validation - Attempting to validate username (email address) and password - having issues - vb.net -
i have windows form app not validating user input information. need help. inserted microsoft login form , writing code verify user credentials. using access db store , retrieve info. 2 tables - 1 email address , password.
verify format of email addy using regex. works well. validate email address in correct form , verify in table (this works well). attempt read password (appears not working expected) , read both bits of information tables. next, test make sure both present. if both present control passed form.
my issue reading/verifying password.
here visual studio vb.net code.
private sub ok_click(sender system.object, e system.eventargs) handles ok.click try if msgbox("is information correct?", msgboxstyle.yesno, "m&p records") = msgboxresult.yes dim pattern string = "^[a-z][a-z|0-9|]*[a-z][a-z|0-9|]*([_][a-z|0-9]+)*([.][a-z|0-9]+([_][a-z|0-9]+)*)?@[a-z][a-z|0-9|]*\.([a-z][a-z|0-9]*(\.[a-z][a-z|0-9]*)?)$" dim match system.text.regularexpressions.match = regex.match(txtusername.text.trim(), pattern, regexoptions.ignorecase) if (match.success) try if = 0 provider = "provider=microsoft.ace.oledb.12.0;data source =" 'change following access database location datafile = "\11_2017_spring\csci-2999_capstone\db_m&precords.accdb" connstring = provider & datafile myconnection.connectionstring = connstring myconnection.open() = 1 end if catch ex exception ' error occured! show error user , exit. messagebox.show(ex.message) end try 'the query: dim cmd oledbcommand = new oledbcommand("select * [emailaddress] [emailaddress] = '" & txtusername.text & "'", myconnection) dim com oledbcommand = new oledbcommand("select * [password] [password] = '" & txtpassword.text & "'", myconnection2) dim dr oledbdatareader = cmd.executereader() dim drp oledbdatareader = com.executereader() ' following variable hold true if emailaddress found, , false if emailaddress not found dim userfound boolean = false ' following variable hold true if password found, , false if password not found dim passwordfound boolean = false ' following variables hold emailaddress , password if found. dim emailaddresstext string = "" dim passwordtext string = "" 'if found: while dr.read() userfound = true emailaddresstext = dr("emailaddress").tostring end while while drp.read() passwordfound = true passwordtext = drp("password").tostring end while 'checking result if userfound = true , passwordfound = true frmmain.show() frmmain.label1.text = "welcome " & emailaddresstext & " " else msgbox("sorry, username or password not found", msgboxstyle.okonly, "m&p records - invalid login") txtpassword .clear() end txtusername .clear() .focus() end end if else messagebox.show("please enter valid email address", "m&p records - email check") txtpassword .clear() end txtusername .clear() .focus() end end if end if catch ex exception ' error occured! show error user , exit. messagebox.show(ex.message) end try end sub
well first approach isn't safe due fact the password isn't encrypted , either there no link between email , password ideally have table example:
user --uid --email
pass --id --uid --pass
and hash password example sha512 furthermore more security use salt , certificates secure database connection.
then do: hash current password in textbox , execute:
"select user.email user,pass user.email='textbox_email' , user.uid = pass.uid" check if have result if yes connected.
however tried correct bit did in above code. having used sqlclient , not olecommand tried keep did there might few syntax errors should ok:
try if msgbox("is information correct?", msgboxstyle.yesno, "m&p records") = msgboxresult.yes dim pattern string = "^[a-z][a-z|0-9|]*[a-z][a-z|0-9|]*([_][a-z|0-9]+)*([.][a-z|0-9]+([_][a-z|0-9]+)*)?@[a-z][a-z|0-9|]*\.([a-z][a-z|0-9]*(\.[a-z][a-z|0-9]*)?)$" dim match system.text.regularexpressions.match = regex.match(txtusername.text.trim(), pattern, regexoptions.ignorecase) if (match.success) dim passwordfound boolean dim userfound boolean using con new sqlclient.sqlconnection("provider=microsoft.ace.oledb.12.0;data source =\ 11_2017_spring\csci-2999_capstone\db_m&precords.accdb") 'using make sure connection disposed 'open connection con.open() 'prepare sql dim command new oledbcommand("select [emailaddress] [emailaddress] [emailaddress] = '" & txtusername.text & "';", con) 'create reader dim reader oledbdatareader = command.executereader() dim id string = "" ' call read before accessing data. while reader.read() 'get data id = reader(0) end while 'close reader reader.close() if id <> "" 'user found userfound = true 'prepare second sql dim command2 new oledbcommand("select [password] [password] [password] = '" & txtpassword.text & "';", con) 'prepare second reader dim reader2 oledbdatareader = command.executereader() dim pass string = "" ' call read before accessing data. while reader2.read() 'get tdata pass = reader2(0) end while reader.close() if pass <> "" 'pass found passwordfound = true else passwordfound = false end if else userfound = false end if 'close connection con.close() 'clear connection pool sqlconnection.clearpool(con) end using 'checking result if userfound = true , passwordfound = true frmmain.show() frmmain.label1.text = "welcome " & emailaddresstext & " " else msgbox("sorry, username or password not found", msgboxstyle.okonly, "m&p records - invalid login") txtpassword .clear() end txtusername .clear() .focus() end end if else messagebox.show("please enter valid email address", "m&p records - email check") txtpassword .clear() end txtusername .clear() .focus() end end if end if catch ex exception ' error occured! show error user , exit. messagebox.show(ex.message) end try
Comments
Post a Comment