943,723 Members | Top Members by Rank

Software Development > VB.NET > Got stuck on creating a login and password form. Epic If statement needed
Ad:
  • VB.NET Discussion Thread
  • Marked Solved
  • Views: 799
  • VB.NET RSS
Permalink
May 24th, 2009
0

Got stuck on creating a login and password form. Epic If statement needed

Expand Post »
I wanted to create a form where a user can create an account, have it loaded in SQL, and be able to retrieve the information and validate it. I've reached a mental block on the validation code and need some advice. Here is my code so far:

VB.NET Syntax (Toggle Plain Text)
  1. Public Class main
  2.  
  3.     Private Sub Label5_Click(ByVal sender As System.Object, ByVal e As System.EventArgs) Handles lblUsername.Click
  4.  
  5.     End Sub
  6.  
  7.     Private Sub btnJoin_Click(ByVal sender As System.Object, ByVal e As System.EventArgs) Handles btnJoin.Click
  8.  
  9.  
  10.         lblName.Visible = True
  11.         lblUsername.Visible = True
  12.         lblPassword.Visible = True
  13.         txtName.Visible = True
  14.         txtUsername.Visible = True
  15.         txtPassword.Visible = True
  16.         btnNext.Visible = True
  17.     End Sub
  18.  
  19.     Private Sub main_Load(ByVal sender As System.Object, ByVal e As System.EventArgs) Handles MyBase.Load
  20.  
  21.         Try
  22.             SqlConnection1.Open()
  23.  
  24.         Catch ex As Exception
  25.             MsgBox(ex.Message)
  26.  
  27.  
  28.         End Try
  29.  
  30.     End Sub
  31.  
  32.     Private Sub btnNext_Click(ByVal sender As System.Object, ByVal e As System.EventArgs) Handles btnNext.Click
  33.         DBAuser.InsertCommand.CommandText = "INSERT INTO login (userName, login, password) VALUES ('" + txtName.Text.Replace("'", "") + "', '" + txtUsername.Text.Replace("'", "") + "', '" + txtPassword.Text.Replace("'", "") + "');"
  34.         DBAuser.InsertCommand.ExecuteNonQuery()
  35.         MessageBox.Show("Account Created Successfully")
  36.         txtName.Clear()
  37.         txtUsername.Clear()
  38.         txtPassword.Clear()
  39.  
  40.  
  41.         lblName.Visible = False
  42.         lblUsername.Visible = False
  43.         lblPassword.Visible = False
  44.         txtName.Visible = False
  45.         txtUsername.Visible = False
  46.         txtPassword.Visible = False
  47.         btnNext.Visible = False
  48.  
  49.  
  50.  
  51.     End Sub
  52.  
  53.     Private Sub btnUser_Click(ByVal sender As System.Object, ByVal e As System.EventArgs) Handles btnUser.Click
  54.  
  55.         'got stuck here :(
  56.  
  57.         DBAuser.SelectCommand.CommandText = "SELECT login,password FROM login WHERE userName = '" & txtUsername2.Text & "' AND password = '" & txtPassword2.Text & "'"
  58.  
  59.     End Sub
  60.  
  61. End Class


Do i need some sort of Epic if statement to validate what the user inputted into the text boxes or am i on the wrong path?
Thanks
Similar Threads
Reputation Points: 10
Solved Threads: 0
Light Poster
lolwtf is offline Offline
41 posts
since May 2009
Permalink
May 24th, 2009
0

Re: Got stuck on creating a login and password form. Epic If statement needed

Quote ...
Do i need some sort of Epic if statement to validate what the user inputted into the text boxes
I'm afraid you need it.
Quote ...
am i on the wrong path
I don't think so.

I don't know what type of DBAuser is. But the SQL syntax "SELECT login,password FROM login WHERE userName = '" & txtUsername2.Text & "' AND password = '" & txtPassword2.Text & "'" is correct. After you execute that SQL statement, just check that a one and only one record is returned. If you get nil records, either user name or/and the password is incorrect.

When you create a new account (INSERT statement), you should first check that the user name and the password combination does not exist already.

I would make a separate boolean function for that
VB.NET Syntax (Toggle Plain Text)
  1. Private Function IsValidLogin(ByVal UserName As String, ByVal Password As String) As Boolean
  2.   ' Check if UserName and Password are found in the DB and return True. Otherwise, return False
  3.  
  4. End Function
Put the DB code (SELECT statement and record count testing) in there and you can call it easily from both user login and when the user creates an account.
Reputation Points: 218
Solved Threads: 201
Veteran Poster
Teme64 is offline Offline
1,024 posts
since Aug 2008
Permalink
May 25th, 2009
0

Re: Got stuck on creating a login and password form. Epic If statement needed

add also in your login checking about sql injection or else it will be easily to hack...
Reputation Points: 11
Solved Threads: 49
Posting Whiz
jireh is offline Offline
316 posts
since Jul 2007
Permalink
May 25th, 2009
0

Re: Got stuck on creating a login and password form. Epic If statement needed

Jireh is right about SQL injection. I didn't mention it because it's rarely an issue with Windows apps. If you're going to use the code with ASP.NET, there's a really bad security hole. And you'll be hacked sooner or later.

You do some replaces in your SQL INSERT statement. A few characters that you shouldn't allow in user name and password are ";", "-" and "'". To be more precise, the correct way to do it in a "safe way", is to define a set of allowed characters (a-z, 0-9 and a few other printable characters). If the user tries to create an account with an user name and/or a password containing any character that is not an allowed character, it should be rejected.
Reputation Points: 218
Solved Threads: 201
Veteran Poster
Teme64 is offline Offline
1,024 posts
since Aug 2008
Permalink
May 25th, 2009
0

Re: Got stuck on creating a login and password form. Epic If statement needed

DBAUser is my database adapter. As for the security and sql injection, this is just a personal project im doing for fun. I guess it would be useful later on so ill do some research on that. As for the password validation im still stuck on that part because I dont have much practice with Database adapters.
Reputation Points: 10
Solved Threads: 0
Light Poster
lolwtf is offline Offline
41 posts
since May 2009
Permalink
May 26th, 2009
0

Re: Got stuck on creating a login and password form. Epic If statement needed

Okay i figured out the actual code if anybody's interested:

DBAuser.SelectCommand.CommandText = "SELECT COUNT(login) FROM login WHERE userName = '" & txtUsername2.Text & "' AND password = '" & txtPassword2.Text & "'"
DBAuser.Fill(DSLogin) 'fill dataset
If DSLogin.Tables(0).Rows(0).Item(0) > 0 Then '
'User entered proper login
Reputation Points: 10
Solved Threads: 0
Light Poster
lolwtf is offline Offline
41 posts
since May 2009

This thread is solved

Either the thread starter or a moderator has marked this thread as solved. You can most likely trust the responses and answers given. There is most likely no reason for any further responses to be posted here. If you have a related question, please start a new thread in this forum instead.

This thread is more than three months old

No one has posted to this discussion for at least three months. Please let old threads die and do not reply to them unless you feel you have something new and valuable to contribute that absolutely must be added to make the discussion complete. Otherwise, please start a new thread in this forum instead.
Message:
Previous Thread in VB.NET Forum Timeline: ConfigurationManager for Class Library Config
Next Thread in VB.NET Forum Timeline: I need help on a browser





About Us | Contact Us | Advertise | Acceptable Use Policy
Forum Index | Build Custom RSS Feed


Follow us on Twitter


© 2011 DaniWeb® LLC