How do I compare two passwords (create password and confirm password) useing the .equals() method?

java swing serialization passwords

19,892

Solution 1

getPassword() returns char[], not String. Use

!(Arrays.equals(createPassword.getPassword(), confirmPassword.getPassword()))

instead

Solution 2

Unless this is a toy project, you shouldn't store the passwords in plaintext. Instead, store a hash of the password; when the user logs in, hash the password and compare it to the stored hash. This question's accepted answer has some sample hashing code.

Solution 3

JPasswordField.getPassword() returns a char[]. Calling array1.equals(array2) with two char arrays (like you are doing) will check if they are the same object reference, not if they have the same contents. You want to use `Array.equals(char[] array1, char[] array2), like so:

else if (!Array.equals(createPassword.getPassword(), confirmPassword.getPassword()))

Solution 4

You're comparing char array Objects (returned by getPassword()) rather than than contents of the arrays themselves. The safest way to compare these 2 arrays is by using Arrays#equals:

else if (!(Arrays.equals(createPassword.getPassword(), 
                            confirmPassword.getPassword()))) {

Solution 5

getPassword() returns a char[]. So instead try:

if (!(new String(createPassword.getPassword()).equals(new String(confirmPassword.getPassword()))

View more solutions

19,892

Author by

hasherr

Mobile and web developer for Android and iOS platforms. Bachelor's in Computer Science, Purdue 2020.

Updated on June 14, 2022

Comments

hasherr almost 2 years

I'm building a simple create account user GUI that is integrated with my LogInScreen class. It creates a simple User, serializes it, and then lets me use that access in my log in program. The problem is, when I type in my passwords, they're never correct. I always get a problem where my program tells me that my passwords are not the same. I'm not sure how to fix this, and I would like to know how. I'll post my code below(the whole thing, along with my serializing class because the problem may be here).

User Class:

package passwordProgram;

import java.util.ArrayList;

import java.awt.BorderLayout;
import java.awt.Color;
import java.awt.GridBagConstraints;
import java.awt.GridBagLayout;
import java.awt.event.ActionEvent;
import java.awt.event.ActionListener;

import java.io.Serializable;

import javax.swing.JButton;
import javax.swing.JFrame;
import javax.swing.JLabel;
import javax.swing.JPanel;
import javax.swing.JPasswordField;
import javax.swing.JTextField;
import javax.swing.UIManager;

public class User implements Serializable, ActionListener {

    public static ArrayList<String> allUsernames = new ArrayList<String>();

    String username;
    String password;

    public static void main(String[] args) {
        try {
            UIManager.setLookAndFeel(UIManager.getSystemLookAndFeelClassName());
        } catch (Exception e) {
            e.printStackTrace();
        }
        User user = new User();
        user.mainGUI();
    }



    JFrame frame;
    JPanel panel;
    JTextField createUsername;
    JPasswordField createPassword;
    JPasswordField confirmPassword;
    JButton createAccount;
    JLabel noValid;

    public void mainGUI() {
        noValid = new JLabel();
        frame = new JFrame("Create a new account!");
        panel = new JPanel();
        panel.setBackground(Color.ORANGE);
        createPassword = new JPasswordField(10);
        confirmPassword = new JPasswordField(10);
        createUsername = new JTextField(10);
        JLabel userTxt = new JLabel("New Username: ");
        JLabel userPass = new JLabel("New Password: ");
        JLabel confirmPass = new JLabel("Confirm Password: ");
        createAccount = new JButton("Create your account!");

        panel.setLayout(new GridBagLayout());
        GridBagConstraints left = new GridBagConstraints();
        left.anchor = GridBagConstraints.WEST;
        GridBagConstraints right = new GridBagConstraints();
        right.anchor = GridBagConstraints.EAST;
        right.weightx = 2.0;
        right.fill = GridBagConstraints.HORIZONTAL;
        right.gridwidth = GridBagConstraints.REMAINDER;

        frame.getContentPane().add(BorderLayout.NORTH, noValid);
        frame.getContentPane().add(BorderLayout.CENTER, panel);
        panel.add(userTxt, left);
        panel.add(createUsername, right);
        panel.add(userPass, left);
        panel.add(createPassword, right);
        panel.add(confirmPass, left);
        panel.add(confirmPassword, right);

        frame.getContentPane().add(BorderLayout.SOUTH, createAccount);
        frame.setVisible(true);
        frame.setSize(500, 300);

        createAccount.addActionListener(this);
    }

    public void actionPerformed(ActionEvent event) {
        if (createUsername.getText().length() <= 0 ) {
            noValid.setText("That is not a valid username. Please try again.");
            frame.getContentPane().add(BorderLayout.NORTH, noValid);
        }

        else if (allUsernames.contains(createUsername.getText())) {
            noValid.setText("That username is already taken. Please try again.");
            frame.getContentPane().add(BorderLayout.NORTH, noValid);
        }

            //THIS IS THE PART I'M CONFUSED ABOUT
        else if (!(createPassword.getPassword().equals(confirmPassword.getPassword()))) {
            noValid.setText("Your passwords do not match!");
            frame.getContentPane().add(BorderLayout.NORTH, noValid);
        } else {    
            SaveUser sUser = new SaveUser();
            sUser.createAccount(this);
            noValid.setText("Account created successfully");
            frame.getContentPane().add(BorderLayout.NORTH, noValid);
        }
    }
}

And the serializing class:

package passwordProgram;

import java.io.FileOutputStream;
import java.io.ObjectOutputStream;

public class SaveUser {
    public void createAccount(User u) {
        try {
            FileOutputStream fileOS = new FileOutputStream("userInfo.txt");
            ObjectOutputStream objectOS = new ObjectOutputStream(fileOS);
            objectOS.writeObject(u);
            objectOS.close();
        } catch (Exception e) {
            e.printStackTrace();
        }
    }
}

Jon Senchyna about 11 years

+1 for a good point, but this doesn't actually answer the question. The question is actually about comparing two char[] variables for equality.
Zim-Zam O'Pootertoot about 11 years

Guilty as charged, but by the time I posted four other people had already answered the question.
MadProgrammer about 11 years

You should avoid converting the password char array to String, this exposes the password to potential hacks as the String becomes internalized to the JVM (sure, it might not be a enterprise application, but would encourage good practices where ever possible)
hasherr about 11 years

@Zim-ZamO'Pootertoot Thanks for the answer, even though it was kind of irrelevant. If you want to look at my full code and answer my other question, you can go here