/*  Avoiding buffer overflows with getline RJBotting 9/29/2004
    Warning this is still an example of insecure code.
    Inspired by
	INSIDE THE BUFFER OVERFLOW ATTACK: MECHANISM, METHOD, & PREVENTION
	Mark E. Donaldson, SANS Corporation.
	April 3, 2002
	GSEC Version 1.3
*/
#include <cassert>
#include <iostream>
#include <string>
#include <cstdlib>
#include <cstring>

using namespace std;

void get(char * askfor, int numchars, char * input);
void get_password(char * name, char * pwd);

int main()
{
	char name[8]; char pwd[8]; char passwd[8]; 

	cout << "Address of name =" <<  (unsigned)name <<"\n";
	cout << "Address of pwd =" <<  (unsigned)pwd <<"\n";
	cout << "Address of passwd =" <<  (unsigned)passwd <<"\n";

	bool authenticated=false;
	while(! authenticated)
	{

		get("Name", 7, name);
		get_password(name, pwd);

		get("Password", 7, passwd);
	 	// cout <<pwd<<" vs " <<passwd<<endl;

		authenticated= ! strncmp(pwd,passwd,7);

		if(!authenticated)
			cout << "Please try again\n";
	}
	cout << "Welcome "<<name<<"\n";

	//...
	return 0;
}
void get(char * askfor, int numchars, char * input)
{
	cout << askfor<<"("<<numchars<<" characters): "<<flush; 
	  // the "flush" makes sure the string is displayed if things go wrong
	cin.getline(input,numchars+1, '\n');
	//cerr<<"DBug0: "<< strlen(input)<<", "  <<input<< ", fail ="<<cin.fail()<<"\n";
	if(cin.fail())//extra characters were discarded by getline
	{
		//cerr<<"DBug1: "<< endl;
		cin.clear();//clear the failure flag
		char discard; 
		int discarded=0;
		cin.get(discard);
		discarded++;
		while(discard!='\n')
		{
			cin.get(discard);
			discarded++;
			//cerr << dummy;
		}
		cout<< "Warning: "<<discarded-1<<" characters ignored\n";

		if(discarded > 4 * numchars)
			cout <<"Are you a hacker?\n";
	}
	return;
}
void get_password(char * name, char * pwd)
{
	if(!strcmp(name,"botting"))
		strcpy(pwd, "123456");
	else if(!strcmp(name,"ernesto"))
		strcpy(pwd, "765432");
	else if(!strcmp(name,"tong"))
		strcpy(pwd, "234567");
	else
		 strcpy(pwd, "qwert");
	return;
}