Description
1. The GUI may be created with QtDesigner. Read the notes at the end of the document for more details. 2. The application will have 5 forms. Each form will be in its own QWidget-derived class. a. Main Login panel – This panel lets the registered user log-in to the application b. Register User panel – This panel registers a new user. c. Welcome User panel – Once the login is successfully done, this would be the welcome screen for the user. d. Change Password panel – This panel changes the password of the logged-in user e. Tic-Tac-Toe game panel – This panel starts a new tic-tac-toe game. 3. NOTE: There is only one main window and all the panels listed above must be shown inside the main window, one at a time, based on the selection. 4. The main window has a tool-bar with three pull down menus (“User”, “Game” and “Edit”). a. The “User” menu has the following actions i. Register User – This action shows the “Register User Panel” ii. Logout User – This action logs out the current user and shows the “Main Login Panel” iii. Exit – This action exits the application b. The “Game” menu has the following actions i. New game – This action starts the new game and shows the “Tic-Tac-Toe” game panel ii. End game – This action ends the game and show the “Welcome User Panel” c. The “Edit” menu has the following actions i. Change Password – This action shows the “Change Password Panel” 3
Main Login Panel Login Panel Login with username/password Login error for unregistered users and registered user with incorrect passwords 1. When the “Logout” action is clicked, shows the Login panel. 2. The application starts in Main Login panel. a. In the Main Login panel, the user is asked for the user name and password. b. Registered users with matching passwords must be logged in c. Unregistered users and registered users with invalid passwords must be denied access d. To register, the users can choose the “Register User” action from the menu “User” 3. Once the user has been registered, in the “Main Login panel” when the user tries to login using the correct user-name and password combination then clicking on the “Login” button must successfully log the person in and show the “Welcome Panel 4. Clicking login with an unregistered username must show a popup saying that the username/password combination is invalid 5. Clicking login with a password that doesn’t match the username must show a popup saying that the username/password combination is invalid. (Note that this is the same message as above so as to better guard which usernames are registered). 6. If the user clicks on the “Exit” button the program exits.
Register User Panel Register User Panel New Password Mismatch User Already Exists 1. When the “Register User” action is clicked, it must show the Register user panel. 2. In this Register User panel, the user is asked for the following details. (These must be fields) a. Desired user name b. Password c. Re-enter password d. A drop down menu with names of colors. The user must select one color out of red, green or blue. This color will be used to determine their tic-tac-toe symbol color. 2. When the user click “Ok”, the program must check for the following exceptions a. If the user already exists in the “passwords.dat” file, the program must show a popup with the message “User name already exists, please pick another”. b. If the “password” and “re-enter Password” do not match, the program must show a popup with the message “Passwords do not match, please re-enter” 3. After clicking “Ok”, if all the conditions are met, the entry must be stored in the “passwords.dat” file and the program must go back to the “Main Login panel” 4. If the user clicks on “Cancel” the program must not store anything and go back to “Main Login Panel” 5
Welcome User Panel Welcome User Panel 1. The welcome panel must show a welcome message “Welcome, ” and it must have three buttons: a. Change Password – This button must show the “Change password panel” b. Start Game – This button must start a new game and show the “Tic-Tac-Toe game panel” c. Exit – This button must exit the application Change Password Panel Change Password Panel Incorrect Old Password New Password Mismatch
1. When the “Change Password” action is clicked it must show the “Change Password Panel”. 2. The following fields must be shown on this panel a. Old password of the user b. New password c. Re-enter new password d. Drop down menu to select color 2. On clicking “Ok”, the following error conditions must be checked: a. If the old password given by the user and the actual old password do not match, show a pop-up message “Old password does not match, please re-enter” b. If the “new password” and “re-enter new password” fields do not match, show a pop-up message “The passwords do not match, please re-enter”. 3. If all the entries are correct, the program must change the password for that user as well as update the player’s color and go back to the “Welcome User Panel”. This change must be written back to the passwords.dat file. 4. If the user clicks on “Cancel”, the password must not be changed and the program must go back to the “Welcome User Panel” Tic-Tac-Toe Game panel Game Panel Player/Computer Symbols
Game Panel with 1 Win Win Popup Loss Popup Draw Popup 1. This panel must show a 3×3 grid for the tic-tac-toe game. 2. The user selects which cell of the grid to place their symbol with a mouse click in that cell. 3. The grid color and style is up to you but the color of the “X” and “O” markers must match the color the logged in user chose during registration or the when they changed their password, whichever is most recent. 4. General rules for the tic-tac-toe apply here – the person getting three in a row (diagonally, horizontally or vertically) wins the game. 5. The program must play against the user as “Computer” 6. The “user” must always make the first move and must always be given the “X” 7. The “Computer” must play second and must use “O” 8. If the game ends in draw, a popup must be shown saying “game drawn”. Clicking “Ok” on the pop-up message causes the game to re-start (The user must make the first move) 9. If the user wins, there must be a pop-up message “Congratulations, you win”. cOn clicking “Ok” on the pop-up message causes the game to re-start (The user must make the first move) 10. If the Computer wins, there must be a pop-up message “Sorry, you lost. Better luck next time”. Clicking “Ok” on the pop-up message causes the game to re-start (The user must make the first move). 11. If the user clicks on the action “End Game” under Game menu or clicks the “End game” button on the panel, the game must end and the program must show the “Welcome User Panel”. 12. There must be a score card on the panel which must show the count of the number of games won by the “Computer”, the “User” and the number of game that were drawn. These counters are reset when the user leaves the game panel.
Passwords File 1. The program must save the information in a binary file called “passwords.dat”. The users’ passwords must be protected by QCryptographicHash’s implementation of the SHA1 algorithm. The output of a cryptographic hash is called a digest. For more information about using the cryptographic hash refer to the notes at the end of the assignment. When data is saved to the file it must follow a specific format. 2. Before reading or writing to the file you must use QDataStream::setVersion with the value QDataStream::Qt_4_6 on the data stream interfacing to the file regardless of your installed version of Qt. 3. All password records must be serialized by QHash. If you put all your records into a QHash you must be able to save and read everything in the hash table using one line each. dstream << listing; // writing dstream >> listing; // reading Where dstream is the QDataStream handling input and output from your file and listing is a QHash<QString, T> where T is your record data type. Note that the appropriate streaming operators must be defined on your record data type for this to work. QDataStream& operator<<(QDataStream& stream, const T& val); QDataStream& operator>>(QDataStream& stream, T& val); 4. In the QHash the record will be associated with a username but the record itself will not contain the username. When serialized, QHash will output the username as a QString key along with the record (type T) as the value. 5. All records must be written out and read in, in the following order and in the following format a. Color: as a QString b. Password: convert it from a QString to a QByteArray using QString::toUtf8() and pass it through the SHA1 algorithm once which results in another, cryptographically hashed, QByteArray. c. Note that the username I/O will be handled by the QHash serialization. Important note: It is acceptable for the computer to simply put an “O” randomly on the grid. You may however implement a better algorithm. If you do, you will be rewarded with up to 10 points extra credit. Actions The actions (under the menu), in addition to the pushbuttons must drive the panels. These must be in the enabled\disabled state based on the panel they are in. In Ubuntu 14.04.1 with Unity window manager this will cause the menu items that are disabled to gray out. Menu Actions Main Login Panel Register User Panel Welcome User Panel Change password Panel Tic-TacToe game panel User Register Enabled Disabled Disabled Disabled Disabled Logout Disabled Disabled Enabled Enabled Enabled Exit Enabled Enabled Enabled Enabled Enabled Game New Game Disabled Disabled Enabled Disabled Disabled End Game Disabled Disabled Disabled Disabled Enabled Edit Change password Disabled Disabled Enabled Disabled Disabled
Notes 1. You may use QtDesigner (from within QtCreator or, if you wish so, separately) for creating the forms and the main window. To start, simply create a new project of type Qt5 Gui Application inside QtCreator. 2. Using QtDesigner your widgets will be contained in *.ui files. You can read in Qt’s documentation on how to use UI files in your application: http://qt-project.org/doc/qt5/designer-using-a-ui-file.html. Pay particular attention to the following sections: The Single Inheritance Approach Widgets and Dialogs with Auto-Connect 3. In QtCreator, while editing a QtDesigner form: Right click on a widget (i.e. a button), choose Go to slot, and select the appropriate signal you want to handle. This process will automatically create a slot in your source file. 4. Always use “Qt Designer Form Class” when creating your widgets. 5. To see examples in action, go to the Welcome tab in QtCreator, and use the “Explore Qt Examples” section. Check out the QtDesigner → Calculator Form example (and others, if you wish). 6. To draw the game grid, consider using a custom-drawn widget. Check out the documentation of QPainter: http://qt-project.org/doc/qt-5/qpainter.html 7. Qt’s implementation of a cryptographic hash (http://qt-project.org/doc/qt5/qcryptographichash.html) allows you to encrypt information passed to it in a way that is “inefficient” to recover. What this means is that given a password m you can pass it through the sha1sum algorithm and get out what’s called a digest m’ written m’ = sha1(m). If a hacker is able to steal your passwords file they’ll be able to read the digest of every user’s password. However, it should take them an extremely long time to figure out a message k which will also yield m’ = sha1(k) (it’s not necessary to find a k, k=m to crack a cryptographic hash). This property means that if a user knows the password m the computer can store the digest m’ and the next time the user logs in they give the computer m as the password the computer calculates m’ since the sha1 algorithm always returns the same output for a given input. If the digest the computer stored matches the digest of the password the user just gave then the computer can say with very high confidence that this person knows what the actual password is for that user and is thus the user they tried to log in as. 8. Note that other techniques are necessary to keep passwords secure in practical contexts. While you’re not required to do so for this assignment you would need to give each user record a salt and key stretching. Salting would prevent two different users with the same password from having the same hash but would instead combine the salt (kept plaintext with the record) with the password to generate the hash. Salting prevents a hacker from cracking an entire password database and prevents efficient parallel cracking of a hash. Key stretching repeatedly applies a cryptographic hash function to make generation of the hash function more expensive, but still feasible, for the legitimate user but totally impractical for a hacker trying to search over the space of input passwords. You are not required to use either for this assignment. If you absolutely have to implement a password system consult the latest information on password storage.
