验证和更改用户密码 [英] validating and changing a user's password

问题描述

我有一个简单的C#Windows表单，可以用作登录名，但是也可以更改用户密码.

I have a simple C# windows form which acts as a login, but also has a form to change the password of a user.

当您单击更改密码"时，该表单会加载一个包含当前密码，新密码和确认新密码的文本框，以及一个保存按钮.

When you click on Change Password the form loads with a text box of current password, new pass and confirm new pass, and one save button.

我已将用户名存储在标签中，以便可以从数据库中检查当前密码是否有效.

I have stored username in label so that current password can be checked if it is valid from database or not.

我将它们存储在我在Microsoft SQL Server 2008中创建的表中.

I am storing these in a table which I created in Microsoft SQL Server 2008.

到目前为止，代码如下.

The code is as follows so far.

SqlConnection connect = new SqlConnection(str); 
connect.Open(); 
string username = label_username.Text; 
string password = textBox_Current.Text; 
string newPassword = textBox_New.Text; 
string confirmPassword = textBox_Verify.Text; 
string sqlquery = "UPDATE [Member] SET Password=@newpass where Username=@username"; 
SqlCommand cmd = new SqlCommand(sqlquery, connect); 
cmd.Parameters.AddWithValue("@newpass", textBox_Verify.Text);   
cmd.Parameters.AddWithValue("@username", label_username.Text);   
cmd.Parameters.AddWithValue("@password", textBox_Current.Text); 
cmd.Connection = connect; 
cmd.ExecuteNonQuery(); 
sqlDataReader reader = null; 
reader = cmd.ExecuteReader(); 
while (reader.Read())
 { 
if ((textBox_New.Text == reader["newPassword"].ToString()) & (textBox_Verify.Text == (reader["confirmPassword"].ToString()))) { } 
}
 MessageBox.Show("Password Changed Successfully!"); 
this.Close();

在执行上述代码时，需要更改密码，但是我想:

While executing above code, password change but I want to:

• 检查验证，例如用户是否在当前密码中输入了错误的密码.
• newpassword并确认密码.
• 当用户单击第一个保存底部的空白密码时，不应将其存储在数据库中，而应给出消息请输入密码"

这怎么办?

推荐答案

您实际上不应该将这些密码以纯文本格式存储.您应该对密码进行哈希处理并存储哈希值.然后，如果要检查密码是否正确，请输入用户输入的密码并将其与为用户存储的哈希值进行比较.

You really should not be storing these passwords in plain text. You should hash the password and store the hash. Then if you want to check if a password is correct hash the password the user typed and compare it to the hash stored for the user.

但是，听起来您需要帮助才能从数据库中为当前用户获取值.将类似的内容放在其中，应该为您做到这一点.请注意，就像我在上面说的那样，这实际上应该是检索密码的哈希值，而不是纯文本的实际密码.

But, it sounds like you need help getting a value out of the database for the current user. Putting something like this in there, ought to do this for you. Please note that like I said above, this should really be retrieving a hash of the password, not the actual password in plain text.

string sqlquery = "SELECT Password FROM [Member] where Username=@username";
SqlCommand cmd = new SqlCommand(sqlquery, connect);
cmd.Parameters.AddWithValue("@username", label_username.Text);
cmd.Connection = connect; 
string currentPassword = (string)cmd.ExecuteScalar();

if (currentPassword == textBox_Current.Text)
{
 // PASSWORD IS CORRECT, CHANGE IT, NOW.
} else {
 // WOW EASY BUDDY, NOT SO FAST
}

这篇关于验证和更改用户密码的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！