Login form not working

Question

0.00/5 (No votes)

See more:

Can anyone tell me please what the error is in the code below:

C#

using System;
using System.Collections.Generic;
using System.ComponentModel;
using System.Data;
using System.Drawing;
using System.Linq;
using System.Text;
using System.Windows.Forms;
using System.Data.OleDb;

namespace Accreditation
{
    public partial class LoginForm : Form
    {
        public LoginForm()
        {
            InitializeComponent();
        }
        
        private void LoginForm_Load(object sender, EventArgs e)
        {
            this.AcceptButton = btnLogin;
            this.CancelButton = btnCancel;
        }

        int ctr;
        private void btnLogin_Click(object sender, EventArgs e)
        {
            OleDbConnection con = new OleDbConnection("Provider=Microsoft.Jet.OLEDB.4.0; Data Source=Accreditation.mdb; User ID=admin; Password=delhigames;");
            ctr = ctr + 1;
            OleDbDataAdapter adp1 = new OleDbDataAdapter("select * from ComLogin", con);
            DataSet ds1 = new DataSet();
            adp1.Fill(ds1, "ComLogin");
            if (ds1.Tables.Count > 0)
            {
                bool validUser1 = false;
                validUser1 = false;
                foreach (DataRow dr in ds1.Tables[0].Rows)
                {
                    if (dr[0].ToString() == txtUsername.Text && dr[1].ToString() == txtPassword.Text)
                    {
                        validUser1 = true;
                        Visitors frm = new Visitors();
                        this.Hide();
                        frm.Show();
                    }
                }
                if (validUser1 == false)
                {
                    MessageBox.Show("Enter valid User ID/Password!");
                }
            }
            
            else
            {
                if (ctr < 3)
                {
                    MessageBox.Show("Incorrect User Name & Password. Please Try again.");
                    txtUsername.Focus();
                }
                else
                {
                    MessageBox.Show("Unauthorized Access. Aborting..");
                    this.Close();
                }
            }
        }
 
        private void btnCancel_Click(object sender, EventArgs e)
        {
            this.Close();
            Application.Exit();
        }
    }
}

Thanks in advance!

Posted 18-Apr-11 4:23am

verma344

Updated 18-Apr-11 4:28am

Manfred Rudolf Bihy

v2

Add a Solution

Comments

Manfred Rudolf Bihy 18-Apr-11 10:29am

Edit: Added code tags (pre), introduced new special tag.
@OP: Please read this document here especially point 4. : http://www.codeproject.com/KB/FAQs/QuickAnswersFAQ.aspx

jim lahey 18-Apr-11 10:30am

Could you please tell me is there an error?

I'd also like to know why you get all the users from the DB and loop through them instead of using a where clause..

Manfred Rudolf Bihy 18-Apr-11 10:32am

If I had a cent for everytime someone writing login code had made that very same mistake, I'd be rich by now. :)

jim lahey 18-Apr-11 10:41am

I get it now.. protection against SQL Injection - no dynamic SQL strings. Column names are obfuscated too, hardcore.

Manfred Rudolf Bihy 18-Apr-11 11:21am

Not the way I meant it, but nevertheless a nice interpretation! :)

Manfred Rudolf Bihy 18-Apr-11 10:36am

Please edit your question to make it at least a bit coherent.
What errors, if any, are you experiencing?What is the expected behavior?

What is the actual behavior?

What states of the various interesting variables have been discovered during debugging?

If you are able to supply the above information, we might be able to actually help you.

If you were able to supply the above information, you'd probably be able to help yourself.

1 solution

Add a Solution

Add your solution here

Treat my content as plain text, not as HTML

Preview 0

…

Existing Members

Sign in to your account

...or Join us

Download, Vote, Comment, Publish.

Your Email
Password
Forgot your password?

Your Email
This email is in use. Do you need your password?
Optional Password

I have read and agree to the Terms of Service and Privacy Policy
Please subscribe me to the CodeProject newsletters

When answering a question please:

Read the question carefully.
Understand that English isn't everyone's first language so be lenient of bad spelling and grammar.
If a question is poorly phrased then either ask for clarification, ignore it, or edit the question and fix the problem. Insults are not welcome.
Don't tell someone to read the manual. Chances are they have and don't get it. Provide an answer or move on to the next question.

Let's work to help developers, not make them feel stupid.

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)

OriginalGriff · Answer 1 · 2011-04-18T04:48:00

Where do I start?

These are the problems I noticed (let me know if I missed your specific one):
1) You are reading all records from the DB instead of filtering them with an SQL WHERE clause
2) You return records with * as the field descriptor - you should itemise the field names.
3) You refer to the records by number, without specifying the order they shoudl be returned.
4) You don't use parametrized queries, leaving yourself open for an SQL Injection attack.
5) You store passwords in clear text in your database.
6) You don't bother to exit your loop when you find the user.
7) You hard code your connection strings.
8) You password protect your database, then publish the password in clear in your code.

I could go on, but I don't think I want to.

Anyway, your problem is almost certainly number 3 above.