Login page in visual studio 2017

Question

3.40/5 (3 votes)

See more:

I am creating a login page, for my software, but the login query keeps failing!

My Design: Design Image
My Database: Database Image

Yet, every time I execute the program I get an error: Error Image

I got this code from this YouTube video: Visual Studio 2012 - 2015 Microsoft Access Login VB.NET - YouTube

What I have tried:

My Code: <pre lang="vb">Public Class LoginForm
    Private Sub QuitButton_Click(sender As Object, e As EventArgs) Handles QuitButton.Click
        Me.Close()
    End Sub

    Private Sub SubmitButton_Click(sender As Object, e As EventArgs) Handles SubmitButton.Click
        Dim user As String
        Dim pass As String
        user = UserTextBox.Text
        pass = PassTextBox.Text
        If UsersTableAdapter.LoginQuery(user, pass) Then
            MsgBox("User Authenticated!")
        Else
            MsgBox("Invalid Credentials!")
        End If
    End Sub
End Class

My Query:

VB

SELECT        Username, [Password]
FROM            Users
WHERE        (Username = ?) AND ([Password] = ?)

Posted 24-Apr-17 22:04pm

Arnav Varshney

Updated 9-Feb-18 15:11pm

Add a Solution

1 solution

Add a Solution

Add your solution here

Treat my content as plain text, not as HTML

Preview 0

…

Existing Members

Sign in to your account

...or Join us

Download, Vote, Comment, Publish.

Your Email
Password
Forgot your password?

Your Email
This email is in use. Do you need your password?
Optional Password

I have read and agree to the Terms of Service and Privacy Policy
Please subscribe me to the CodeProject newsletters

When answering a question please:

Read the question carefully.
Understand that English isn't everyone's first language so be lenient of bad spelling and grammar.
If a question is poorly phrased then either ask for clarification, ignore it, or edit the question and fix the problem. Insults are not welcome.
Don't tell someone to read the manual. Chances are they have and don't get it. Provide an answer or move on to the next question.

Let's work to help developers, not make them feel stupid.

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)

OriginalGriff · Accepted Answer · 2017-04-24T22:15:00

Solution 1

:sigh:
YouTube videos of "how to code security" ... about as useful as a tissue-paper kettle.

Stop trying to code from YouTube - it's pretty clear that the author has absolutely no idea what he is doing.

Never store passwords in clear text: it's a major security risk. Always hash them, and compare the hashes. Password Storage: How to do it.[^] explains - the code is in C# but it's pretty obvious stuff.

Without your UsersTableAdapter.LoginQuery code we can't tell exactly what is happening there, but the error implies that one or other of your parameters is wrong - the system is trying to cast it to a Boolean value before it passes it to SQL.

Posted 24-Apr-17 22:15pm

OriginalGriff

Comments

Arnav Varshney 25-Apr-17 5:04am

The UsersTableAdapter.LoginQuery is the one I have posted as 'My Query:' here!
And, I am just a kid making some random program, so I didn't think of hashing those passwords!

OriginalGriff 25-Apr-17 5:14am

No, it isn't. It's the VB code that tells SQL to run that query - not the query itself!
Even beginners have to start somewhere - and it's a lot, lot easier to get into good habits from the start rather than try to break bad ones once they are established. So watching videos by other people who don't know what they are doing doesn't help you in the long run, it makes your life harder.

Instead, get a book, or better go on a course - they present the material in a structured way so you don't miss important things (like SQL Injection, security basics, and so on) that could make your life a lot easier later.

Arnav Varshney 25-Apr-17 5:32am

Yet, any way I could make it work?

Richard Deeming 25-Apr-17 16:01pm

Skimming through the video, he's returning an extra column at the start of his query - Customer_ID.

It looks like the generated query method just returns the value of the first column of the first row returned from the query. In his case, that's an Integer; in your case, it's a String.

He's then relying on VB's implicit type coercion - an extremely bad thing! - to convert the Integer to a Boolean: 0 will convert to False, and anything else will convert to True.

In your code, because you're returning a String, and it doesn't contain either "True" or "False", it can't be coerced to a Boolean, and you get a run-time error.

The quick-and-dirty fix is to test whether the query method returns Nothing:

If UsersTableAdapter.LoginQuery(user, pass) IsNot Nothing Then
    MsgBox("User Authenticated!")
Else
    MsgBox("Invalid Credentials!")
End If

But, as Griff said, the author of that video clearly doesn't know what he's doing, and is not a good source to learn from. :)

(And you should always compile with Option Strict turned on, which would have given you a compile-time error instead of the run-time error.)

Arnav Varshney 26-Apr-17 4:35am

Thanks a lot!