Password
| Volume Number: | | 7
|
| Issue Number: | | 7
|
| Column Tag: | | C Workshop
|
| Related Info: Dialog Manager
|
Password Dialogs 
By Bill Schilit, New York, NY
Note: Source code files accompanying article are located on MacTech CD-ROM or source code disks.
Making a Password Dialog
Bill Schilit has been programming the Macintosh since the days of the 128K. He co-authored Macintosh Kermit, and the CAP Appletalk-Unix File Server. Bill is currently a graduate student at Columbia University’s Computer Science department.
This article describes how to program a dialog with a non-displaying “password” field. In this type of dialog, when the user types in his or her password all they see are bullet characters (“•”) -- because you never know who may be looking over your shoulder.
The password field of the dialog must handle delete, backspace, and replacement of the text selection. Basically, even though you can’t see the characters being entered you want it to act like a normal Text Edit field. One nice solution to the problem is to create an offscreen TE field to hold the plain text password while the dialog TE field holds the bullets.
The Login Dialog
In the program below, LoginDialog() is called to display the dialog box, it returns the user name and password entered by the user. The filter procedure, LoginFilter() does the real work here: it checks the name and password lengths, keeps the offscreen TE record up to date, and exchanges the password character with a bullet.
LoginDialog() first loads the dialog from the resource file and then calls SetPort() to set the GrafPort to the dialog window. SetPort is required for TENew() a few lines below, since TextEdit remembers the GrafPort for you. The destination and view rectangles we supply to TENew() are outside of the dialog window, so we never actually see this TE field. After creating the invisible text edit field, a pointer to it is stored in the dialog window via SetWRefCon() so that the filter procedure has access to it.
The rest of LoginDialog() is fairly standard. The procedure loops until the user types the OK button at which point the user name and password fields are copied for the caller. Within the dialog loop the OK button is enabled or disabled -- if the password and username have some type in then OK is enabled, otherwise it is disabled.
Figure 1. Password Dialog Box
The Login Filter
LoginFilter() is the standard filter procedure called by our modal dialog. If you remember your Inside Mac then you know that returning TRUE from the filter proc means we have handled the event, and the item number is in itemHit. Returning FALSE lets ModalDialog process the event. Our filter proc is only concerned with keyboard events, so the first line in procedure LoginFilter causes a return on all other types of events.
The next task in LoginFilter() is to handle the characters tab and return (tab moves to the next field and return is the same as the default button). The filter returns here if either of these characters was typed.
The filter procedure now does the work of checking field lengths and setting those bullets. The dialog’s text edit handle and the editField tell us which field is getting type in and how large the current edit record is. We first check that adding the character will not push us past the password or user name size limit, if so the filter gives a beep and ignores the character. Notice that the auxiliary routine we call to check the length of the text edit field given the new character is smart about checking for deletes, backspace, and selection replacements.
When the character is destined for the password item we do our final manipulations. The handle to our invisible text edit record is fetched from the dialog refCon, and the selection (and insertion point) are set to be exactly the same as in the password field. TEKey() is called to insert the character into our invisible text edit. Now, unless the character is a delete or backspace, the character in the event record is replaced by a bullet. We return to ModalDialog telling it to handle the event with the now obscured character for the password field. When the dialog is complete, the password is available from the invisible text edit field.
LOGIN DIALOG.C
/*
* Login Dialog.c - Dialog for User Login.
*
* Copyright (c) 1988 by Bill Schilit.
*
* Edit History:
*
* April 23, 1988 Schilit Created
* May 9, 1988 Schilit Clean up
*
*/
/* Includes MacHeaders */
#include “Login Dialog.h”
/* Prototypes */
static int
TELengthCheck(TEPtr te,char c,int maxLen);
static void
TECpyText(TEHandle teH,Ptr p);
pascal Byte
LoginFilter(DialogPtr dPtr,
EventRecord *ePtr,short *iHit);
/*
* LDialogStg contains the global vars used
* by the filter proc and user item procs in
* our login dialog. A pointer to the
* LDialogStg is stored in the window refcon
* of the dialog window.
*/
typedef struct {
TEHandle passTeH;
} LDialogStg, *LDialogStgPtr;
/*
* static Byte
* LoginFilter(DialogPtr theDialog,
* EventRecord *theEvent,
* int *itemHit);
*
* Modal dialog filter to echo bullet
* (‘\245’) instead of the user’s password
* and to limit the number of characters in
* both the user name and password edit
* records.
*/
static pascal Byte
LoginFilter(theDialog,theEvent,itemHit)
DialogPtr theDialog;
EventRecord *theEvent;
short *itemHit;
{
register char c;
int field,tooBig;
TEPtr tePtr;
LDialogStg *ldStg;
/* we’re only interested in keyboard
* events. If not a key, let modal
* process as usual
*/
if (theEvent->what != keyDown &&
theEvent->what != autoKey)
return(false);
/* fetch the character from the
* event message
*/
c = theEvent->message & charCodeMask;
/* Check for CR and convert to OK button.
* Check for TAB and let it pass.
*/
if (c == CR) {
*itemHit = OK;
return(true);
}
if (c == ‘\t’)
return(false);
/* make sure the edit text item is one
* we are interested in and check to see
* if the length is not too large.
*/
field =
((DialogPeek) theDialog)->editField+1;
tePtr =
*(((DialogPeek) theDialog)->textH);
/* User is typing in the nameItem --
* our only interest is the size
*/
if (field == nameItem) {
tooBig =
TELengthCheck(tePtr,c,MAXNAME);
/* give a beep if too big, and return
* TRUE to ignore the event.
*/
if (tooBig)
SysBeep(1);
return(tooBig);
}
/* If typing into the password, check the
* size, then diddle the character so
* bullet (\245) shows up instead of what
* the user typed.
*/
if (field == passwdItem) {
if (TELengthCheck(tePtr,c,MAXPWD)) {
SysBeep(1);
return(true);
}
/* Insert the char into our private
* password text edit record. First
* set the text selection so action
* mimicks exactly what user is
* selecting and typing in passwdItem
* text edit field.
*/
ldStg = (LDialogStg *)
GetWRefCon(theDialog);
if (ldStg == 0)
return(false);
TESetSelect(tePtr->selStart,
tePtr->selEnd,
ldStg->passTeH);
TEKey(c,ldStg->passTeH);
/* unless BS or DEL, replace the
* password character with bullet
*/
if (c != DEL && c != BS)
theEvent->message = ‘\245’ |
(theEvent->message &
~charCodeMask);
return(false); /* return ok */
}
return(false); /* all other items */
}
/*
* static int
* TELengthCheck(tePtr te,char c,int maxLen)
*
* Check that adding character c to the text
* edit te does not cause more than maxLen
* chars in the text edit item:
*
* 1) If delete or backspace then length will
* decrease so ok.
* 2) If a selection range of 1 or more chars
* then same as above.
* 3) Finally just check the length of the
* edit item.
*
*
* Returns: FALSE if OK, TRUE if too large.
*
*/
static int
TELengthCheck(te,c,maxLen)
TEPtr te;
char c;
int maxLen;
{
/* this char a del or bs */
/* if so, does not increase */
if (c == DEL || c == BS)
return(false);
/* selected a region? */
/* if so, then does not increase */
if (te->selStart <
te->selEnd)
return(false);
/* else will insert, check length */
if (te->teLength < maxLen)
return(false);
return(true);
}
/*
* static void TECpyText(TEHandle teH,Ptr p)
*
* Fetch the text from the text edit handle
* and store as a pascal string in Ptr p.
*
* NB: This only works if the TE text is less
* than 255 characters (a pascal string
* limit) so be careful.
*
*/
static void
TECpyText(teH,p)
TEHandle teH;
Ptr p;
{
p[0] = (unsigned char) (*teH)->teLength;
BlockMove(*(*teH)->hText,&p[1],p[0]);
}
/*
* LoginDialog(char *uName,*uPassword)
*
* Perform a login dialog and return the user
* name and password in uName and uPassword.
*
* The dialog has a special filter procedure
* which echos bullet characters in the
* password field.
*
* The length of the username and password
* are limited to MAXNAME and MAXPWD.
*
* Note: we do not issue ParamText() since
* this affects other dialogs on the screen.
*
*/
LoginDialog(uName,uPasswd)
char *uName,*uPasswd;
{
DialogPtr d;
short itemHit;
Rect aRect;
int theKind;
Handle nameHdl,okHdl;
Boolean okOK = false;
LDialogStg LDStg;
d = GetNewDialog(LOGIN_DLOG,
(Ptr) 0,(Ptr) -1);
if (d == 0)
return;
/* make it the current port */
SetPort(d);
/* Make an offscreen rect for the text
* edit to hold the plain text of the
* entered password.
*
* The dialog edit text for the password
* will get “•” for each character typed.
*/
SetRect(&aRect,0,0,1,1);
OffsetRect(&aRect,
d->portRect.right,
d->portRect.bottom);
LDStg.passTeH = TENew(&aRect,&aRect);
/* Set the window data to be a pointer
* to storage needed by filter procedure.
*/
SetWRefCon(d,(long) &LDStg);
/* Get handles for Name field and
* OK Button
*/
GetDItem(d,nameItem,&theKind,
&nameHdl,&aRect);
GetDItem(d,okItem,&theKind,
&okHdl,&aRect);
ShowWindow(d);
while (!(okOK && itemHit == okItem)) {
/* Set okOK to true if password and
* name fields both have more than
* one character. Enable/Disable the
* OK button accordingly.
*/
GetIText(nameHdl,uName);
okOK =
(*LDStg.passTeH)->teLength > 0 &&
uName[0] > 0;
HiliteControl((ControlHandle) okHdl,
okOK ? 0 : 255);
ModalDialog(LoginFilter,&itemHit);
}
/* Store the password and username
* for the caller then clean up.
*/
TECpyText(LDStg.passTeH,uPasswd);
GetIText(nameHdl,uName);
DisposDialog(d);
TEDispose(LDStg.passTeH);
}
LOGIN MAIN.C
/*
* Login Main.c - Main for Login Example.
* This program built under LSC 3.0
* Copyright (c) 1988 by Bill Schilit.
* Edit History:
* April 23, 1988 Schilit Created
* May 9, 1988 Schilit Clean up
*/
/* MacHeaders included */
#include “Login Dialog.h”
#define ALERTID 128
main()
{
char User[255];
char Password[255];
InitGraf(&thePort);
InitFonts();
InitWindows();
InitMenus();
TEInit();
InitDialogs(0);
FlushEvents(everyEvent,0);
InitCursor();
/* Show the login dialog box and
* repeat until the user types
* the matching password.
*/
for (;;) {
/* Call LoginDialog to get user name
* and password.
*/
LoginDialog(User,Password);
/* Compare the entered password with
* “swordfish” -- case doesn’t matter
* -- and exit if a match.
*/
if (EqualString(Password,
“\pSwordFish”,
false,false))
ExitToShell();
/* No match, show our alert box with
* a hint, and repeat the process.
*/
ParamText(User,0,0,0);
Alert(ALERTID,(ProcPtr) 0);
}
}
LOGIN DIALOG.H
/*
* Login Dialog.h - Definitions for
* Login Dialog.
* This program built under LSC 3.0
* Copyright (c) 1988 by Bill Schilit.
* Edit History:
* April 23, 1988 Schilit Created
* May 9, 1988 Schilit Clean up
*/
#define LOGIN_DLOG 256
enum { /* DITL for LOGIN_DLOG */
okItem=1, /* OK button */
nameItem, /* edit text name */
passwdItem, /* edit text password */
myIconItem /* the icon */
};
enum { /* ASCII definitions */
CR = 0x0d,
DEL = 0x7f,
BS = 0x08
};
/* max chars in a password */
#define MAXPWD 10
/* max chars in a user name */
#define MAXNAME 12
/* PROTOTYPES */
LoginDialog(char *uName,char *uPasswd);
