Velocity Reviews - Computer Hardware Reviews

Velocity Reviews > Newsgroups > Programming > C Programming > Fix my program

Reply
Thread Tools

Fix my program

 
 
Roger Dodger
Guest
Posts: n/a
 
      03-05-2008
Richard Heathfield wrote:
> Roger Dodger said:
>
> <snip>
>
>> You talk real big when you're invisible.

>
> Given that your email address is for a domain - brooklyn.ny - that doesn't
> exist, you're being hypocritical. Although santosh uses a gmail address,
> it is at least a valid address[1]. What's more, santosh contributes
> constructively to this group, and you don't. Why not fix that, by helping
> out with people's C questions? Or shall we just add you to the list of
> snide, parasitic morons in our killfiles?
>
> [1] Yes, I know my own address headers are invalid, but my sig contains
> instructions for building my address that no bright person will have any
> difficulty in following (which hasn't stopped it foxing a few non-bright
> people).
>


You're right, Mr. Heathfield, I should contribute to the group. And I
would have if you hadn't already beat me to it. I've learned a lot about
the C language and C programming over the years from reading your very
instructive posts.

But email addresses hasn't got a thing to do with being "invisible". I
would still be invisible even if I were using the right email address.

But that's neither here nor there
 
Reply With Quote
 
 
 
 
Zom-B
Guest
Posts: n/a
 
      03-05-2008
Comparing strings with == or != is the same as comparing the memory
locations where both strings are stored, which are of course
different. Try strcmp(password, "november13") instead. Note that this
needs the include "#include <string.h>".

Moreover, it is always a bad idea to store the password as plain text
in the source code. Anyone obtaining a copy of either the source or
executable can see the password with minimal effort. In fact, this is
exactly how I once "cracked" the trial version of UniVBE when I was a
kid.
 
Reply With Quote
 
 
 
 
borkhuis@gmail.com
Guest
Posts: n/a
 
      03-05-2008
On Mar 5, 11:55 am, Zom-B <(E-Mail Removed)> wrote:
> Moreover, it is always a bad idea to store the password as plain text
> in the source code. Anyone obtaining a copy of either the source or
> executable can see the password with minimal effort. In fact, this is
> exactly how I once "cracked" the trial version of UniVBE when I was a
> kid.


You know that this is illegal. Now we have to report you to the FBI,
the CIA, MI5 and the Internet Security Counsel. Please don't leave
your current location, you will be picked up within an hour.
 
Reply With Quote
 
Mark Wooding
Guest
Posts: n/a
 
      03-05-2008
Nomen Nescio <(E-Mail Removed)> wrote:

> if (password != "november13") {


It's probably worth pointing out that you can improve security by
hashing the passwords. You should probably replace the above with
something like

if (strcmp(sha384(password), sha384("november13"))) { ... }

-- [mdw]
 
Reply With Quote
 
Bartc
Guest
Posts: n/a
 
      03-05-2008

"Nomen Nescio" <(E-Mail Removed)> wrote in message
news:(E-Mail Removed)...
> Hello, for an assignment I need to protect my files with a
> password. Can anyone please tell me why my C/C++ program is
> not working?!!
>
> void main() {
> char password[40];
> fflush(stdin);
> password = gets(NULL);
> if (password != "november13") {
> 10 PRINT "INVALID PASSWORD"
> 20 BEEP
> 30 GOTO 10
> }
> }



Try this:

#include <stdio.h>
#include <string.h>

int main(void) {
char password[40];
char beep[2]={7,0};
int i;

fflush(stdin);
fgets(password,40,stdin);
for (i=0; i<40; ++i) if (password[i]<' '){password[i]=0; break;};

if (strcmp(password,"november13")!=0) {
ten:
puts("INVALID PASSWORD");
printf(beep);
goto ten;
};
}


--
Bart



 
Reply With Quote
 
santosh
Guest
Posts: n/a
 
      03-05-2008
Bartc wrote:

>
> "Nomen Nescio" <(E-Mail Removed)> wrote in message
> news:(E-Mail Removed)...
>> Hello, for an assignment I need to protect my files with a
>> password. Can anyone please tell me why my C/C++ program is
>> not working?!!
>>
>> void main() {
>> char password[40];
>> fflush(stdin);
>> password = gets(NULL);
>> if (password != "november13") {
>> 10 PRINT "INVALID PASSWORD"
>> 20 BEEP
>> 30 GOTO 10
>> }
>> }

>
>
> Try this:
>
> #include <stdio.h>
> #include <string.h>
>
> int main(void) {
> char password[40];
> char beep[2]={7,0};
> int i;
>
> fflush(stdin);
> fgets(password,40,stdin);
> for (i=0; i<40; ++i) if (password[i]<' '){password[i]=0; break;};
>
> if (strcmp(password,"november13")!=0) {
> ten:
> puts("INVALID PASSWORD");
> printf(beep);


Instead of this I think it would be more portable to use the
standardised "bell" escape sequence.

printf("\b");

Also a fflush(stdout) for the invalid message above to actually appear.

> goto ten;
> };
> }
>
>


 
Reply With Quote
 
Richard
Guest
Posts: n/a
 
      03-05-2008
Zom-B <(E-Mail Removed)> writes:

> Comparing strings with == or != is the same as comparing the memory
> locations where both strings are stored, which are of course
> different. Try strcmp(password, "november13") instead. Note that this
> needs the include "#include <string.h>".
>
> Moreover, it is always a bad idea to store the password as plain text
> in the source code. Anyone obtaining a copy of either the source or
> executable can see the password with minimal effort. In fact, this is
> exactly how I once "cracked" the trial version of UniVBE when I was a
> kid.


Wow. What a whoosh.
 
Reply With Quote
 
Bartc
Guest
Posts: n/a
 
      03-05-2008

"santosh" <(E-Mail Removed)> wrote in message
news:fqma5g$m4m$(E-Mail Removed)...
> Bartc wrote:


>> "Nomen Nescio" <(E-Mail Removed)> wrote in message
>> news:(E-Mail Removed)...


>>> void main() {
>>> char password[40];
>>> fflush(stdin);
>>> password = gets(NULL);
>>> if (password != "november13") {
>>> 10 PRINT "INVALID PASSWORD"
>>> 20 BEEP
>>> 30 GOTO 10
>>> }
>>> }

>>


>> #include <stdio.h>
>> #include <string.h>
>>
>> int main(void) {
>> char password[40];
>> char beep[2]={7,0};
>> int i;
>>
>> fflush(stdin);
>> fgets(password,40,stdin);
>> for (i=0; i<40; ++i) if (password[i]<' '){password[i]=0; break;};
>>
>> if (strcmp(password,"november13")!=0) {
>> ten:
>> puts("INVALID PASSWORD");
>> printf(beep);

>
> Instead of this I think it would be more portable to use the
> standardised "bell" escape sequence.
>
> printf("\b");


I looked for \g in K&R2 but not mentioned. But doesn't mention \b either
except as backspace. Apparently \a is the bell.

> Also a fflush(stdout) for the invalid message above to actually appear.


Wouldn't all those newlines in puts() force some output eventually? There
are an infinite number of messages so a few missing should do no harm.

--
Bart


 
Reply With Quote
 
Bartc
Guest
Posts: n/a
 
      03-05-2008
Mark Wooding wrote:
> Nomen Nescio <(E-Mail Removed)> wrote:
>
>> if (password != "november13") {

>
> It's probably worth pointing out that you can improve security by
> hashing the passwords. You should probably replace the above with
> something like
>
> if (strcmp(sha384(password), sha384("november13"))) { ... }


Wouldn't "november13" still exist in the executable? Unless sha384 is some
clever macro?

Perhaps encrypted in a separate program and the result put in here.

--
Bart


 
Reply With Quote
 
santosh
Guest
Posts: n/a
 
      03-05-2008
Bartc wrote:

>
> "santosh" <(E-Mail Removed)> wrote in message
> news:fqma5g$m4m$(E-Mail Removed)...
>> Bartc wrote:

>
>>> "Nomen Nescio" <(E-Mail Removed)> wrote in message
>>> news:(E-Mail Removed)...

>
>>>> void main() {
>>>> char password[40];
>>>> fflush(stdin);
>>>> password = gets(NULL);
>>>> if (password != "november13") {
>>>> 10 PRINT "INVALID PASSWORD"
>>>> 20 BEEP
>>>> 30 GOTO 10
>>>> }
>>>> }
>>>

>
>>> #include <stdio.h>
>>> #include <string.h>
>>>
>>> int main(void) {
>>> char password[40];
>>> char beep[2]={7,0};
>>> int i;
>>>
>>> fflush(stdin);
>>> fgets(password,40,stdin);
>>> for (i=0; i<40; ++i) if (password[i]<' '){password[i]=0;
>>> break;};
>>>
>>> if (strcmp(password,"november13")!=0) {
>>> ten:
>>> puts("INVALID PASSWORD");
>>> printf(beep);

>>
>> Instead of this I think it would be more portable to use the
>> standardised "bell" escape sequence.
>>
>> printf("\b");

>
> I looked for \g in K&R2 but not mentioned. But doesn't mention \b
> either except as backspace. Apparently \a is the bell.


Yes my mistake. '\a' is the sequence for audible alert.

>> Also a fflush(stdout) for the invalid message above to actually
>> appear.

>
> Wouldn't all those newlines in puts() force some output eventually?
> There are an infinite number of messages so a few missing should do no
> harm.


Oh right. I read that puts as printf

Not a very good day I'm afraid.

 
Reply With Quote
 
 
 
Reply

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
[FIX] Another possible fix for the missing ASP .Net tab problem Patrick Philippot ASP .Net 0 04-14-2006 11:48 AM
Xah's Edu Corner: The Concepts and Confusions of Pre-fix, In-fix, Post-fix and Fully Functional Notations Xah Lee Perl Misc 21 03-21-2006 07:02 AM
Xah's Edu Corner: The Concepts and Confusions of Pre-fix, In-fix, Post-fix and Fully Functional Notations Xah Lee Python 23 03-21-2006 07:02 AM
Xah's Edu Corner: The Concepts and Confusions of Pre-fix, In-fix, Post-fix and Fully Functional Notations Xah Lee Java 22 03-21-2006 07:02 AM
why browser cache setting affects program behavior? Fix? =?Utf-8?B?anVubGlh?= ASP .Net 2 05-20-2005 06:27 PM



Advertisments