Password reader String Array

Question

So my program is designed to great the user and ask for a password. once the user enters a password it is compared to my precoded password "ans[]" and if the password matches what the user enters then it prints a welcome greeting.

#include <stdio.h>
#include <string.h>
#include <ctype.h>

int main(int argc, const char * argv[])
{
char hello[] = "Hello! \nPassword Required:";
char password[50];
char ans[] = "Zanderg!";

printf(hello);
printf("\n");
gets(password);

if (strcmp(password, ans) != 0) {
    do {
    printf("%s Not correct.\n", password);
    printf("Enter Password:\n");
    gets(password);
    getchar();
    }while (strcmp(password, ans) != 0);
};

if (strcmp(password, ans) == 0) {
    printf("welcome %s", password);
}
}

My issue is that When i enter the right password i still get a "wrong password" message.

Im also getting this really weird message about how gets() is unsafe and i'm wondering if i have any alternatives to gets() or how i can get rid of this error message in my program. My compiler is Xcode.

Answer 1

Zanderg said that he found the problem, but he never bothered to mention what it was. I'll go ahead and post it regardless for anybody who might still be interested.

Let's try the following piece of code:

#include <stdio.h>
#include <string.h>
#include <ctype.h>
#include <stdlib.h>

int main(int argc, const char * argv[])
{
    char password[50];
    char ans[] = "Zanderg!";

    printf("Hello! \nPassword Required:\n");
    fgets(password, sizeof(ans),stdin);

    if (strcmp(password, ans) != 0) {
        do {
        printf("%s Not correct.\n", password);
        printf("Enter Password:\n");
        fgets(password, sizeof(ans),stdin);
        getchar();
        }while (strcmp(password, ans) != 0);
    };

    if (strcmp(password, ans) == 0) {
        printf("welcome %s", password);
    }
}

Also, yes gets is deprecated. Use fgets as I did above.

EDIT (To answer the comment questions):

1. As per manual:

   char* gets(char *s): gets() reads a line from stdin into the buffer pointed to by s until either a terminating newline or EOF, which it replaces with a null byte ('\0'). No check for buffer overrun is performed. Never use gets(). Because it is impossible to tell without knowing the data in advance how many characters gets() will read, and because gets() will continue to store characters past the end of the buffer, it is extremely dangerous to use. It has been used to break computer security. Use fgets() instead.

   char *fgets(char *s, int size, FILE *stream): fgets() reads in at most one less than size characters from stream and stores them into the buffer pointed to by s. Reading stops after an EOF or a newline. If a newline is read, it is stored into the buffer. A terminating null byte ('\0') is stored after the last character in the buffer.

2. I am referring to sizeof(ans) because strcmp will continue comparing until it encounters the null character. Therefore, inside password we only want to write up to the size of ans, and then fill the end with the null character. What you can also do is change this to use strncmp which does a comparison up to n bytes. In that case, you don't have to tell fgets to read in up to sizeof(ans) bytes.