|
-
Apr 22nd, 2013, 05:31 PM
#1
Thread Starter
New Member
 Issue with loginsystem
Hi all,
i have an issue with my loginsystem and seek for some geek help 
When using the first made user (admin) the system does what it needs to do.
But when i try to login with a different user it wont work.
And i get my error "username and password unknown"
When i remove following lines from the code i can login with all other users
ElseIf (currentUser <> username AndAlso currentPassword <> password) Then
MessageBox.Show("Username and password unknown", "Error", MessageBoxButtons.OK, MessageBoxIcon.Error)
Return False
Code:
Public Function Login(ByVal username As String, ByVal password As String)
Dim usersDatasSet As New DataSet()
usersDataAdapter.FillSchema(usersDatasSet, SchemaType.Source, "Users")
usersDataAdapter.Fill(usersDatasSet, "Users")
Dim table As DataTable = usersDatasSet.Tables("Users")
For i As Integer = 0 To table.Rows.Count - 1
Dim currentUser As String = table.Rows(i)("Username").ToString().Trim()
Dim currentPassword As String = table.Rows(i)("Password").ToString().Trim()
'Check input
If (currentUser <> username And currentPassword = password) Then
MessageBox.Show("Unknown user", "Error", MessageBoxButtons.OK, MessageBoxIcon.Error)
Return False
ElseIf (currentUser = username And currentPassword <> password) Then
MessageBox.Show("Wrong password", "Error", MessageBoxButtons.OK, MessageBoxIcon.Error)
Return False
ElseIf (currentUser <> username AndAlso currentPassword <> password) Then
MessageBox.Show("Username and password unknown", "Error", MessageBoxButtons.OK, MessageBoxIcon.Error)
Return False
ElseIf (currentUser = username AndAlso currentPassword = password) Then
usersDatasSet.Dispose()
Connection.Close()
Return True
End If
Next
usersDatasSet.Dispose()
Connection.Close()
Return False
End Function
Thanks for any help in this issue
-
Apr 22nd, 2013, 06:52 PM
#2
Re: Issue with loginsystem
The issue is that you are loping through your DataTable and comparing the user input to each row BUT as soon as you find a mismatch you pop up a message and stop looking, which means that you're only ever going to compare the input to the first row.
Your whole validation routine is misguided I'm afraid. I don't know whether you've been told to do it that way or not but you should never tell the user that they have a valid user name but invalid password. That simply makes it easier for those trying to gain unauthorised access. You should simply tell the user that there login passed or failed and never why it failed. As such, what you should be doing is looping through the table until you find a match and, if you get to the end of the table without finding one, you know the login failed.
-
Apr 22nd, 2013, 07:08 PM
#3
Re: Issue with loginsystem
Can't he use a where usernane = @username on a Sproc instead of doing a loop on the entire table?
ἄνδρα μοι ἔννεπε, μοῦσα, πολύτροπον, ὃς μάλα πολλὰ
πλάγχθη, ἐπεὶ Τροίης ἱερὸν πτολίεθρον ἔπερσεν·
-
Apr 22nd, 2013, 07:37 PM
#4
Re: Issue with loginsystem
 Originally Posted by sapator
Can't he use a where usernane = @username on a Sproc instead of doing a loop on the entire table?
Absolutely. That is again a more correct way to do things. It depends on what the instructions are but if you want to do it properly then that is the way to go, although whether or not to use a stored procedure is a different argument again. @michel vervoort, for more information on sapator's suggestion, you might like to follow the CodeBank link in my signature and check out my thread on WinForms Login. It sets up the interface and then provides a link to another thread that demonstrates the validation.
-
Apr 23rd, 2013, 02:34 AM
#5
Thread Starter
New Member
Re: Issue with loginsystem
Thanks for your replies and tips i will look into that.
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
Click Here to Expand Forum to Full Width
|
Reply With Quote
