PDA

View Full Version : [Qt/Sql] SQL Authentification : what query execute ?


CR4SH
4th May 2013, 10:10
Hi!

First of all, you need to now that I'm not very fluent in English, then be lenient if some of my explanation are not very good.

I'm trying to create some sort of authentication software on my stage, we give a pair username / pwd then the software must check whether the username exists in the database then check if pwd matches.
But I stumble on two problems :

- The first : the pwd stored in the SQL database are hashed (and maybe salty), and I wonder if with Qt, it could be hashed and salted in the same way so that both pwd correspond to history compare, if so, how?
- The second : I don't know what to request and what order to perform the above steps, I would like to know if you could also help me on this point (possibly with specific code).

Here is my actual code ( these are just attempts ):


void loginFen::buttonConnect_onClicked()
{
QSqlQuery query;
query.prepare("SELECT mdp from users WHERE pseudo=:pseudo");
query.bindValue(":pseudo", pseudo->text());

if(query.exec())
{
//query.first();
if(query.value(2).toString() == password->text()) // the problem is here
{
close();
Fenetre *Fen = new Fenetre;
Fen->show();
Fen->loadStyle();
}
else
{
QMessageBox::information(this, "Erreur de saisie", "Le mot de passe que vous avez entré est incorrect, veuillez réessayer"); // wrong password
}
}
else
{
QMessageBox::information(this, "Erreur de saisie", "Le pseudo que vous avez entré est incorrect, veuillez réessayer"); wrong pseudo
}

Thanks for your help anyway & thank you to tell me if it is not accurate enough, in which case, I'll explain again my problem !
Lesiok
4th May 2013, 10:56
First of all in line 4 You are taking from database only one value (mdp) but in line 10 You are trying to read value number 2 from result. Lines 9 and 10 should looks like :
if( query.first() )//position on first record. if false then SELECT returns nothing
if(query.value(0).toString() == password->text())
CR4SH
4th May 2013, 11:11
Thanks you for your help, now, if pseudo AND pwd is correct, then it work. But, how to do for check for existing pseudo/ pwd in database, like any kind of authentication system, which query I need ?
I've read that, in PHP, we need to use something like :



<?php
$req = $bdd->prepare("SELECT COUNT(*) FROM profil WHERE pseudo = :pseudo");
$req->bindValue(':pseudo', $_SESSION['pseudo'], PDO::PARAM_STR);
$req->execute();
$nb = $req->fetchColumn();
if($nb == 0)
echo 'Pseudo not found';
else
// ...

But i don't know how to do in Qt.
Lesiok
4th May 2013, 13:14
Exactly the same as in PHP. After all, your main tool is here SQL and not PHP or C++.
CR4SH
4th May 2013, 13:26
Yes but which function works the same as fetchColumn ? And what will be the type of $nb in case of Qt use ?
CR4SH
5th May 2013, 09:15
Does anyone can help me ? I really need help to do this ...
Lesiok
5th May 2013, 12:19
Think a little. In the first email you know how to read a value from the database and now not ?
QSqlQuery query;
query.prepare("SELECT COUNT(*) FROM profil WHERE pseudo = :pseudo");
query.bindValue(":pseudo", pseudo->text());
if(query.exec())
{
query.first();
if( query.value(0).toInt() == 0 )
{//not found
}
else
{//found
}
}
CR4SH
5th May 2013, 18:52
Thanks for your help, i finaly found how to do.