8 Replies - 17512 Views - Last Post: 14 January 2011 - 02:41 PM Rate Topic: -----

#1 MySparetime   User is offline

  • New D.I.C Head

Reputation: 0
  • View blog
  • Posts: 14
  • Joined: 07-April 09

c# login system

Posted 08 April 2009 - 05:37 AM

hey, i need to know how to get started on making a login system, and register system so that you register and it saves to a file e.g accounts and then if your password is correct you log in to a different window
if you get what i mean :/
Is This A Good Question/Topic? 0
  • +

Replies To: c# login system

#2 Jayman   User is offline

  • Student of Life
  • member icon

Reputation: 423
  • View blog
  • Posts: 9,532
  • Joined: 26-December 05

Re: c# login system

Posted 08 April 2009 - 09:36 AM

What have you completed so far?

[rules][/rules]
Was This Post Helpful? 0
  • +
  • -

#3 JackOfAllTrades   User is offline

  • Saucy!
  • member icon

Reputation: 6258
  • View blog
  • Posts: 24,026
  • Joined: 23-August 08

Re: c# login system

Posted 08 April 2009 - 09:46 AM

I've been wanting to do this for a while now. Perhaps I'll get off my duff soon and do it ;)
Was This Post Helpful? 0
  • +
  • -

#4 noorahmad   User is offline

  • Untitled
  • member icon

Reputation: 209
  • View blog
  • Posts: 2,290
  • Joined: 12-March 09

Re: c# login system

Posted 09 April 2009 - 12:30 AM

simpaly user the fallowing code

String str;
str="Select Username,Password from tblusers where Username=" & txtusername.text & " and Password=" & txtpassword.text & ");
SqlCommand cmd = new SqlCommand(str,con);
if (cmd.ExecuteNonQuery==0){
MessageBox("Done");
}
else
{
MessageBox.Show("Not Done");
}


Was This Post Helpful? 0
  • +
  • -

#5 Guest_sjums*


Reputation:

Re: c# login system

Posted 09 January 2011 - 02:54 PM

View Postnoorahmad, on 08 April 2009 - 11:30 PM, said:

simpaly user the fallowing code

String str;
str="Select Username,Password from tblusers where Username=" & txtusername.text & " and Password=" & txtpassword.text & ");
SqlCommand cmd = new SqlCommand(str,con);
if (cmd.ExecuteNonQuery==0){
MessageBox("Done");
}
else
{
MessageBox.Show("Not Done");
}



I had to reply to this, as recently as today i tried this because i wrote a login system from scratch, and it didn't work. Returned -1 (no matches) no matter what..

Right now I'm on my phone, so can't post my solution now. Will though do tomorrow.

//sjums
Was This Post Helpful? 0

#6 Guest_sjums*


Reputation:

Re: c# login system

Posted 10 January 2011 - 03:44 AM

protected void ButtonLogin_Click(object sender, EventArgs e)
    {
        string pwd = encode(TextBoxPass.Text);
        string name = TextBoxName.Text;
        SqlConnection conn = new SqlConnection(ConfigurationManager.ConnectionStrings["SqlSchool"].ConnectionString);
        SqlCommand cmd = new SqlCommand("SELECT * FROM [gfp_customers] where [kundeNavn] = '" + name + "'", conn);
        conn.Open();
        SqlDataReader rdr = cmd.ExecuteReader();
        
        while (rdr.Read())
        {
            if (rdr["kundePass"].ToString() == pwd && rdr["kundeNavn"].ToString() == name)
            {
                conn.Close();
                Response.Redirect("Login.aspx?st=Logged+In");
            }
        }
        conn.Close();
        Response.Redirect("Login.aspx?st=NOT+Logged+In");
    }


    protected void ButtonReg_Click(object sender, EventArgs e)
    {
        string pwd = encode(TextBoxPassReg.Text);
        string name = TextBoxNameReg.Text;

        SqlConnection conn1 = new SqlConnection(ConfigurationManager.ConnectionStrings["SqlSchool"].ConnectionString);
        SqlCommand cmd1 = new SqlCommand("SELECT * FROM [gfp_customers] where [kundeNavn] = '" + name + "'", conn1);
        conn1.Open();
        SqlDataReader rdr = cmd1.ExecuteReader();

        if (!rdr.HasRows)
        {
            SqlConnection conn = new SqlConnection(ConfigurationManager.ConnectionStrings["SqlSchool"].ConnectionString);
            SqlCommand cmd = new SqlCommand("insert into gfp_customers values('" + TextBoxNameReg.Text + "','" + encode(TextBoxPassReg.Text) + "' ,'" + TextBoxMailReg.Text +"','','','','','1')", conn);
            conn.Open();
            int status = cmd.ExecuteNonQuery();
            conn.Close();
            if (status > 0)
            {
                LabelStatus1.Text = "Bruger oprettet, du kan nu logge ind."; //user created
                LabelStatus2.Text = "Bruger oprettet, du kan nu logge ind.";

            }
            else
            {
                LabelStatus1.Text = "Brugeren blev ikke oprettet, prøv igen."; //user not created, try again
                LabelStatus2.Text = "Brugeren blev ikke oprettet, prøv igen.";

            }
        }
        else
        {
            LabelStatus1.Text = "Brugernavnet findes allerede, vælg et andet!"; //username taken
            LabelStatus2.Text = "Brugernavnet findes allerede, vælg et andet!";

            TextBoxPassReg.Attributes.Add("value", TextBoxPassReg.Text); 
        }
    }


Was This Post Helpful? 0

#7 Robin19   User is offline

  • D.I.C Addict
  • member icon

Reputation: 272
  • View blog
  • Posts: 552
  • Joined: 07-July 10

Re: c# login system

Posted 10 January 2011 - 08:11 AM

if (rdr["kundePass"].ToString() == pwd && rdr["kundeNavn"].ToString() == name)

I think you need to use the CompareTo method. A string is an object, and you might just be testing if they are the same object. You want to test if they contain the same collection of characters.
Was This Post Helpful? 0
  • +
  • -

#8 Curtis Rutland   User is offline

  • (╯°□°)╯︵ (~ .o.)~
  • member icon


Reputation: 5106
  • View blog
  • Posts: 9,283
  • Joined: 08-June 10

Re: c# login system

Posted 10 January 2011 - 08:20 AM

Robin, with most classes, you'd be right. However, strings are a special case. Their equality and inequality operators compare values rather than references:

http://msdn.microsof...8(v=vs.71).aspx
Was This Post Helpful? 0
  • +
  • -

#9 Bengie25   User is offline

  • D.I.C Head

Reputation: 17
  • View blog
  • Posts: 53
  • Joined: 07-July 10

Re: c# login system

Posted 14 January 2011 - 02:41 PM

Do not use string concatenation to change your SQL.

String str;
str="Select Username,Password from tblusers where Username=" & txtusername.text & " and Password=" & txtpassword.text & ");
SqlCommand cmd = new SqlCommand(str,con);


This is a bad idea. What happens when I enter this for a username: "go; drop table tblusers go;"

suddenly you will have this

Select Username,Password from tblusers where Username=
go;
drop table tblusers
go;
'

use SQL parameters

eg


cmd.CommandText = "SELECT count(1) from tbltblusers where vchusername = @UserName and Password = @Password";

cmd.Parameters.AddWithValue("@UserName", txtusername.text);
cmd.Parameters.AddWithValue("@Password", txtpassword.text);

myReader = cmd.ExecuteReader();
myReader.Read();
int tmpInt = myReader.GetInt32(0);
myReader.Close();

Valid = tmpInt > 0;
blnErrorOccured = !Valid;


also, I would recommend storing the hash of the password and not the password itself, and also salt the hash. This way no one has access to the original password.

This post has been edited by Bengie25: 14 January 2011 - 02:49 PM

Was This Post Helpful? 0
  • +
  • -

Page 1 of 1