Login


Security

Security is one of the main topics when accessing a remote information system. The main questions about security when logging in are:
  1. Is it secure to provide my login information?
  2. Is it secure for the information (that I will provide or that I will request) to travel for the channel?
In an Intranet, the channels of communication are private and security is high. In the Internet, however, most channels of communication are public and shared with a lot of customers compromising the security. In a web page there are two protocols to communicate with the server: HTTP and HTTPS. In HTTP, the information travels in plain text and can be easily tamper by an intruder. HTTPS provides the only secure way to communicate with a web server.

Authentication

Authentication is used to know who is logging into the system. A web page offers to methods: Basic and Digest. Basic authentication is based on text and can be safely used in Intranet or web sites where the information does not require a high level of security.

Login Dialog (Form)

The login dialog collects a username and a password. If the the pair username-password is correct, access to the system is granted. Typically, the GUI has an OK button with the property Default Button so that the user can use the Enter key to diminish the dialog.

Problem 1
Create a program called Login to shown the list of employees in the Best Buy database. To login into the system, the program must prompt for a username and password. The system should provide three chances to login in. Once the employee has successfully login in, the program shows the list of employees in a list view control. If the employee is an administrator, the system must display the employee passwords.

Step A
Add a Wintempla Dialog called LoginDlg as shown.

LoginDlgGui

Step B
Edit the file LoginDlg.h

LoginDlg.h
#pragma once //_____________________________________________ LoginDlg.h
#include "resource.h"

class LoginDlg: public Win::Dialog
{
public:
     LoginDlg()
     {
          tryCount = 0;
     }
     ~LoginDlg()
     {
     }
     int tryCount;
public: // PUBLIC TO GIVE ACCESS TO tbxUsername
     ...
};

Step C
Edit the LoginDlg.cpp file.

LoginDlg.cpp
...
void LoginDlg::Window_Open(Win::Event& e)
{
     this->Text = L"Login";
}

void LoginDlg::btOK_Click(Win::Event& e)
{
     //_________________________________________________________ 1. User can try three times
     if (tryCount >= 3)
     {
          this->EndDialog(FALSE);//dlg.BeginDialog(hWnd) will return FALSE
          return;
     }
     //_________________________________________________________ 2. Be sure, there are an username and a password
     if (tbxUsername.Text.length() <= 1) return;
     if (tbxPassword.Text.length() <= 1) return;
     tryCount++;
     //_________________________________________________________ 3. Create SELECT statement
     wstring cmd;
     Sys::Format(cmd,
               L"SELECT COUNT(*) FROM employee WHERE username = \'%s\' AND user_passw = \'%s\'",
               tbxUsername.Text.c_str(), tbxPassword.Text.c_str());
     //_________________________________________________________ 4. Execute SELECT
     Sql::SqlConnection conn;
     int count = 0;
     try
     {
          //conn.OpenSession(DSN, USERNAME, PASSWORD); //Control Panel>Administrative Tools>Data Sources (ODBC)>Create dsn_myDatabase
          conn.OpenSession(hWnd, CONNECTION_STRING);
          count = conn.GetInt(cmd);
          if (count == 1)
          {
               this->EndDialog(TRUE);//dlg.BeginDialog(hWnd) will return TRUE
               return;
          }
          else
          {
               tbxUsername.ShowBalloonTip(L"Login", L"Invalid username or incorrect password", TTI_ERROR);
          }
     }
     catch (Sql::SqlException e)
     {
          this->MessageBox(e.GetDescription(), L"Error", MB_OK | MB_ICONERROR);
     }
}

void LoginDlg::btCancel_Click(Win::Event& e)
{
     this->EndDialog(FALSE);
}


Step D
Edit the Login.cpp file. Be sure to compile and run the program using the Release version of your program.

Login.cpp
...
void Login::Window_Open(Win::Event& e)
{
//#ifndef _DEBUG
     LoginDlg dlg;
     if (dlg.BeginDialog(hWnd) == TRUE) //__________________ Give Access
     {
          this->Text = L"Welcome ";
          this->Text += dlg.tbxUsername.Text;
     }
     else
     {
          this->Destroy(); //_________________________________ Deny Access
     }
//#endif

     //____________________________________________________ 1. Column Setup
     ...
     //____________________________________________________ 2. Create SELECT statement
     wstring sqlCmd;
#ifdef _DEBUG
     sqlCmd = L"SELECT is_admin FROM employee WHERE username = \'jimmy\'";
#else
     Sys::Format(sqlCmd, L"SELECT is_admin FROM employee WHERE username = \'%s\'",
          dlg.tbxUsername.Text.c_str());
#endif
     //____________________________________________________ 3. Execute SELECT
     Sql::SqlConnection conn;
     try
     {
          //conn.OpenSession(DSN, USERNAME, PASSWORD); //Control Panel>Administrative Tools>Data Sources (ODBC)>Create dsn_myDatabase
          conn.OpenSession(hWnd, CONNECTION_STRING);
          //_____________________________________________ Is Admin?
          const bool isAdmin = conn.GetBool(sqlCmd);
          if (isAdmin == true)
          {
               ...
          }
          else
          {
               ...
          }     
     }
     catch (Sql::SqlException e)
     {
          ...
     }
}

InvalidLogin

WelcomeLaura

WelcomeJimmy

Problem 2
Create a program called LoginWeb to shown the list of employees of Best Buy using a list view control. To login into the system, the program must prompt for a username and password using Basic Authentication. Please see Wintempla > Publishing a Web Site to learn more about Access Authentication. Publish the web application to a web server using Basic Authentication. In this case, we will not use the username and password stored in the database; instead you must create two user accounts in the web server (the local computer if you have a laptop.), one for Jim Ferry (username: jimmy, password: 123) and another for Laura Lou (username: laura, pasword: abc). You need also to modify the best_buy.sql file to allow the user account to connect to the SQL server. If you test this application using Microsoft Visual Studio, you need to provide a valid username; however you can provide any password. This will be corrected once you publish the web application.

LoginWeb

WelcomeLauraWeb

WelcomeJimmyWeb

Index.cpp
...
void Index::Window_Open(Web::HttpConnector& h)
{
     //_______________________________________________________________ 1. By default all users are Unauthorized
     h.httpCode = 401; // 401 Unauthorized
     //_______________________________________________________________ 2. Get AUTH_USER or LOGON_USER
     wstring username;
     if (h.GetServerVariable("AUTH_USER", username) == false) return;
     if (username.empty() == true) return;
     //_______________________________________________________________ 3. User is authenticated
     h.httpCode = 200; // 200 OK
     //_______________________________________________________________ 4. Column setup
     lvEmployee.Cols.Add(LVCFMT_LEFT, 20, L"First name");
     lvEmployee.Cols.Add(LVCFMT_LEFT, 20, L"Last name");
     lvEmployee.Cols.Add(LVCFMT_RIGHT, 20, L"Username");
     //_______________________________________________________________ 5. Create SELECT statement
     wstring cmd;
     Sys::Format(cmd, L"SELECT is_admin FROM employee WHERE username = \'%s\'",
               username.c_str());
     //_______________________________________________________________ 6. Execute SELECT
     Sql::SqlConnection conn;
     try
     {
          //conn.OpenSession(DSN, USERNAME, PASSWORD); //Control Panel>Administrative Tools>Data Sources (ODBC)>Create dsn_myDatabase
          conn.OpenSession(NULL, CONNECTION_STRING);
          //
          this->Title = L"Welcome ";
          this->Title += username;
          //_____________________________________________ Is Admin?     
          const bool isAdmin = conn.GetBool(cmd);
          //
          if (isAdmin == true)
          {
               lvEmployee.Cols.Add(LVCFMT_RIGHT, 20, L"Password");
               conn.ExecuteSelect(L"SELECT employee_id, first_name, last_name, username, user_passw FROM employee", 100, lvEmployee);
          }
          else
          {
               conn.ExecuteSelect(L"SELECT employee_id, first_name, last_name, username FROM employee", 100, lvEmployee);
          }
     }
     catch (Sql::SqlException e)
     {
          this->MessageBox(e.GetDescription(), L"Error", MB_OK | MB_ICONERROR);
     }
}


© Copyright 2000-2019 Wintempla selo. All Rights Reserved. Sep 05 2019. Home