Member Avatar for Sashika_1

hey everyone. I need you experties help to the correct this login form code. After the best effort I find this code. But it occur one error.
Before the explain error I'll describe how this work. This login form check user name and password from the mysql database. After Normaliy user can login, but in my case user name and password match doesn't allow login. It check two more things.

  1. User baned or active ? If baned message box show and say "Please pay your fees" If user active then check second.

2.User type. If admin then load admin home page. If user (type) then load normal user home page.
I'll put my login button code below.

Try
    If txtpassword.Text = "" Or txtusername.Text = "" Then
        MessageBox.Show("Please Fill in Empty TextBox!")
    Else
        Try
            con.Open()
            Dim query As String
            query = "SELECT User_Type,User_Status FROM moneycs.user where User_Name= '" & txtusername.Text & "' and Password = '" & txtpassword.Text & "' "
            cmd = New MySqlCommand(query, con)
            dr = cmd.ExecuteReader
            Dim count As Integer
            count = 0
            While dr.Read
                count = count + 1
            End While
            Dim userstatus = dr.GetString("User_Status")
            If userstatus = "Active" Then
                If count = 1 Then
                    Dim usertype = dr.GetString("User_Type")
                    If usertype = "Admin" Then
                        'MessageBox.Show("Your Login As Admin", "Welcome Admin !")
                        For j = 0 To 500
                            Me.Hide()
                            frmmlsadmin.Show()
                        Next
                        Me.Hide()
                        If con.State = ConnectionState.Open Then
                            con.Close()
                        End If
                        dr.Close()
                    Else
                        For j = 0 To 500
                            MessageBox.Show("Your Login As User", "Welcome User !")
                            Me.Hide()
                            MLSUser.Show()
                        Next
                        Me.Hide()
                        dr.Close()
                    End If
                Else
                    MsgBox("User does not exist!")
                    txtusername.Text = ""
                    txtpassword.Text = ""
                    txtusername.Focus()
                End If
            Else
                MessageBox.Show("You Don't Have Permission To Login System At This Time")
                dr.Close()
                con.Close()
            End If
        Catch ex As Exception
            MessageBox.Show(ex.Message)
        Finally
            txtusername.Text = ""
            txtpassword.Text = ""
            dr.Close()
        End Try
    End If
    dr.Close()
    If con.State = ConnectionState.Open Then
        con.Close()
    End If
    dr.Close()
    con.Close()
Catch ex As Exception
    MessageBox.Show(ex.Message)
End Try

I'll explain some codes of above.

dr means datareader. I made dr as mysql data reader.
Normaly according to the above code when entering wrong user name and password, must show "User does not exist" ,but error happened at this point.
This message not show. and show this error message cought by try catch

"Invalid attempt to access a field before calling read()"

except this error username and password entering parts others work well.

So guys help me to this..... :)
Thank You !

Edited by Reverend Jim because: Corrected code formatting
  • 3 Contributors
  • 3 Replies
  • 2K Views
  • 2 Days Discussion Span
  • Latest Post Latest Post by Sashika_1
Member Avatar for tinstaafl

Just at a glance, it looks to me that you're reading through all the records to get a count, then attempting to read more.

Member Avatar for Santanu.Das

From my point of view you already complecated your code to check your database and then make permission.

From my point of view first check if there any record exists or not then do the next step.
If there is no record then exit from entire proceedure else try to check priviledge of that user.

If txtpassword.Text = "" Or txtusername.Text = "" Then
    MessageBox.Show("Please Fill in Empty TextBox!")
    Exit Sub
EndIf
'Check User Exits or Not
If Not UserExists() Then
    MsgBox("User does not exist!")
    Exit Sub
EndIf

"Check for Login
LogInToNext()

Here the codes for UserExits() Function

Private Function UserExists() As Boolean
    Dim Result as Boolean = False
    Try
        con.Open()
        Dim query As String
        query = "SELECT Count(*) FROM moneycs.user where User_Name= '" & txtusername.Text & "' and Password = '" & txtpassword.Text & "' "
        cmd = New MySqlCommand(query, con)
        If cmd.ExecuteScalar()>0 then Result=True
        cmd.Dispose()
    Catch ex As Exception
    Finally
        con.close()
    End Try

    Return Result
End Function

Now codes for LogInToNext() SubProceedure

Try
    con.Open()
    Dim query As String
    query = "SELECT User_Type,User_Status FROM moneycs.user where User_Name= '" & txtusername.Text & "' and Password = '" & txtpassword.Text & "' "
    cmd = New MySqlCommand(query, con)
    dr = cmd.ExecuteReader
    if dr.HasRows() Then
        dr.Read()
        If dr("User_Status")=Active" Then
            If dr("User_Type")="Admin" then
                frmmlsadmin.Show()
            Else
                MLSUser.Show()
            Endif
        Else
            MessageBox.Show("You Don't Have Permission To Login System At This Time")
        Endif
    Endif
    dr.Close()
    cmd.Dispose()
Catch ex As Exception
    MessageBox.Show(ex.Message)
Finally
    txtusername.Text = ""
    txtpassword.Text = ""
    con.Close()
    Me.Hide
End Try

Hope it can help you.

Edited by Santanu.Das
Member Avatar for Sashika_1

yeah your method is fine :) and worked. I did some changes to your code and now it working perfect :)

Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.