Visual C# Programming a Login form connected to a Access Db that gives only tries to log into -


i developing login form in c#. form connects database match username , password , find duplicate. trying implement loop accept 3 tries close. code is:

namespace royalcollegeapp {     public partial class login : form     {         public login()         {             initializecomponent();         }          private void login_load(object sender, eventargs e)         {          }          private void btn_login_click(object sender, eventargs e)         {             if (string.isnullorempty(txt_user.text))             {                 messagebox.show("please type username");                 txt_user.focus();                 return;             }              if (string.isnullorempty(txt_pass.text))             {                 messagebox.show("please type password");                 txt_pass.focus();                 return;             }              try             {                 string constring = @"provider=microsoft.ace.oledb.12.0;                 data source=c:\...\auth_credentials.accdb;";                 oledbconnection condatabase = new oledbconnection(constring);                 oledbcommand cmddatabase = new oledbcommand("select * auth_credentials                     username='"                     + this.txt_user.text                     + "' , password='"                     + this.txt_pass.text                     + "';", condatabase);                 oledbdatareader myreader;                  condatabase.open();                 myreader = cmddatabase.executereader();                  int count = 0;                  while (myreader.read())                 {                     count = count + 1;                 }                 if (count == 1)                 {                     messagebox.show("login successful");                     this.hide();                     rcm rcm = new rcm();                     rcm.show();                     this.hide();                     rcm.formclosing += rcm_closing;                 }                 else if (count > 1)                 {                     messagebox.show("duplicate username or password");                 }                 else                 {                     messagebox.show("username or password not match");                 }             }             catch (exception ex)             {                 messagebox.show(ex.message);             }         }          private void rcm_closing(object sender, formclosingeventargs e)         {             application.exit();         }     } }

i have tried many solutions still groping in dark. suggestions appreciated, cheers.

there few helpfull answers, prefered have 1 correct example. code has few problems

  • it's easy hack database using sql injection
  • there issues idisposable, can create memory leaks.
  • the code tight coupled frontend, case in winforms. nevertheless prefer limit calls ui components.

the code i've following: (it has inline comments)

private int _failedlogincounter = 0;  private void btnlogin_click(object sender, eventargs e) {     var username = txtusername.text;     var password = txtpassword.text;      if (string.isnullorempty(username))     {         messagebox.show("please type username");         txtusername.focus();         return;     }      if (string.isnullorempty(password))     {         messagebox.show("please type password");         txtpassword.focus();         return;     }      // seperate login check , make lously coupled ui (= not refer ui elements, instead pass values method)     checklogin(username, password); }  private void checklogin(string username, string password) {     try     {         string constring = @"provider=microsoft.ace.oledb.12.0; data source=c:\...\auth_credentials.accdb;";          // need use using statement since oledbconnection implements idisposable         // more inf: http://msdn.microsoft.com/en-us/library/system.data.oledb.oledbconnection(v=vs.110).aspx         using (oledbconnection condatabase = new oledbconnection(constring))         {             // need use using statement since oledbcommand implements idisposable             // more info: http://msdn.microsoft.com/en-us/library/system.data.oledb.oledbcommand(v=vs.110).aspx             using (oledbcommand cmddatabase = condatabase.createcommand())             {                 cmddatabase.commandtext =                     "select * auth_credentials username=@username , password = @password";                  cmddatabase.parameters.addrange(new oledbparameter[]                 {                     new oledbparameter("@username", username),                     new oledbparameter("@password", password)                 });                  // open database if not open                 if (condatabase.state != connectionstate.open)                     condatabase.open();                  var numberorresults = 0;                  // need use using statement since oledbdatareader inherits dbdatareader implements idisposable                 // more info: http://msdn.microsoft.com/en-us/library/system.data.common.dbdatareader(v=vs.110).aspx                 using (oledbdatareader myreader = cmddatabase.executereader())                 {                     while (myreader != null && myreader.read())                     {                         numberorresults++;                     }                 }                  // if 1 result returned database => succesful login                 if (numberorresults == 1)                 {                     messagebox.show("login successful");                     this.hide();                 }                  // if more 1 result returned database => failed login                 // not idea, situation should never occor.                 // make sure username + pass (or whatever use authentication) unique.                 else if (numberorresults > 1)                 {                     messagebox.show("duplicate username or password");                     // increment failed login counter                     _failedlogincounter++;                 }                 // no match found in te database => failed login                 else if (numberorresults == 0)                 {                     messagebox.show("username or password not match");                     // increment failed login counter                     _failedlogincounter++;                 }             }          }          // if user has 3 failed login attempts on row => close.         if (_failedlogincounter >= 3)             this.close();     }     catch (exception ex)     {         messagebox.show(ex.message);     } } 

for initial question i've finished answer of selman22, basicly i've used private field keeps track of number of failed tries. each time user tries login, check if 3th time. if close form.

this still isn't best approach imho, didnt want change context ;-)

i've removed sql injection possibilities adding parameters query.

to work idisposable implementations, have dispose object correctly. done in block of try/catch statement (or using statement, did).

i hope helpfull, if not freel free comment.


Comments

Popular posts from this blog

Android layout hidden on keyboard show -

google app engine - 403 Forbidden POST - Flask WTForms -

c - Why would PK11_GenerateRandom() return an error -8023? -