Member Avatar for Aina_1

Hi. Im doing a login form with decryption. So i did a modification to my login code for decryption. Before i did the decryption, the login form is functioning well. But after i edit it to insert decryption code it suddenly cannot connect to database. Im still a begginer in vb.net so maybe there is something that Im missing because there is no error in the code so I dont know where did I do wrong.

Here i put decryption code(just in case) and my login code
Decryption Code

 Private Function Decrypt(ByVal cipherText As String) As String
        'Firstly the encrypted text i.e. cipher text is converted into bytes and then similar to the encryption process here too we will generate Key and IV using the derived bytes and the symmetric key.
        'Using MemoryStream and CryptoStream the cipher text is decrypted and written to byte array and finally the byte array is converted to Base64String and returned, which is the decrypted original text.
        Dim EncryptionKey As String = "ABCDEFGHIJKLMNOPQRSTUVWXYZ123456789"
        Dim cipherBytes As Byte() = Convert.FromBase64String(cipherText)
        Using encryptor As Aes = Aes.Create()
            Dim pdb As New Rfc2898DeriveBytes(EncryptionKey, New Byte() {&H49, &H76, &H61, &H6E, &H20, &H4D, _
             &H65, &H64, &H76, &H65, &H64, &H65, _
             &H76})
            encryptor.Key = pdb.GetBytes(32)
            encryptor.IV = pdb.GetBytes(16)
            Using ms As New MemoryStream()
                Using cs As New CryptoStream(ms, encryptor.CreateDecryptor(), CryptoStreamMode.Write)
                    cs.Write(cipherBytes, 0, cipherBytes.Length)
                    cs.Close()
                End Using
                cipherText = Encoding.Unicode.GetString(ms.ToArray())
            End Using
        End Using
        Return cipherText

Login Code**

 Private Sub SubmitButton4_Click(ByVal sender As System.Object, ByVal e As System.EventArgs) Handles SubmitButton4.Click
        'Check if username or password is empty
        If PasswordTextBox1.Text = "" Or UsernameTextBox2.Text = "" Then
            MessageBox.Show("Please fill-up all fields!", "Authentication Error", MessageBoxButtons.OK, MessageBoxIcon.Error)

            'Clear all fields
            PasswordTextBox1.Text = ""
            UsernameTextBox2.Text = ""

            'Focus on Username field
            UsernameTextBox2.Focus()

        Else
            'Connect to DB
            Dim conn As New System.Data.OleDb.OleDbConnection()
            conn.ConnectionString = "Provider=Microsoft.ACE.OLEDB.12.0;Data Source=" + "C:\Users\user1\Documents\Visual Studio 2010\Projects\Crypto\Crypto\crypto.accdb"

            Try
                'Open Database Connection
                conn.Open()
                Dim sql As String = "SELECT * FROM registration WHERE Username='" & UsernameTextBox2.Text & "' AND Password = '" & PasswordTextBox1.Text & "'"
                Dim cmd As OleDbCommand = New OleDbCommand(sql, conn)
                Dim sqlRead As OleDbDataReader = cmd.ExecuteReader()
                Dim Password As String = ""
                Dim IsExist As Boolean = False

                If sqlRead.Read() Then
                    If (Decrypt(Password).Equals(PasswordTextBox1.Text)) Then

                        MessageBox.Show("Login Success", "Success", MessageBoxButtons.OK, MessageBoxIcon.Information)
                        'Clear all fields
                        PasswordTextBox1.Clear()
                        UsernameTextBox2.Clear()

                        'Focus on Username field
                        UsernameTextBox2.Focus()
                        Me.Hide()
                        Mainpage.Show()

                    Else
                        ' If user enter wrong username or password
                        MessageBox.Show("Sorry, wrong username or password", "Authentication Failure", MessageBoxButtons.OK, MessageBoxIcon.Error)

                        'Clear all fields
                        PasswordTextBox1.Text = ""
                        UsernameTextBox2.Text = ""

                        'Focus on Username field
                        UsernameTextBox2.Focus()
                    End If
                End If
            Catch ex As Exception
                MessageBox.Show("Failed to connect to Database", "Database Connection Error", MessageBoxButtons.OK, MessageBoxIcon.Error)
            End Try
        End If
    End Sub
  • 3 Contributors
  • 2 Replies
  • 1K Views
  • 1 Month Discussion Span
  • Latest Post Latest Post by tinstaafl

Recommended Answers

All 2 Replies

Member Avatar for Santanu.Das

From my opinion:
before use If sqlRead.Read() Then at line No. 27 of your code, ensure that the Reader object has any row to read on matching parameters you supplied in your sql statement. If the reader does not hold any record it may raised an exception, because it has no records to read..

If sqlRead.HasRows() Then
    sqlRead.Read()
    <Codes of yours for matching records>
Else
    <codes for unmatching>
Endif

In line No. 28 the code should be

If (Decrypt(sqlRead("Password")).Equals(PasswordTextBox1.Text))

Hope it can solve your problem

Edited by Santanu.Das
Member Avatar for tinstaafl

Another suggestion: Hardcoding all your exceptions to disply only one message, doesn't allow you to see if an exception you don't expect is being raised. I would suggest displaying ex.Message instead of literal text.

Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.