-1

I am new to c# and visual studios and i am creating a windows form application that requires a username and password to log in. I have successfully implemented the database to register a user but cannot seem to get the login to work. There is two errors in the code below:

 private void btnLogin_Click(object sender, EventArgs e)
 {
     MySqlConnection con = new MySqlConnection();
     con.ConnectionString = "datasource=127.0.0.1;port=3306;username=root;password=;";

     Int32 verify;
     string query1 = "Select count(*) from Login where Username='" + Username.Text + "' and Password='" + Password.Text + "' ";
     MySqlCommand cmd1 = new MySqlCommand(query1, con);
     con.Open();
     verify = Convert.ToInt32(cmd1.ExecuteScalar());
     con.Close();

     if (verify > 0)
     {
         new FormMainMenu().Show();
         this.Hide();
     }
     else
     {
         MessageBox.Show("Username or Password is Incorrect")
     }
 }

The Username.Text and the Password.Text are both underlined and says the name

does not exist in the current context.

If anyone has any solutions to this, I would be very grateful. Thanks

Daniel A. White
  • 187,200
  • 47
  • 362
  • 445
JanetKeelan
  • 7
  • 1
  • 3
  • 7
    **warning** your code is extremely vulnerable to sql injection attacks and your should never store passwords in plain text! – Daniel A. White Apr 08 '16 at 00:20
  • I know, this is just a practice and would like to know how to do it first. If you had any solutions to why this isnt working that would be great – JanetKeelan Apr 08 '16 at 00:26
  • 1
    That is not how you use passwords and you are practicing doing the wrong thing. Store a [password hash](https://bcrypt.codeplex.com/) in your database, hash the password from the user, then pass it in a [database parameter](http://stackoverflow.com/questions/11139791/). – Dour High Arch Apr 08 '16 at 00:30
  • 1
    @JanetKeelan Why practice doing things the wrong way? What's the point? Practice doing it the right way. Salt and hash your passwords. Use parameterized queries. They're not much more work than the wrong way. Do it right from the beginning, and you're much less likely to do it wrong when it matters in the future – Rob Apr 08 '16 at 00:31
  • Well obviously I didnt mean to be doing it the wrong way. As I said, im new to this and will obviously make mistakes – JanetKeelan Apr 08 '16 at 00:33
  • *how to do it first* is to learn how to use parameterized queries to prevent SQL injection. It also allows the database driver to properly quote or convert values to the right format. Second, you **never** pass the password to the DB in your SQL; it can be seen by database monitoring software, and therefore exposes a major security flaw. There are many existing questions here about how to query and verify users via C#, including some in the Related list to the right --->>> titled *Validate MySQL username and password*, *Username and password input code validation*. – Ken White Apr 08 '16 at 00:34
  • Does anyone know how it should look then altogether? Im having trouble with it all – JanetKeelan Apr 08 '16 at 00:40

2 Answers2

0

you can try this, you just to change the connection to MYSQL Connector.

public int GetScalarValue()
        {
            int result = 0;
            using (SqlConnection cn = new SqlConnection("CONECTION_STRING"))
            {
                cn.Open();
                using (SqlCommand cmd = new SqlCommand("select count(*) from login where username=@login and password=@password")) {
                    cmd.Parameters.Add("@login", SqlDbType.VarChar).Value = Username.Text;
                    cmd.Parameters.Add("@password", SqlDbType.VarChar).Value = Password.Text;
                    result = int.Parse(cmd.ExecuteScalar().ToString());
                }
            }
            return result;
        }
eflorespalma
  • 325
  • 1
  • 2
  • 8
0

Here is a basic and simple approach to validate password, easy to understand if you are beginner level programmer. It checks for min length, digit, lower case, upper case, special characters in input password string.

private bool ValidPass(string pass)
{
    bool passLength = false, hasDigit = false, hasUpper = false, hasLower = false, hasSpecialChar = false;

    if (pass.Length >= 6)
        passLength = true;

    foreach (char c in pass)
    {
        if (char.IsDigit(c))
            hasDigit = true;

        else if (char.IsUpper(c))
            hasUpper = true;

        else if (char.IsLower(c))
            hasLower = true;
    }

    string specialChar = "\\/~!@#$%^&*()-_+={[]};:'\"|,<.>?";
    foreach (char c in specialChar)
    {
        if (pass.Contains(c))
            hasSpecialChar = true;
    }

    if (passLength && hasDigit && hasUpper && hasLower && hasSpecialChar)
        return true;

    return false;
}
RRR
  • 507
  • 4
  • 17