User Authentication in C# using MySql database

Question

I'm having a hard time coding in my login form. I need to authenticate users like admin and/or student. Can you please help me know the right query for this matter? I need this for my project. This is my code so far, this is for admin only. I want to include codes for student if they log in.

 private void login_Click(object sender, EventArgs e)
    {
        try
        {
            string myConnection = "datasource = localhost;port=3306;username=root;password=";
            MySqlConnection myConn = new MySqlConnection(myConnection);
            MySqlCommand SelectCommand = new MySqlCommand("select username, password from library_sys.tbl_users where username = '" + this.txtusername.Text + "' and password = '" + this.txtpword.Text + "';", myConn);
            MySqlDataReader myReader;
            myConn.Open();
            myReader = SelectCommand.ExecuteReader();
            int count = 0;

            while (myReader.Read())
            {
                count = count + 1;
            }
            if (count == 1)
            {
                MessageBox.Show("Welcome to the LIBRARY MANAGEMENT SYSTEM!");
                this.Hide();
                Librarian lib = new Librarian();
                lib.Show();
            }
            else
            {
                MessageBox.Show("Invalid username or password.");
                myConn.Close();
            }
            myConn.Close();
        }
        catch (Exception ex)
        {
            MessageBox.Show(ex.Message);
        }

This question contains insufficient information. Please provide your attempt (whatever you have tried so far), otherwise it's pretty much impossible for us to help you. — Gynteniuxas, Jul 30 '16 at 19:42
Please use parameters, don't concatenate strings into SQL. You're open for injection attacks and will have trouble with many inputs — Sami Kuhmonen, Jul 30 '16 at 19:52
You should never store passwords as plaintext. Hash and salt them. — Ňɏssa Pøngjǣrdenlarp, Jul 30 '16 at 19:55
@Plutonix it's okay. I intentionally removed the password before i posted it. — Anica Jean, Jul 30 '16 at 20:01
Is this a win desktop application (winforms/wpf) or is this a web application (asp.net/mvc etc...)? — Steve, Jul 30 '16 at 20:01
you must read [SQLParameter](http://stackoverflow.com/questions/13580993/mysqlcommand-command-parameters-add-is-obsolete) and more info [here](http://stackoverflow.com/questions/7174792/does-using-parameterized-sqlcommand-make-my-program-immune-to-sql-injection) — Raktim Biswas, Jul 30 '16 at 20:05
Let me rephrase: You should never store passwords to the DB as plaintext. Hash and salt them. — Ňɏssa Pøngjǣrdenlarp, Jul 30 '16 at 20:05
And do you have a problem here (a part from the string concatenation) ? There is something that doesn't work here? — Steve, Jul 30 '16 at 20:06
the code above that i posted was fine.. there's no error or something that doesn't work at all. I just need an idea on how would be the code if I already include code for the 'student' if they log in and the program will show the student user interface. — Anica Jean, Jul 30 '16 at 20:18
@LosManos neither is right fit, see [Why are implementation and debugging questions unwelcome on Programmers.SE?](http://meta.programmers.stackexchange.com/q/7864/31260) and [CR.SE help center](http://codereview.stackexchange.com/help/on-topic) requirement for working code. Please abstain of recommending sites you're not familiar with — gnat, Jul 30 '16 at 21:46
may be you should add condition if the userlogin is an student then student_level or administrator admin_level or staff login staff_level — Ramgy Borja, Aug 01 '17 at 05:45

User Authentication in C# using MySql database

0 Answers0