N
Neon2y ago
foreign-sapphire

How to make a database request for authentication on the server

hi, I'm a beginner programmer and for learning purposes I wanted to try to work with servers and databases , I can't find information on the topic I 'm interested in, I hope you will help Topic I have a small c++ application with an authorization form , I also have a database that is already stored on the neon server , but I do not know how to check the database. To verify the data that is stored on the server. I hope you will help, perhaps I expressed myself incorrectly, because I don't understand much about this topic
26 Replies
ratty-blush
ratty-blush2y ago
C++ is a pretty tough place to start! Python might be easier? We don't have a guide in our docs for C++, but it looks like libpqxx is a common way to do it. They have a guide here: https://libpqxx.readthedocs.io/en/7.8.1/a01467.html, but you'll need to modify the code a little to use your Neon connection string with pqxx::connection
foreign-sapphire
foreign-sapphireOP2y ago
thank you, I know that, I do not know how to make the script work to check the data that is on the server a small piece of my code pqxx::result r = w.exec("SELECT * FROM users WHERE username = " + w.quote(username) + " AND password = " + w.quote(password)); that is, I do not understand how I can make a request to my database, which is stored on the server, get a response and that the verification would pass I've heard that this needs to be done through a script on the server and I want there to be a check of the data that is stored on the server I hope I was able to explain what my problem is. thank you in advance
absent-sapphire
absent-sapphire2y ago
the code you have there looks like it makes a request although it looks like a sql injection
foreign-sapphire
foreign-sapphireOP2y ago
this my code connect sql std::string connectionString = "dbname=stfy user=cjukvyfafyva password= host=ep-white-water-a556bj7g-pooler.us-east-2.aws.neon.tech port=5432 sslmode=require"; pqxx::connection c(connectionString);
pqxx::work w(c); // Run an SQL query to verify the credentials pqxx::result r = w.exec("SELECT * FROM users WHERE username = " + w.quote(username) + " AND password = " + w.quote(password)); if (r.empty()) { std::cerr << "Invalid username or password." << std::endl; return false; } w.commit(); return true; } catch (const std::exception& e) { std::cerr << "An error occurred: " << e.what() << std::endl; return false; } I also have a connection to the neon server in this code and I need the data that the user will enter to be checked and if the data is correct, he can log in The database is already on the server I just want to understand how I can verify the data that the user enters and that the verification would be on the server somehow, I hope I could explain @Tristan Partin I threw off the code full connection to the database and also asked a question earlier , please help
absent-sapphire
absent-sapphire2y ago
I don't understand what your problem is. You have posted no errors
ratty-blush
ratty-blush2y ago
I’m not clear on what the problem is either. You’ll need to elaborate on what you’re trying to do, or share an error message if you’re seeing one .
foreign-sapphire
foreign-sapphireOP2y ago
I have no errors, the problem is that I do not know how to implement the process of verifying the correctness of the entered data in the application, which in turn is connected to your server. If possible, explain to me how to do this, thank you in advance. I'm trying to make a network application and I don't understand how to check a database that is already stored on the server I hope I was able to explain
ratty-blush
ratty-blush2y ago
verifying the correctness of the entered data in the application
This is a broad question. For example, do you mean if a user enters "123" in a name field in your application you need to raise an error? If so, you will need to write C++ code to check that the name variable does not contain numeric characters. A second layer of protection is somewhat provied by the database. For example, if you attempt to INSERT a user record with an age value set to "foo" but the database column is of type INT, then the INSERT will fail since "foo" is not an INT.
don't understand how to check a database that is already stored on the server
I don't understand this question. Do you mean you want to check the data that's already in the database?
foreign-sapphire
foreign-sapphireOP2y ago
I'm just communicating with a translator . I have a c++ application. I have a database, it is already stored on the server and I need that when the user enters the data, they are sent to the server and checked and if the data is correct, the authorization process is completed that is, I am making a network application and I do not know how to implement data validation, locally I can do it, but how to do it for all users I hope I was able to explain
ratty-blush
ratty-blush2y ago
The basic flow is: 
UI (Validation in JavaScript) ==> Server (Validation in C++) ==> Neon (Postgres Validation)
UI (Validation in JavaScript) ==> Server (Validation in C++) ==> Neon (Postgres Validation)
You just need to write the code to validate user input.
foreign-sapphire
foreign-sapphireOP2y ago
okay, but how to implement verification on the server is what I don't understand
ratty-blush
ratty-blush2y ago
If your server is written in C++, you write code to implement the verfication. For example, if you want to verify a string provided by a user contains just numbers: 
c++
#include <iostream>
#include <string>
#include <cctype> // For std::isdigit

bool isNumeric(const std::string& str) {
    // Check if all characters in the string are digits
    for (char const &c : str) {
        if (!std::isdigit(c)) {
            return false; // Return false if any character is not a digit
        }
    }
    return true; // All characters are digits
}
c++
#include <iostream>
#include <string>
#include <cctype> // For std::isdigit

bool isNumeric(const std::string& str) {
    // Check if all characters in the string are digits
    for (char const &c : str) {
        if (!std::isdigit(c)) {
            return false; // Return false if any character is not a digit
        }
    }
    return true; // All characters are digits
}
foreign-sapphire
foreign-sapphireOP2y ago
and how to check the data that is in the database on the server?
ratty-blush
ratty-blush2y ago
You mean in Neon's Postgres?
foreign-sapphire
foreign-sapphireOP2y ago
yes
ratty-blush
ratty-blush2y ago
It depends. As I already said, if the database has a table, and that table has an INT column then all the data in there is already verified. If you have a TEXT or VARCHAR column, you should check the data format before you insert it. If you need to check it after insertion you can use SQL to query for data that is matching or is not matching the format you want: 
SELECT *
FROM table_name
WHERE text_column SIMILAR TO 'pattern';
SELECT *
FROM table_name
WHERE text_column SIMILAR TO 'pattern';
ratty-blush
ratty-blush2y ago
https://www.postgresql.org/docs/current/functions-matching.html
PostgreSQL Documentation
9.7. Pattern Matching
9.7. Pattern Matching # 9.7.1. LIKE 9.7.2. SIMILAR TO Regular Expressions 9.7.3. POSIX Regular Expressions There are three separate approaches to …
foreign-sapphire
foreign-sapphireOP2y ago
I just read that you need to upload the script to the server so that it checks the data in the database
ratty-blush
ratty-blush2y ago
I just read that you need to upload the script to the server so that it checks the data in the database
Why? To what end? I think it might be a good idea if you follow some more tutorials for Postgres. And separately learn C or Python for a while, then try working with them together. It's complex to learn and work with them at the same time if you're new to programming. Then you can better understand what you're trying to achieve. Right now, you're trying to do things but it's not clear why, and that makes it hard for us to help you. Do not be discouraged, I just want to make sure you know we want to help you, but you need to better articulate the problem you're trying to solve.
ratty-blush
ratty-blush2y ago
foreign-sapphire
foreign-sapphireOP2y ago
yes, I understand that I am expressing myself incorrectly, for which I apologize I'll just give you an example of what I want to achieve using facebook as an example, that's where the user enters the data, they are sent to the server and they are checked there, so I'm trying to do the same thing, and also so that it works later on the network
ratty-blush
ratty-blush2y ago
All good!
using facebook as an example, that's where the user enters the data, they are sent to the server and they are checked there
Yes, this is you C++ code checking using things like isNumeric that I shared earlier. Then your C++ code does SQL INSERT or UPDATE, etc using the verified data.
and also so that it works later on the network
What does this mean? Why would it not "work on the network"?
foreign-sapphire
foreign-sapphireOP2y ago
What does this mean? Why would it not "work on the network"? To be honest, I didn't understand what you were talking about. That's what I'm trying to do This my code: bool checkCredentials(const std::string& username, const std::string& password) { if (username.empty() || password.empty()) { std::cerr << "Username or password is empty." << std::endl; return false; } try {
web::http::client::http_client client(U("https://console.neon.tech/api/v2/projects")); web::http::http_request request(web::http::methods::GET); request.headers().add(U("Accept"), U("application/json")); request.headers().add(U("Authorization"), U("Bearer w3x8hycvt1f8pem0sef1hvuparauqi2345358prst03nsj4hsh5ax30xttq")); auto response = client.request(request).get(); if (response.status_code() != web::http::status_codes::OK) { std::cerr << "Server returned status code " << response.status_code() << '.' << std::endl; auto bodyTask = response.extract_string(); bodyTask.wait(); std::wstring wbody = bodyTask.get(); std::string body = wstring_to_string(wbody); std::cerr << "Error message: " << body << std::endl; if (response.status_code() == web::http::status_codes::MethodNotAllowed) { std::cerr << "The HTTP method used is not supported for this URL." << std::endl; } return false; } std::string connectionString = "dbname=stfy user=cjukvyfafyva password= host=ep-white-water-a556bj7g-pooast-2.aws.neon.tech port=5432 sslmode=require"; pqxx::connection c(connectionString); pqxx::work w(c); pqxx::result r = w.exec("SELECT * FROM users WHERE username = " + w.quote(username) + " AND password = " + w.quote(password)); if (r.empty()) { std::cerr << "Invalid username or password." << std::endl; return false; } w.commit(); return true; } catch (const std::exception& e) { std::cerr << "An error occurred: " << e.what() << std::endl; return false; } return true; } Thank you very much for your time, thank you for your work, you are the best , I think it should help me that you told me once again, thank you very much and please forgive my level of knowledge
ratty-blush
ratty-blush2y ago
@shirp request.headers().add(U("Authorization"), U("Bearer everything after this is a passowrd. I strongly suggest you go to this URL and use "revoke" https://console.neon.tech/app/settings/api-keys
foreign-sapphire
foreign-sapphireOP2y ago
Okay, I did that.
conventional-tan
conventional-tan2y ago
I'm going to take another guess at the ask here. Is it the following?: * I have a list of usernames and passwords in a table * If a user tells me a username and password, I want to verify they match what's in the database i.e. is there a row in my database where the value of the username is 'mike' and the value of password is 's3cret'? If, so you can count the number of rows meeting your SELECT conditions. If the row count is 0, the user did not provide and valid combination. I also have a duty to flag this isn't a good idea. You should never store users' passwords in a database without encrypting them.

Did you find this page helpful?