Comparing user input username/password to mysql database username/password not working

StackOverflow https://stackoverflow.com/questions/20501753

  •  31-08-2022
  •  | 
  •  

I'm having trouble comparing the input username and password with the username and password of the specified user in the database. I believe all the code is correct but when I click the login button, nothing happens. Help please, if you need any additional information, just ask please.

Code: 

private void btnLogin_Click(object sender, EventArgs e)
    {
        int numerror = 0;
        if (UsernameTextBox.Text == "")
        {
            numerror = numerror + 1;
        }
        if (PasswordTextBox.Text == "")
        {
            numerror = numerror + 1;
        }
        if (numerror == 1)
        {
            ErrorLabel.Text = "*1 required field is blank.";
        }
        else if (numerror == 2)
        {
            ErrorLabel.Text = "*2 required fields are blank";
        }
        else
        {
            string connectionString = "datasource=localhost;port=3306;username=*****;password=**********";
            string select = "SELECT username, password FROM userinfo.users " +
                            "WHERE username = @username AND password = @password";

            using (MySqlConnection Conn = new MySqlConnection(connectionString))
            {
                using (MySqlCommand cmd = new MySqlCommand(select, Conn))
                {
                    cmd.Parameters.AddWithValue("@username", UsernameTextBox.Text);
                    cmd.Parameters.AddWithValue("@password", PasswordTextBox.Text);

                    Conn.Open();

                    using (MySqlDataReader reader = cmd.ExecuteReader())
                    {
                        if (reader.Read())
                        {
                            string username = reader.GetString(0);
                            string password = reader.GetString(1);

                            if (username == UsernameTextBox.Text)
                            {
                                string encodeduserinputpassword = EncodePassword(PasswordTextBox.Text);
                                if (password == encodeduserinputpassword)
                                {
                                    AirSpace airspaceform = new AirSpace();
                                    airspaceform.Show();
                                    this.Hide();
                                }
                                else
                                {
                                    CMessageBox("Login Error", "Incorrect username or password.");
                                }
                            }
                            else
                            {
                                CMessageBox("Login Error", "Incorrect username or password.");
                            }
                        }
                    }

                    Conn.Close();
                }
            }
        }
    }
有帮助吗?

解决方案

You are using an encoded password via EncodePassword but your select query is doing a straight match.

Change your select to

SELECT username, password FROM userinfo.users
WHERE username = @username

and remove the password parameter.

private void btnLogin_Click(object sender, EventArgs e)
{
    int numerror = 0;
    if (UsernameTextBox.Text == "")
    {
        ErrorLabel.Text = "*1 required field is blank.";
    }
    else if (PasswordTextBox.Text == "")
    {
        ErrorLabel.Text = "*2 required fields are blank";
    }
    else
    {
        string connectionString = "datasource=localhost;port=3306;username=*****;password=**********";
        string select = "SELECT username, password FROM userinfo.users " +
                        "WHERE username = @username";

        using (MySqlConnection Conn = new MySqlConnection(connectionString))
        {
            using (MySqlCommand cmd = new MySqlCommand(select, Conn))
            {
                cmd.Parameters.AddWithValue("@username", UsernameTextBox.Text);

                Conn.Open();

                using (MySqlDataReader reader = cmd.ExecuteReader())
                {
                    if (reader.Read())
                    {
                        string username = reader.GetString(0);
                        string password = reader.GetString(1);

                        string encodeduserinputpassword = EncodePassword(PasswordTextBox.Text);
                        if (password == encodeduserinputpassword)
                        {
                            AirSpace airspaceform = new AirSpace();
                            airspaceform.Show();
                            this.Hide();
                        }
                        else
                        {
                            CMessageBox("Login Error", "Incorrect username or password.");
                        }
                    }
                    else
                    {
                        CMessageBox("Login Error", "Incorrect username or password.");
                    }
                }

                Conn.Close();
            }
        }
    }
}
许可以下: CC-BY-SA归因
不隶属于 StackOverflow
scroll top