1. 首頁
  2. 問答
  3. 驗證Microsoft VIsual Studio中的用戶名和密碼

驗證Microsoft VIsual Studio中的用戶名和密碼

2013-06-21 30 views
-1

我在用戶單擊某個按鈕時驗證用戶名和密碼時遇到問題。我有兩個文本框,名稱分別爲user_logon_iduser_password驗證Microsoft VIsual Studio中的用戶名和密碼

我有一個名爲MyUsers的表,我想驗證用戶名(user_logon_id)和密碼(user_password)在同一行中。如果它們不匹配,則應該通知用戶。如果確實匹配,則將它們指向userAdmin.aspx

我使用的是Microsoft Visual Studio 2008。我對此非常陌生,並且很想掌握這一點。我不需要擔心加密密碼。

來源

2013-06-21 Jason Smith

+1

'「我不需要擔心加密的密碼。」'沒有,但你應該擔心散列密碼。即使這不是明確規定的要求,也應該始終這樣做。 – David

+1

你有什麼錯誤嗎?什麼在這裏造成麻煩?更改您的查詢來檢查用戶名和密碼,並返回一個SQL中的行數,然後使用執行標量來獲得計數和基於計數authenticate用戶。 –

+0

不要說SQL注入... – RBarryYoung

回答

-1

你可以在調試器中運行這個,並驗證查詢是否返回一行?

幾點建議:

考慮參數化查詢是這樣的:

Dim conn As New SqlConnection(_connectionString) 
conn.Open() 
Dim s As String = "SELECT user_password FROM MyUsers WHERE user_logon_id = @user_login_id" 
Dim cmd As New SqlCommand(s) 
cmd.Parameters.Add("@user_login_id", Me.user_logon_id.Text) 
Dim reader As SqlDataReader = cmd.ExecuteReader()

哈希以某種方式

考慮從數據庫表,其中的用戶名和密碼,選擇匹配的密碼。如果結果是一條記錄,則登錄成功。

 Dim s As String = "SELECT userid FROM MyUsers WHERE user_logon_id = @user_login_id and [email protected]_password"

的完整代碼

Protected Sub butSubmit_Click(ByVal sender As Object, ByVal e As System.EventArgs) Handles butSubmit.Click 

Dim myReader As Data.SqlClient.SqlDataReader 
Dim mySqlConnection As Data.SqlClient.SqlConnection 
Dim mySqlCommand As Data.SqlClient.SqlCommand 

'Establish the SqlConnection by using the configuration manager to get the connection string in our web.config file. 
mySqlConnection = New Data.SqlClient.SqlConnection(ConfigurationManager.ConnectionStrings("ConnectionString1").ToString()) 
Dim sql As String = "SELECT userid FROM MyUsers WHERE user_logon_id = @user_login_id and [email protected]_password" 

mySqlCommand = New Data.SqlClient.SqlCommand(sql, mySqlConnection) 

cmd.Parameters.Add("@user_login_id", Me.user_logon_id.Text) 
cmd.Parameters.Add("@user_password", Me.user_password.Text) 

Try 
    mySqlConnection.Open() 
    myReader = mySqlCommand.ExecuteReader() 

    If (myReader.HasRows) Then  
      'Open page with users and roles 
      Dim message As String = "Correct password" 
      Dim style As MsgBoxStyle = MsgBoxStyle.OkOnly 
      Dim title As String = "Authenticated" 
      MsgBox(message, style, title) 
    End If 

Catch ex As Exception 
    Console.WriteLine(ex.ToString()) 
Finally 
    If Not (myReader Is Nothing) Then 
     myReader.Close() 
    End If 

    If (mySqlConnection.State = Data.ConnectionState.Open) Then 
     mySqlConnection.Close() 
    End If 

End Try 

End Sub

來源

2013-06-21 20:03:59 ericdc

相關問題

 相關問題