0

User already created but I can't login. It keep saying wrong email and password. I can't find what's wrong since I am not really good.

But I've tried to change and re-type the select Query but nothing changed.

DatabaseHelper.java


    public boolean checkUser(String email) {
        String checkQuery = "SELECT * FROM " + USER_TABLE + " WHERE " + COLUMN_EMAIL + " = " + "'" + email + "'";
        SQLiteDatabase db = this.getReadableDatabase();

        Cursor cursor = db.rawQuery(checkQuery, null);
        cursor.moveToFirst();
        if (cursor.getCount() > 0) {
            return false;
        }
        return true;
    }


    public boolean getUser (String email, String password) {

        String selectQuery = "SELECT  * FROM " + USER_TABLE + " WHERE " + COLUMN_EMAIL + " = " + "'" + email + "'" +
                " AND " + COLUMN_PASS + " = " +  "'" + password + "'";

        SQLiteDatabase db = this.getReadableDatabase();
        Cursor cursor = db.rawQuery(selectQuery, null);
        cursor.moveToFirst();
        if(cursor.getCount()>0) {
            return true;
        }
        cursor.close();
        db.close();
        return false;
    }

LoginActivity.java

        if(session.loggedin()){
            startActivity(new Intent(LoginActivity.this,HomeActivity.class));
            finish();
        }

    @Override
    public void onClick(View v){
        switch (v.getId()){
            case R.id.login:
            login();
            break;
            case R.id.signup:
            startActivity(new Intent(LoginActivity.this,RegisterActivity.class));
            break;
            default:

        }
    }

    private void login(){
        String emails = email.getText().toString();
        String passwords = password.getText().toString();

        if(db.getUser(emails,passwords)){
            startActivity(new Intent(LoginActivity.this, HomeActivity.class));
            finish();
        }else {
            Toast.makeText(getApplicationContext(),"Wrong email or password!", Toast.LENGTH_SHORT).show();
        }
    }
Zoe
  • 27,060
  • 21
  • 118
  • 148
Nana
  • 1
  • 3
    The code you are showing is extremely insecure, I am not sure how your user is created and if you wrote that code as well, tough, you should hash the password concatenated with a random string normally called salt, your database should never have password saved in plain text. When a user tries to access you need to calculate the has again and compare it with the one in the database. For example take a look at this: https://howtodoinjava.com/security/how-to-generate-secure-password-hash-md5-sha-pbkdf2-bcrypt-examples/ – Norcino Apr 10 '19 at 08:15
  • 2
    Another security related comment, your code is vulnerable to SQL injection: https://en.wikipedia.org/wiki/SQL_injection – Norcino Apr 10 '19 at 08:16
  • Coming to the actual point of your question, given that I am not a Java nor Android developer I cannot help much, but all looks right, double check that the column name variables are not inverted. Also check this answer: https://stackoverflow.com/questions/8618536/is-sqlite-cursor-getcount-expensive-operation-in-android It looks like you can invoje getCount without calling movefirst, I wonder if moveFirst invalidate the getCount, I doubt but I cannot see other issues, – Norcino Apr 10 '19 at 08:30
  • @Norcino I could never understand why security is a issue when using `SQLite` as it's a database stored locally on your device. Someone should get hold of your device then they should know what they are doing before your info is in jeopardy? I understand if it is stored in `SQLite` temporarily then sent via a network. – HB. Apr 10 '19 at 16:00
  • @HB applying security criteria is always a good practice, if you or your team starts accepting compromises you will end up being exposed, vulnerable and potentially incur in serious financial and legal troubles. As developers we always have to put security high in the list of aspects we have to focus on. If crackers knows your app is easily exploitable they can push a target user to install it, for example through phishing, and then try to stole/use the device to steal the password, which unfortunately often is the same for multiple things including emails. – Norcino Apr 10 '19 at 16:24

0 Answers0