/*  Avoiding buffer overflows by using cin.get()   RJBotting 9/29/2004
    Warning this is an example with pieces of insecure code.
    Bug: crashes if user input EOF!
    Inspired by
	INSIDE THE BUFFER OVERFLOW ATTACK: MECHANISM, METHOD, & PREVENTION
	Mark E. Donaldson, SANS Corporation.
	April 3, 2002
	GSEC Version 1.3
*/
#include <cassert>
#include <iostream>
#include <string>
#include <cstdlib>
#include <cstring>

using namespace std;

void get(char * askfor, int numchars, char * input);
void get_password(char * name, char * pwd);

int main()
{
	char name[8]; char pwd[8]; char passwd[8]; 

	cout << "Address of name =" <<  (unsigned)name <<"\n";
	cout << "Address of pwd =" <<  (unsigned)pwd <<"\n";
	cout << "Address of passwd =" <<  (unsigned)passwd <<"\n";

	bool authenticated=false;
	while(! authenticated)
	{

		get("Name", 7, name);
		get_password(name, pwd);

		get("Password", 7, passwd);
	 	// cout <<pwd<<" vs " <<passwd<<endl;

		authenticated= ! strncmp(pwd,passwd,7);

		if(!authenticated)
			cout << "Please try again\n";
	}
	cout << "Welcome "<<name<<"\n";

	//...
	return 0;
}
void get(char * askfor, int numchars, char * input)
{
	cout << askfor<<"("<<numchars<<" characters): "<<flush; 
	  // the "flush" makes sure the string is displayed if things go wrong

	char c; // next character input
	int i=0;// index of next char if room
   // 1. GEt the wanted characters
	cin.get(c); //read ahead one character
	while( c!='\n' && i < numchars)
	{
		input[i]=c;
		cin.get(c);
		i++;
	}

	input[i]='\0';//end of string
	
   // 2. Discard the rest of the line
	int discarded=0;

	while( c!='\n' )//not yet at end of line
	{
		// cerr<<"DBug2: <"<<c<<">\n";
		discarded++;
		cin.get(c);
	}

	if(discarded>0)
		cout<<"Warning: "<<discarded<<" characters ignored\n";

	if(discarded> 3*numchars)
		cout<<"Are you a hacker?\n";

	return;
}
void get_password(char * name, char * pwd)
{
	if(!strcmp(name,"botting"))
		strcpy(pwd, "123456");
	else if(!strcmp(name,"ernesto"))
		strcpy(pwd, "765432");
	else if(!strcmp(name,"tong"))
		strcpy(pwd, "234567");
	else
		 strcpy(pwd, "qwert");
	return;
}