Hello, I'm a beginner and I created a log-in form in VB.net using Windows Form and configuring the Settings of the project. I need help on how can I prevent the user from accessing the other parts of the program if they haven't registered yet, as well as deleting the data of the account registered by the user.

Basically, I put a "Forgot your password?" button that the User can click on the Log-In form (main form). When clicked, it leads to the Password Recovery form that asks them security questions to help them recover their account. However, I want to make the Password Recovery form inaccessible if the user hasn't registered yet.

My main questions are:

  • How can the program recognize that the user hasn't registered yet?
  • How can I have the option for the user to delete their account, to make the variables (Settings stuff) empty again? (For example, if they deleted the account, then they will have to register again before they can access other parts of the program.)

This is the code I used so the user couldn't log-in if they're not registered. However it isn't accurate yet because I haven't figured out what code to use if the User isn't registered yet. (If one of the My.Settings.Stuff is empty). I just used an Else statement which works but isn't what I really want.

Private Sub LogIn_Click(sender As Object, e As EventArgs) Handles LogIn.Click
        If username.Text = My.Settings.Username And password.Text = My.Settings.Password Then
            MsgBox("Login successful")
        ElseIf username.Text = Nothing Or password.Text = Nothing Then
            MsgBox("Login unsuccessful. Please fill up all fields.")
        Else
            MsgBox("Please register an account first.")
        End If
    End Sub
End Class

Here is the code I tried for the "Forgot your password?" To clarify, I ran the program and put in random data for username, password, etc. to see any errors before I coded this . So, both the My.Settings.Username and My.Settings.Password currently have data stored in them. I think that's why the code below doesn't work.

Private Sub LinkLabel1_LinkClicked(sender As Object, e As LinkLabelLinkClickedEventArgs) Handles LinkLabel1.LinkClicked
        If My.Settings.Username = Nothing And My.Settings.Password = Nothing Then
            MsgBox("You haven't registered an account yet.")
        Else
            Forgot.ShowDialog()
        End If

Here is how my main form looks like:
Form1.png

Here is the form that shows when the user clicks the Register button:
Register.png

And here is the Password Recovery Form when the user clicks the "Forgot your password?"
Recovery.png

I hope I explained my problem clearly. If not, please inform me of what I should make clearer/what I should add.

First off I wouldn't use Settings variables. They are stored in clear text. Plus, you are limiting yourself to only one user. I would set up a small database (I suggest sqlite) and encrypt/scramble the username and password. If you don't want the user to access other parts of the program without registering, just don't display those forms until they have registered and logged in.

On second thought, because you are a beginner I suggest you stick with the Settings variables and clear text until you have the kinks worked out. Just make sure to put your username/password code in a module so that you can later change to a database with encryption without breaking the rest of your application.

+1 for the "second thought"

I wouldn't use Settings variables. They are stored in clear text

(Depending on your language) it's only a few lines of code to encrypt all the info and Base64 encode it for storage in a "plain text" medium. IMHO that's a lot simpler than setting up and using a database and at least as secure.