Hi,

I'm making a login application but i have the following problem.
When an user clicks the button "Login" it is allways correct. I would like to check in my sql database if the user and password match. Does anyone have an idea?

Database.cs

using System;
using System.Collections.Generic;
using System.Linq;
using System.Text;
using System.Data.SqlClient;
using System.Data;
using System.Configuration;

namespace Monopoly.Data
{
    public class Database
    {
        private static String ConnectionString
        {
            get
            {
                return @"Data Source=PC-TIM; Initial Catalog=Monopoly; Integrated Security=True";
               
            }
        }

        // Connectie maken en openen
        private static SqlConnection GetConnection()
        {
            try
            {
                SqlConnection oCon = new SqlConnection(ConnectionString);
                oCon.Open();
                return oCon;
            }
            catch (Exception ex)
            {
                Console.WriteLine(ex.ToString());
                return null;
            }
            


        }

        // De connectie sluiten en vrijgeven
        private static void ReleaseConnection(SqlConnection oCon)
        {
            if (oCon != null)
            {
                oCon.Close();
                oCon.Dispose();
            }
        }


        private static SqlCommand BuildCommandParameters(String sStoredProcedureNaam, params SqlParameter[] dbParams)
        {
            SqlConnection oCon = GetConnection();
            SqlCommand oCommand = oCon.CreateCommand();
            oCommand.CommandType = CommandType.StoredProcedure;
            oCommand.CommandText = sStoredProcedureNaam;

            if (dbParams != null)
            {
                foreach (SqlParameter oPar in dbParams)
                {
                    oCommand.Parameters.Add(oPar);
                }
            }
            return oCommand;
        }


        // Een DataTable ophalen
        public static DataTable GetDT(String sStoredProcedureNaam, params SqlParameter[] dbParams)
        {
            SqlCommand oCommand = null;
            try
            {

                oCommand = BuildCommandParameters(sStoredProcedureNaam, dbParams);

                SqlDataAdapter oDA = new SqlDataAdapter();
                oDA.SelectCommand = oCommand;

                DataTable oDT = new DataTable();
                oDA.Fill(oDT);

                return oDT;
            }
            catch (Exception ex)
            {
                Console.WriteLine(ex.ToString());
                return null;
            }

            finally
            {
                if (oCommand != null)
                {
                    ReleaseConnection(oCommand.Connection);
                }
            }
        }



        // DataReader ophalen
        public static SqlDataReader GetDR(String sStoredProcedureNaam, params SqlParameter[] dbParams)
        {
            SqlCommand oCommand = null;
            SqlDataReader oDR = null;

            try
            {
                oCommand = BuildCommandParameters(sStoredProcedureNaam, dbParams);
                oDR = oCommand.ExecuteReader(CommandBehavior.CloseConnection);

                return oDR;
            }
            catch (Exception ex)
            {
                Console.WriteLine(ex.ToString());
                return null;
            }

            finally
            {
                if (oCommand != null)
                {
                    ReleaseConnection(oCommand.Connection);
                }
            }
        }

        // Slechts 1 resultaat teruggeven
        public static Object ExecuteScalar(String sStoredProcedureNaam, params SqlParameter[] dbParams)
        {
            SqlCommand oCommand = null;

            try
            {
                oCommand = BuildCommandParameters(sStoredProcedureNaam, dbParams);
                Object oObject = oCommand.ExecuteScalar();

                return oObject;
            }
            catch (Exception ex)
            {
                Console.WriteLine(ex.ToString());
                return null;
            }

            finally
            {
                if (oCommand != null)
                {
                    ReleaseConnection(oCommand.Connection);
                }
            }
        }


        // SQL zonder terugkeer resultaat uitvoeren
        public static void ExcecuteSQL(String sStoredProcedureNaam, params SqlParameter[] dbParams)
        {
            SqlCommand oCommand = null;

            try
            {
                oCommand = BuildCommandParameters(sStoredProcedureNaam, dbParams);
                oCommand.ExecuteNonQuery();
            }
            catch (Exception ex)
            {
                Console.WriteLine(ex.ToString());
            }

            finally
            {
                if (oCommand != null)
                {
                    ReleaseConnection(oCommand.Connection);
                }
            }
        }

    }
}

LoginWindow.xaml.cs

using System;
using System.Collections.Generic;
using System.Linq;
using System.Text;
using System.Windows;
using System.Windows.Controls;
using System.Windows.Data;
using System.Windows.Documents;
using System.Windows.Input;
using System.Windows.Media;
using System.Windows.Media.Imaging;
using System.Windows.Shapes;
using System.Data.SqlClient;
using Monopoly.Connector;
using Monopoly.Library;

namespace Monopoly.UI
{
    /// <summary>
    /// Interaction logic for LoginWindow.xaml
    /// </summary>
    public partial class LoginWindow : Window
    {
        Gateway connector = Gateway.Instance;

        public LoginWindow()
        {
            InitializeComponent();
        }

        private void btnLogin_Click(object sender, RoutedEventArgs e)
        {
            if (ValidateLogin())
            {
                try
                {
                    Player validPlayer = connector.Proxy.VerifyUserInput(txtUserName.Text, txtPaswoord.Password);
                    if (validPlayer != null)
                    {


                        Start(validPlayer);
                    }
                    else
                    {
                        MessageBox.Show("Of uw naam is niet goed, of uw paswoord is verkeerd");
                    }

                }
                catch (Exception ex)
                {
                    MessageBox.Show("Oops, something went wrong: " + ex.Message);
                }
                
            }         
        }

        private void Start(Player p)
        {
            MainWindow m = new MainWindow(p);
            m.Show();
            this.Close();
        }

        private bool ValidateLogin()
        {
            bool isLoginValid = true;
            StringBuilder messageBuilder = new StringBuilder(2);

            if (string.IsNullOrEmpty(txtUserName.Text))
            {
                isLoginValid = false;
                messageBuilder.AppendLine("Username is required.");
            }
            if (string.IsNullOrEmpty(txtPaswoord.Password))
            {
                isLoginValid = false;
                messageBuilder.AppendLine("Password is required.");
            }
            if (!isLoginValid)
            {
               MessageBox.Show(messageBuilder.ToString(), "Please fill in the required fields", MessageBoxButton.OK, MessageBoxImage.Information );
            }
            return isLoginValid;
        }


    }
}

PlayerData.cs

using System;
using System.Collections.Generic;
using System.Linq;
using System.Text;
using System.Runtime.Serialization;
using Monopoly.Library;
using System.Data;
using System.Data.SqlClient;

namespace Monopoly.Data
{
  //  [DataContract]
    public class PlayerData
    {

        public static Player VerifyUserInput(string naam, string paswoord)
        {

            //ParameterList aanmaken
            List<SqlParameter> parameters = new List<SqlParameter>();

            //Parameter(s) aanmaken
            SqlParameter parA = new SqlParameter("PlayerName", naam);
            SqlParameter parB = new SqlParameter("PlayerPaswoord", paswoord);
            //Parameter(s) toevoegen
            parameters.Add(parA);
            parameters.Add(parB);

            DataTable dt = Database.GetDT("dbo.Player", parameters.ToArray());
            SqlCommand command = new SqlCommand("SELECT * FROM [Player] WHERE [PlayerName]='" + naam + "' AND [PlayerPaswoord]='" + paswoord + "'");

            if (dt.Rows.Count == 1)
            {

                return new Player(naam, paswoord);
            }
            return new Player(naam, paswoord);

        }
  }
}

Thanks in advance!

Edited 4 Years Ago by opticaltim: putting in code tags

In the PlayerData.cs you are returning a new instance of Player with the username and password even if the Rows.Count is not 1...

This is wrong, you could try to just return null... And then check if the result of VerifyUserInput is null before starting a player session...

if (dt.Rows.Count == 1)
            {
 
                return new Player(naam, paswoord);
            }
            return new Player(naam, paswoord); //wrong code here

Yes i realized this :)
I got a NullRefExcepten on the dt.Rows.count, any idea how to solve this?
Should i work with stored procedures?
Thanks in advance!

This question has already been answered. Start a new discussion instead.