使用用户名和密码登录 [英] Login using username and password
问题描述
我想将我的textfield值中的用户名和密码与datatable中的用户名和密码进行比较。我正在使用循环,但问题是每次循环将比较表中的每个数据。例如,如果我输入ABC作为用户名,123作为密码包含在数据表内但在第二行,系统甚至会比较第一行记录并返回一些消息。那么我怎样才能比较或确定我输入的用户名和密码是否正确而无需从表的开头循环?以下是我的代码:
Hi, I want to compare username and password from my textfield values with the one in datatable. I am using a loop but the problem is each time the loop will compare every single data in the table. For example, if I enter "ABC" as username and "123" as password which is contain inside the datatable but at 2nd row, the system will even compare the 1st row of record and return me some message. So how can i just compare or determine the username and password i enter is correct without having to loop from the beginning of the table? Below are my codes:
<pre lang="c#">DataTable dt = new DataTable("UserInfo");
OleDbDataAdapter da = new OleDbDataAdapter();
OleDbConnection oledbconnection = new OleDbConnection();
OleDbCommand oledbcommand = new OleDbCommand();
try
{
oledbconnection.ConnectionString = "Provider=VFPOLEDB.1;Data Source=" + Convert.ToString(ConfigurationManager.AppSettings["DBFFolder"]) + ";";
oledbconnection.Open();
oledbcommand.CommandType = CommandType.Text;
oledbcommand.CommandText = "Select * from SHRMSUSR";
oledbcommand.Connection = oledbconnection;
da.SelectCommand = oledbcommand;
da.Fill(dt);
if (dt.Rows.Count > 0)
{
foreach (DataRow row in dt.Rows)
{
var EncryptedString = row["Encrypted"].ToString();
username = txtUsername.Text;
password = txtPassword.Text;
usernameDB = stringDecrypt(EncryptedString.Substring(4, 10), "HRM");
passwordDB = stringDecrypt(EncryptedString.Substring(84, 10), "HRM");
if (username.Equals(usernameDB))
{
if (password.Equals(passwordDB))
{
ExportToExcel excel = new ExportToExcel();
this.Hide();
excel.Show();
break;
}
}
else
MessageBox.Show("Incorrect Username or Password\n\nPlease reenter !", "Error !!!");
}
}
else
{
ResponseCode = "APPLICATION_ACCESS_ISSUE";
ResponseCodeDesc = "No records retrieved";
}
}
catch (Exception ex)
{
ResponseCode = "APPLICATION_UNAVAILABLE";
ResponseCodeDesc = ex.Message.ToString();
}<pre lang="c#">
推荐答案
你确实有一个休息时间可以让你走出循环。但是,你应该做的是缩小搜索范围以便开始,这样你就不会从数据库中将所有行都返回到你的代码中。
做更多的事情:
You do have a break which should get you out of the loop. However, what you should do is narrow down the search to begin with so you aren't returning all rows to your code from the database.
Do something more like:
oledbcommand.CommandText = "Select * from SHRMSUSR WHERE username = @username AND password = @password";
oledbcommand.Parameters.AddWithValue("@username", usernameDB);
oledbcommand.Parameters.AddWithValue("@password", passwordDB);
OleDbDataReader dr = oledbcommand.ExecuteReader();
if (dr.HasRows)
{
// this means it found a record
}
http://msdn.microsoft.com/en-us/library/system.data.oledb .oledbdatareader.aspx [ ^ ]
加密然后解密密码没有意义,并且是不必要的危险。您永远不应该在任何地方存储任何密码,身份验证不需要它。相反,您可以存储密码的加密哈希函数并将哈希值与哈希进行比较。
请参阅我过去的答案以获取更多详细信息:
< a href =http://www.codeproject.com/Answers/484139/iplusalreadyplusencryptplusmypluspasswordplusbutpl#answer1>我已经加密了我的密码,但是当我登录时它给了我一个错误。如何解密 [ ^ ] ,
解密加密密码 [ ^ ],
存储密码值int sql server with secure方式 [ ^ ]。
-SA
Encrypting and then decrypting password does not make sense and is unnecessarily dangerous. You should never store any passwords anywhere, it is not needed for authentication. Instead, you can store cryptographic hash function of a password and compare hash with hash.
Please see my past answers for further detail:
i already encrypt my password but when i log in it gives me an error. how can decrypte it[^],
Decryption of Encrypted Password[^],
storing password value int sql server with secure way[^].
—SA
public bool isAuthenticated(string userID, string password)
{
if (conn.State.ToString() == "Closed")
{
conn.Open();
}
SqlCommand newCmd = conn.CreateCommand();
newCmd.Connection = conn;
newCmd.CommandType = CommandType.Text;
newCmd.CommandText = "SELECT [UserID] ,[Department] ,[UserName] ,[Password] ,[Active] FROM [Traveller].[dbo].[User_Details] where [UserID]= '" + userID + "' and [Password]= '" + Security.Encrypt(password) + "'";
SqlDataReader dr = newCmd.ExecuteReader();
if (dr.HasRows)
{
while (dr.Read())
{
UserInfo ui = new UserInfo(dr["UserID"].ToString(), dr["UserName"].ToString());
}
newCmd.Dispose();
conn.Close();
return true;
}
else
{
newCmd.Dispose();
conn.Close();
return false;
}
}
----------------- -------------------------------------------------- ----------
-------------------------------- ---------------------------------------------
-----------------------------------------------------------------------------
-----------------------------------------------------------------------------
class UserInfo
{
private static string _userId;
private static string _fullName;
public UserInfo(string userId ,string fullName)
{
_userId = userId;
_fullName = fullName;
}
public UserInfo()
{
}
public string UserId
{
get
{
return _userId;
}
}
public string FullName()
{
return _fullName;
}
public string userID()
{
return _userId;
}
}
这篇关于使用用户名和密码登录的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
