"Entered Pass: ");
           SendMessage(hEditIn, EM_REPLACESEL,0,(LPARAM)Password);
           SendMessage(hEditIn, EM_REPLACESEL,0,(LPARAM)"\r\n");
           SendMessage(hEditIn, EM_REPLACESEL,0,(LPARAM)"Account Pass: ");
           SendMessage(hEditIn, EM_REPLACESEL,0,(LPARAM)EnteredPass);
           SendMessage(hEditIn, EM_REPLACESEL,0,(LPARAM)"\r\n");
    if (Password == EnteredPass){ // Check if password entered matches password on file 
       SendMessage(hEditIn, EM_REPLACESEL,0,(LPARAM)"[Loading Account]\r\n"); // Passwords matched! Loading account
    } else {
       SendMessage(hEditIn, EM_REPLACESEL,0,(LPARAM)"[Incorrect Password!]\r\n"); // Password failed! Disconnecting client 
    }
}

The problem is, I enter the correct password by the server is displaying [Incorrect Password] when it should be displaying [Loading Account].

The picture attached is what I see when I try to login.

You can't compare character arrays like that. Your best bet is to create a function that will do a loop check of each element in the two arrays. And have it return a boolean.

aka

bool isEqual(char onFile[], char checking[])
{
	for(int i = 0; i < (sizeof(onFile) / sizeof(char)); i++)
	{
		if(onFile[i] != checking[i])
			return false;
	}

	return true;
}

Hello Ertzel.

Actually char Password[80] means that you have just allocated memory and Password is a pointer to the first bite. One pointer to the argument and another pointer to the memory, what are you reading from the file. Definitely you will have the different addresses.
For chars comparation you can use strcmp(char*, char*) and if the strings are equial it will return 0;
Reference

Also, for more security, I'd like to suggest to use MD5.
Convert your password on client and check just MD5 values instead.

Good Luck.
Best regards As_Sanya.

You can't compare character arrays like that. Your best bet is to create a function that will do a loop check of each element in the two arrays. And have it return a boolean.

aka

bool isEqual(char onFile[], char checking[])
{
	for(int i = 0; i < (sizeof(onFile) / sizeof(char)); i++)
	{
		if(onFile[i] != checking[i])
			return false;
	}

	return true;
}

That wont always work like you think it does, specifically, the onFile[] and checking[] gets degraded to a pointer, thus the size information is lost, so you can't use sizeof operator. You should either have a size parameter, or recalculate its size again.

For chars comparation you can use strcmp(char*, char*) and if the strings are equial it will return 0;

Thank you, using that worked. The Password checking now looks like this and works perfectly.

if (strcmp( EnteredPass,Password ) == 0){
       SendMessage(hEditIn, EM_REPLACESEL,0,(LPARAM)"[Loading Account]\r\n"); // Passwords matched! Loading account
    SendMessage(hEditOnline, EM_REPLACESEL,0,(LPARAM)Name);    // Add user to Online list
        SendMessage(hEditOnline, EM_REPLACESEL,0,(LPARAM)"\r\n");
    } else {
       SendMessage(hEditIn, EM_REPLACESEL,0,(LPARAM)"[Incorrect Password!]\r\n"); // Password failed! Disconnecting client 
         }

As for security, I will be adding some kind of encryption system to the passwords, I just haven't gotten there yet.

Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.