Thread: Login Form

  1. #1
    Registered User Aga^^'s Avatar
    Join Date
    Aug 2008
    Posts
    71

    Login Form

    hi guys

    i have just started coding the program. I have access document which has 2 table ( duty and

    student ) Duty has a password and username for entering the system. There is 2 textbox ,one

    for is username and the other for password. The duty must enter his username and password,

    if his password and username is correct the second form will open , if they are false there wiil

    be a message box to warn the duty.

    I have did the connection of database.

    Code:
    SqlConnection dataConnection = new SqlConnection();
            try {
                dataConnection.ConnectionString = "Provider=Microsoft.Jet.OLEDB.4.0;Data Source=.\\db1.mdb;Persist Security Info=False;";
    
                dataConnection.Open();
    
                SqlCommand dataCommand = new SqlCommand();
                dataCommand.Connection = dataConnection;
                dataCommand.CommandText ="select d_name and d_pass from duty";
    after that how can i control if dname.text is eqaul to d_name and if d_pass.text is equal to d_pass?

    i am waiting for your answers..thanks

  2. #2
    Registered User valaris's Avatar
    Join Date
    Jun 2008
    Location
    RING 0
    Posts
    507
    If that is indeed the correct syntax for your sql server, and assuming the query executed successfully, the next step would be probably to check the number of returned rows, and then get a data reader from the query and grab your data out. You can do this by using the ordinal number of your column, or just use the familiar hash table notation.

    IE

    Code:
    SqlDataReader Reader= dataCommand.ExecuteReader();
    
    if (!Reader.HasRows)
       return;
    
    string User = Reader.GetString(LoginReader.GetOrdinal("UserName"));
    string Pass= Reader.GetString(LoginReader.GetOrdinal("Pass"));
    
    //now return the info somehow and compare it to what the user entered...
    Last edited by valaris; 01-30-2009 at 09:27 AM.

  3. #3
    Registered User Aga^^'s Avatar
    Join Date
    Aug 2008
    Posts
    71
    i did some changes. After debugging compiler did not find any error.But after i ran the

    program and enter the password and username there will be " indexoutofrangeexception

    was unhandled " names error occured.

    the codes are below
    Code:
    OleDbConnection databaseConnection = new OleDbConnection(ConnectionString);
                try
                {
                    databaseConnection.Open();
                    string selectCommand = "Select p_name and p_pass from personel";
                    OleDbCommand databaseCommand = new OleDbCommand(selectCommand,databaseConnection);
                    OleDbDataReader reader = databaseCommand.ExecuteReader();
                    while (reader.Read())
                    {
                        string user=reader.GetString(reader.GetOrdinal("p_name"));  // THE ERROR WAS HERE
                        string password=reader.GetString(reader.GetOrdinal("p_pass"));
                       // string name = reader["p_name"].ToString();
                       //string password = reader["p_pass"].ToString();                    
                    
    
                         if ((user == pad_text.Text) & (password == psifre_text.Text))
                         {
                            MessageBox.Show("it is ok ");
                         }
                         else
                         {
                            MessageBox.Show("it is not ok");
                         }
                     }
                }
                    catch(OleDbException databaseException)
                    {
    
                    }
    
                    finally
                    {
                    databaseConnection.Close();
                    }
            
            }
    how can we fix it?

  4. #4
    Registered User valaris's Avatar
    Join Date
    Jun 2008
    Location
    RING 0
    Posts
    507
    http://msdn.microsoft.com/en-us/libr...etordinal.aspx

    Must be that your column name is wrong. Check your table and verify you have a column named that.

    Also note that your AND is probably not what you are expecting when you are comparing logins and passwords. Change it to &&.

  5. #5
    Registered User Aga^^'s Avatar
    Join Date
    Aug 2008
    Posts
    71
    i checked column name it is correct and put &&.

    another thing i did is

    Code:
    OleDbConnection databaseConnection = new OleDbConnection(ConnectionString);
                try
                {
                    databaseConnection.Open();
                    string selectCommand = "Select p_name and p_pass from personel";
                    OleDbCommand databaseCommand = new OleDbCommand(selectCommand, databaseConnection);
                    OleDbDataReader reader = databaseCommand.ExecuteReader();
                    while (reader.Read())
                    {
                        string user = reader.GetString(reader.GetOrdinal("p_name"));
                        string password = reader.GetString(reader.GetOrdinal("p_pass"));
                        // string name = reader["p_name"].ToString();
                        //string password = reader["p_pass"].ToString();                    
    
    
                        if ((user == pad_text.Text) && (password == psifre_text.Text))
                        {
                            MessageBox.Show("it is ok");
                        }
                        else
                        {
                            MessageBox.Show("it is not ok");
                        }
                    }
                }
                catch (OleDbException databaseException)
                {
    
                }
    
                catch (IndexOutOfRangeException exception)
                {
                    MessageBox.Show("Index out of range !");
           
                }
    
                    finally
                    {
                    databaseConnection.Close();
                    }
            
            }
    i wrote an exception which is about Indexoutofrange

    when i run the program and enter the username and password program warns me

    "Index out of range !". what can i do now?

  6. #6
    Registered User Aga^^'s Avatar
    Join Date
    Aug 2008
    Posts
    71
    i analysized the adress which you gave . it is useful for me . Thanks.

    but there is an another problem

    the codes are below

    Code:
    private void pgiris_Click(object sender, EventArgs e)
     {
    string queryString = "SELECT p_name,p_pass from personel";
                using (OleDbConnection dbconnection=new OleDbConnection(connectionString))
                {
                    MessageBox.Show("ok");
                    OleDbCommand command =new OleDbCommand(queryString, dbconnection);
                    dbconnection.Open();
    
                    OleDbDataReader reader = command.ExecuteReader();
    
                    // Call GetOrdinal and assign value to variable.
    
                    string pname = reader["p_name"].ToString();  //THE ERROR WAS HERE
                    string ppass = reader["p_pass"].ToString();
                    
    
                    // Use variable with GetString inside of loop.
                    while (reader.Read())
                    {
                        if ((pname == pad_text.Text) && (ppass == psifre_text.Text))
                        {
                            MessageBox.Show("it is ok");
                        }
                        else
                        {
                            MessageBox.Show("it is not ok");
                        }
                    }
    
                    // Call Close when done reading.
                    reader.Close();
                }
    }
    when i compile the program there is no error, after i ran the program and enter the

    password and username the error occurs. The error is invalid operation exception and says no data exists row/column.

    I checked the database, there are datas.

    what can i do now?

  7. #7
    the hat of redundancy hat nvoigt's Avatar
    Join Date
    Aug 2001
    Location
    Hannover, Germany
    Posts
    3,130
    You can only access the readers data, once you called Read() on it and it returned true. Put those statements inside you loop.

    Your design means every time a password is entered, the application will read all users and all passwords from the database. It might be smarter to send the password and username to the database and let it decide if it matches.

    Select only those rows, where p_name matches your input and p_pass matches the password you were given. If a row is returned, the user can pass, if not, it wasn't a valid combination.
    hth
    -nv

    She was so Blonde, she spent 20 minutes looking at the orange juice can because it said "Concentrate."

    When in doubt, read the FAQ.
    Then ask a smart question.

  8. #8
    Registered User Aga^^'s Avatar
    Join Date
    Aug 2008
    Posts
    71
    i could not understand completely how can i send the datas to the database to control which the

    user enter.

    Can you explain more how can i do that?

  9. #9
    Confused Magos's Avatar
    Join Date
    Sep 2001
    Location
    Sweden
    Posts
    3,145
    Ask the database for all rows in the user table who has p_name = EnteredUserName and p_pass = EnteredPassword. If you get (at least) one row back a valid user exists. If you get no rows back, no valid user exists.

    As a footnote you should never store passwords in pure text. Hash it using MD5 (or other algorithm) and compare the hashes.
    MagosX.com

    Give a man a fish and you feed him for a day.
    Teach a man to fish and you feed him for a lifetime.

  10. #10
    Registered User Aga^^'s Avatar
    Join Date
    Aug 2008
    Posts
    71
    i did some changes on the codes it works but it is not completely which i want

    i put reader.read in a while and in while i control the inputs if is equal to the database's

    datas.But the problem is there is the user's inputs are not equal to the database's datas

    then there will be a warning but the warning is 4 times because the database has 4 user

    row. so it is for i put use while.

    Code:
    namespace WindowsApplication1
    {
        public partial class SystemEnter : Form
        {
            private string connectionString = "Provider=Microsoft.Jet.OLEDB.4.0;Data Source=" + Application.StartupPath + "\\db\\db1.mdb;Persist Security Info=False";
    
            public string ConnectionString
            {
                get { return connectionString; }
            }
    
            public SystemEnter()
            {
                InitializeComponent();
            }
    
            private void pgiris_Click(object sender, EventArgs e)
            {
               string queryString = "SELECT p_name,p_pass from personel";
               using (OleDbConnection dbconnection = new OleDbConnection(connectionString))
               {
                   OleDbCommand command = new OleDbCommand(queryString, dbconnection);
                   dbconnection.Open();
    
                   OleDbDataReader reader = command.ExecuteReader();
    
                   while (reader.Read())
                   {
                       string pname = reader["p_name"].ToString();
                       string ppass = reader["p_pass"].ToString();
    
                       if ((pad_text.Text == pname) && (psifre_text.Text == ppass))
                       {
                           MessageBox.Show("It is ok");
                       }  
                   }
                   reader.Close();
                   dbconnection.Close();
               }
            }
    how can i warn the user one time?

  11. #11
    Registered User valaris's Avatar
    Join Date
    Jun 2008
    Location
    RING 0
    Posts
    507
    Simple way would be to create a bool say bExists at the top of your routine and set it to false. If you find the user set it to true and break out of the loop (where you currently say It is ok. Then after you close the reader/connection either return the value bExists and let the caller do the processing, or just at the end of the routine say user exists/doesn't exist based on the state of bExists.

  12. #12
    Confused Magos's Avatar
    Join Date
    Sep 2001
    Location
    Sweden
    Posts
    3,145
    I suggest looking into the SQL "WHERE" clause, so you won't have to retrieve ALL users and then check if any of them has a proper username/password.
    MagosX.com

    Give a man a fish and you feed him for a day.
    Teach a man to fish and you feed him for a lifetime.

  13. #13
    Registered User Aga^^'s Avatar
    Join Date
    Aug 2008
    Posts
    71
    magos i tried it before but i can not do it completely there were errors

    the code i wrote is below

    Code:
    string queryString = "SELECT p_name,p_pass from personel where p_name='" & p_ad.Text &"' and p_pass='" & p_sifre.Text &"' ";
    and the error is Operator '&' cannot be applied to operands of type 'string' and 'string'


    valaris it is a good idead but i also want to warn the user if he enters the wrong username and password.if don't enter the while loop i can not control the input variables, but if i enter the warning wont be one time.

    i use the break and exist variable in bool type. if i use the break after the messagebox again there are 4 warning if the inputs are false.

  14. #14
    Confused Magos's Avatar
    Join Date
    Sep 2001
    Location
    Sweden
    Posts
    3,145
    '&' is the concatenation operator in VB. In C# it's '+'. So you should do something like:
    Code:
    string SafeSqlString(string String)
    {
      return String.Replace("'", "''");
    }
    
    var QueryString = "SELECT COUNT(*) FROM Users WHERE Name = '" + SafeSqlString(Name) + "' AND Password = '" + SafeSqlString(Password) + "'";
    Don't return the name/password, just check how many rows the query would give. If > 0 then you have a valid match, otherwise unsuccessful login.

    (the SafeSqlString reduces the chances of some malicious sql injection)
    MagosX.com

    Give a man a fish and you feed him for a day.
    Teach a man to fish and you feed him for a lifetime.

  15. #15
    Registered User Aga^^'s Avatar
    Join Date
    Aug 2008
    Posts
    71
    ok ...
    i must count the how many rows query would give.so how can i count?
    is there any ready count function or like that?

Popular pages Recent additions subscribe to a feed

Similar Threads

  1. Calling datas from another form?
    By Aga^^ in forum C# Programming
    Replies: 2
    Last Post: 02-06-2009, 02:17 AM
  2. Login Form for program
    By Houssen in forum C++ Programming
    Replies: 3
    Last Post: 03-29-2008, 02:35 PM
  3. Accessing main form from functions in other classes
    By pj_martins in forum C++ Programming
    Replies: 1
    Last Post: 11-05-2004, 09:27 AM
  4. My UserControls dissapear off my form
    By zMan in forum C# Programming
    Replies: 2
    Last Post: 09-15-2004, 08:55 AM
  5. Making an MFC form to suit
    By TJJ in forum Windows Programming
    Replies: 1
    Last Post: 04-17-2004, 11:20 AM