开发者

Check Mysql DB for username and password C#

Been having problems with this for a couple of days. I'm working on a login screen with a simple username and password, and having everything store in a database. Pretty much I need to to check to see if the username and password match up and also see if if there account is activated(either a 0 or 1). I have been having problems with this and can't seem to get it to work correctly. Any help is appreciated.

DB Mysql

    private void loginButton_Click(object sender, EventArgs e)
        {
            AdamPanel bl开发者_StackOverflow社区arg = new AdminPanel();
            string pass, user;
            string password = "";
            string username = "";

            user = usernameBox.Text;
            pass = passwordBox.Text;           
            DataSet bb = new DataSet();

            string connectionString = "datasource=stuff;database=users";
            MySqlConnection mysql = new MySqlConnection(connectionString);
            MySqlDataAdapter adapter = new MySqlDataAdapter();

            adapter.SelectCommand = new MySqlCommand("SELECT * FROM RegularUsers WHERE Username = '" + user + "' AND Password = '" + pass + "'", mysql);
            adapter.Fill(bb);

            if(bb.HasRows)
                blarg.Show();
            return 0;





        }

    }
}

still not working any ideas?


First of all PLEASE hash and salt your passwords. Make sure your username/pw arn't sql injection vulnerable since you're not using a language with parameterized queries... prolly best using stored procs as i believe MySql has them now.

However, in spite of this... i think this is what you're looking for.

public int Load()
    {
        string connectionString = "datasource=STUFF YOU SHOULDNT SEEdatabase=users";
        MySqlConnection mysql = new MySqlConnection(connectionString);
        MySqlDataAdapter adapter = new MySqlDataAdapter();

        mysql.SelectCommand = new MySqlCommand("SELECT * FROM [RegularUsers] WHERE Username = '" + this.username + "' AND Pass = '" + this.password + "'", conn);
        mysql.Fill(dataset);


        if (dataset.HasRows)
            return 1;
        return 0;
    }


  public bool ValidateLogin(string username, string password)
  {

    MySqlConnection conn = new MySqlConnection("[YOURCONNECTIONSTRING]");
    MySqlDataAdapter adapter = new MySqlDataAdapter();
    adapter.SelectCommand = new MySqlCommand("SELECT * FROM [YOURUSERTABLE] WHERE Username = ? AND Pass = ?", conn);

    adapter.SelectCommand.Parameters.Add("@Username", username);
    adapter.SelectCommand.Parameters.Add("@Password", password);

    adapter.Fill(dataset);


    If (dataset.HasRows)
    {
      // User is logged in maybe do FormsAuthentication.SetAuthcookie(username);
        return true;
    } else {
      // Authentication failed
      return false;
    }

  }


First of all you must include using MySql.Data.MySqlClient.
Use these functions:

public MySqlConnection NewConnection()
{
    string cstr = String.Format(
        "SERVER={0};PORT={1};DATABASE={2};UID={3};PWD={4}",
        sett.DBHost, sett.DBPort, sett.DBDatabase,
        HotelDB.user, HotelDB.password);
    MySqlConnection conn = new MySqlConnection(cstr);
    try { conn.Open(); }
    catch (Exception ex)
    {
        conn = null;
    }
    return conn;
}


private MySqlCommand NewCommand(MySqlConnection conn, string cmd, params object[] parameters)
{
    if (conn==null) return null;
    MySqlCommand command;
    try
    {
        command = new MySqlCommand(cmd, conn);
        if (parameters != null)
        {
            int index = 0;
            while (index < parameters.Length)
            {
                command.Parameters.Add(
                    new MySqlParameter((string)parameters[index], parameters[index + 1]));
                index += 2;
            }
        }
    }
    catch { command = null; }
    return command;
}

private string MD5(string Value)
{
        System.Security.Cryptography.MD5CryptoServiceProvider x = new System.Security.Cryptography.MD5CryptoServiceProvider();
        byte[] data = System.Text.Encoding.ASCII.GetBytes(Value);
        data = x.ComputeHash(data);
        string ret = "";
        for (int i=0; i < data.Length; i++)
                ret += data[i].ToString("x2").ToLower();
        return ret;
}

Then you can do:

MySqlConnection conn = NewConnection(.....);
MySqlCommand cmd = NewCommand(conn,"SELECT userid,useractive FROM table WHERE username=@user AND MD5(password)=@pwd","user",username,"pwd",MD5(pwd));
MySqlDataReader rd = cmd.ExecuteReader();

Where username and pwd are the ones typed from user. If rd is empty user/pwd are wrong; otherwise you can read the fields you need.


I changed the some variables and make it simple as possible, instead declaring a variable for textbox, i direct it to the adapter:

private void button Click
{
    MySqlConnection mcon = new MySqlConnection("Yourconnection");
    MySqlDataAdapter adapter;
    DataTable table = new DataTable();

    adapter = new MySqlDataAdapter("Select * From database.table where Username = '" + textbox1.Text + "' and password = '" + textbox2.Text +  "'", mcon);
    adapter.Fill(table);
    if (table.Rows.Count <= 0)
    {
        //message something
    }
    else
    {
        //show main form
    }
}
0

上一篇:

下一篇:

精彩评论

暂无评论...
验证码 换一张
取 消

最新问答

问答排行榜