Results 1 to 3 of 3

Thread: problem in login form

  1. Sep 5th, 2009, 01:03 PM #1
    Pranks
    Pranks is offline

    Thread Starter
    New Member
    Join Date
    Sep 2009
    Posts
    1

    Angry problem in login form

    HI I am using below mentioned code for a login form. I want to create a login form in which user would pass the uid and pw and if both values matches with the table then it should open frmmenu.vb pls help
    Try

    cn = New OleDb.OleDbConnection("provider=SQLOLEDB; Data Source=USER\SQLEXPRESS;Initial Catalog=IMS;User ID=test; password=test")
    cn.Open()
    cmd.Connection = cn
    tlogin_id = UsernameTextBox.Text
    tpswd = PasswordTextBox.Text
    cmd.CommandText = "select * from login where login_name='" & tlogin_id & "' and pwd='" & tpswd & "'"
    MsgBox(cmd.CommandText)
    dr = cmd.ExecuteReader()

    If tlogin_id = UsernameTextBox.Text Then
    If tpswd = PasswordTextBox.Text Then
    frmMenu.ShowDialog()
    Else
    MessageBox.Show(" Password is incorrect")

    End If
    Else
    MessageBox.Show(" Uid is incorrect")

    End If
    cn.Close()

    Catch ex As Exception
    MsgBox(ex.Message)
    End Try
    End Sub

    End Class
    Reply With Quote Reply With Quote
  2. Sep 5th, 2009, 01:50 PM #2
    .paul.
    .paul. is offline
    eXtreme Programmer .paul.'s Avatar
    Join Date
    May 2007
    Location
    Chelmsford UK
    Posts
    26,422

    Re: problem in login form

    try this:

    vb Code:
    1. Try

    2.  
    3.     Dim cn As New OleDb.OleDbConnection("provider=SQLOLEDB; Data Source=USER\SQLEXPRESS;Initial Catalog=IMS;User ID=test; password=test")

    4.     cn.Open()

    5.     Dim cmd As New OleDbCommand

    6.     cmd.Connection = cn

    7.     tlogin_id = UsernameTextBox.Text

    8.     tpswd = PasswordTextBox.Text

    9.     cmd.CommandText = "select * from login where login_name='" & tlogin_id & "' and pwd='" & tpswd & "'"

    10.     MsgBox(cmd.CommandText)

    11.     Dim dr As OleDb.OleDbDataReader

    12.     dr = cmd.ExecuteReader()

    13.  
    14.     If dr.GetValue(columnIndex) = UsernameTextBox.Text Then 'insert columnIndex

    15.         If dr.GetValue(columnIndex) = PasswordTextBox.Text Then

    16.             frmMenu.ShowDialog()

    17.         Else

    18.             MessageBox.Show(" Password is incorrect")

    19.         End If

    20.     Else

    21.         MessageBox.Show(" Uid is incorrect")

    22.     End If

    23.     cn.Close()

    24.  
    25. Catch ex As Exception

    26.     MsgBox(ex.Message)

    27. End Try


    Reply With Quote Reply With Quote
  3. Sep 5th, 2009, 02:06 PM #3
    keystone_paul
    keystone_paul is offline
    PowerPoster keystone_paul's Avatar
    Join Date
    Nov 2008
    Location
    UK
    Posts
    3,327

    Re: problem in login form

    Just a couple of notes on security...

    Firstly you should really be using parameters rather than string concatenation to build your queries (to prevent SQL injection)

    Secondly when validating a username and password combination, you should never let the user know whether a failed login has failed because there is a correct username but incorrect password, or because the username is not found. Doing this just gives any potential hacker lots of useful info such as confirming that the user id actually exists.
    The Hitchhiker's Guide to getting help at VBForums courtesy of Techgnome
    Reply With Quote Reply With Quote
« Previous Thread | Next Thread »

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

Forum Rules


Click Here to Expand Forum to Full Width