Login form by using a new database, made in VB

Question

I'm a few day's searching for a problem, but can't find the answer. They are 1000 examples on youtube "how to make a login frm" but not in VB 2012 are by useing a selfmade database in VB.

So I already have a Bindingsource, Tableadapter, TableAdapterManager and a DatabaseDataSet en working with an tablegrid. Now I want to login to the system first before I get acces to the other parts of the program. The user have to write his name in to a textbox and when his names is existing (in the database), he get acces.

My problem is to check the column "users". What code can I use for that pleas?

Answer 1

Ideally You want the user to enter his/her username and password FIRST and then in the btnSubmit_Click event you should query the data source NEXT and check if the results are valid.

It is not recommended to load all the usernames/passwords and then look for a match.

It is `better/safer' to query ONLY for the single username/password pair.

This is not the EXACT code, but something along these lines.

Private Sub Submit_Click(sender As System.Object, e As System.EventArgs) Handles Submit.Click
    '
    If Trim(UsernameTextBox.Text) <> "" Then
        If Trim(PasswordTextBox.Text) <> "" Then
            '--> Query database here <--
            'SELECT * From MyUsersSqlTable WHERE dbUsername='" trim(usernametextbox.text) & "' AND dbPassword='" & trim(passwordtextbox.text) & "'"
            'If VALID Then
            '   Do something
            'Else
            '   MsgBox("Error - Invalid login credentials")
            '   Do something else
            'End If
        Else
            MsgBox("Error - No password entered")
        End If
    Else
        MsgBox("Error - No username entered")
    End If
    '
End Sub

Obviously, you would not DIRECTLY enter the user entered data into a query, you should use parameters or VALIDATE the data to ensure it cannot inject something into your script!

Answer 2

You can check the username and password entered by the user with your table records. If both the fields match, it logins otherwise throws a message. However, you might also need to check case-sensitive password. You can refer the following code.

Protected Sub SignIn(sender As Object, e As EventArgs) Handles btnsignin.ServerClick



    Dim last_login As String
    last_login = Now.Date.ToString("dd/MM/yy")

    Try
        conn.Close()
        conn.Open()
        Dim cmd As New MySqlCommand
        cmd.CommandText = "SELECT * FROM user WHERE user_email = ('" & txtemail.Value.ToString & "') AND user_password=('" & txtpassword.Value.ToString & "') COLLATE utf8_bin"
        cmd.Connection = conn
        Dim da As New MySqlDataAdapter
        Dim ds As New DataSet
        da.SelectCommand = cmd
        da.Fill(ds)
        txtemail.DataBind()
        txtpassword.DataBind()
        Dim usercount = ds.Tables(0).Rows.Count
        If usercount = 1 Then
            reader = cmd.ExecuteReader
            Session("user_email") = txtemail.Value.ToString
            If reader.Read Then
                Session("user_name") = reader.Item("user_name").ToString
                'SetUserName(user_name)
                Session("last_login") = reader.Item("last_login").ToString
                str = "UPDATE user SET last_login = ('" & last_login.ToString & "') WHERE user_email = ('" & txtemail.Value.ToString & "') "
                cmd = New MySqlCommand(str, conn)
                reader.Close()
                cmd.ExecuteNonQuery()

            End If

        Else
            MsgBox("Incorrect email or password", MsgBoxStyle.Exclamation)
            Return

        End If
    Catch ex As Exception
        MsgBox(ex.Message)
    End Try
    conn.Close()

End Sub