VB.NET MySQL Login using MD5 + Salt

Question

0.00/5 (No votes)

See more:

VB

Imports System.Security.Cryptography
Imports MySql.Data.MySqlClient
Public Class LoginForm1

    Private Sub Cancel_Click(ByVal sender As System.Object, ByVal e As System.EventArgs) Handles Cancel.Click
        Me.Close()
    End Sub
        Dim MySqlConnection As MySqlConnection
        Private Function StringtoMD5(ByVal Content As String) As String
        Dim M5 As New System.Security.Cryptography.MD5CryptoServiceProvider
            Dim ByteString() As Byte = System.Text.Encoding.ASCII.GetBytes(Content)
        ByteString = M5.ComputeHash(ByteString)
            Dim FinalString As String = Nothing
            For Each bt As Byte In ByteString
            FinalString &= bt.ToString("x2")
            Next
            Return FinalString
        End Function
        Private Sub OK_Click(ByVal sender As System.Object, ByVal e As System.EventArgs) Handles OK.Click
            PasswordTextBox.Text = StringtoMD5(PasswordTextBox.Text)
            MySqlConnection = New MySqlConnection
        MySqlConnection.ConnectionString = "Server=****;Database=****;Uid=****;Pwd=****;"
            MySqlConnection.Open()

            Dim Myadapter As New MySqlDataAdapter
        Dim sqlquary = "SELECT * FROM table_name WHERE username='" & UsernameTextBox.Text & "'AND password='" & PasswordTextBox.Text & "';"

            Dim command As New MySqlCommand
            command.Connection = MySqlConnection
            command.CommandText = sqlquary
            Myadapter.SelectCommand = command
            Dim mydata As MySqlDataReader
            mydata = command.ExecuteReader
            If mydata.HasRows = 0 Then
                MsgBox("Sorry! We can't find your Username and Password. Try Again or contact us on the forum")
            Else
                Form1.Show()
                Me.Close()

            End If
    End Sub
End Class

I'm trying to make a login application that connects to my website database and try's logging in through the database by grabbing the username and password from the table. It connects to the database and finds the username but it does not like the password for it because it uses MD5 and Salt. Does anyone know how to get this working and get the hash value right?

Salt = "7UEJD7xQ"
MD5 = "923c5abb8c5cdf0cf3e60c02716f3763"
Password = "iBD1Ux6V"

Help would be appreciated thanks!

Posted 10-Nov-14 11:58am

Member 11219665

Updated 10-Nov-14 11:59am

v2

Add a Solution

Comments

DamithSL 10-Nov-14 22:02pm

how you insert password when user create?

1 solution

Add a Solution

Add your solution here

Treat my content as plain text, not as HTML

Preview 0

…

Existing Members

Sign in to your account

...or Join us

Download, Vote, Comment, Publish.

Your Email
Password
Forgot your password?

Your Email
This email is in use. Do you need your password?
Optional Password

I have read and agree to the Terms of Service and Privacy Policy
Please subscribe me to the CodeProject newsletters

When answering a question please:

Read the question carefully.
Understand that English isn't everyone's first language so be lenient of bad spelling and grammar.
If a question is poorly phrased then either ask for clarification, ignore it, or edit the question and fix the problem. Insults are not welcome.
Don't tell someone to read the manual. Chances are they have and don't get it. Provide an answer or move on to the next question.

Let's work to help developers, not make them feel stupid.

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)

Dave Kreskowiak · Answer 1 · 2014-11-11T02:50:00

Solution 1

You're doing it wrong.

Nowhere in your code are you using salt, so I don't know what you think you're doing there...

It's simple really, you get the password from the user, salt it, hash it, then store the bytes of the hash.

To check the entered password, you do the exact same thing, except you don't store the hash. You retrieve the hash from the database using the entered username, then compare the entered hash to the retrieved.

Posted 11-Nov-14 2:50am

Dave Kreskowiak

Comments

Member 11219665 11-Nov-14 16:03pm

Could you update your solution showing an example code on how to encrypt the password text with salt and md5?

Member 11219665 11-Nov-14 16:04pm

I've looked everywhere online and all of them don't work.

Dave Kreskowiak 11-Nov-14 16:43pm

I seriously doubt that.

What I see you saying is that you tried copying and pasting code into your application and it doesn't work because you don't understand the code.

There's a ton of articles here on CP that explain what you're trying to do. I'm not going to write another one.

Read these: Storing Passwords[^]