Click here to Skip to main content
15,305,754 members
Please Sign up or sign in to vote.
0.00/5 (No votes)
See more:
I want to make an account system with login and register. I already have the login system, this is also connected to the database. However, the passwords are not hashed. I can't find any help on how to do the hashing in connection with the database and the same thing with a register system.

What I have tried:

C#
private void btn_login_Click(object sender, RoutedEventArgs e)
        {
            SqlConnection sqlCon = new SqlConnection("Server=xxxxx;Database=x;User Id=xxx;Password=xx;");
            try
            {
                if (sqlCon.State == System.Data.ConnectionState.Closed)
                    sqlCon.Open();
                String query = "SELECT COUNT(1) FROM tblUser WHERE Username=@Username AND Password=@Password";
                SqlCommand sqlCmd = new SqlCommand(query, sqlCon);
                sqlCmd.CommandType = System.Data.CommandType.Text;
                sqlCmd.Parameters.AddWithValue("@Username", txtUsername.Text);
                sqlCmd.Parameters.AddWithValue("@Password", txtPassword.Text);
                int count = Convert.ToInt32(sqlCmd.ExecuteScalar());
                if (count == 1)
                {
                    MessageBox.Show("Success!");
                }
                else
                {
                    MessageBox.Show("Wrong!");
                }
            }
            catch (Exception ex)
            {
                MessageBox.Show(ex.Message);
            }
            finally
            {
                sqlCon.Close();
            }
        }


C#
private static string GetSHA384(string userID, string password)
{
    // SHA classes are disposable, use using to ensure any managed resources are properly disposed of by the runtime
    using SHA384 sha = new SHA384CryptoServiceProvider();

    // convert the username and password into bytes
    byte[] preHash = Encoding.ASCII.GetBytes(userID + password);

    // hash the bytes
    byte[] hash = sha.ComputeHash(preHash);

    // convert the raw bytes into a string that we can save to a database
    return Convert.ToBase64String(hash);
}
Posted
Updated 31-Jul-21 2:55am
Comments
Richard MacCutchan 31-Jul-21 9:16am
   
Storing passwords in clear text is a recipe for disaster.
Richard Deeming 2-Aug-21 6:20am
   
REPOST
You have already posted this question:
Wpf C# login system with hashing[^]

1 solution

Have a look here: Password Storage: How to do it.[^]
   

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)



CodeProject, 20 Bay Street, 11th Floor Toronto, Ontario, Canada M5J 2N8 +1 (416) 849-8900