Login Form

hi guys

i have just started coding the program. I have access document which has 2 table ( duty and

student ) Duty has a password and username for entering the system. There is 2 textbox ,one

for is username and the other for password. The duty must enter his username and password,

if his password and username is correct the second form will open , if they are false there wiil

be a message box to warn the duty.

I have did the connection of database.

Code:

SqlConnection dataConnection = new SqlConnection(); try { dataConnection.ConnectionString = "Provider=Microsoft.Jet.OLEDB.4.0;Data Source=.\\db1.mdb;Persist Security Info=False;"; dataConnection.Open(); SqlCommand dataCommand = new SqlCommand(); dataCommand.Connection = dataConnection; dataCommand.CommandText ="select d_name and d_pass from duty";

after that how can i control if dname.text is eqaul to d_name and if d_pass.text is equal to d_pass?

i am waiting for your answers..thanks

If that is indeed the correct syntax for your sql server, and assuming the query executed successfully, the next step would be probably to check the number of returned rows, and then get a data reader from the query and grab your data out. You can do this by using the ordinal number of your column, or just use the familiar hash table notation.

IE

Code:

SqlDataReader Reader= dataCommand.ExecuteReader(); if (!Reader.HasRows) return; string User = Reader.GetString(LoginReader.GetOrdinal("UserName")); string Pass= Reader.GetString(LoginReader.GetOrdinal("Pass")); //now return the info somehow and compare it to what the user entered...

i did some changes. After debugging compiler did not find any error.But after i ran the

program and enter the password and username there will be " indexoutofrangeexception

was unhandled " names error occured.

the codes are below

Code:

OleDbConnection databaseConnection = new OleDbConnection(ConnectionString); try { databaseConnection.Open(); string selectCommand = "Select p_name and p_pass from personel"; OleDbCommand databaseCommand = new OleDbCommand(selectCommand,databaseConnection); OleDbDataReader reader = databaseCommand.ExecuteReader(); while (reader.Read()) { string user=reader.GetString(reader.GetOrdinal("p_name")); // THE ERROR WAS HERE string password=reader.GetString(reader.GetOrdinal("p_pass")); // string name = reader["p_name"].ToString(); //string password = reader["p_pass"].ToString(); if ((user == pad_text.Text) & (password == psifre_text.Text)) { MessageBox.Show("it is ok "); } else { MessageBox.Show("it is not ok"); } } } catch(OleDbException databaseException) { } finally { databaseConnection.Close(); } }

how can we fix it?

http://msdn.microsoft.com/en-us/libr...etordinal.aspx

Must be that your column name is wrong. Check your table and verify you have a column named that.

Also note that your AND is probably not what you are expecting when you are comparing logins and passwords. Change it to &&.

i checked column name it is correct and put &&.

another thing i did is

Code:

OleDbConnection databaseConnection = new OleDbConnection(ConnectionString); try { databaseConnection.Open(); string selectCommand = "Select p_name and p_pass from personel"; OleDbCommand databaseCommand = new OleDbCommand(selectCommand, databaseConnection); OleDbDataReader reader = databaseCommand.ExecuteReader(); while (reader.Read()) { string user = reader.GetString(reader.GetOrdinal("p_name")); string password = reader.GetString(reader.GetOrdinal("p_pass")); // string name = reader["p_name"].ToString(); //string password = reader["p_pass"].ToString(); if ((user == pad_text.Text) && (password == psifre_text.Text)) { MessageBox.Show("it is ok"); } else { MessageBox.Show("it is not ok"); } } } catch (OleDbException databaseException) { } catch (IndexOutOfRangeException exception) { MessageBox.Show("Index out of range !"); } finally { databaseConnection.Close(); } }

i wrote an exception which is about Indexoutofrange

when i run the program and enter the username and password program warns me

"Index out of range !". what can i do now?

i analysized the adress which you gave . it is useful for me . Thanks.

but there is an another problem

the codes are below

Code:

private void pgiris_Click(object sender, EventArgs e) { string queryString = "SELECT p_name,p_pass from personel"; using (OleDbConnection dbconnection=new OleDbConnection(connectionString)) { MessageBox.Show("ok"); OleDbCommand command =new OleDbCommand(queryString, dbconnection); dbconnection.Open(); OleDbDataReader reader = command.ExecuteReader(); // Call GetOrdinal and assign value to variable. string pname = reader["p_name"].ToString(); //THE ERROR WAS HERE string ppass = reader["p_pass"].ToString(); // Use variable with GetString inside of loop. while (reader.Read()) { if ((pname == pad_text.Text) && (ppass == psifre_text.Text)) { MessageBox.Show("it is ok"); } else { MessageBox.Show("it is not ok"); } } // Call Close when done reading. reader.Close(); } }

when i compile the program there is no error, after i ran the program and enter the

password and username the error occurs. The error is invalid operation exception and says no data exists row/column.

I checked the database, there are datas.

what can i do now?

You can only access the readers data, once you called Read() on it and it returned true. Put those statements inside you loop.

Your design means every time a password is entered, the application will read all users and all passwords from the database. It might be smarter to send the password and username to the database and let it decide if it matches.

Select only those rows, where p_name matches your input and p_pass matches the password you were given. If a row is returned, the user can pass, if not, it wasn't a valid combination.

i could not understand completely how can i send the datas to the database to control which the

user enter.

Can you explain more how can i do that?

Ask the database for all rows in the user table who has p_name = EnteredUserName and p_pass = EnteredPassword. If you get (at least) one row back a valid user exists. If you get no rows back, no valid user exists.

As a footnote you should never store passwords in pure text. Hash it using MD5 (or other algorithm) and compare the hashes.

i did some changes on the codes it works but it is not completely which i want

i put reader.read in a while and in while i control the inputs if is equal to the database's

datas.But the problem is there is the user's inputs are not equal to the database's datas

then there will be a warning but the warning is 4 times because the database has 4 user

row. so it is for i put use while.

Code:

namespace WindowsApplication1 { public partial class SystemEnter : Form { private string connectionString = "Provider=Microsoft.Jet.OLEDB.4.0;Data Source=" + Application.StartupPath + "\\db\\db1.mdb;Persist Security Info=False"; public string ConnectionString { get { return connectionString; } } public SystemEnter() { InitializeComponent(); } private void pgiris_Click(object sender, EventArgs e) { string queryString = "SELECT p_name,p_pass from personel"; using (OleDbConnection dbconnection = new OleDbConnection(connectionString)) { OleDbCommand command = new OleDbCommand(queryString, dbconnection); dbconnection.Open(); OleDbDataReader reader = command.ExecuteReader(); while (reader.Read()) { string pname = reader["p_name"].ToString(); string ppass = reader["p_pass"].ToString(); if ((pad_text.Text == pname) && (psifre_text.Text == ppass)) { MessageBox.Show("It is ok"); } } reader.Close(); dbconnection.Close(); } }

how can i warn the user one time?

Simple way would be to create a bool say bExists at the top of your routine and set it to false. If you find the user set it to true and break out of the loop (where you currently say It is ok. Then after you close the reader/connection either return the value bExists and let the caller do the processing, or just at the end of the routine say user exists/doesn't exist based on the state of bExists.

I suggest looking into the SQL "WHERE" clause, so you won't have to retrieve ALL users and then check if any of them has a proper username/password.

magos i tried it before but i can not do it completely there were errors

the code i wrote is below

Code:

string queryString = "SELECT p_name,p_pass from personel where p_name='" & p_ad.Text &"' and p_pass='" & p_sifre.Text &"' ";

and the error is Operator '&' cannot be applied to operands of type 'string' and 'string'

valaris it is a good idead but i also want to warn the user if he enters the wrong username and password.if don't enter the while loop i can not control the input variables, but if i enter the warning wont be one time.

i use the break and exist variable in bool type. if i use the break after the messagebox again there are 4 warning if the inputs are false.

'&' is the concatenation operator in VB. In C# it's '+'. So you should do something like:

Code:

string SafeSqlString(string String) { return String.Replace("'", "''"); } var QueryString = "SELECT COUNT(*) FROM Users WHERE Name = '" + SafeSqlString(Name) + "' AND Password = '" + SafeSqlString(Password) + "'";

Don't return the name/password, just check how many rows the query would give. If > 0 then you have a valid match, otherwise unsuccessful login.

(the SafeSqlString reduces the chances of some malicious sql injection)

ok ...
i must count the how many rows query would give.so how can i count?
is there any ready count function or like that?

ok magos , valaris and nvoigt thanks for your helps i did it :))

for now i have duty form,student form and the system form. The duty must enter the system to check the student. i did the database connections and login form as you know. For example student John has entered the system to sign the notebook , i want the students name and surname must be see in the student form . How can i call it from the database?