Whats up guys, So I am debugging my companies program that the previous programmer has created. It is buggy and an annoyance in my life and I want to get this done as quickly as possible. Ive already fixed some bugs and published the updated version onto our server. HERE IS MY PROBLEM:
User installs app, login box pops up and prompts user to input username and password. Here is the sql code for logging in:

"SELECT EmpGroupPermissions.AppAccessWC, Employees.* FROM EmpGroupPermissions RIGHT OUTER JOIN Employees ON EmpGroupPermissions.GroupID = Employees.PrimaryGroup WHERE Username='" & Me.UsernameTextBox.Text & "' AND Password='" & Me.PasswordTextBox.Text & "'"

User tries to log in and I get this error; I will put the code for catching the sqlexception then the error I get when a user tries to log in:

Catch exc As SqlException

            varErrorMsg = _
                "Sorry, the database server returned the following error:" & Chr(13) & _
                exc.Errors(0).Message
            MsgBox(varErrorMsg, MsgBoxStyle.Critical)

        End Try

Heres the error that pops up when trying to log in:

"Sorry, the database server returned the following error: Login failed for user 'lesly'"

Now she is in the Employees table and she has access to the application through the EmpGroupPermissions table. Any help would greatly be appreciated because when I install it on my computer and try her username and password it succeeds, but when she tries it on her computer it fails, along with any other computer I try it on. Thanks in advance!

I think we need to know what you are trying (inside the try...catch block).
Also would be nice to know how you are connecting to SQL.

I think we need to know what you are trying (inside the try...catch block).
Also would be nice to know how you are connecting to SQL.

Seconded; please post your connection string.

Unfiltered text input placed directly into an SQL statement in production code... It hurts my eyes.

Heres everything under the OK_Click button. And hericles, if you cant help, then dont post, cuz I dont need to read your mindless comment. I didnt write this program bud, I am simply fixing it!!

Dim vMonth As String
        Dim vDay As String
        Dim vHour As String
        Dim vMinute As String
        Dim strSQL As String = ""
        Dim SqlComm As New System.Data.SqlClient.SqlCommand(strSQL, mainConnection)
        Dim DR As System.Data.SqlClient.SqlDataReader

        Try
            If mainConnection.State = ConnectionState.Closed Then
                mainConnection.Open()
            End If

            SqlComm.CommandText = "SELECT EmpGroupPermissions.AppAccessWC, Employees.* FROM EmpGroupPermissions RIGHT OUTER JOIN Employees ON EmpGroupPermissions.GroupID = Employees.PrimaryGroup WHERE Username='" & Me.UsernameTextBox.Text & "' AND Password='" & Me.PasswordTextBox.Text & "'"
            SqlComm.CommandTimeout = 60
            DR = SqlComm.ExecuteReader

            Do While DR.Read()
                If DR.Item("Active") = "Y" Then
                    If DR.Item("AppAccessWC") = "Y" Then

                        ' Load Main Window & Push Employee Name
                        frmMain.Show()
                        frmMain.tslEmpID.Text = Trim(DR.Item("EmployeeID"))
                        frmMain.ToolStripLabel_Username.Text = Trim(DR.Item("Username")) & " (" & Trim(DR.Item("FirstName")) & " " & Trim(DR.Item("LastName")) & ")"
                        frmMain.Text = "Waynoka Campground (" & Trim(DR.Item("FirstName")) & " " & Trim(DR.Item("LastName")) & ")"

                        ' Update Employee's Last Login Data
                        Dim sqlUpdateLogin As String
                        vMonth = Month(Now)
                        vMonth = vMonth.PadLeft(2, "0")
                        vDay = Day(Now)
                        vDay = vDay.PadLeft(2, "0")
                        vHour = Hour(Now)
                        vHour = vHour.PadLeft(2, "0")
                        vMinute = Minute(Now)
                        vMinute = vMinute.PadLeft(2, "0")
                        sqlUpdateLogin = "UPDATE Employees SET LastLogin=" & Year(Now) & vMonth & vDay & vHour & vMinute & _
                                        " WHERE Username='" & Trim(DR.Item("Username")) & "'"

                        If mainConnection2.State = ConnectionState.Closed Then
                            mainConnection2.Open()
                        End If
                        Dim cmdUpdateLogin As New System.Data.SqlClient.SqlCommand(sqlUpdateLogin, mainConnection2)
                        cmdUpdateLogin.ExecuteNonQuery()
                        cmdUpdateLogin.Dispose()
                        If mainConnection2.State <> ConnectionState.Closed Then
                            mainConnection2.Close()
                        End If

                        Me.Hide()
                        varValid = 1
                    Else
                        MsgBox("Your account does not have access to this application.", MsgBoxStyle.Critical, "Application Access Error")
                        varValid = 2
                    End If
                Else
                    If varValid = 0 Then
                        MsgBox("Your account is not active.", MsgBoxStyle.Critical, "Application Access Error")
                    End If
                    varValid = 2
                End If
            Loop
            DR.Close()

            If varValid = 0 Then
                MsgBox("Bad Username/Password.", MsgBoxStyle.Critical, "Application Access Error")
            End If

            If DR.IsClosed = False Then DR.Close()
            SqlComm.Dispose()

        Catch exc As SqlException

            varErrorMsg = _
                "Sorry, the database server returned the following error:" & Chr(13) & _
                exc.Errors(0).Message
            MsgBox(varErrorMsg, MsgBoxStyle.Critical)

        End Try
This article has been dead for over six months. Start a new discussion instead.