3

is there something wrong with this if statement i am trying to make a swing login system??? thanks :)

 public void login()
    {
           String username = loginField.getText();
           char[] password = loginPass.getPassword();
           if (username.equals("test") && password.equals("test"))
           {
                    System.out.println("logged in");
           }
    }
Improve this question
6
  • Your requirement is actually not clear. That's why cannot tell if it's working the correct way. Commented Nov 13, 2010 at 20:49
  • Never hardcode some username/password in the sourcecode, even for testing purpose. The removement of those credentials from production code will be forgotten and as a result, a default login for hackers is available. Commented Nov 13, 2010 at 21:01
  • You're doing seventeen things wrong that have nothing to do with this question. Thank you for shopping StackOverflow. Commented Nov 13, 2010 at 21:04
  • @Michael: If someone wants to enter the program without password, he simply enters the app without password. Hard-coded or not. Maybe you should take a look at reverse engineering. And a look at "Another Java Decompiler" if I'm right. Commented Nov 13, 2010 at 21:20
  • @Michael: Except when you encrypt a part of the app. And the algorithm to decrypt makes use of an entered password.... Commented Nov 13, 2010 at 21:22

5 Answers 5

Reset to default
6

You might want 

new String(password).equals("test")

instead. Comparing array to string makes little sense.

Improve this answer
Sign up to request clarification or add additional context in comments.

3 Comments

-1 If it was a good idea for the password field to use a string for the password, it would not bother using a char array.
@Pete Kirkham: Explain, why the String should be a bad solution (besides that the answer only suggests to convert the array for the check).
@Mnementh The only case I know is when you store hashed passwords in database: you usually can't convert them to string. That's not the case here, however.
2

Yes. The part where you check the password is wrong. password is a char[]. So you have to change the way of checking it:

Way 1: Create a String of it

if (new String(password).equals("test"))

Way 2: Iterate over the array and check char by char:

public boolean checkPassword(char[] pass, String correctPass)
{
    if (pass.length != correctPass.length()) return false;

    for (int i = 0; i < pass.length; i++)
    {
        if (pass[i] != correctPass.charAt(i)) return false;
    }
    return true;
}

And in your if-statement

if (checkPassword(password, "test"))
Improve this answer

2 Comments

You also should zero out the char array.
Would look simpler with Arrays.equals.
1 
password.equals("test")

will always return false, because test as String and password as char[] are different classes. They can never be equal.

But you can use the char[] representation of the String and check the arrays on equality via boolean java.utilArrays.equals(char[] a,char[] b):

java.util.Arrays.equals(password,"test".toCharArray())

In real life you may won't have password as String but already as char[]. Then of course you can directly use it in Arrays#equals.

Improve this answer

Comments

1

Yes. 'password' is an array - doing an equals on it is a reference comparison. Convert it to a String and do equals on that.

EDIT: It looks like this is the "proper" way:

private static boolean isPasswordCorrect(char[] input) {
    boolean isCorrect = true;
    char[] correctPassword = { 'b', 'u', 'g', 'a', 'b', 'o', 'o' };

    if (input.length != correctPassword.length) {
        isCorrect = false;
    } else {
        isCorrect = Arrays.equals (input, correctPassword);
    }

    //Zero out the password.
    Arrays.fill(correctPassword,'0');

    return isCorrect;
}

From the java tutorials.

Improve this answer

4 Comments

@Pete - Enlighten me. Why is it a bad idea then?
@Pete - Maybe you can post your solution. Since it looks like everyone here is wrong? :)
@Pete - NM, I think I get it. Thanks for the heads up.
Because objects of type String are immutable -- the contents of the string cannot be changed or overwritten after use
-1

The char[] doesn't equals to a String. Try to create a String out of it:

new String(password).equals("test")
Improve this answer

2 Comments

-1 If it was a good idea for the password field to use a string for the password, it would not bother using a char array.
I suggested only to convert the char-array into a String, not to change the input-field.

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.