security problem

i need to know why it skips automatically to the display denied function w/o looking at the user input if you need more code let me know im scratching my head at this point.

#include <iostream>
#include "Security.h"

using namespace std;

void main ( )
{
	//Get user name
	cout << "Enter your user name: " << endl;
	char userName[100];
	cin >> userName;

	//Determine the user's role
	Roles role = ROLE_UNKNOWN;
	if (userName == "bob")
		role = ROLE_ADMIN;
	else if (userName == "sue")
		role = ROLE_MANAGER;
	else if (userName == "jane")
		role = ROLE_USER;
	else if (userName == "pam")
		role = ROLE_MANAGER;
	else
		DisplayAccessDeniedMessage();

Return 0 (1282)

Because you cannot compare a char array with the == operator that way so none of the ifs are ever true. You should be using a string object instead. But if you must use a cstring you can use this: http://www.cplusplus.com/reference/clibrary/cstring/strcmp/

crxxtc (21)

so use gets(userName) and do a strcmp to what, how would i be able to strcmp to "bob".

filipe (1165)

gets() is very unsafe. Just use a std::string instead of a char array.

crxxtc (21)

how can i get "bob","sue","jane","pam" all into string should i

char bob,sue,jane,pam
string bob
string sue
string jane
string pam

then do my strcmp(userName,"bob)
if (true)
role=ROLE_ADMIN
else
{
}

am i on the right track or far from it????

Computergeek01 (5613)

Nope, forget the char variables for now and declare your strings like this:


string bob = "bob";
string sue = "sue";
string jane = "jane";
string pam = "pam";

switch(userName)
{
   case bob: role = ROLE_ADMIN; break;
   case sue: role = ROLE_MANAGER; break;
//code code code etc...

}

Athar (4466)

You can't use non-integral types with switch.
In the original program, char userName[100]; must be changed to string userName; and void main() to int main(). You also need to include <string>.

Computergeek01 (5613)

Oh Yeah.. I keep forgetting that about switch(). Sorry about that :p

Topic archived. No new replies allowed.