如何验证用户登录..问题是它始终接受用户名和密码,无论文本的大小。我想从数据库中完全验证它。 [英] how to validate user login.. The problem is it always accept the username and password whatever the casing of the text.. I want to validate it exactly from the database.
问题描述
command = new OleDbCommand(SELECT uType FROM userAccount WHERE uName =?AND uPass =?,conString.con);
command.Parameters.AddWithValue(?,txtUsername.Text) ;
command.Parameters.AddWithValue(?,txtPassword.Text);
adapter.SelectCommand = command;
conn.conState( );
OleDbDataReader reader = command.ExecuteReader();
if(reader.Read())
{
String uType;
uType = reader [uType]。ToString();
if(uType ==Admin )
{
mainForm mf = new mainForm();
mf.Show();
隐藏( );
}
否则如果(uType ==Billing)
{
BILLING bill = new BILLING();
bill.Show();
隐藏();
}
command = new OleDbCommand("SELECT uType FROM userAccount WHERE uName=? AND uPass=?", conString.con);
command.Parameters.AddWithValue("?", txtUsername.Text);
command.Parameters.AddWithValue("?", txtPassword.Text);
adapter.SelectCommand = command;
conn.conState();
OleDbDataReader reader = command.ExecuteReader();
if (reader.Read())
{
String uType;
uType = reader["uType"].ToString();
if (uType == "Admin")
{
mainForm mf = new mainForm();
mf.Show();
Hide();
}
else if (uType == "Billing")
{
BILLING bill = new BILLING();
bill.Show();
Hide();
}
推荐答案
绝不以明文形式存储密码 - 这是一个主要的安全风险。有关如何在此处执行此操作的信息:密码存储:如何做到这一点。 [ ^ ]
甚至还有一个警告人们对此有何看法:基于代码的密码 [ ^ ]
修复它会修复您的区分大小写:小写字符串的哈希值与大写字符串的哈希值不同。
Never store passwords in clear text - it is a major security risk. There is some information on how to do it here: Password Storage: How to do it.[^]
There is even a warning how stringly people feel about this: Code based passwords[^]
Fixing that fixes your case sensitivity: the hash value for a lowercase string is not the same as that for a upper case string.
这篇关于如何验证用户登录..问题是它始终接受用户名和密码,无论文本的大小。我想从数据库中完全验证它。的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!