1.11M Members

C Password Program

 
0
 

One of the things which attracted my attention was that there are often newbies asking how to create a password program in C/C++, often they don't succeed, well here's my response, you can use it for any purpose you want, one thing you'll have to keep in mind is that this code will only work on compilers which support conio.h, I know that it's actually a bad habit to make use of this "library", but most of the newbies which are searching for code like this are always using a compiler which supports it, so I guess that won't be a big problem.
As compiler to compile this code I used MinGW.
(The world's best open source compiler for Windows)
You can get the command line compiler from the site, however if you're new to
C/C++ then I would rather suggest you to go and get an IDE featuring the MinGW compiler: Code::Blocks is a very good one, also often used is the Dev-C++ IDE, but there's on major disadvantage of Dev-C++: The source code editor of the IDE isn't being updated anymore (however you can still use it with the newest MinGW compiler, that would be no problem)

#include <stdio.h>
#include <string.h>
#include <conio.h>

int main()
{
    char buffer[256] = {0};
    char password[] = "password";
    char c;
    int pos = 0;
    
    printf("%s", "Enter password: ");
    do {
        c = getch();
        
        if( isprint(c) ) 
        {
            buffer[ pos++ ] = c;
            printf("%c", '*');
        }
        else if( c == 8 && pos )
        {
            buffer[ pos-- ] = '\0';
            printf("%s", "\b \b");
        }
    } while( c != 13 );
    
    if( !strcmp(buffer, password) )
        printf("\n%s\n", "Logged on succesfully!");
    else
        printf("\n%s\n", "Incorrect login!");

    return 0;
}
 
0
 

Bug Fix!
Change: buffer[ pos[B]--[/B] ] = '\0'; to: buffer[ [B]--[/B]pos ] = '\0'; :)

 
0
 

Code Improvement!
It might be a good practice to change the loop's condition,
from: while( c != 13 ); to: while( c != 13 && pos < 256); as this will avoid to go over the bounds of the buffer.
:)

 
-3
 

If you pretend this to be valid C++ totally FAIL.

 
1
 

>If you pretend this to be valid C++ totally FAIL.
Well, in fact this is all valid C++, with the minor exception that I used an unportable library, but does that make it invalid C++ code?
The code is not standard C++ (but that's only because I used the conio library).
BTW, I posted this snippet in the C section of code snippets and not in the C++ section, but it should work on most C++ compilers as well (as long as they support conio.h).
When you intend to compile this code on a C++ compiler, then you should of course change the include directives to include the new-style headers, because most compilers only provide the old-style headers for backwards compatibility and because therefore they're not standard.
And if you want, you can always use the C++ iostream class library for I/O.
But remember that my intention was that it is C code in the first place.
Well, I would like to see you how you would do it in Standard (valid) C++.

 
0
 

In case you didn't know this isn't very secure. It is possible to find the hard coded password simply by analyzing the compiled binary file. Like so: cat password gives something like:

US=u@-X9sB9r[]Ív'Utt	$ÐL$qUWQ0DžrDž@DžpassDžwordƅED$P$aUE}`~&}z UuD$$)uD$h$D$$0Y_]aÐU]Ít&'UWVSO

it not as plain as day but you can see the hard coded password there. Using a hex editor it would be even easier to read it.

If you want real security it needs to be encrypted using sha1 or some other scheme.

 
0
 

First of all: my intention was to write a program which just lets the user enter a password, while displaying an asterisk for each character entered (correction through backspace allowed).

However you're right in saying that this program is not secure, because the password is hardcoded, but it was never my intention that my program would be used as it's displayed here for 'serious' programs.
I included a variable, which contains a hardcoded password, with the only purpose to be able to demonstrate this little program.

People here are free to copy my code and modify it according to their needs, if they want to enhance security by using hashed passwords, that's okay.

Using hashing, you'll have to do something like this in general:

  1. Get the hashed password.
  2. Get the user entered password.
  3. Hash the password entered by the user and compare it to the hashed (correct) password.
    If the comparison yields true, then log the user in.
 
0
 

it helps me, thank you

 
-2
 

It help but you must include header file ctype.h

 
1
 

Hey nice password program.
I did not tried this before.
but i want that when user inputs the password then user must see * instead of actual chars.
How can I? :P

 
0
 

Thanks for the above program
now i am safe with my programs
thank you very much for the owner
if you need any help contact me...<snipped>

 
0
 

Hy! I'm sorry that i revive this topic but i have a problem with this code! I added a do{ } while so that i can reenter the password again if it's typed incorrect.Now if i type the password correctly for the first time it works, but if i typed wrong then correct it sais that the password is wrong. Why?

#include <stdio.h>
#include <string.h>
#include <conio.h>
#include <ctype.h>

int main()
{
char buffer[256] = {0};
char password[] = "password";
char c;
int pos = 0,k=0;

do{           //start 
printf("%s", "Enter password: ");

do {
    c = getch();
    if( isprint(c) )
{
    buffer[ pos++ ] = c;
    printf("%c", '*');
}

else if( c == 8 && pos )

{
    buffer[ --pos ] = '\0';
    printf("%s", "\b \b");
}

} while( c != 13 && pos < 256);

if( !strcmp(buffer, password) )

{   k=1;
    printf("\n%s\n", "Logged on succesfully!");

}
else

{   printf("\n%s\n", "Incorrect login!");
    k=0;
}

} while(k==0);

return 0;

}
 
0
 

Reformat your code so we can tell wht statements go with what DO loop.

 
0
 

After lie 13 set pos = 0

 
0
 

thx for answers! I've been able to make it work by making it into a function then accesing it from main with a loop

 
0
 

Thank you!!
You've helped me so much!

 
0
 

Here we used getch() which is not standard. How should I code without using getch() ?

 
0
 

Here we used getch() which is not standard. How should I code without using getch() ?

There's no standard way to simulate getch(). Pick your favorite non-standard option to replace it.

 
0
 

you could use

cin.read(c, ONE_BYTE_LENGTH_CONST );

or hard code it to

cin.read(c, 1);

I did not try it if it could have a bug or so, just so you know/try.

 
0
 

I did not try it if it could have a bug or so

So code it and see how miserably it fails to do the job... 8-|

Isn't it about time forums rewarded their contributors?

Earn rewards points for helping others. Gain kudos. Cash out. Get better answers yourself.

It's as simple as contributing editorial or replying to discussions labeled or OP Kudos

You
This is an OP Kudos discussion and contributors may be rewarded
Post:
Start New Discussion
Tags Related to this Article