验证和更改用户密码 [英] validating and changing a user's password
问题描述
我有一个简单的C#Windows表单,可以用作登录名,但是也可以更改用户密码.
I have a simple C# windows form which acts as a login, but also has a form to change the password of a user.
当您单击更改密码"时,该表单会加载一个包含当前密码,新密码和确认新密码的文本框,以及一个保存按钮.
When you click on Change Password the form loads with a text box of current password, new pass and confirm new pass, and one save button.
我已将用户名存储在标签中,以便可以从数据库中检查当前密码是否有效.
I have stored username in label so that current password can be checked if it is valid from database or not.
我将它们存储在我在Microsoft SQL Server 2008中创建的表中.
I am storing these in a table which I created in Microsoft SQL Server 2008.
到目前为止,代码如下.
The code is as follows so far.
SqlConnection connect = new SqlConnection(str);
connect.Open();
string username = label_username.Text;
string password = textBox_Current.Text;
string newPassword = textBox_New.Text;
string confirmPassword = textBox_Verify.Text;
string sqlquery = "UPDATE [Member] SET Password=@newpass where Username=@username";
SqlCommand cmd = new SqlCommand(sqlquery, connect);
cmd.Parameters.AddWithValue("@newpass", textBox_Verify.Text);
cmd.Parameters.AddWithValue("@username", label_username.Text);
cmd.Parameters.AddWithValue("@password", textBox_Current.Text);
cmd.Connection = connect;
cmd.ExecuteNonQuery();
sqlDataReader reader = null;
reader = cmd.ExecuteReader();
while (reader.Read())
{
if ((textBox_New.Text == reader["newPassword"].ToString()) & (textBox_Verify.Text == (reader["confirmPassword"].ToString()))) { }
}
MessageBox.Show("Password Changed Successfully!");
this.Close();
在执行上述代码时,需要更改密码,但是我想:
While executing above code, password change but I want to:
- 检查验证,例如用户是否在当前密码中输入了错误的密码.
- newpassword并确认密码.
- 当用户单击第一个保存底部的空白密码时,不应将其存储在数据库中,而应给出消息请输入密码"
这怎么办?
推荐答案
您实际上不应该将这些密码以纯文本格式存储.您应该对密码进行哈希处理并存储哈希值.然后,如果要检查密码是否正确,请输入用户输入的密码并将其与为用户存储的哈希值进行比较.
You really should not be storing these passwords in plain text. You should hash the password and store the hash. Then if you want to check if a password is correct hash the password the user typed and compare it to the hash stored for the user.
但是,听起来您需要帮助才能从数据库中为当前用户获取值.将类似的内容放在其中,应该为您做到这一点.请注意,就像我在上面说的那样,这实际上应该是检索密码的哈希值,而不是纯文本的实际密码.
But, it sounds like you need help getting a value out of the database for the current user. Putting something like this in there, ought to do this for you. Please note that like I said above, this should really be retrieving a hash of the password, not the actual password in plain text.
string sqlquery = "SELECT Password FROM [Member] where Username=@username";
SqlCommand cmd = new SqlCommand(sqlquery, connect);
cmd.Parameters.AddWithValue("@username", label_username.Text);
cmd.Connection = connect;
string currentPassword = (string)cmd.ExecuteScalar();
if (currentPassword == textBox_Current.Text)
{
// PASSWORD IS CORRECT, CHANGE IT, NOW.
} else {
// WOW EASY BUDDY, NOT SO FAST
}
这篇关于验证和更改用户密码的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!