我想在数据库中存储密码,但是当我单击Submit按钮时,它成功添加到数据库,但它没有将密码作为随机文本存储在数据库中,而是作为原始文本存储。我怎么能解决这个问题?
以下是我正在使用的代码:
string connectionString = @"Provider=Microsoft.ACE.OLEDB.12.0;Data Source=..\db1.accdb";
string myPassword;
string strHashedPassword;
string strStoredPassword;
int mySalt;
bool checking = false;
public Registration()
{
InitializeComponent();
}
private void Registration_Load(object sender, EventArgs e)
{
}
private void button1_Click(object sender, EventArgs e)
{
if (this.textBox1.Text == "")
{
MessageBox.Show("Cannot be empty", "Warning", MessageBoxButtons.OK);
}
else
{
Checking _checking = new Checking();
_checking.ShowDialog();
checking = true;
}
}
private void button2_Click(object sender, EventArgs e)
{
if (this.textBox1.Text == "" || this.textBox2.Text == "" || this.textBox3.Text == "" || this.textBox4.Text == "")
{
MessageBox.Show("Cannot be empty", "Warning", MessageBoxButtons.OK);
}
else
{
AddDatabase(sender, e);
}
}
private void AddDatabase(object sender, EventArgs e)
{
if (checking.Equals(false))
{
MessageBox.Show("You have to check first", "Warning", MessageBoxButtons.OK);
}
else
{
string query = "INSERT INTO [Member] ([Username], [Password], [UserType], [UserStore]) VALUES (@Username, @Password, @UserType, @UserStore)";
OleDbConnection _conn = new OleDbConnection(connectionString);
_conn.Open();
using (OleDbCommand cmd = new OleDbCommand(query, _conn))
{
cmd.Parameters.Add("@Username", System.Data.OleDb.OleDbType.VarChar);
cmd.Parameters["@Username"].Value = this.textBox1.Text;
cmd.Parameters.Add("@Password", System.Data.OleDb.OleDbType.VarChar);
cmd.Parameters["@Password"].Value = this.textBox2.Text;
cmd.Parameters.Add("@UserType", System.Data.OleDb.OleDbType.VarChar);
cmd.Parameters["@UserType"].Value = this.textBox3.Text;
cmd.Parameters.Add("@UserStore", System.Data.OleDb.OleDbType.VarChar);
cmd.Parameters["@UserStore"].Value = this.textBox4.Text;
cmd.ExecuteNonQuery();
DialogResult _dialogResult = MessageBox.Show("Added Successfully", "Success", MessageBoxButtons.OK);
if (_dialogResult == DialogResult.OK)
{
this.Hide();
CreateRandomPassword();
this.Close();
}
}
}
}
private void CreateRandomPassword()
{
// Generate a new random password string
myPassword = this.textBox2.Text;
// Generate a new random salt
mySalt = Password.CreateRandomSalt();
// Initialize the Password class with the password and salt
Password pwd = new Password(myPassword, mySalt);
// Compute the salted hash
// NOTE: you store the salt and the salted hash in the database
strHashedPassword = pwd.ComputeSaltedHash();
strStoredPassword = strHashedPassword;
}
谢谢!
你的回答非常感谢!
答案 0 :(得分:0)
在“AddDatabase”功能中,将文本框值更改为“strStoredPassword”
如下所示
cmd.Parameters.Add("@Password", System.Data.OleDb.OleDbType.VarChar);
cmd.Parameters["@Password"].Value = strStoredPassword;
答案 1 :(得分:0)
您使用this.textBox2.Text作为查询的@Password部分,但您的CreateRandomPassword()方法仅更改strStoredPassword和strHashedPassword(另外,我不明白为什么要保留2个变量相同的值,它是多余的。)
你应该改变
cmd.Parameters.Add("@Password", System.Data.OleDb.OleDbType.VarChar);
cmd.Parameters["@Password"].Value = this.textBox2.Text;
到
cmd.Parameters.Add("@Password", System.Data.OleDb.OleDbType.VarChar);
cmd.Parameters["@Password"].Value = strStoredPassword;
并将调用CreateRandomPassword()移到查询执行上方。