VB.net User authentication login through SQL/VPS

Question

Steven_6 0 Newbie Poster

10 Years Ago

I was wondering, how do I make it so users can login. I have an SQL database, I have a VPS, I have a VPS. I just need help setting it up and adding an account..
This is the login form:

Public Class Form1

    Private Sub FlatToggle1_CheckedChanged(sender As Object)

    End Sub

    Private Sub FlatButton1_Click(sender As Object, e As EventArgs) Handles FlatButton1.Click
        If FlatTextBox1.Text = "myusername" And FlatTextBox2.Text = "mypass" Then
            FlatStatusBar1.Text = "Logging in..."
            Me.Hide()
            Dim oForm As Form2
            oForm = New Form2()
            oForm.Show()
            oForm = Nothing
        Else
            FlatStatusBar1.Text = "Wrong username or password."
        End If
    End Sub
End Class

Super simple, easy to be cracked, and only 1 person can logon, which is me. Please help!

vb.net

2 Contributors
2 Replies
304 Views
2 Weeks Discussion Span
Latest Post 10 Years Ago Latest Post by Begginnerdev

Begginnerdev 256 Junior Poster

10 Years Ago

When handling usernames and passwords it is best to define your criteria for both the user and the administrator.

You will have to determine if you want trap-door encrypted passwords or simple text passwords. Such a method could be passing the user's input into a 256bit encryption function and checking the string against the database value.

If you chose to do simple text passwords, you might want to define some sort of password policy for the application/user.

Something like these requirements:
Must contain at least one letter from alphabet
Must contain at least one number
Must contain at least one special character
Must have a minimal length of n characters (n = number of your chosing)
Must not contain a palindrome

Then you must enforce unique ID method. (Be it an auto number or unique user ID's)

Last step is as simple as querying the database and checking the username/password against it.

For example:

'Checks the database for the user then checks the password given.
Private Function Authenticated(ByVal sUser As String, ByVal sPass As String) As Boolean
    'For this example I am using System.Data.OleDB
    Dim con As New OleDBConnection("ConnectionstringHere") 'See www.connectionstrings.com for help
    Dim da As New OleDBDataAdapter("SELECT PassWord FROM myTable WHERE UserName='" & sUser &"'",con)
       Dim ds As New DataSet
    Try
       da.Fill(ds,"PassCheck")

       If Not IsNothing(ds.Tables("PassCheck")) And ds.Tables("PassCheck").Rows.Count > 0 Then
           'Check the value against the password returned.
           If sPass = ds.Tables("PassCheck").Rows(0)("PassWord") Then
               Return True
           Else
               Return False
           End If
       Else
           MsgBox("User was not found in the database!")
           Return False
       End If
    Catch ex As Exception
        MsgBox(ex.ToString)
        Return False
    Finally
        da = nothing
        If con.State = ConnectionState.Open Then con.Close
        con = nothing
    End Try
End Function

If you chose not to use encryption, you can use this function as follows:

Private Sub btnLogIn_Click(ByVal sender As System.Object, ByVal e As System.EventArgs) Handles btnLogIn.Click
    If Not String.IsNullOrWhiteSpace(txtUserName.Text) Then
        If Not String.IsNullOrWhiteSpace(txtPassWord.Text) Then
            If Authenticated(txtUserName.Text, txtPassWord.Text) Then
                MsgBox("Connected!")
            Else
                MsgBox("Could not authenticate!")
            End If
        Else
            MsgBox("Must enter a password!")
        End If
    Else
        MsgBox("Must enter a user name!")
    End If
End Sub

If you chose to use encryption then you can use the code as follows:

Private Sub btnLogIn_Click(ByVal sender As System.Object, ByVal e As System.EventArgs) Handles btnLogIn.Click
    If Not String.IsNullOrWhiteSpace(txtUserName.Text) Then
        If Not String.IsNullOrWhiteSpace(txtPassWord.Text) Then
            If Authenticated(txtUserName.Text, EncryptFunction(txtPassWord.Text)) Then
                MsgBox("Connected!")
            Else
                MsgBox("Could not authenticate!")
            End If
        Else
            MsgBox("Must enter a password!")
        End If
    Else
        MsgBox("Must enter a user name!")
    End If
End Sub

You can find a simple encryption project to use for an example here.

Reply to this topic

Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.

Begginnerdev 256 Junior Poster · Answer 1 · 2014-02-18T18:03:08+00:00

Just another note, if you wish to go one step further and not retreive the password from the database you can do something like this:

Dim cmd As New OleDBCommand("SELECT * FROM myTable WHERE UserName='" & sUser & "' AND PassWord='" & sPass & "'",con)

If cmd.ExecuteScalar > 0 Then
    Return True
Else
    Return False
End If

This would be just another added layer of security if using plain text passwords.