如何验证用户登录..问题是它始终接受用户名和密码,无论文本的大小。我想从数据库中完全验证它。 [英] how to validate user login.. The problem is it always accept the username and password whatever the casing of the text.. I want to validate it exactly from the database.

查看:51
本文介绍了如何验证用户登录..问题是它始终接受用户名和密码,无论文本的大小。我想从数据库中完全验证它。的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!

问题描述

command = new OleDbCommand(SELECT uType FROM userAccount WHERE uName =?AND uPass =?,conString.con);

command.Parameters.AddWithValue(?,txtUsername.Text) ;

command.Parameters.AddWithValue(?,txtPassword.Text);

adapter.SelectCommand = command;

conn.conState( );

OleDbDataReader reader = command.ExecuteReader();

if(reader.Read())

{

String uType;

uType = reader [uType]。ToString();



if(uType ==Admin )

{

mainForm mf = new mainForm();

mf.Show();

隐藏( );

}

否则如果(uType ==Billing)

{

BILLING bill = new BILLING();

bill.Show();

隐藏();

}

command = new OleDbCommand("SELECT uType FROM userAccount WHERE uName=? AND uPass=?", conString.con);
command.Parameters.AddWithValue("?", txtUsername.Text);
command.Parameters.AddWithValue("?", txtPassword.Text);
adapter.SelectCommand = command;
conn.conState();
OleDbDataReader reader = command.ExecuteReader();
if (reader.Read())
{
String uType;
uType = reader["uType"].ToString();

if (uType == "Admin")
{
mainForm mf = new mainForm();
mf.Show();
Hide();
}
else if (uType == "Billing")
{
BILLING bill = new BILLING();
bill.Show();
Hide();
}

推荐答案

绝不以明文形式存储密码 - 这是一个主要的安全风险。有关如何在此处执行此操作的信息:密码存储:如何做到这一点。 [ ^ ]



甚至还有一个警告人们对此有何看法:基于代码的密码 [ ^ ]



修复它会修复您的区分大小写:小写字符串的哈希值与大写字符串的哈希值不同。
Never store passwords in clear text - it is a major security risk. There is some information on how to do it here: Password Storage: How to do it.[^]

There is even a warning how stringly people feel about this: Code based passwords[^]

Fixing that fixes your case sensitivity: the hash value for a lowercase string is not the same as that for a upper case string.


这篇关于如何验证用户登录..问题是它始终接受用户名和密码,无论文本的大小。我想从数据库中完全验证它。的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!

查看全文
登录 关闭
扫码关注1秒登录
发送“验证码”获取 | 15天全站免登陆