password code improvement
Results 1 to 3 of 3

Thread: password code improvement

  1. #1
    Senior Member
    Join Date
    Dec 2001
    Posts
    134

    password code improvement

    I am new to the programming stuff.

    The following the program to input a password and check it with the predefined password, "rambo", this program is working ok. Please let me know about the improvements needed in the code.//To Input and check the password.

    Your suggestions will be appreciated.

    _________________________________________________________________________
    #include<stdio.h>
    #include<conio.h>
    void main()
    {
    char a[15];
    int i,flag=0,x,y,post=0;
    char g[]="rambo"; //predefining the password
    clrscr();
    i=0;
    x=2;
    y=10;
    gotoxy(x,y);

    printf("\n Please Enter the password:");

    x=29;
    y=11;
    do
    {
    if(i<0) //limiting the value of i to 0
    {
    i=0;
    }

    if(x<29)
    {
    x=29;
    }

    a[i]=getch(); //getch() as it do not show the characters being //entered

    if((a[i]=='\b') && (post==0))
    {
    post=1;
    x=x-1;
    }
    if(a[i]=='\b')
    {

    --i;
    gotoxy(--x,11);
    continue;
    }

    i++;

    gotoxy(x++,y);
    }while(a[i-1]!=13);

    a[i]=NULL;

    for(i=0;a[i]!='\0' && g[i]!='\0';i++)
    {
    if(a[i]!=g[i])
    {
    flag=1;
    }

    }

    gotoxy(15,15);
    if(flag==0)
    printf("\n The password is correct");
    else
    {
    clrscr();
    textcolor(5);
    gotoxy(60,50);
    cprintf("\n ACESS DENIED");
    }

    getch();
    }


    _______________________________END_______________________________

    thanx.

  2. #2
    Senior Member
    Join Date
    Oct 2001
    Posts
    786

    Post My mods to make it work in Dev-C++

    My compiler (Dev-C++) is complaining that the main() function doesn't return an integer. It also hasn't heard of the functions:
    clrscr();
    gotoxy();
    textcolor();

    I'm guessing this is stuff specific to your compiler, and reading the variable names I think I understand what they are for.

    Here is what I did to your code:
    removed the textcolor(), and the gotoxy(), and replace clrscr() with system("CLS") - which pretty much runs the MS-DOS Command CLS
    Changed the line a[i]=NULL; into a[i]='\0'; since I knew you wanted it to terminate the character array
    Got rid of variables x and y since I removed the function that used them
    Hopefully fixed a potential buffer overflow in your do..while loop. (I think that 15 is the number to use in this case, so it should work - try typing in a lot of characters in your version, and press enter, then on the ACCESS DENIED screen press spacebar instead of return it should exit with errors and windows complaining)

    To make it compile in Dev-C++, I used this code:

    #include <stdio.h>
    #include <conio.h>

    int main(void)
    {
    char a[15];
    int i,flag=0,post=0;
    char g[]="rambo"; //predefining the password
    system("CLS");
    i=0;

    printf("\n Please Enter the password:");

    do
    {
    if(i<0) //limiting the value of i to 0
    {
    i=0;
    }


    a[i]=getch(); //getch() as it do not show the characters being //entered

    if((a[i]=='\b') && (post==0))
    {
    post=1;
    }
    if(a[i]=='\b')
    {

    --i;
    continue;
    }

    i++;
    // prevent buffer overflow - (i<15)
    }while((a[i-1]!=13) & (i<15));

    a[i]='\0';

    for(i=0;a[i]!='\0' && g[i]!='\0';i++)
    {
    if(a[i]!=g[i])
    {
    flag=1;
    }

    }

    if(flag==0)
    printf("\n The password is correct");
    else
    {
    system("CLS");
    cprintf("\n ACESS DENIED");
    }

    getch();
    return;
    }


    Overall nice program. I've tried myself to use getch() for a password application very similar to yours, but I never got it working. Congradulations on getting it to work in your program. Could I use that do..while loop of yours in the future?

    Oh, BTW, if you take the time to HEX edit the executable this turns into, you can find the password "rambo" in the code. The only way to prevent this is to use a one-way function, and to store the result of that one-way function as the password to compare to, and run the user's input through that one way function, and see if they match - because if you run the same values through the one way function, the output will be the same. Anyways, hope that suggestion helps.

  3. #3
    Senior Member
    Join Date
    Dec 2001
    Posts
    134
    Thanx a lot for taking pain and aqnd checking the things out.
    Of course i will take ur suggestion in mind, and i am really glad that my work has been of some help to you, i really like to work that help others.
    Now I promise you that there will be more code that will be posted here from noe onwards, actually i am soory i got late in replying you to, because i was out of town and couldn't check my e-mail.
    I know this program will really work well with the fucntuiond, but i was told to make it without the functions, i will definately modify it to the perfection. Oh yes!!! I am using the Turbo C compiler.
    Please keep in touch, we can learn more from each-other.
    Hope to here from u soon.
    Regards
    Harbir

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

 Security News

     Patches

       Security Trends

         How-To

           Buying Guides