Android Question How to check username and decrypted password in the login form?

Pravee7094

Active Member
Hi all,
There is a one registration page and one login page.
In registration page, the user enter the data, especially when user enter the password, The password should be encrypt using some encrypt key and store in the local database(SQLite).
In login page, while the user enter the password, The password should be decrypt from the local database and check the username and password. If the the username and password is correct the user will allowed to the main menu. This is the concept.
I checked encryption and decryption function, It works perfectly.
But I don't know how to check the user entered password and the decrypted password is same using sql query.

B4X:
Sub Encrypt(as_str As String) As String
'encrytion
End Sub

Insert into sqlite table : (works)
B4X:
    Dim ls_sql As String
        Main.gs_sql.BeginTransaction
        ls_sql = "insert into table_name(mobileregistrationpk,fullname,mobilenumber,password,mobilename,regstatus) values ('"& Main.ge_cIniFile.UUIDv4 &"','"& is_fullname.Text &"','"& is_mobilenumber.Text &"','"& Main.ge_cIniFile.Encrypt(is_password.Text) &"','"& ilbl_mobilename.Text &"','"& "M" &"') "
       
        Main.gs_sql.ExecNonQuery(ls_sql)
        Log(ls_sql)
        Main.gs_sql.TransactionSuccessful
        Main.gs_sql.EndTransaction
       
        ToastMessageShow("Clients Information has been saved",False)

B4X:
Sub Decrypt(as_str As String) As String
    'decrypt'
End Sub

These query is incorrect:
B4X:
    Dim cursor As Cursor
    cursor = Main.gs_sql.ExecQuery("SELECT * FROM table_name WHERE mobilenumber = '" & is_mobilenumber.Text & "' AND password = '" & is_password.Text & "'")
     If cursor.RowCount > 0 Then
        ToastMessageShow("Login successful",False)
    Else
        ToastMessageShow("Login failure",False)
    End If

Anybody help?

thanks
Praveen
 

Erel

B4X founder
Staff member
Licensed User
Longtime User
You shouldn't continue before you fix this code. Writing queries like this is really not acceptable.

Point #4:
 
Upvote 0

cklester

Well-Known Member
Licensed User
Do not store the password encrypted. Store it hashed.

Then, when you get the user's password attempt, you hash the attempted password and compare to the hash in the database. If they are the same, you are good to go. Look up "hash password" here in the forum or with your favorite search engine.
 
Upvote 0
Cookies are required to use this site. You must accept them to continue using the site. Learn more…