Check Mysql DB for username and password C#
Been having problems with this for a couple of days. I'm working on a login screen with a simple username and password, and having everything store in a database. Pretty much I need to to check to see if the username and password match up and also see if if there account is activated(either a 0 or 1). I have been having problems with this and can't seem to get it to work correctly. Any help is appreciated.
DB Mysql
private void loginButton_Click(object sender, EventArgs e)
{
AdamPanel bl开发者_StackOverflow社区arg = new AdminPanel();
string pass, user;
string password = "";
string username = "";
user = usernameBox.Text;
pass = passwordBox.Text;
DataSet bb = new DataSet();
string connectionString = "datasource=stuff;database=users";
MySqlConnection mysql = new MySqlConnection(connectionString);
MySqlDataAdapter adapter = new MySqlDataAdapter();
adapter.SelectCommand = new MySqlCommand("SELECT * FROM RegularUsers WHERE Username = '" + user + "' AND Password = '" + pass + "'", mysql);
adapter.Fill(bb);
if(bb.HasRows)
blarg.Show();
return 0;
}
}
}
still not working any ideas?
First of all PLEASE hash and salt your passwords. Make sure your username/pw arn't sql injection vulnerable since you're not using a language with parameterized queries... prolly best using stored procs as i believe MySql has them now.
However, in spite of this... i think this is what you're looking for.
public int Load()
{
string connectionString = "datasource=STUFF YOU SHOULDNT SEEdatabase=users";
MySqlConnection mysql = new MySqlConnection(connectionString);
MySqlDataAdapter adapter = new MySqlDataAdapter();
mysql.SelectCommand = new MySqlCommand("SELECT * FROM [RegularUsers] WHERE Username = '" + this.username + "' AND Pass = '" + this.password + "'", conn);
mysql.Fill(dataset);
if (dataset.HasRows)
return 1;
return 0;
}
public bool ValidateLogin(string username, string password)
{
MySqlConnection conn = new MySqlConnection("[YOURCONNECTIONSTRING]");
MySqlDataAdapter adapter = new MySqlDataAdapter();
adapter.SelectCommand = new MySqlCommand("SELECT * FROM [YOURUSERTABLE] WHERE Username = ? AND Pass = ?", conn);
adapter.SelectCommand.Parameters.Add("@Username", username);
adapter.SelectCommand.Parameters.Add("@Password", password);
adapter.Fill(dataset);
If (dataset.HasRows)
{
// User is logged in maybe do FormsAuthentication.SetAuthcookie(username);
return true;
} else {
// Authentication failed
return false;
}
}
First of all you must include using MySql.Data.MySqlClient.
Use these functions:
public MySqlConnection NewConnection()
{
string cstr = String.Format(
"SERVER={0};PORT={1};DATABASE={2};UID={3};PWD={4}",
sett.DBHost, sett.DBPort, sett.DBDatabase,
HotelDB.user, HotelDB.password);
MySqlConnection conn = new MySqlConnection(cstr);
try { conn.Open(); }
catch (Exception ex)
{
conn = null;
}
return conn;
}
private MySqlCommand NewCommand(MySqlConnection conn, string cmd, params object[] parameters)
{
if (conn==null) return null;
MySqlCommand command;
try
{
command = new MySqlCommand(cmd, conn);
if (parameters != null)
{
int index = 0;
while (index < parameters.Length)
{
command.Parameters.Add(
new MySqlParameter((string)parameters[index], parameters[index + 1]));
index += 2;
}
}
}
catch { command = null; }
return command;
}
private string MD5(string Value)
{
System.Security.Cryptography.MD5CryptoServiceProvider x = new System.Security.Cryptography.MD5CryptoServiceProvider();
byte[] data = System.Text.Encoding.ASCII.GetBytes(Value);
data = x.ComputeHash(data);
string ret = "";
for (int i=0; i < data.Length; i++)
ret += data[i].ToString("x2").ToLower();
return ret;
}
Then you can do:
MySqlConnection conn = NewConnection(.....);
MySqlCommand cmd = NewCommand(conn,"SELECT userid,useractive FROM table WHERE username=@user AND MD5(password)=@pwd","user",username,"pwd",MD5(pwd));
MySqlDataReader rd = cmd.ExecuteReader();
Where username and pwd are the ones typed from user. If rd is empty user/pwd are wrong; otherwise you can read the fields you need.
I changed the some variables and make it simple as possible, instead declaring a variable for textbox, i direct it to the adapter:
private void button Click
{
MySqlConnection mcon = new MySqlConnection("Yourconnection");
MySqlDataAdapter adapter;
DataTable table = new DataTable();
adapter = new MySqlDataAdapter("Select * From database.table where Username = '" + textbox1.Text + "' and password = '" + textbox2.Text + "'", mcon);
adapter.Fill(table);
if (table.Rows.Count <= 0)
{
//message something
}
else
{
//show main form
}
}
精彩评论