0

How can I save a variable value in a local database , so I can get the variable's value again when I start my program again.

I want to allow the user to change his PIN number and use the new one when he start the program again.

It is a windows form application and I have a button to change the pin code which is used to allow the user to open the program

private void button17_Click(object sender, EventArgs e)
{
    /*
    The change PIN number has a problem and the pin number needs to be on a database or a text file in order to be updated correctly
    */
    if (message.TextLength != 0 && message.TextLength < 5)
    {
        message.Text = "Enter Your Current 4 digits PIN ";

        if (Convert.ToInt32(message.Text) == currentpinn)
        {
            message.Text = "Enter Your New 4 digits PIN ";
            currentpinn = Convert.ToInt32(message.Text);
            message.Text = " Your PIN has changed successfully  ";
        }

        message.Text = "The PIN you have entered is not correct please try again!  ";
    }
    else 
    { 
        message.Text = "Please enter a valied PIN "; 
    }
}
marc_s
  • 732,580
  • 175
  • 1,330
  • 1,459
Hassan Alsharif
  • 11
  • 3
  • 4
    Welcome to Stack Overflow. This is not a coding service or anything of the like. Please post the code for your best attempt and reformulate your question into something more concrete. Thanks – ekstroem Feb 10 '16 at 01:47
  • Too broad. Is the program a Windows Forms application, a UWP application, a console application, a Xamarin iOS application, etc. Depending on your target, it could be a duplicate of: http://stackoverflow.com/questions/1121917/local-database-i-need-some-examples – Larry Smithmier Feb 10 '16 at 01:51
  • It is a windows form application and I have a button to change the pin code which is used to allow the user to open the program – Hassan Alsharif Feb 10 '16 at 01:55
  • BTW, don't use Convert.ToInt32 for user input on TextBox'es. Besides, `currentpinn = Convert.ToInt32(message.Text);` will absolutely always fail. – Camilo Terevinto Feb 10 '16 at 02:04

2 Answers2

1

Generally here is what you need to do to have a system with a password:

To Store a Password

  1. Generate a long random salt using RNGCryptoServiceProvider Class.
  2. Prepend the salt to the password and hash it with a standard cryptographic hash function such as SHA256Managed Class.
  3. Save both the salt and the hash.

To Validate a Password

  1. Retrieve the user's salt and hash.
  2. Prepend the salt to the given password and hash it using the same hash function.
  3. Compare the hash of the given password with the hash from storage. If they match, the password is correct. Otherwise, the password is incorrect.


    private void buttonCreate_Click(object sender, EventArgs e)
    {
        using (var d = new GetNewPasswordDialog())
        {
            d.ShowDialog(this);
            if (d.DialogResult == DialogResult.OK)
            {
                var newPassword = d.Password;
                var salt = CreateRandomSalt(33);
                var hash = GeneratePasswordHash(newPassword, salt);

            System.Diagnostics.Debug.WriteLine(hash);
            System.Diagnostics.Debug.WriteLine(salt);

            // save the hash & salt
            // using application config as an example
            Properties.Settings.Default.Hash = hash;
            Properties.Settings.Default.Salt = salt;
            Properties.Settings.Default.Save();
        }
    }
}

private void buttonVerify_Click(object sender, EventArgs e)
{
    // The change PIN number has a problem and the pin number 
    // needs to be on a database or a text file in order to be updated correctly

    if (textBox1.TextLength != 0 && textBox1.TextLength < 5)
    {
        message.Text = Properties.Resources.EnterPin;

        // read in the current password hash and salt from storage
        var savedSalt = Properties.Settings.Default.Salt;
        var savedHash = Properties.Settings.Default.Hash;

        // get the pin number that was entered and generate a hash using the saved salt
        var currentPIN = textBox1.Text.Trim();
        var currentHash = GeneratePasswordHash(currentPIN, savedSalt);


        if (string.Compare(savedHash, currentHash) == 0)
        {
            message.Text = "Your PIN is correct";

            // TODO: Allow user to change PIN
            buttonCreate.Enabled = true;
        }
        else
        {
            message.Text = "The PIN you have entered is not correct please try again!  ";
        }
    }
    else
    {
        message.Text = "Please enter a valid PIN";
    }
}

private string CreateRandomSalt(int length)
{
    // Generate a random salt
    var salt = new byte[length];
    using (var csprng = new RNGCryptoServiceProvider())
    {
        csprng.GetBytes(salt);
    }
    return Convert.ToBase64String(salt);
}

private string GeneratePasswordHash(string password, string salt)
{
    using (var pbkdf2 = new Rfc2898DeriveBytes(password, Convert.FromBase64String(salt)))
    {
        pbkdf2.IterationCount = 1000;
        var hash = pbkdf2.GetBytes(50);
        return Convert.ToBase64String(hash);
    }
}
Black Frog
  • 11,595
  • 1
  • 35
  • 66
1

Settings.settings stores preferences on the disk. Writing a setting to disk when a program exits and then reading it back when the program is started again is cumbersome. We can use instead the Settings.settings file.

Double click on the Settings.settings file in the File Explorer of Visual Studio and you should see a settings table. Next, type a name of the variable in the leftmost column. In current scenario I have used PinNumber. Make Sure the scope will be User.

Setting.Setting Tab in Image

and then in Code Behind you can use that variable like this

//Put all validations here like 4 digit, IsNumber etc...
Properties.Settings.Default.PinNumber = CurrentPin; // Assign Value
Properties.Settings.Default.Save(); // Saving the Value
CurrentPin = Properties.Settings.Default.PinNumber; //Getting the last value
Mohit S
  • 13,723
  • 6
  • 34
  • 69