1,105,578 Community Members

Login System (vb.net -> PHP -> MySQL)

Member Avatar
Trle94
Light Poster
46 posts since Nov 2010
Reputation Points: 0 [?]
Q&As Helped to Solve: 0 [?]
Skill Endorsements: 0 [?]
 
0
 

Hello everyone,
i need small help since im stuck, and im not that good with php and vB.net connections...
So here is the problem, i manage to get connected to db and php script shows me if im connected or not, grab if user/pw is correct everything works fine, but now i do not know how to grab, on new form show up, data from that user and display it in label, like in db it has date of registration, last login and email, i want to get them on my second form.. so if anyone could help me out to sort those things and manage to complete goal, i would be really thankfull!

Usercheck.php

<?php
if($_POST)
{
    if(isset($_POST["username"]) && isset($_POST["password"]))
    {
        $connect = mysql_pconnect("localhost","username","password");
        if($connect)
        {
            $select = mysql_select_db("mydatabase",$connect);
            if($select)
            {
                $user = mysql_escape_string($_POST["username"]);
                $pwd = mysql_escape_string($_POST["password"]);
                $GetRows = mysql_query("SELECT * FROM MyTableHere WHERE username='$user' AND password='$pwd'");
                $RowCount=mysql_num_rows($GetRows);
                if($RowCount>0)
                {
                    die("Correct !");
                }
                else
                {
                    die("Incorrect !");
                }
            }
            else
            {
                die("Unable to select database." . mysql_error());
            }
        }
        else
        {
            die("Unable connect to database." . mysql_error());
        }
    }
    else
    {
        die("Access Denied!");
    }
}
else
{
    die("Access Denied!");
}
?>

Snipet of Form1.vb

Function AuthUser(ByVal AuthenticationPage As String, ByVal Username As String, ByVal Password As String) As Boolean
        Dim wc As New WebClient()
        wc.Headers.Add("Content-Type", "application/x-www-form-urlencoded")
        Dim Data As String = String.Format("username={0}&password={1}", HttpUtility.UrlEncode(Username), HttpUtility.UrlEncode(Password))
        Dim ResponseBytes() As Byte = wc.UploadData(AuthenticationPage, "POST", Encoding.ASCII.GetBytes(Data))
        Dim Response As String = Encoding.ASCII.GetString(ResponseBytes)
        If Response.Contains("Correct") Then
            Return True
        Else
            Return False
        End If
    End Function
    Private Sub Button1_Click(ByVal sender As System.Object, ByVal e As System.EventArgs) Handles Button1.Click
        If AuthUser("http://127.0.0.1/Usercheck.php", TextBox1.Text, TextBox2.Text) Then
            Me.Hide()
            Form2.Show()
        Else
            MsgBox("You have provided invalid username or password. Unable to login.")
        End If
    End Sub

Could anyone help me out please? :)

Member Avatar
G_Waddell
Practically a Posting Shark
821 posts since Nov 2009
Reputation Points: 131 [?]
Q&As Helped to Solve: 137 [?]
Skill Endorsements: 13 [?]
 
0
 

Hi

Why use PHP? Why not VB.NET > MySQL?

Member Avatar
savedlema
Junior Poster
104 posts since Sep 2012
Reputation Points: 8 [?]
Q&As Helped to Solve: 1 [?]
Skill Endorsements: 0 [?]
 
0
 

I also wonder why php came in here! Why not just from VB.NET to MySQL as G Waddell said?

Member Avatar
Trle94
Light Poster
46 posts since Nov 2010
Reputation Points: 0 [?]
Q&As Helped to Solve: 0 [?]
Skill Endorsements: 0 [?]
 
0
 

just because of one simple reason, lets say we include mysql connector lib, insert our db details to form code compile app everything works like a charm, then some random guy show up take your .exe decompile it and grab mysql details from decompiled source login to db and grab all infos, good enought reason right? :)

Member Avatar
G_Waddell
Practically a Posting Shark
821 posts since Nov 2009
Reputation Points: 131 [?]
Q&As Helped to Solve: 137 [?]
Skill Endorsements: 13 [?]
 
0
 

So you're saying an uncomplied php file is more secure than a complied .Net program?

Member Avatar
G_Waddell
Practically a Posting Shark
821 posts since Nov 2009
Reputation Points: 131 [?]
Q&As Helped to Solve: 137 [?]
Skill Endorsements: 13 [?]
 
0
 

If Random guys can just show up take your dll and decompile it then a login page is the least of your security issues on that server! If you're that worried you can use an obfuscation program. But frankly if you have a secure server they shouldn't be able to even get to that stage. What if they get in and hijack your session? or use cross site scripting? You are only as secure as the system you design and build on. ASP.NET is just as secure as PHP

Member Avatar
Trle94
Light Poster
46 posts since Nov 2010
Reputation Points: 0 [?]
Q&As Helped to Solve: 0 [?]
Skill Endorsements: 0 [?]
 
0
 

Every obfuscation program has deobfuscator :)

You
This article has been dead for over three months: Start a new discussion instead
Post:
Start New Discussion
Tags Related to this Article