4. Login System

Login System


  • Trying to implement a login system, I'm struggling to get it working. I'm using Qt and MySQL - the MySQL link is functioning fine, just can't get the C++ right. Here's the code:

    void MainWindow::on_pushButton_login_clicked()
{

    QString enteredUsername = ui->lineEdit_username->text();
    QString enteredPassword = ui->lineEdit_password->text();
    QString username;
    QString password;


    QSqlQuery loginQuery("SELECT * FROM 'logindetails' WHERE studentID='" + enteredUsername + "' AND password='" + enteredPassword + "';");
    if (!username.compare(enteredUsername) && (!password.compare(enteredPassword)))
        QMessageBox::information(this,"Success", "Login information is correct");
    else
        QMessageBox::information(this,"FAIL", "Incorrect login");

/*

    QSqlQuery usernameQuery("SELECT studentID from userinfo.logindetails");
    while (usernameQuery.next()) {
        QString username = usernameQuery.value(0).toString();
        QMessageBox::information(this,"Success",username+ enteredUsername);

    }
    QSqlQuery passwordQuery("SELECT password from userinfo.logindetails");
    while (passwordQuery.next()) {
        QString password = passwordQuery.value(0).toString();
        QMessageBox::information(this,"Success",password+ typeid(password).name()+ enteredPassword+ typeid(enteredPassword).name());

    }

    if (!username.compare(enteredUsername) && (!username.compare(enteredUsername)))
            QMessageBox::information(this,"Success", "Login information is correct");

    else
        QMessageBox::information(this,"Failure", "Login information is incorrect"+username + password);

*/
    0
  • Lifetime Qt Champion

    Hi,

    What query does fail ?
    What are you expecting ?
    Where are you getting ?

    1

  • I don't really know how to get the C++ code to query username password, then check it against the entered details. The query returns the correct values from the database. There is a username and password in the DB, i'm expecting to query it and check it with the input data. The query returns the right data but not in the correct format.

    1 1 Reply
  • Lifetime Qt Champion

    What format are you expecting ? And what format are you getting ?

    0

  • @inik as a side note, you should not store passwords directly in the DB, just a hash value of the actual password. You're shouting for information security problems.

    3

  • @inik
    Apart from the fact that you should indeed hash (one-way, symmetric) the password for storage (and comparison) as @Pablo-J-Rogina says, when you write:

        QSqlQuery loginQuery("SELECT * FROM 'logindetails' WHERE studentID='" + enteredUsername + "' AND password='" + enteredPassword + "';");
    if (!username.compare(enteredUsername) && (!password.compare(enteredPassword)))

    by the time that query returns a row you already know both the username & password have matched since you pass them in the query, so you only need to check whether 1 row or 0 rows were returned...

    For hashing, from Qt you can probably use http://doc.qt.io/qt-5/qcryptographichash.html#details. So your process is:

    1. When the user specifies his password, hash it and stored the hashed to the database.
    2. When a user tries to logon and specifies a proposed password, hash that and pass it to query like you have to see if it is same as a hash in the database row.
    3. So you never pass the unhashed/clear text of the password to/from the database.
    1
Log in to reply