0

I do have an annoying problem here, I am not able troubleshoot this issue. My problem is that I cannot confirm my login, somewhere's a logical error because my try-catch block is not 'catching' anything, I even used breakpoints between DataBase Opening and DB.Close to see if there's any issue. Here are some screens :

So if I enter the user Gigel and his password 123 (it's encrypted) I get my false execution from my IF , 'Something's wrong out there'

Error..., anyone ?

PhpMyAdmin try-catch-block error here

Imports MySql.Data
Imports MySql.Data.MySqlClient
Imports System.Security.Cryptography




Public Class Form1

    Private Sub Button2_Click(sender As Object, e As EventArgs) Handles Button2.Click

        Me.Close()
    End Sub

    Private Sub Button1_Click(sender As Object, e As EventArgs) Handles Button1.Click
        Dim MySQLConnection As New MySqlConnection("Server = localhost;Database = users; Uid=root; Pwd = password ")

        Dim HashedPass As String = ""

        'Converts the Password into bytes, computes the hash of those bytes, and then converts them into a Base64 string

        Using MD5hash As MD5 = MD5.Create()

            System.Convert.ToBase64String(MD5hash.ComputeHash(System.Text.Encoding.ASCII.GetBytes(TextBox2.Text)))

        End Using


        'Counter

        Dim SqlQuery As String = "SELECT COUNT(*) From users1 WHERE username = @Username AND password = @Password; "

        MySQLConnection.Open()

        Dim Command As New MySqlCommand(SqlQuery, MySQLConnection)

        'Sanitising parameters

        Command.Parameters.Add(New MySqlParameter("@Username", TextBox1.Text))
        Command.Parameters.Add(New MySqlParameter("@Password", HashedPass))


        'checker
        If Command.ExecuteScalar() = 1 Then
            MsgBox("Thanks for logging in")
            Me.Hide()
        Else
            MsgBox("Something's wrong down there")
        End If


        MySQLConnection.Close()
    End Sub
End Class
ExtremeSwat
  • 794
  • 1
  • 12
  • 34
  • `HashedPass` is empty when you are adding it as a parameter, so `Command.ExecuteScalar` will return `0` – ɐsɹǝʌ ǝɔıʌ Apr 08 '14 at 13:43
  • I did correct it but I have the same logical error. If I comment the hash section and use as a parameter directly TextBox2.text ( my textbox where I input my password) it works ( by entering the whole encrypted code). My error lies somewhere around the Hash zone, thanks for the input tho, that hash had to be = with something, lol – ExtremeSwat Apr 08 '14 at 13:45
  • Place a breakpoint just above `If` and check the value of `Command.CommandText`. That value is the SQL statement that will be executed – ɐsɹǝʌ ǝɔıʌ Apr 08 '14 at 13:49
  • 1
    I think the SQL statement to be executed should be `SELECT COUNT(*) From users1 WHERE username = @Username AND password = MD5(@Password)` – ɐsɹǝʌ ǝɔıʌ Apr 08 '14 at 13:52
  • can u check out the main thread? I did add a new picture, clearly my encryption algorithm is totally diffrenty than mysql's one. Have a look over the pictures from phpmyadmin, at the passwords. They're totally diffrent. – ExtremeSwat Apr 08 '14 at 13:59
  • Because you are converting the MD5 encrypted password to Base64. See my answer – ɐsɹǝʌ ǝɔıʌ Apr 08 '14 at 14:16

1 Answers1

1

Try this: 

Private Sub Button1_Click(sender As Object, e As EventArgs) Handles Button1.Click

Try

    Dim MySQLConnection As New MySqlConnection("Server = localhost;Database = users; Uid=root; Pwd = password ")

    Dim SqlQuery As String = "SELECT COUNT(*) From users1 WHERE username = @Username AND password = MD5(@Password); "

    MySQLConnection.Open()

    Dim Command As New MySqlCommand(SqlQuery, MySQLConnection)

    Command.Parameters.Add(New MySqlParameter("@Username", TextBox1.Text))
    Command.Parameters.Add(New MySqlParameter("@Password", TextBox2.Text))

    If Command.ExecuteScalar() = 1 Then
        MsgBox("Thanks for logging in")            
    Else
        MsgBox("Invalid username or password")
    End If

    MySQLConnection.Close()

Catch ex as Exception

   MsgBox(ex.Message)

End Sub
ɐsɹǝʌ ǝɔıʌ
  • 4,440
  • 3
  • 35
  • 56