验证保存在 txt 文件中的用户名和密码 Java
声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow
原文地址: http://stackoverflow.com/questions/14470110/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me):
StackOverFlow
verifying username and password saved in a txt file Java
提问by user2001913
When someone registers, the username, and password is saved in a .txt file. The code below verifies each line to check if the username and password exist in the file.
当有人注册时,用户名和密码会保存在 .txt 文件中。下面的代码验证每一行以检查文件中是否存在用户名和密码。
However, I don't want it to work this way because it gets a username with a random password... I need it to verify both username and password for each user registered, any help? (I'm using NetBeans)
但是,我不希望它以这种方式工作,因为它使用随机密码获取用户名...我需要它来验证每个注册用户的用户名和密码,有什么帮助吗?(我正在使用 NetBeans)
public boolean isCustomer(){
boolean isFound = false;
String record = null;
FileReader in = null;
try{
in = new FileReader ("login.txt");
BufferedReader bin = new BufferedReader(in);
record = new String();
while ((record = bin.readLine()) != null)
{
if (NameTextField.getText().contentEquals(record))
isFound = true;
if (jPasswordField.getText().contentEquals(record))
isFound = true;
}
bin.close();
bin = null;
}catch(IOException ioe){
NameTextField.setText("IOProblem");
}
return isFound;
}
The login.txt looks like this (username, then password and "$$$" as a separator):
login.txt 看起来像这样(用户名,然后是密码和“$$$”作为分隔符):
Joe
656451asda
$$$
Robert
123456hbb
$$$
Tracey
56464999abc
$$$
Celia
abc1234897
$$$
回答by MadProgrammer
This ...
这 ...
if (NameTextField.getText().contentEquals(record))
isFound = true;
if (jPasswordField.getText().contentEquals(record))
isFound = true;
Means that if you find either the user name OR the password in the text file, it will return true. I'm pretty sure you don't want to do this.
意味着如果您在文本文件中找到用户名或密码,它将返回 true。我很确定你不想这样做。
Better to use two flags (foundUserand foundPasswordfor example) which you can set as required and then return foundUser && foundPassword
最好使用两个标志(foundUser和foundPassword例如),它可以根据需要设置,然后return foundUser && foundPassword
Updated from feedback
根据反馈更新
When checking the username/password values, you need to make sure that the password you are trying to match is being matched against the user, something like...
检查用户名/密码值时,您需要确保您尝试匹配的密码与用户匹配,例如...
if (foundUser && jPasswordField.getText().contentEquals(record)) {
foundPassword = true;
break; // No need to compare any more details...
} else {
foundUser = false;
}
if (NameTextField.getText().contentEquals(record)) {
foundUser = true;
}
Updated
更新
As a side note, you really shouldn't get using JPasswordField#getTextas it is a security risk. You should be using JPassword#getPasswordand using Arrays.equals(char[], char[])to compare them.
作为旁注,您真的不应该使用JPasswordField#getText它,因为它存在安全风险。您应该使用JPassword#getPassword和使用Arrays.equals(char[], char[])来比较它们。
This, obviously raises issues with how you read the data from the text file as well.
这显然也会引起您如何从文本文件中读取数据的问题。
(Mind you, having the username/passwords in a text file is probably a larger security risk :P)
(请注意,将用户名/密码放在文本文件中可能会带来更大的安全风险:P)
回答by Emanuele Paolini
As pointed out in other answers there are many issues you should consider:
正如其他答案中所指出的,您应该考虑许多问题:
you should not store plain passwords. Compute a hash from the password and store the hash.
if possible use a database instead of a text file
if you cannot use a database store the username/password information on a single line of text. Here is a format which is similar to the one used in Unix password files:
joe:fjckdsoij48738423 marian:fjccoekrnvn3iernci3en mrbean:fjd84jfn4u48fu4nf
你不应该存储简单的密码。根据密码计算哈希值并存储哈希值。
如果可能,请使用数据库而不是文本文件
如果您不能使用数据库将用户名/密码信息存储在一行文本中。这是一种类似于 Unix 密码文件中使用的格式:
joe:fjckdsoij48738423 marian:fjccoekrnvn3iernci3en mrbean:fjd84jfn4u48fu4nf
when you want to check a password (the hash of the password in view of point 1) you can read the password file line by line. Split the line on the occurence of the first ':' character to find username and password. Compare with user provided data.
当您要检查密码(鉴于第 1 点的密码哈希值)时,您可以逐行读取密码文件。在第一个 ':' 字符出现时拆分行以查找用户名和密码。与用户提供的数据进行比较。
回答by Andrew
You should really be using a database for this.
您真的应该为此使用数据库。
If not the next best thing would be to scan in the file and use a Map with the username as the key. However you would still need to update the file accordingly in-case your program crashes.
如果不是,下一个最好的方法是扫描文件并使用以用户名作为键的 Map。但是,您仍然需要相应地更新文件,以防您的程序崩溃。
回答by sdasdadas
You can't use the same boolean for a username and password. Once it finds one it will be set to true, and it doesn't matter if it finds the other (which is wrong, they both need to be there!).
您不能对用户名和密码使用相同的布尔值。一旦它找到一个它就会被设置为真,它是否找到另一个都没有关系(这是错误的,它们都需要在那里!)。
I would set it up this way:
我会这样设置:
private String getUsername(String filename) {
// 1. Open up the file.
// 2. Return the String.
}
private String getPassword(String filename) {
// Basically the same, but return the password.
}
Then, in isCustomer() you can do this:
然后,在 isCustomer() 中,您可以执行以下操作:
String username = getUsername(filename);
String password = getPassword(filename);
return (username != null) && (password != null); // makes sure they're both there.
(Also, you really shouldn't be storing this in an unencrypted text file. That's a very bad idea and is something you NEED to learn if you want to be a programmer.)
(另外,你真的不应该把它存储在一个未加密的文本文件中。这是一个非常糟糕的主意,如果你想成为一名程序员,你需要学习。)
回答by Emanuele Paolini
Put username and password in the same line of text.
将用户名和密码放在同一行文本中。
