登录表单应该发送消息无效的密码 [英] login form should dislay message invalid password
本文介绍了登录表单应该发送消息无效的密码的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!
问题描述
如果密码错误,我希望我的登录表单显示消息无效密码"
输入错误,如果输入了错误的用户名,则不存在用户名".但按摩不会显示.仅当用户名和密码
时,它才显示一条消息.
是正确的.请帮帮我
这是我的代码
i want my login form to display the message "invalid password" if a wrong password
is entered and "User Name Does Not Exist" if a wrong user name is entered. but the massage does not display. it only display a message when the user name and password
is correct. pls help me out
here is my code
private void btnLogin_Click(object sender, EventArgs e)
{
if (string.IsNullOrEmpty(this.txtUsername.Text))
{
MessageBox.Show("provide Your User Name");
}
if (string.IsNullOrEmpty(this.txtPassword.Text))
{
MessageBox.Show("provide Your Password");
}
if (string.IsNullOrEmpty(cboUsertype.Text))
{
MessageBox.Show("Select User Type");
}
SqlConnection conn = new SqlConnection();
conn.ConnectionString = "Data Source=MICKY-PC;Initial Catalog=SMS;Integrated Security=True";
string UserName = txtUsername.Text;
string Password = txtPassword.Text;
string UserType = cboUsertype.Text;
SqlCommand cmd = new SqlCommand("SELECT * FROM tbluser WHERE username = '" + txtUsername.Text + "' and usertype = '" + cboUsertype.Text + "' and mypassword = '" + txtPassword.Text + "'", conn);
if (conn.State == ConnectionState.Closed)
conn.Open();
System.Data.SqlClient.SqlDataReader dr = null;
dr = cmd.ExecuteReader();
while (dr.Read())
{
if (this.txtUsername.Text != dr["UserName"].ToString())
{
MessageBox.Show("User Name Does Not Exist");
}
if (this.txtPassword.Text != dr["mypassword"].ToString())
{
MessageBox.Show("Invalid Password");
}
if (this.cboUsertype.Text == dr["UserType"].ToString() && this.txtUsername.Text == dr["UserName"].ToString() && this.txtPassword.Text == dr["mypassword"].ToString())
{
MessageBox.Show("*** Login Successful ***");
frmMain g = new frmMain();
g.Show();
this.Hide();
}
}
conn.Close();
}
推荐答案
SqlCommand cmd = new SqlCommand("SELECT * FROM tbluser WHERE username =""+ txtUsername.Text +"和usertype = ''"+ cboUsertype.Text +"''和mypassword =" + txtPassword.Text +'',conn);
在上面的代码中,您将获得包含用户名和密码的用户详细信息.因此,它将仅获取现有的用户详细信息.因此,如果用户名和密码正确,它将始终在Datareader中具有有效的用户详细信息.
如果用户名或密码错误,则Datareader将为空,因此它甚至都不会进入代码的最后一块.
例如,如果用户名是"admin",密码是"password",那么您的sql命令将是
从tbluser中选择*,其中username =" admin",usertype ="active",mypassword ="password"
因此,如果用户存在,那么现在阅读器在文本框中将具有相同的值.
替代解决方案1:
在列表中获取所有用户的详细信息,并检查该用户是否存在.
SqlCommand cmd =新的SqlCommand("SELECT * FROM tbluser,conn);
如果(conn.State == ConnectionState.Closed)
conn.Open();
System.Data.SqlClient.SqlDataReader dr = null;
dr = cmd.ExecuteReader();
SqlCommand cmd = new SqlCommand("SELECT * FROM tbluser WHERE username = ''" + txtUsername.Text + "'' and usertype = ''" + cboUsertype.Text + "'' and mypassword = ''" + txtPassword.Text + "''", conn);
In the above code, you gets user details with user name and password. So it will fetch only the existing user details. So it always have the valid user details in Datareader if user name and password are correct.
If user name or password is wrong, Datareader will be empty, So it wont even go within the final block in your code.
Say for eg, If user name is "admin" and password is "password", then your sql command will be
"select * from tbluser where username =''admin'' and usertype=''active'' and mypassword=''password''
So now the reader will have same values in textbox if the user exists.
Alternative solution-1:
Get all usersdetails in a list and check whether this user exists.
SqlCommand cmd = new SqlCommand("SELECT * FROM tbluser, conn);
if (conn.State == ConnectionState.Closed)
conn.Open();
System.Data.SqlClient.SqlDataReader dr = null;
dr = cmd.ExecuteReader();
while (dr.Read())
{
bool valid=false;
if (this.txtUsername.Text == dr["UserName"].ToString())
{
valid=true;
break;
}
if (valid=false)
MessageBox.Show("User Name Does Not Exist");
else
{
//check whether the password is correct for the particular username
//It goes like this with remaining validation
}
The above code is not complete, i just gave an idea/outline
像这样.
Like this.
原则上,您在做错事.用户选择的确切格式的密码不会存储在任何地方,永远不会将登录密码与它进行比较. 非常不安全,完全不需要身份验证.仍然不知道如何进行身份验证?好吧,想一想...或搜索CodeProject ...这个提示应该绰绰有余.
问题在于消息的虚假性很差.如果可以在一种情况下显示它,则可以在任何其他情况下显示它.
—SA
You are doing wrong thing in principle. A password in its exact form as it was chosen by a user is not stored anywhere, a login password is never compared with it. It very unsafe and is not needed for authentication at all. Still don''t know how to do the authentication? Well, think a bit… or search CodeProject… This hint should be more than enough.
The problem is the message is poorly artificial. If you can display it in one case, you can do it in any other case.
—SA
这篇关于登录表单应该发送消息无效的密码的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
查看全文
