none
Validate username and password

    Question

  • I had one user in my db and when using this code it validates my username and password, but when I added a second user, it does not validate the second user, only the first one.  I removed the first user and added it to my db after the new user, but it did the same.  What can I do to make sure it actually runs through rows in the db and compare the information in the text box with the information in the database?

    Dim

     

    sqlStatments As New SqlClient.SqlCommand( _

     

    "SELECT * FROM Users", UCSMISDB)

     

    '------Declare the variable to hold the information

     

    Dim sqlResult As SqlClient.SqlDataReader = _

    sqlStatments.ExecuteReader()

    sqlResult.Read()

     

    '------Compare the value in the textbox

     

    ' with the value from the database

     

    If (UserName = sqlResult.Item("users_name")) Then

     

    If (Password = sqlResult.GetString("users_password")) Then

    InformationSelection.ShowDialog()

     

    Me.Close()

    UCSMISDB.Close()

     

    Else

     

    '------Message to display if the information

     

    ' does not compare.

    MsgBox(

    "User name or password is incorrect, please try again")

     

    End If

     

    End If

     

    End If

    Saturday, September 12, 2009 12:44 AM

Answers

  • Try the following,
    Private Function IsUserExist(ByVal strUserName As String,ByVal strPwd As String) As Boolean
            Dim res As Boolean = False
            Dim myConnection As SqlConnection
            Dim myCommand As SqlCommand
            Dim dr As SqlDataReader
            myConnection = New SqlConnection(YourConnectionString)
            'establishing connection. you need to provide password for sql server
            Try
                myConnection.Open()
                'opening the connection
                myCommand = New SqlCommand("SELECT * FROM Users WHERE Users_Name = @Users_name AND Users_Password = @Users_Password", myConnection)
                'executing the command and assigning it to connection
                Dim sqlParam1 As SqlParameter = New SqlParameter("@Users_name", SqlDbType.VarChar)
                sqlParam1.Value = strUserName
                Dim sqlParam2 As SqlParameter = New SqlParameter("@Users_Password", SqlDbType.VarChar)
                sqlParam1.Value = strPwd
                myCommand.Parameters.Add(sqlParam1)
                myCommand.Parameters.Add(sqlParam2)
                dr = myCommand.ExecuteReader()
                If (dr.HasRows) Then
                    res = True
                Else
                    res = False
                End If
                dr.Close()
                myConnection.Close()
                Return res
            Catch e As Exception
            End Try
            Return False
        End Function
    • Edited by AUmidh Saturday, September 12, 2009 9:11 AM
    • Marked as answer by Martin Xie - MSFT Friday, September 18, 2009 5:46 AM
    Saturday, September 12, 2009 4:48 AM
  • AUmidh

    In my idea have you copied John his answer that he gave 1 hour before you.

    I've seen this complete sentence more times.

    But more simple, completer and cleaner is in my idea. (Not tested at all. the time I was using passwords in this way is long behind me)

    Using conn As New SqlConnection("ConnectionString")
          conn.Open
          Using cmd As New SqlCommand("SELECT * FROM Users WHERE Users_Name = @UsersName AND Users_Password = @UsersPassword", conn)
            cmd.Parameters.Add(New SqlParameter("@UsersPassword", "ThePassword"))
            cmd.Parameters.Add(New SqlParameter("@UsersName", "TheName"))
            If cmd.ExecuteScalar Is DBNull.Value Then
                   'if this is true then the user exist
            End If
          End Using
    End Using



    As you can see it are much less lines while the Connection is even in this code

    But I assume that John has ment something like that with his given statement, it goes about the principle


    Success
    Cor
    Saturday, September 12, 2009 6:17 AM
  • Why are you selecting all from Users? If you want to validate the user do something like this:

    SELECT * FROM Users WHERE Users_Name = @Users_name AND Users_Password = @Users_Password
    John Grove - TFD Group, Senior Software Engineer, EI Division, http://www.tfdg.com
    Saturday, September 12, 2009 3:50 AM

All replies

  • Why are you selecting all from Users? If you want to validate the user do something like this:

    SELECT * FROM Users WHERE Users_Name = @Users_name AND Users_Password = @Users_Password
    John Grove - TFD Group, Senior Software Engineer, EI Division, http://www.tfdg.com
    Saturday, September 12, 2009 3:50 AM
  • Try the following,
    Private Function IsUserExist(ByVal strUserName As String,ByVal strPwd As String) As Boolean
            Dim res As Boolean = False
            Dim myConnection As SqlConnection
            Dim myCommand As SqlCommand
            Dim dr As SqlDataReader
            myConnection = New SqlConnection(YourConnectionString)
            'establishing connection. you need to provide password for sql server
            Try
                myConnection.Open()
                'opening the connection
                myCommand = New SqlCommand("SELECT * FROM Users WHERE Users_Name = @Users_name AND Users_Password = @Users_Password", myConnection)
                'executing the command and assigning it to connection
                Dim sqlParam1 As SqlParameter = New SqlParameter("@Users_name", SqlDbType.VarChar)
                sqlParam1.Value = strUserName
                Dim sqlParam2 As SqlParameter = New SqlParameter("@Users_Password", SqlDbType.VarChar)
                sqlParam1.Value = strPwd
                myCommand.Parameters.Add(sqlParam1)
                myCommand.Parameters.Add(sqlParam2)
                dr = myCommand.ExecuteReader()
                If (dr.HasRows) Then
                    res = True
                Else
                    res = False
                End If
                dr.Close()
                myConnection.Close()
                Return res
            Catch e As Exception
            End Try
            Return False
        End Function
    • Edited by AUmidh Saturday, September 12, 2009 9:11 AM
    • Marked as answer by Martin Xie - MSFT Friday, September 18, 2009 5:46 AM
    Saturday, September 12, 2009 4:48 AM
  • AUmidh

    In my idea have you copied John his answer that he gave 1 hour before you.

    I've seen this complete sentence more times.

    But more simple, completer and cleaner is in my idea. (Not tested at all. the time I was using passwords in this way is long behind me)

    Using conn As New SqlConnection("ConnectionString")
          conn.Open
          Using cmd As New SqlCommand("SELECT * FROM Users WHERE Users_Name = @UsersName AND Users_Password = @UsersPassword", conn)
            cmd.Parameters.Add(New SqlParameter("@UsersPassword", "ThePassword"))
            cmd.Parameters.Add(New SqlParameter("@UsersName", "TheName"))
            If cmd.ExecuteScalar Is DBNull.Value Then
                   'if this is true then the user exist
            End If
          End Using
    End Using



    As you can see it are much less lines while the Connection is even in this code

    But I assume that John has ment something like that with his given statement, it goes about the principle


    Success
    Cor
    Saturday, September 12, 2009 6:17 AM
  • @Cor
    My aim was not to copy some one idea/code, but the thing is that i want to explain in more detail what the user want, if it hurt you or somebody else or if it is against the policy then i will delete my answer.
    And it is right that your answer is more simpler,cleaner. I am beginner to this forum and just for the sake of my own learning and to provide some help to others.
    Regards,
    Saturday, September 12, 2009 6:40 AM
  • You should not delete it but a simple sentence as

    Taking the answer from John, then you can using it in this way, gives the credits to John he deserves


    Success
    Cor
    Saturday, September 12, 2009 8:58 AM
  • @cor Lighthert
    Yes john deserve, but that is the only solution present for this thing. and my point of concern was different from him.
    Saturday, September 12, 2009 9:15 AM
  • Thanks Cor. By the way AUmidh, sometimes an answerer who was on the right track but didn't elucidate enough, you can make a statement like Cor said out of respect.

    "Piggybacking off Cor's idea, here is how I would implement that....etc"
    John Grove - TFD Group, Senior Software Engineer, EI Division, http://www.tfdg.com
    • Edited by JohnGrove Saturday, September 12, 2009 9:57 PM
    Saturday, September 12, 2009 2:16 PM
  • @JohnGrove
    I again apologize, if i said something out of respect.
    Saturday, September 12, 2009 2:23 PM
  • No problem, thank you for taking it a step further..
    John Grove - TFD Group, Senior Software Engineer, EI Division, http://www.tfdg.com
    Saturday, September 12, 2009 2:26 PM