Hi this is where i declare my encryption and decryption in my login form..
Code:
Dim strSQL As String = "SELECT * FROM UserLoginProfile WHERE [Username] = '" & txtUserName.Text & "' AND [Password] = '" & EncDec(txtPassword.Text) & "'"
now this is my public function for the EncDec
Code:
Public Function EncDec(ByVal strPassword As String) As String
Dim Counter As Integer
EncDec = ""
For Counter = 1 To strPassword.Length
EncDec = EncDec & Chr(Asc(Mid(strPassword, Counter, 1)) + 70)
Next
Return EncDec
End Function
it used to work on our VB.Net 03 program so i used in in our other project using VB 05 language.. any help converting / fixing? thanks
Last edited by aerialz666; Jul 20th, 2007 at 11:37 AM.
The .NET framework in general has built in encryption of several types. I would recommend using either that or possibly encryption right on the server as Ken B mentions.
Your method is not very secure, as it could be easily cracked if needed.
hi thanks for the replies, but this is the only encryption i know and it aint working, what happens is that whene i add the encyption, it says that the pw i entered is invalid when in fact it is correct, can anyone help me fix it? or teach me the SQL built in encryption.. (im not really good) thanks
Private Sub btnOK_Click(ByVal sender As System.Object, ByVal e As System.EventArgs) Handles btnOK.Click
Dim cmd As SqlCommand
Dim Reader As SqlDataReader
Dim strSQL As String = "SELECT * FROM UserLoginProfile WHERE [Username] = '" & txtUserName.Text & "' AND [Password] = '" & EncDec(txtPassword.Text) & "'"
Dim conn As New SqlConnection("Data Source=stephen\prac2server;Initial Catalog=FinalDB;Integrated Security=SSPI")
Dim password As String = ""
Dim username As String = ""
If String.IsNullOrEmpty(txtUserName.Text) Then
MessageBox.Show("Please type your username.")
txtUserName.Focus()
ElseIf String.IsNullOrEmpty(txtPassword.Text) Then
MessageBox.Show("Please type your password.")
txtPassword.Focus()
Else
cmd = New SqlCommand(strSQL, conn)
Try
conn.Open()
Catch ex As Exception
MsgBox("Error connecting to database. This could mean a deleted or moved database file. Suggestion: Reinstallation.", MsgBoxStyle.Critical, "Missing Critical File")
Application.Exit()
End Try
Reader = cmd.ExecuteReader()
If Reader.Read Then
username = Reader.GetValue(0)
Else
MessageBox.Show("Use a valid username and correct password.")
End If
Reader.Close()
conn.Close()
If Not String.IsNullOrEmpty(username) Then
MessageBox.Show("Welcome " & username)
Me.Hide()
Home.Show()
Home.Focus()
Home.Refresh()
End If
End If
End Sub
I wrote it when I was learning how to use symmetric keys, so it should help you.
Click on the Create Database button to create a database with a user table containing a password field. If you get an error when you click on the code, reclick it and it should work the second time.
There are two buttons to populate the table, one via sql and the other using a stored procedure.
There is also two buttons to display the user information. One using the SYMMETRIC KEY, the other not.
Look at the blog link I sent you above for more information on using keys.
Reply With Quote
