使用SQLite来验证登录Android版 [英] Using SQlite to validate Logins in Android
问题描述
我想在屏幕上创建一个登录在Android版的应用程序。我已经存储在用户表在一个数据库中有关用户的信息。
我想匹配在登录屏幕使用光标对象数据库中的值输入的用户名和密码,但它不工作,导致应用程序崩溃。
是否有人可以推荐或者如果可能的话用一些code段修正的办法。
将AP preciate它大的时候,谢谢。
下面是code为LoginForm的类。 (它使用DBAdapter类连接到数据库中)
包com.androidbook.LoginForm;
进口android.app.Activity;
进口android.content.Intent;
进口android.database.Cursor;
进口android.os.Bundle;
进口android.view.View;
进口android.widget.AutoCompleteTextView;
进口android.widget.Button;
进口android.widget.Toast;公共类LoginForm的延伸活动{
/ **当第一次创建活动调用。 * /
@覆盖
公共无效的onCreate(捆绑savedInstanceState){
super.onCreate(savedInstanceState);
的setContentView(R.layout.main); 最后DBAdapter DB =新DBAdapter(getBaseContext());
最后AutoCompleteTextView用户名=(AutoCompleteTextView)this.findViewById(R.id.AutoComUsernameLogin);
最后AutoCompleteTextView密码=(AutoCompleteTextView)this.findViewById(R.id.AutoComPasswordLogin); 的按钮=(按钮)findViewById(R.id.ClicktoRegister);
Register.setOnClickListener(新View.OnClickListener(){
公共无效的onClick(查看视图){
意图myIntent =新意图(view.getContext(),RegistrationForm.class);
startActivityForResult(myIntent,0);
}
});
// ************ LOG逻辑******************* *********** //
按钮登录=(按钮)findViewById(R.id.LoginButton);
Login.setOnClickListener(新View.OnClickListener(){
公共无效的onClick(查看视图){
。最后弦乐用户名= username.getText()的toString();
最终的字符串密码= password.getText()的toString()。 db.open(); 光标C = db.getAllTitles(); 而(c.moveToNext())
{
串C1 = c.getString(2);
串C2 = c.getString(3); 如果(C1 ==用户名)
{
如果(C2 ==密码)
{
Toast.makeText(LoginForm.this,
你成功地登录。,
Toast.LENGTH_LONG).show(); 意图myIntent =新意图(view.getContext(),Menu.class);
startActivityForResult(myIntent,0);
}
其他
{
Toast.makeText(LoginForm.this,密码错误,Toast.LENGTH_LONG).show();
}
意图myIntent =新意图(view.getContext(),LoginForm.class);
startActivityForResult(myIntent,0);
} 其他
Toast.makeText(LoginForm.this,不正确的,Toast.LENGTH_LONG).show();
} db.close();
}
});
}
}
由奇拉格拉瓦尔回答上述功能,但很容易受到SQL注入攻击。恶意用户可以很容易地绕过一个基本的SQLI有效载荷的认证机制(只要有至少在数据库中的单个条目对被检查人)。
有界值的参数化查询是更安全的做法。
杀青code片断:
公众诠释登录(用户名字符串,字符串密码)
{
的String [] = selectionArgs两个新的String [] {用户名,密码};
尝试
{
INT I = 0;
光标C = NULL;
C = db.rawQuery(从login_table选择*其中username =和密码=?,selectionArgs两个);
c.moveToFirst();
I = c.getCount();
c.close();
返回我;
}
赶上(例外五)
{
e.printStackTrace();
}
返回0;
}
这简单的改进是更安全,更容易code。
I'm trying to create a Log in screen for an app in Android. I have stored information about users in a 'users' table in a database. I'm trying to match the username and password entered at the log in screen with the values in the database using the cursor object but it doesnt work , causing the app to crash. Can someone please recommend or revise the approach, if possible with some code snippets. Will appreciate it big time, thanks.
Below is the code for the LoginForm class. (it uses a DBAdapter class to connect to the database)
package com.androidbook.LoginForm;
import android.app.Activity;
import android.content.Intent;
import android.database.Cursor;
import android.os.Bundle;
import android.view.View;
import android.widget.AutoCompleteTextView;
import android.widget.Button;
import android.widget.Toast;
public class LoginForm extends Activity {
/** Called when the activity is first created. */
@Override
public void onCreate(Bundle savedInstanceState) {
super.onCreate(savedInstanceState);
setContentView(R.layout.main);
final DBAdapter db = new DBAdapter(getBaseContext());
final AutoCompleteTextView username = (AutoCompleteTextView)this.findViewById(R.id.AutoComUsernameLogin);
final AutoCompleteTextView password = (AutoCompleteTextView)this.findViewById(R.id.AutoComPasswordLogin);
Button Register = (Button) findViewById(R.id.ClicktoRegister);
Register.setOnClickListener(new View.OnClickListener() {
public void onClick(View view) {
Intent myIntent = new Intent(view.getContext(), RegistrationForm.class);
startActivityForResult(myIntent, 0);
}
});
//************************** LOG IN LOGIC******************************//
Button Login = (Button) findViewById(R.id.LoginButton);
Login.setOnClickListener(new View.OnClickListener() {
public void onClick(View view) {
final String Username = username.getText().toString();
final String Password= password.getText().toString();
db.open();
Cursor c = db.getAllTitles();
while(c.moveToNext())
{
String c1=c.getString(2);
String c2=c.getString(3);
if(c1 == Username)
{
if(c2 == Password)
{
Toast.makeText(LoginForm.this,
"You are succesfully logged in.",
Toast.LENGTH_LONG).show();
Intent myIntent = new Intent(view.getContext(), Menu.class);
startActivityForResult(myIntent, 0);
}
else
{
Toast.makeText(LoginForm.this, "Incorrect password",Toast.LENGTH_LONG).show();
}
Intent myIntent = new Intent(view.getContext(), LoginForm.class);
startActivityForResult(myIntent, 0);
}
else
Toast.makeText(LoginForm.this, "Incorrect",Toast.LENGTH_LONG).show();
}
db.close();
}
});
}
}
The answer by Chirag Raval above functions but is vulnerable to SQL injection. A malicious user could easily bypass the authentication mechanism with a basic SQLi payload (as long as there were at least a single entry in the database being checked against).
A parameterized query with bounded values is the more secure approach.
Fixing the code snippet:
public int Login(String username,String password)
{
String[] selectionArgs = new String[]{username, password};
try
{
int i = 0;
Cursor c = null;
c = db.rawQuery("select * from login_table where username=? and password=?", selectionArgs);
c.moveToFirst();
i = c.getCount();
c.close();
return i;
}
catch(Exception e)
{
e.printStackTrace();
}
return 0;
}
This simple improvement is more secure and easier to code.
这篇关于使用SQLite来验证登录Android版的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
