Login System



  • Trying to implement a login system, I'm struggling to get it working. I'm using Qt and MySQL - the MySQL link is functioning fine, just can't get the C++ right. Here's the code:

    void MainWindow::on_pushButton_login_clicked()
    {
    
        QString enteredUsername = ui->lineEdit_username->text();
        QString enteredPassword = ui->lineEdit_password->text();
        QString username;
        QString password;
    
    
        QSqlQuery loginQuery("SELECT * FROM 'logindetails' WHERE studentID='" + enteredUsername + "' AND password='" + enteredPassword + "';");
        if (!username.compare(enteredUsername) && (!password.compare(enteredPassword)))
            QMessageBox::information(this,"Success", "Login information is correct");
        else
            QMessageBox::information(this,"FAIL", "Incorrect login");
    
    /*
    
        QSqlQuery usernameQuery("SELECT studentID from userinfo.logindetails");
        while (usernameQuery.next()) {
            QString username = usernameQuery.value(0).toString();
            QMessageBox::information(this,"Success",username+ enteredUsername);
    
        }
        QSqlQuery passwordQuery("SELECT password from userinfo.logindetails");
        while (passwordQuery.next()) {
            QString password = passwordQuery.value(0).toString();
            QMessageBox::information(this,"Success",password+ typeid(password).name()+ enteredPassword+ typeid(enteredPassword).name());
    
        }
    
        if (!username.compare(enteredUsername) && (!username.compare(enteredUsername)))
                QMessageBox::information(this,"Success", "Login information is correct");
    
        else
            QMessageBox::information(this,"Failure", "Login information is incorrect"+username + password);
    
    */
    
    

  • Lifetime Qt Champion

    Hi,

    What query does fail ?
    What are you expecting ?
    Where are you getting ?



  • I don't really know how to get the C++ code to query username password, then check it against the entered details. The query returns the correct values from the database. There is a username and password in the DB, i'm expecting to query it and check it with the input data. The query returns the right data but not in the correct format.


  • Lifetime Qt Champion

    What format are you expecting ? And what format are you getting ?



  • @inik as a side note, you should not store passwords directly in the DB, just a hash value of the actual password. You're shouting for information security problems.



  • @inik
    Apart from the fact that you should indeed hash (one-way, symmetric) the password for storage (and comparison) as @Pablo-J-Rogina says, when you write:

        QSqlQuery loginQuery("SELECT * FROM 'logindetails' WHERE studentID='" + enteredUsername + "' AND password='" + enteredPassword + "';");
        if (!username.compare(enteredUsername) && (!password.compare(enteredPassword)))
    

    by the time that query returns a row you already know both the username & password have matched since you pass them in the query, so you only need to check whether 1 row or 0 rows were returned...

    For hashing, from Qt you can probably use http://doc.qt.io/qt-5/qcryptographichash.html#details. So your process is:

    1. When the user specifies his password, hash it and stored the hashed to the database.
    2. When a user tries to logon and specifies a proposed password, hash that and pass it to query like you have to see if it is same as a hash in the database row.
    3. So you never pass the unhashed/clear text of the password to/from the database.

Log in to reply
 

Looks like your connection to Qt Forum was lost, please wait while we try to reconnect.