Visual C# Programming a Login form connected to a Access Db that gives only tries to log into -


i developing login form in c#. form connects database match username , password , find duplicate. trying implement loop accept 3 tries close. code is: 

namespace royalcollegeapp {     public partial class login : form     {         public login()         {             initializecomponent();         }          private void login_load(object sender, eventargs e)         {          }          private void btn_login_click(object sender, eventargs e)         {             if (string.isnullorempty(txt_user.text))             {                 messagebox.show("please type username");                 txt_user.focus();                 return;             }              if (string.isnullorempty(txt_pass.text))             {                 messagebox.show("please type password");                 txt_pass.focus();                 return;             }              try             {                 string constring = @"provider=microsoft.ace.oledb.12.0;                 data source=c:\...\auth_credentials.accdb;";                 oledbconnection condatabase = new oledbconnection(constring);                 oledbcommand cmddatabase = new oledbcommand("select * auth_credentials                     username='"                     + this.txt_user.text                     + "' , password='"                     + this.txt_pass.text                     + "';", condatabase);                 oledbdatareader myreader;                  condatabase.open();                 myreader = cmddatabase.executereader();                  int count = 0;                  while (myreader.read())                 {                     count = count + 1;                 }                 if (count == 1)                 {                     messagebox.show("login successful");                     this.hide();                     rcm rcm = new rcm();                     rcm.show();                     this.hide();                     rcm.formclosing += rcm_closing;                 }                 else if (count > 1)                 {                     messagebox.show("duplicate username or password");                 }                 else                 {                     messagebox.show("username or password not match");                 }             }             catch (exception ex)             {                 messagebox.show(ex.message);             }         }          private void rcm_closing(object sender, formclosingeventargs e)         {             application.exit();         }     } }

i have tried many solutions still groping in dark. suggestions appreciated, cheers.

there few helpfull answers, prefered have 1 correct example. code has few problems

  • it's easy hack database using sql injection
  • there issues idisposable, can create memory leaks.
  • the code tight coupled frontend, case in winforms. nevertheless prefer limit calls ui components.

the code i've following: (it has inline comments)

private int _failedlogincounter = 0;  private void btnlogin_click(object sender, eventargs e) {     var username = txtusername.text;     var password = txtpassword.text;      if (string.isnullorempty(username))     {         messagebox.show("please type username");         txtusername.focus();         return;     }      if (string.isnullorempty(password))     {         messagebox.show("please type password");         txtpassword.focus();         return;     }      // seperate login check , make lously coupled ui (= not refer ui elements, instead pass values method)     checklogin(username, password); }  private void checklogin(string username, string password) {     try     {         string constring = @"provider=microsoft.ace.oledb.12.0; data source=c:\...\auth_credentials.accdb;";          // need use using statement since oledbconnection implements idisposable         // more inf: http://msdn.microsoft.com/en-us/library/system.data.oledb.oledbconnection(v=vs.110).aspx         using (oledbconnection condatabase = new oledbconnection(constring))         {             // need use using statement since oledbcommand implements idisposable             // more info: http://msdn.microsoft.com/en-us/library/system.data.oledb.oledbcommand(v=vs.110).aspx             using (oledbcommand cmddatabase = condatabase.createcommand())             {                 cmddatabase.commandtext =                     "select * auth_credentials username=@username , password = @password";                  cmddatabase.parameters.addrange(new oledbparameter[]                 {                     new oledbparameter("@username", username),                     new oledbparameter("@password", password)                 });                  // open database if not open                 if (condatabase.state != connectionstate.open)                     condatabase.open();                  var numberorresults = 0;                  // need use using statement since oledbdatareader inherits dbdatareader implements idisposable                 // more info: http://msdn.microsoft.com/en-us/library/system.data.common.dbdatareader(v=vs.110).aspx                 using (oledbdatareader myreader = cmddatabase.executereader())                 {                     while (myreader != null && myreader.read())                     {                         numberorresults++;                     }                 }                  // if 1 result returned database => succesful login                 if (numberorresults == 1)                 {                     messagebox.show("login successful");                     this.hide();                 }                  // if more 1 result returned database => failed login                 // not idea, situation should never occor.                 // make sure username + pass (or whatever use authentication) unique.                 else if (numberorresults > 1)                 {                     messagebox.show("duplicate username or password");                     // increment failed login counter                     _failedlogincounter++;                 }                 // no match found in te database => failed login                 else if (numberorresults == 0)                 {                     messagebox.show("username or password not match");                     // increment failed login counter                     _failedlogincounter++;                 }             }          }          // if user has 3 failed login attempts on row => close.         if (_failedlogincounter >= 3)             this.close();     }     catch (exception ex)     {         messagebox.show(ex.message);     } }

for initial question i've finished answer of selman22, basicly i've used private field keeps track of number of failed tries. each time user tries login, check if 3th time. if close form.

this still isn't best approach imho, didnt want change context ;-)

i've removed sql injection possibilities adding parameters query.

to work idisposable implementations, have dispose object correctly. done in block of try/catch statement (or using statement, did).

i hope helpfull, if not freel free comment.


Comments

Post a Comment

Popular posts from this blog

Android layout hidden on keyboard show -

i have strange problem layout. when tap on edittext , keyboard shown edittext stay on bottom , when tap on to hide keyboard , keyboard hides , edittext go should when want input text. when tap again, keyboard shown , edittext goes down behind keyboard... <relativelayout android:layout_width="match_parent" android:layout_height="match_parent" > <scrollview android:layout_width="match_parent" android:layout_height="fill_parent" android:above="@+id/rl_commands"> <textview android:layout_width="match_parent" android:layout_height="wrap_content"/> </scrollview> <relativelayout android:layout_width="match_parent android:layout_height="24dp" android:id="@+id/rl_commands" android:alignparentbottom="true">
Read more

google app engine - 403 Forbidden POST - Flask WTForms -

i have flask application running on google app engine. trying submit form built using wtform , keep getting following error. 403 forbidden: don't have permission access requested resource. either read-protected or not readable server. location.html (part of code) <form method=post action="/home/location"> .... <button type="submit" class="btn btn-primary" value="submit"> directions </button> </form> main.py @app.route('/home/location', methods=['post', 'get']) def location(): form = cfcdirections.direction(request.form) print(request.method) if request.method == 'post' , form.validate(): print("after if") directions = cfcdirections() street_no = directions.no street = directions.street suburb = directions.suburb postcode = directions.postcode
Read more

c - Why would PK11_GenerateRandom() return an error -8023? -

i looking through internet trying find source of pk11_generaterandom() function see why function fail. have program uses function when moved new flavor of linux, fails after forking ( fork() ) since not believe there problem nss, suspect doing incorrectly disregarded in older versions of linux new 1 there issue. the openssl package same on 'good' , 'bad' server: openssl 0.9.8e-fips-rhel5 01 jul nss rpm differs though. 'good' has nss-3.12.2.0-2.el5 and bas has version nss-3.15.3-4.el5_10 the 'good' server uses quite obsolete linux: linux 2.6.18-128.el5 #1 smp wed jan 21 08:45:05 est 2009 x86_64 x86_64 x86_64 gnu/linux enterprise linux enterprise linux server release 5.3 (carthage) red hat enterprise linux server release 5.3 (tikanga) the 'bad' server newer: linux bad 2.6.18-371.4.1.el5 #1 smp wed jan 29 11:05:49 pst 2014 x86_64 x86_64 x86_64 gnu/linux oracle linux server release 5.10 red hat enterprise linux server release
Read more