0

I've recently taken an interest in hosting my own database for my application's login as of now I have a provider that allows me to use a panel they have hooked to a MySQL database. I made a little test login to see if I could figure out how to do it. This is my code and I haven't been able to get it to work i keep getting login failed I've tried a couple different ways but any help would be appreciated. And i know I'm connected to the database. I edited the Server IP and Password for privacy purposes. This is my Database: http://prntscr.com/ettqn1

using System;
using System.Collections.Generic;
using System.ComponentModel;
using System.Data;
using System.Drawing;
using System.Linq;
using System.Text;
using System.Threading.Tasks;
using System.Windows.Forms;
using MetroFramework.Forms;
using MetroFramework.Design;
using MetroFramework;
using MySql.Data.MySqlClient;

namespace MySQL_Testing
{
    public partial class Form1 : MetroForm
    {
        static MySqlConnection SqlConnection = new MySqlConnection("Server=MyServerAddress; Database=logins; Uid=root; Pwd=MyPass;");
        static string SqlQuery = "SELECT Usernames FROM Accounts;";
        static string SqlQueryPass = "SELECT Password FROM Accounts;";
        static string SqlQueryID = "SELECT ID FROM Accounts;";
        static MySqlCommand cmd = new MySqlCommand(SqlQuery, SqlConnection);
        static MySqlCommand cmd2 = new MySqlCommand(SqlQueryPass, SqlConnection);
        static MySqlCommand cmd3 = new MySqlCommand(SqlQueryID, SqlConnection);


        public Form1()
        {
            InitializeComponent();
        }

        private void Form1_Load(object sender, EventArgs e)
        {
        }

        private void metroButton1_Click(object sender, EventArgs e)
        {
            SqlConnection.Open();
            //MySqlDataReader rdID = cmd3.ExecuteReader();
            //rdID.Close();
            MySqlDataReader rd = cmd.ExecuteReader();
            List<string> ReadUser = new List<string>();
            ReadUser.Add(Convert.ToString(rd.Read()));
            rd.Close();
            MySqlDataReader rdPass = cmd2.ExecuteReader();
            List<string> ReadPass = new List<string>();
            ReadPass.Add(Convert.ToString(rdPass.Read()));
            if (ReadUser.ToArray().ToString().Contains(metroTextBox1.Text) && ReadPass.ToArray().ToString().Contains(metroTextBox2.Text))
            {
                MessageBox.Show("Login Successful");
            }
            else
            {
                MessageBox.Show("Login Failed");
            }
            rdPass.Close();
            SqlConnection.Close();
        }
    }
}
marc_s
  • 732,580
  • 175
  • 1,330
  • 1,459
Avery Reed
  • 11

1 Answers1

0

  1. First, you should store password field by hash with random salt, instead of plain text.

  2. You don't need get all table Accounts by 3 queries, and they does not have any relation. How do you know user - password corresponding with 3 different queries.

The condition 

ReadUser.ToArray().ToString().Contains(metroTextBox1.Text) && ReadPass.ToArray().ToString().Contains(metroTextBox2.Text)

It means Accounts table has a UserName and a Password matched but perhaps it doesn't belong to one person.

  1. You could only use 1 query to check login information:

    SELECT * FROM Accounts where UserName = @UserName and Password = @Password

with parameter is passed from your textbox.

Reference link: Store Password with hash

Community
  • 1
  • 1
TriV
  • 5,118
  • 2
  • 10
  • 18