I see multiple problems with your code:
The actual problem you are asking about is because every branch of your of your if...then block ends with a
break
which stops the loop. The only way this would validate someone is if the first username/password combination is the correct one.
The next problem is the security of the this; your passwords are being stored in plain text. The preferred way to save passwords is with a
salted hash, second place to this would be use some sort of encryption.
Another security related problem is that it is too helpful with the responses. You should only tell someone if their login is valid or invalid. Telling someone their password is wrong is also telling them they have a valid username. A hacker would then have half the combination to get in.
Also.. the logic is just wrong. Way too many
else if
combinations in there; when all you need is a nested IF:
for loop {
If username matches {
if password matches {
login succeeded
break loop
}
}
}
So you should end up with something like this
XmlDocument mac = new XmlDocument();
mac.Load(@"C:\Users\user\source\repos\lilis shop\lilis shop\Properties\XMLFile1.xml");
XmlNodeList xnlist = mac.SelectNodes("//users");
foreach (XmlNode naa in xnlist)
{
string username = naa["username"].InnerText;
string password = naa["password"].InnerText;
if (username == txtusername.Text) {
if (password == txtpassword.Text) {
Letsee = "LOGEDIN";
Form1 openform = new Form1();
openform.lablogin.Text = Letsee;
openform.lab1.Text = this.txtusername.Text;
openform.labelsingout.Text = "SINGOUT";
openform.Show();
this.Hide();
break;
}
}
}
MessageBox.Show("Login Failed", "Error", MessageBoxButtons.OK, MessageBoxIcon.Error);
txtpassword.Text = null;
txtusername.Text = null;