Login validation for connect to application C#

StackOverflow https://stackoverflow.com/questions/20658346

Question

I created login validation for connect to application but now i have problem that during connecting to app say me that errors with shutdown connections.

My script for validation:

SQL:

CREATE TABLE [Login]
 (
   username varchar(30) CHECK (username is not null AND username <> ''),
   email varchar(30),
   [password] varchar(50),
   UNIQUE (username)
 )

 INSERT INTO dbo.Login values('admin', 'Email@seznam.cz', HASHBYTES('md5',convert(varchar(50),'root')))

C#:

class LoginValidation : Login
{
    public string connection = "Data Source=RADEK-PC\\SQLEXPRESS;Initial Catalog=Evidence;Integrated Security=True;";
    public string loginVal, passwordVal;

    public LoginValidation(string login, string password)
    {
        try
        {
            using (SqlConnection sql = new SqlConnection(connection))
            {
                sql.Open();


                using (SqlCommand selectLogin = new SqlCommand("SELECT * FROM dbo.Login WHERE username = @login", sql))
                {
                    selectLogin.Parameters.Clear();
                    SqlParameter subjektParam = new SqlParameter("@login", SqlDbType.VarChar, 30);
                    subjektParam.Value = login;
                    selectLogin.Parameters.Add(subjektParam);
                    selectLogin.Prepare();

                    using (SqlDataReader readerLogin = selectLogin.ExecuteReader())
                    {
                        while (readerLogin.Read())
                        {
                            if (readerLogin.IsDBNull(0) || readerLogin.IsDBNull(2))
                                continue;


                            loginVal = readerLogin.GetString(0);
                            passwordVal = readerLogin.GetString(2);
                        }
                    }
                    sql.Close();
                }
            }
        }
        catch (Exception e)
        {
            MessageBox.Show("Chyba: " + e);
        }

        if (login == loginVal && password == passwordVal)
        {
            Main main = new Main();
            main.Show();
        }
        else
            MessageBox.Show("Přihlašovací jméno nebo heslo neni správné");
    }
}

Output errors:

e   {"A fatal internal error connection."}  System.Exception {System.InvalidOperationException}

INPUT DATA:

login - > admin
password - > root

Please, can you help me with this problem?

Was it helpful?

Solution

Problem 1: You re invoking ExecuteNonQuery() which is not required as you are invoking select command.

Remove this : 

selectLogin.ExecuteNonQuery();

Problem 2: use || for Logical OR Operation.

Try This :

if (readerLogin.IsDBNull(0) || readerLogin.IsDBNull(2))
continue;

Solution 2: Hashbytes can not be decrypted as they are one direction. The only way to Resolve the problem is to hash the user password value and compare it with the existing password value in database.

OTHER TIPS

change your try block statements with this

    try
    {
        using (SqlConnection sql = new SqlConnection(connection))
        {
            sql.Open();
            string query = "SELECT * FROM dbo.Login WHERE username = @login";
            SqlCommand selectLogin = new SqlCommand(query , sql);
            selectLogin.Parameters.Add(new SqlParameter("@login",login)); 
            SqlDataReader readerLogin = selectLogin.ExecuteReader())                    
            while (readerLogin.Read())
            {
               if (readerLogin.IsDBNull(0) || readerLogin.IsDBNull(2))
                  continue;
               loginVal = readerLogin.GetString(0);
               passwordVal = readerLogin.GetString(2);
            }
       }
    }
Licensed under: CC-BY-SA with attribution
Not affiliated with StackOverflow
scroll top