Dimitri T Dimitri T - 4 months ago 9
Swift Question

how to deny login access for incorrect login in iOS swift

I want to deny access for either an incorrect userEmail or userPassword but am not sure how to add in both details. and my code to deny login for an incorrect email is not having any effect, or returning any errors. It just lets everyone log in. How can I correct this code?

func displayMyAlertMessage(userMessage:String)
{

var myAlert = UIAlertController(title:"Alert", message:userMessage, preferredStyle: UIAlertControllerStyle.Alert);

let okAction = UIAlertAction(title:"Ok", style:UIAlertActionStyle.Default, handler:nil);
myAlert.addAction(okAction);

self.presentViewController(myAlert, animated:true, completion:nil);

}


@IBAction func loginButtonTapped(sender: AnyObject) {

let userEmail = userEmailTextField.text;
let userPassword = userPasswordTextField.text;

let userEmailStored = NSUserDefaults.standardUserDefaults().stringForKey("userEmail");

let userPasswordStored = NSUserDefaults.standardUserDefaults().stringForKey("userPassword");

if(userEmailStored == userEmail)
{
if(userPasswordStored == userPassword)
{
// Login is successfull
NSUserDefaults.standardUserDefaults().setBool(true,forKey:"isUserLoggedIn");
NSUserDefaults.standardUserDefaults().synchronize();
self.dismissViewControllerAnimated(true, completion:nil);
}
//Check if passwords match
else if(userPasswordStored != userPassword)

{
// Display an alert message
NSUserDefaults.standardUserDefaults().setBool(false,forKey:"isUserLoggedIn");

displayMyAlertMessage("Passwords do not match");
return;

}
}

Answer

The problem is that you're first checking whether the email is correct, and then if it is you're checking the password inside that block. You haven't provided any code to run if the email is incorrect.

Instead of structuring it like this:

if userEmailStored == userEmail {
    if userPasswordStored == userPassword {
        // Login successful
    } else {
        // Login unsuccessful
    }
}

Try structuring it like this:

if userEmailStored == userEmail && userPasswordStored == userPassword {
    // Login successful
} else if userEmailStored != userEmail {
    // Login unsuccessful (email incorrect)
} else /* if userPasswordStored != userPassword */ {
    // Login unsuccessful (password incorrect)
}

Note: on line 5, I've commented out the condition if userPasswordStored != userPassword because it's not actually required.

However, you may notice that when you log into most websites, if you get your details wrong, they don't specify whether it was your username or email that was incorrect.

For example:

Stackoverflow incorrect credentials message

They do it that way because it's more secure. So you may want to consider simply doing it like this:

if userEmailStored == userEmail && userPasswordStored == userPassword {
    // Login successful
} else {
    // Login unsuccessful
}

Important note:

Remember that NSUserDefaults isn't in any way encrypted, so if you're ever planning on storing a username and a password in there... don't. It's stored as XML (I believe), so anyone can simply go and look at it with minimal effort. Use Keychain instead!


A less important note: There's one place where you have two whole lines of whitespace between your else if and its bracket, and some other messy things in the rest of your code. You'll probably get more people answering your questions, as well as making it a lot easier for you and other people to understand your code, if you put in some effort to make it more readable. Two lines of whitespace before an opening bracket is an eyesore, and lots of that can make code really difficult to understand.