Create Login Form (SqlServer 2014)

M4RZB4Ni

Hello
have good TiME
i want to create a login Form using Sql Server 2014
and a restore Form By email of user
i searched in the google and you tube but the tutorials was not Obvious!
who can Help me ?

SGaist

Hi,

Do you mean two QLineEdit in a QDialog for the login ?

M4RZB4Ni

@SGaist
hi
Yes!
in one form(stacked widget)
i have two LineEdit
user
pass
and in other form i have
user
email
password
for recovery password if user and email exists !

SGaist

Then what exactly are you missing to go further ?

M4RZB4Ni

@SGaist said in Create Login Form (SqlServer 2014):

missing

i dont know how i should do this exactly!

SGaist

Sorry but it's a bit too vague.

Do you mean you don't know how to setup a QSqlDatabase ?
Or you don't know how to get your QLineEdit contents when .e.g. clicking on a QPushButton to trigger the login ?

Please, state exactly where you currently are and what would the next step be.

M4RZB4Ni

@SGaist said in Create Login Form (SqlServer 2014):

vague

i want to create a login page
and a restore password page for users!
login page have this :
user
pass
restore page have this:
user
mail
pass(show from db)
thats all!

my database connected in the past
i want only know how i must program this login page?

SGaist

I understood what you want to create. What I don't know is at which stage you are.

E.g. a minimal login page is two QLineEdits with the password input protected and a QPushButton to start the login process. For the logic, a slot that does the validation and for the rest. Not knowing what your application does I can't say.

VRonin

KDE API has those classes done already:

Login https://api.kde.org/frameworks/kwidgetsaddons/html/classKPasswordDialog.html
Create new password: https://api.kde.org/frameworks/kwidgetsaddons/html/classKNewPasswordDialog.html

mjsurette

@M4RZB4Ni
Have you considered the security issues with this setup?

To retrieve the password, you have to log in to the database as an anonymous user and have the database itself trigger an email.

To have the form itself directly recover the password would allow anyone knowing your email to log in as you. Even emailing the password is a somewhat questionable practice as email can be sniffed.

If this is a low value database, then you may consider these to be acceptable trade-offs.

Mike.

VRonin

@M4RZB4Ni said in Create Login Form (SqlServer 2014):

pass(show from db)

I just noticed this. if your DB knows what the password is it is a threat not only to your DB security but for each individual user. You can get sued for some real money! (the idea is that if your DB gets hacked and password table stolen the attackers will have both username and password in plain text and, if passwords are recycled by your users, they will try them on paypall or amazon and steal money off them).

Use a hash and salt algorithm (SHA3 512 recommended).

An "entertaining" explanation can be found here: https://www.youtube.com/watch?v=8ZtInClXe1Q