PDA

View Full Version : in C how do i make a small login/password script?



newbie1
12-13-01, 10:19 PM
well this isn't a school project or anything, i just want to see and understand the code on how its done.....

like it tells you to enter in new login/password, and you enter it(user/password) in and it saves it, and only you know the login/password to logon (to whatever).


and also

whats the code on how to let asterticks correspond with what you type? like you know how it is, when you go to a mail account and you type in your password, ...it automatically shows asterticks instead of your real password as you type , kind of like en encryption/shadow or something....

like when you type "hello", instead of hello it shows "*****".

oh yeah in the C language BTW, just pure C

Stu
12-14-01, 01:51 AM
The basic frame work is quite simple; print a prompt, read a value. However, two things you have to deal with make this a little more complex than you would think; because they are outside the scope of the C language, and are dependent on the operating system/environment--or rather, they are handled differently in different operating systems/environments.

First, you have to store these passwords and usernames in a file or database--for two reasons; 1) they are dynamic (you can change them) and 2) I assume you want them to persist after the program is finished executing. You could write them in plain old ASCII, but you added the constraint that you want only the user to know their password (which is pretty standard). Therefore, at least the password, must be encrypted. This is dependent on the system that you are programming on/for (not the C language), and there is no real standard across platforms as to how this is done. So, before this can be addressed, we need to know at least what operating system you want this on.

Second, you want to suppress keyboard character echo and replace the characters with asterisks. Again, this depends on the environment you are programming on/for (not the C language). In windows you would most likely use functions in conio.h (Console I/O). In the unices (unix, linux, or bsd), you would use either curses, ncurses, or termcap. So, again, we need to know at least what operating system you want this on.

newbie1
12-14-01, 07:20 PM
again i don't want to code it, just to see the code behind that kind of program, and to understand it (because i can't program for nothing).....i guess i would want to see it work in my operating system which is slackware 8

Stu
12-15-01, 04:08 AM
Well, here's a very simple program to write the entries into a file, using the unix/linux/bsd crypt() function to encrypt the password and getpass() function to get the password unix style (no keyboard echo, at all):




#include <stdio.h>
#include <stdlib.h>
#include <unistd.h>
#include <time.h>

int main(int argc, char **argv){

char salt[2]; /* Salt for the crypt() function */
const char *salt_chars = "abcdefghijklmnopqrstuvwxyz" /* Range of character supported */
"ABCDEFGHIJKLMNOPQRSTUVWXYZ" /* as a value for salt in crypt() */
"0123456789";

char username[BUFSIZ], password1[BUFSIZ], /* Buffers for user input and comparison */
password2[BUFSIZ], *buf;
char filename[BUFSIZ]; /* Buffer for filename */
FILE *outfile; /* File handle */

/* Build salt */
srand(time(NULL));
salt[0] = salt_chars[rand() % 62];
salt[1] = salt_chars[rand() % 62];

/* Get the filename */
printf("Enter Password Filename: ");
scanf("%s", filename);

/* Get the username */
printf("Username: ");
scanf("%s", username);

do {

/* Get the password */
buf = getpass("Password: ");

/* Copy to a "stable" pointer */
sprintf(password1, "%s", buf);

/* Get the password */
buf = getpass("Enter Again: ");

/* Copy to a "stable" pointer */
sprintf(password2, "%s", buf);

/* See if the passwords are the same */
if(strcmp(password1, password2) != 0)
printf("\nPasswords do not match!\nTry again.\n\n");

} while(strcmp(password1, password2) != 0);

/* Encrypt the password */
buf = crypt(password1, salt);

/* Open the output file for append */
if((outfile = fopen(filename, "a+")) == NULL){

printf("\nFile error!\nAborting...\n");

} else {

/* Print the record to the file */
fprintf(outfile, "%s:%s\n", username, buf);

} /* End if */

/* Close the file */
fclose(outfile);

} /* End main() */



And here's how you would check it:




#include <stdio.h>
#include <stdlib.h>
#include <unistd.h>
#include <string.h>

int main(int argc, char **argv){

char username[BUFSIZ], *password; /* User input buffers */
char buf[BUFSIZ]; /* File input buffer */
char *user_file, *pass_file; /* Buffers for values in file */
char filename[BUFSIZ]; /* Filename buffer */
FILE *infile; /* File handle */

/* Get the filename */
printf("Enter Password Filename: ");
scanf("%s", filename);

/* Get the username from the user */
printf("Username: ");
scanf("%s", username);

/* Get the password from the user */
password = getpass("Password: ");

/* Open the file */
if((infile = fopen(filename, "r")) == NULL){

printf("\nFile error!\nAborting...\n");

} else {

/* Loop throught the file */
while (!feof(infile)) {

/* Initialize with empty string */
buf[0] = '\0';

/* Read in one line */
fscanf(infile, "%s", buf);

/* If it's an empty line, continue */
if(strlen(buf) == 0) continue;

/* Point to the buffer */
user_file = buf;

/* Point to the delimiter in the buffer */
pass_file = strchr(buf, ':');

/* Change the delimiter to a nul character */
pass_file[0] = '\0';

/* Move to the next character */
pass_file++;

/* See if this matches the name the user entered */
if(strcmp(user_file, username) == 0){

/* See if the passwords match */
if(strcmp(crypt(password, pass_file), pass_file) == 0){

printf("Correct password...\n");

} else {

printf("Invalid password!\n\n");

} /* End if */

/* We found what we wanted; get out of loop */
break;

} /* End if */

} /* End while */

} /* End if */

/* Close the file */
fclose(infile);

} /* End main() */



That's basically all there is to it. I used the most basic form--there are better ways (using a variety of encryption algorithms--like ones using stronger encryption than 56 bit, like this one does). Keep in mind, you have to compile in the crypt shared library--like this using gcc:

gcc -lcrypt -o program_name program_name.c

Otherwise, it'll blow up when you run it (coredump).

newbie1
12-15-01, 02:57 PM
thanks for the code Stu :), i really appreciate it, even though that code is way over my head, i'll probably understand it later in time, if i keep learning and practicing....thanks again

newbie1
12-15-01, 10:22 PM
just wondering....did you compile the program to see if it works? or did you just code away and reply?

Stu
12-17-01, 01:03 AM
Yes, I compiled it using gcc (the command line listed in my post `gcc -lcrypt -o program program.c`) and tested it before I posted. Should work the same on slackware as it does on mine. I'm running RedHat 7.1, kernel 2.4.16, gcc 2.95, and OpenSSL 0.96b (my crypto library).

newbie1
12-18-01, 07:32 PM
hey STU how do i make it have more encryption?

Stu
12-20-01, 02:53 PM
Use another encryption algorithm (library) to do the encryption. You could use something like libcrypto (OpenSSL (http://www.openssl.org/)) to do this, which supports blowfish, cast, des, idea, rc2, rc4, and rc5, among others and has fairly good (yet still under construction) documentation on it use at their site.

sriki
01-09-08, 11:36 AM
heres a simple login program in c
visit
http://lern2hack.blogspot.com/
& see c programing section

OR

http://lern2hack.blogspot.com/2007/12/c-program-to-accept-password-mask-it.html
:confused: