• Post Reply Bookmark Topic Watch Topic
  • New Topic

My login code does not find Account and always return incorrect username\password  RSS feed

 
Yosuf Ibrahim
Ranch Hand
Posts: 128
4
Eclipse IDE Java Windows
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hello everyone,

As part of my project in uni, I am supposed to create an Attendance management system.  I am having this horrible issue in which I am unable to login into the attendance system. It keeps on telling me that my username and password are wrong. I have uploaded my project onto the google drive since all classes are dependent on each other one way or another.

Basic background I am supposed to create an automatic Attendance Mangement system that has 3 different kinds of accounts as follows(Student, Instructor and Advisor).
My issue is in the class UserAccount. In there I have methods that allow the making of those three kinds of accounts and links them to the owner of the account who is an object of type Person. All the accounts are also saved into a static Array list in the class UserAccount. When I run the program I select the Admin Access to create an account and that successfully gets created, however when I select the Enter AMS and enter the username and password for that account it always gives me the error message username or password is incorrect.

Help please, my project is due Saturday and if I do not get this working then the whole program is useless.

Google drive link so you can download the project is:
https://drive.google.com/file/d/0B9v7ABFs2xINRU1tRHRlOUtVN28/view?usp=sharing

WARNING: DO NOT CLICK THE SHUTDOWN BUTTON, it will shutdown your computer
 
Dave Tolls
Ranch Foreman
Posts: 3068
37
  • Likes 1
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
A lot of people won't go to external sites to check projects.

In your case it sounds like your issue is with the point where you compare usernames and passwords with those in your List of users.
Can you show that method, as a start?

Also, have you got logging in your code, even just simple System.out.println() calls?
I would add some logging lines in that above method to show what values you are checking with (uname and password), and what values the List holds.
This will help you narrow down where your problem is.
 
Yosuf Ibrahim
Ranch Hand
Posts: 128
4
Eclipse IDE Java Windows
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
I AM AN IDIOT.

Thank you so much, even though I looked at that method a million times I totally forgot that Strings are objects therefore to compare their values I have to use equalsTo method and not ==.

I fixed it, it is the method getUser in the UserAccount package and here is it's content after I fixed it
 
Dave Tolls
Ranch Foreman
Posts: 3068
37
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
I would make those two if statements a single one, but good you found the error!
 
Junilu Lacar
Sheriff
Posts: 11494
180
Android Debian Eclipse IDE IntelliJ IDE Java Linux Mac Spring Ubuntu
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
I realize that this is just a uni project but I hope you realize that what you did there for user authentication is probably very naive and very insecure coding practice. I say "probably" because there is still a very slim chance that the code you show does not deal with passwords in plain text.

Just last week I facilitated a workshop on aligning academia and industry and I had a participant from the industry who was a hiring manager for a CyberSecurity group in the US Navy. One of his issues about university education was that many students are not taught that they should NOT write this kind of naive and insecure code.
 
Junilu Lacar
Sheriff
Posts: 11494
180
Android Debian Eclipse IDE IntelliJ IDE Java Linux Mac Spring Ubuntu
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Even if the code you showed did not handle passwords in plain text, there are still smells with this design.

1. Why is getUser() static? This indicates to me a poor grasp of object orientation, which indicates to me that there are probably many other design problems in your code.

2. Why is getUser() responsible for authentication? How is that user collection declared? It looks like it's a static member of the class that contains this getUser method. Why is your list of users a static member of a class? These questions all Hint at problems in your design.

If this is a capstone project, something that you have been working on for a good portion of the term, that means you are probably a third- or fourth-year student who is close to graduating. For you to not know about secure coding practices is a bit problematic because when you graduate and join the industry as a professional, the chances of you producing similar kind of code is high. When do you think you'll learn about secure coding practices? On the job, if you are able to get one?

I'm not trying to be mean or anything so please don't read any kind of tone like that into my post. I do want to make you aware of some gaps you might want to address there before or soon after you graduate. We (programmers working in the industry) all have a responsibility to write secure code and in this day and age when software can affect many lives, we have to more aware of how seemingly innocent mistakes can be quite a lot more impactful than just "Oh, I'm an idiot!"
 
Liutauras Vilda
Sheriff
Posts: 4928
334
BSD
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Slightly aside from your main issue.

Looking to the code you showed us:

Apart from the poor style (missing braces, no spaces after 'if', 'for', no space before '{') as well as having static method which probably here is a mistake.

You have a method getUser() which returns UserAccount, that looks misleading to me. Not only that it gets presumably not a user (which supposed to be a class too) but user account, but also that it goes through the authentication process. That violates single responsibility principle - method needs to do only one thing.

Try to think along these lines maybe:

getUserAccount should get UserAccount irrespective of any other circumstances IF your program reached that step. If there can be possibly some other barriers, you need to check them too.

We glad you showed us that bit of code, so if you are up to, we can move on. Pleas let us know.
 
Junilu Lacar
Sheriff
Posts: 11494
180
Android Debian Eclipse IDE IntelliJ IDE Java Linux Mac Spring Ubuntu
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Dave Tolls wrote:I would make those two if statements a single one, but good you found the error!


It would be nice if what you are alluding to is something along these lines:

instead of this

or maybe even this arguably more object-oriented approach that doesn't break the User object's encapsulation:

Still, neither of the above two alternatives are good designs from a security-minded programming perspective.
 
Yosuf Ibrahim
Ranch Hand
Posts: 128
4
Eclipse IDE Java Windows
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Junilu Lacar wrote:Even if the code you showed did not handle passwords in plain text, there are still smells with this design.

1. Why is getUser() static? This indicates to me a poor grasp of object orientation, which indicates to me that there are probably many other design problems in your code.


How else am I supposed to look through a static ArrayList and return the user account if the method is not static?

Junilu Lacar wrote:
2. Why is getUser() responsible for authentication? How is that user collection declared? It looks like it's a static member of the class that contains this getUser method. Why is your list of users a static member of a class? These questions all Hint at problems in your design.


It is static because the users are made while the program is running. It does not extract information from files. All accounts are created at the start of the program and when the program is terminated all User accounts are gone too


Junilu Lacar wrote:
If this is a capstone project, something that you have been working on for a good portion of the term, that means you are probably a third- or fourth-year student who is close to graduating. For you to not know about secure coding practices is a bit problematic because when you graduate and join the industry as a professional, the chances of you producing similar kind of code is high. When do you think you'll learn about secure coding practices? On the job, if you are able to get one?

I'm not trying to be mean or anything so please don't read any kind of tone like that into my post. I do want to make you aware of some gaps you might want to address there before or soon after you graduate. We (programmers working in the industry) all have a responsibility to write secure code and in this day and age when software can affect many lives, we have to more aware of how seemingly innocent mistakes can be quite a lot more impactful than just "Oh, I'm an idiot!"


Bro, I am a first-year Computer Science student, I am nowhere close to graduating and this project I have been working on for less than a week lol. Thank you very much though for the insight, now I am even more hyped regards what I will be taking in my later courses.

Cheers Junilu
 
Junilu Lacar
Sheriff
Posts: 11494
180
Android Debian Eclipse IDE IntelliJ IDE Java Linux Mac Spring Ubuntu
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Yosuf Ibrahim wrote:How else am I supposed to look through a static ArrayList and return the user account if the method is not static?

You're not. That's exactly the point. This design where you have a static ArrayList that contains all your user accounts is a naive implementation and it's not secure.

It is static because the users are made while the program is running. It does not extract information from files. All accounts are created at the start of the program and when the program is terminated all User accounts are gone too

Fair enough. Since you're still a first-year student, you still have a lot to learn about object-orientation. What you describe is not object-oriented. When you write non-object-oriented code in Java, there are a lot of problems that arise. But again, you still have a lot to learn and hopefully, your school will teach you some of those things. If not, I hope you go out and try to figure it out yourself. From what I have observed in this industry, schools are really not that good at teaching students proper object-oriented programming. It's up to the student to augment what was taught in class with real, practical information that's freely (or practically free) available elsewhere.

Bro, I am a first-year Computer Science student, I am nowhere close to graduating and this project I have been working on for less than a week lol. Thank you very much though for the insight, now I am even more hyped regards what I will be taking in my later courses.

Well, I'm glad that you're still in the earlier stages of your education and I'm glad I got you thinking about some of the things you should be concerned about if and when you graduate and start working in the industry.

Good luck.
 
Yosuf Ibrahim
Ranch Hand
Posts: 128
4
Eclipse IDE Java Windows
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Junilu Lacar wrote:
Yosuf Ibrahim wrote:How else am I supposed to look through a static ArrayList and return the user account if the method is not static?

You're not. That's exactly the point. This design where you have a static ArrayList that contains all your user accounts is a naive implementation and it's not secure.

It is static because the users are made while the program is running. It does not extract information from files. All accounts are created at the start of the program and when the program is terminated all User accounts are gone too

Fair enough. Since you're still a first-year student, you still have a lot to learn about object-orientation. What you describe is not object-oriented. When you write non-object-oriented code in Java, there are a lot of problems that arise. But again, you still have a lot to learn and hopefully, your school will teach you some of those things. If not, I hope you go out and try to figure it out yourself. From what I have observed in this industry, schools are really not that good at teaching students proper object-oriented programming. It's up to the student to augment what was taught in class with real, practical information that's freely (or practically free) available elsewhere.

Bro, I am a first-year Computer Science student, I am nowhere close to graduating and this project I have been working on for less than a week lol. Thank you very much though for the insight, now I am even more hyped regards what I will be taking in my later courses.

Well, I'm glad that you're still in the earlier stages of your education and I'm glad I got you thinking about some of the things you should be concerned about if and when you graduate and start working in the industry.

Good luck.


Cheers mate, and for your information, I am not convinced regarding the getUser method either, according to my project instructions I have to use a public method called getUser that takes 2 strings and returns a user account. Apart from that, I have no idea what is supposed to be inside it so I just filled it with whatever came first in my mind.

As a matter of fact I have multiple other objections regarding the design of the project, but when I took them to my instructor his answer was as follows, "You are right, but these instructions everyone has them and I expect you to follow them as well if you do not want to lose grades. What we are trying to teach you is how to follow a plan because that is what object oriented is about"

So I am following the stupid plan. I just wish it was a bit more detailed.
 
Junilu Lacar
Sheriff
Posts: 11494
180
Android Debian Eclipse IDE IntelliJ IDE Java Linux Mac Spring Ubuntu
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Yosuf Ibrahim wrote:
As a matter of fact I have multiple other objections regarding the design of the project, but when I took them to my instructor his answer was as follows, "You are right, but these instructions everyone has them and I expect you to follow them as well if you do not want to lose grades. What we are trying to teach you is how to follow a plan because that is what object oriented is about"

So I am following the stupid plan. I just wish it was a bit more detailed.

No, following a plan is NOT "what object-oriented is about." I have a lot of choice words I'd like to say right now but as a moderator, I'm supposed to set an example. So, if you can't say anything nice, don't say anything, which I won't.

I'm glad you are showing that at least you're not about to be cowed into just following what your instructor says just because he wields the power over your grades. Critical thinking is an important quality that you should hone as a Computer Scientist and one who would develop software that will be used for doing anything useful. Be respectful, play their game because you have to, but don't forget: your instructors are only human, they can be wrong, too, even if they don't want to admit it.
 
Yosuf Ibrahim
Ranch Hand
Posts: 128
4
Eclipse IDE Java Windows
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Junilu Lacar wrote:
Yosuf Ibrahim wrote:
As a matter of fact I have multiple other objections regarding the design of the project, but when I took them to my instructor his answer was as follows, "You are right, but these instructions everyone has them and I expect you to follow them as well if you do not want to lose grades. What we are trying to teach you is how to follow a plan because that is what object oriented is about"

So I am following the stupid plan. I just wish it was a bit more detailed.

No, following a plan is NOT "what object-oriented is about." I have a lot of choice words I'd like to say right now but as a moderator, I'm supposed to set an example. So, if you can't say anything nice, don't say anything, which I won't.

I'm glad you are showing that at least you're not about to be cowed into just following what your instructor says just because he wields the power over your grades. Critical thinking is an important quality that you should hone as a Computer Scientist and one who would develop software that will be used for doing anything useful. Be respectful, play their game because you have to, but don't forget: your instructors are only human, they can be wrong, too, even if they don't want to admit it.


Thanks for that, I am glad someone is finally is backing me up. Got tired of hearing the same thing over and over again, even my friends think I am stupid because I like to do extra work, so thanks again Junila, you will be seeing a lot more of me here since I can ASK
 
Junilu Lacar
Sheriff
Posts: 11494
180
Android Debian Eclipse IDE IntelliJ IDE Java Linux Mac Spring Ubuntu
  • Likes 1
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Yosuf Ibrahim wrote:even my friends think I am stupid because I like to do extra work,
It's the students who do extra work who will probably be better than those who don't when all is said and done. Keep it up.
so thanks again Junila,
No problem, glad to be able to help.

BTW, it's "Junilu", not "Junila" -- the letters "a" and "u" are pretty far apart on a standard keyboard so it's not likely you fat-fingered my name.
 
Yosuf Ibrahim
Ranch Hand
Posts: 128
4
Eclipse IDE Java Windows
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Junilu Lacar wrote:
BTW, it's "Junilu", not "Junila" -- the letters "a" and "u" are pretty far apart on a standard keyboard so it's not likely you fat-fingered my name.


Sorry about that "JUNILU" I was typing in the dark

Cheers mate
 
Dave Tolls
Ranch Foreman
Posts: 3068
37
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Junilu Lacar wrote:
Still, neither of the above two alternatives are good designs from a security-minded programming perspective.


Well, since the Users are held in a List there are lots of other issues on the security side, as you've said.
This was clearly not a final project.

I did consider suggesting moving it to its own validation bit, but ...
 
Junilu Lacar
Sheriff
Posts: 11494
180
Android Debian Eclipse IDE IntelliJ IDE Java Linux Mac Spring Ubuntu
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Dave Tolls wrote:This was clearly not a final project.

You'd hope it wasn't but you shouldn't act surprised if it were. The state of security-related education at the university level is far worse than it is in the industry and that's not even saying much about the industry.
 
Junilu Lacar
Sheriff
Posts: 11494
180
Android Debian Eclipse IDE IntelliJ IDE Java Linux Mac Spring Ubuntu
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
OP wrote:...but when I took them to my instructor his answer was as follows, "You are right, but these instructions everyone has them and I expect you to follow them as well if you do not want to lose grades. What we are trying to teach you is how to follow a plan because that is what object oriented is about"

One more thing about this that I have to comment on: Following a plan is not nearly as important as HAVING a plan. Even the best laid plans don't survive first contact with the enemy, as one general put it (I think it might have been Eisenhower). It seems your instructor might be stuck in the era where analysis, design, and development were siloed in separate functional areas of a development organization. Despite there being many companies that still use this type of organization, it has many problems and more progressive development organizations recognize the shortcomings and related problems that arise.

Software is abstract. Plans are abstract. By definition, when something is abstract, details are left out. Details only come out when you have code. There is a school of thought that believes that Code is the Design. I believe this. When you have Architects and Designers handing out untested and uncoded designs in the form of textual specifications written in plain, non-executable prose, there are bound to be omissions and assumptions. These "unwritten" things are what give rise to many bugs and design problems in the code. The OP's little project and the requirements he was given is a perfect example of this.

Nobody, and I mean NOBODY, is good enough to be able to specify a non-trivial program, in plain prose, to such an extent that a "lowly developer" can just go and mindlessly follow those specs and expect to come up with a correct and well-designed program. NOBODY. It has never happened and it never will happen.  There will always be code and there will always be a need for people who write code to think about the DETAILS of the design that are NOT included in a higher-level design specification.

So I am following the stupid plan.

If you want other people to listen to reason, you probably don't want to start off with shutting their minds down and making them throw up defenses by calling their plans "stupid". Try to frame it in a different way. Maybe say that you "have  some serious concerns" about the design.  See my point above about how high-level, non-code specifications cannot cover every possible detail of the design, not in a way that's practical to do in the real world at least.

Software requirements in the real-world of software development are seldom handed down to you, the developer, in a neat little package of text. Sometimes they try to do that but its very rarely correct. You often have to go back and ask questions, give feedback based on what you've developed and tested, and then go back and make the appropriate adjustments to the original requirements, based on what you've learned so far.  This is a constant feedback loop and successful development requires this feedback cycle to be there. When it's not there, you get the kind of disasters we've seen recently in debacles like the initial offering of healthcare.gov

I have seen multimillion dollar failures of projects because of the hubris/naiveté/excessive optimism that some software development organizations have in "following a plan." Beware of people who tell you to just blindly follow a plan—they can actually cost you your job or worse.

 
Dave Tolls
Ranch Foreman
Posts: 3068
37
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Junilu Lacar wrote:
Even the best laid plans don't survive first contact with the enemy, as one general put it (I think it might have been Eisenhower).


Helmuth von Moltke senior.  The one that won the Franco-Prussian war.
A quote that's often forgotten by critics of Moltke junior when they criticise him for not following the Schlieffen plan to the letter in 1914.

That is your history lesson for the day!
 
Consider Paul's rocket mass heater.
  • Post Reply Bookmark Topic Watch Topic
  • New Topic
Boost this thread!