1) There are a
huge number of way to connect a form with a DB. In this case, you don't want a connection, you just want to check if the username and password your user entered match a valid entry in the database. There is some code and notes here that may help with this (though it may be a little advanced for you so just "bleep over" the bits you don't understand):
Password Storage: How to do it.[
^]
All you need to do then is retrieve the id and password value from the db. This is also a bit complex, because you do have to do this properly: if you don't then you leave your system wide open to a non-logged in user destroying your database - and because they aren't logged in you don;t know whose head you want to stamp on...
using (SqlConnection con = new SqlConnection(strConnect))
{
con.Open();
using (SqlCommand com = new SqlCommand("SELECT UserID, PasswordHash FROM myTable WHERE UserName=@UN", con))
{
com.Parameters.AddWithValue("@UN", tbUsername.Text);
using (SqlDataReader reader = com.ExecuteReader())
{
if (reader.Read())
{
int userId = (int)reader["UserId"];
byte[] pw = (byte[])reader["PasswordHash"];
if (MatchSHA1(pw, GetSHA1(tbUsername.Text, tbPassword.Text)));
{
}
}
}
}
}
2) New user just means another form to collect his details, combined with a SELECT similar to the above to check his requested Username is not already used, followed by an INSERT to add the new details:
using (SqlConnection con = new SqlConnection(strConnect))
{
con.Open();
using (SqlCommand com = new SqlCommand("INSERT INTO myTable (UserName, PasswordHash) VALUES (@UN, @PH)", con))
{
com.Parameters.AddWithValue("@UN", tbUsername.Text);
com.Parameters.AddWithValue("@PH", GetSHA1(tbUsername.Text, tbPassword.Text));
com.ExecuteNonQuery();
}
}
Have a look, and give it a try. You should be able to sort it out from there.