How can I verify salt password from MySql by using BCRYPT Verify

Question

I do have some problem with my code which I'm using BCRYPT libraries for my Winform project. When registration made, everything work fine and the code as below for registration forms. Here is my code for you to review.

using BCrypt.Net;

Code from registration form, this one is work fine.

cmd.Parameters.AddWithValue("@Password", BCrypt.Net.BCrypt.HashPassword(txtPassword.Text));

But when I want to login, I try to use this code as below.

public partial class Login : Form
    {
        MySqlConnection Connection = new MySqlConnection("server=localhost; database=bh_lms; user=root; password=root; pooling = false; convert zero datetime=True");

        public Login()
        {
            InitializeComponent();
        }

        private void Login_Load(object sender, EventArgs e)
        {
            //SplashScreen Loading
            for (int i = 0; i < 120; i++)
            {
                Thread.Sleep(40);
            }
        }

        private void btnLogin_Click(object sender, EventArgs e)
        {

            if (BCrypt.Net.BCrypt.Verify(txtPassword.Text, ""))
            {
                Connection.Open();
                MySqlCommand cmd = new MySqlCommand("SELECT * FROM registration Where Username=@Username, Password=@Password", Connection);
                cmd.Parameters.Add(new MySqlParameter("@Username", txtUsername.Text));
                cmd.Parameters.Add(new MySqlParameter("@Password", txtPassword.Text));
                MySqlDataReader reader = cmd.ExecuteReader();
                int count = 0;
                string userRole = string.Empty;
                while (reader.Read())
                {
                    count = +1;
                    userRole = reader["RegistrationType"].ToString();
                }
                if (count == 1)
                {
                    this.Hide();
                    if (userRole == "Admin")
                    {
                        Dashboard.dbAdmin DashboardAdmin = new Dashboard.dbAdmin();
                        DashboardAdmin.Show();
                    }
                    else if (count > 1)
                    {
                        MessageBox.Show("Please enter correct username and password or register a new account!", "Alert", MessageBoxButtons.OK, MessageBoxIcon.Error); ;
                    }
                }
            }
            else
            {
                Connection.Close();
            }
        }

        private void btnRegister_Click(object sender, EventArgs e)
        {
            this.Hide();
            Registration Register = new Registration();
            Register.Show();
        }
    }
}

I have User Type (Admin, Staff, HR etc) and I want to try this code if it working or not for user panel. But since I can't Verify password by using BCrypt, it feel like, I better stick with old code, but that no security at all which people suggest to use Parameters.

If anyone can help me how can I verify the password, please let me know. It's almost 1 weeks, still got no good result.

This should help with the concept(s) at any rate: https://stackoverflow.com/a/39602006/1070452 — Ňɏssa Pøngjǣrdenlarp, Jun 27 '19 at 19:56
You need to call `BCrypt.Verify()` https://github.com/BcryptNet/bcrypt.net#how-to-use — SLaks, Jun 27 '19 at 19:57

How can I verify salt password from MySql by using BCRYPT Verify

0 Answers0