我的登录表单正在运行,但是当我在单词的第一个字母中输入大写的用户名并且我的数据库中的用户名全部为小写时,它仍允许访问并且登录成功。
你可以帮我解决这个问题吗? 我真的需要你的帮助。这是我目前的代码
private void button1_Click(object sender, EventArgs e)
{
if (textBox1.Text == "" || textBox2.Text == "")
{
MessageBox.Show("Input Required Fields!",
"Note",
MessageBoxButtons.OK,
MessageBoxIcon.Exclamation,
MessageBoxDefaultButton.Button1);
}
else
{
//Passing the value from textbox
Tic_Tac_Toe frm2 = new Tic_Tac_Toe(textBox1.Text);
View view = new View(textBox1.Text);
string str = @"Provider=Microsoft.Jet.OLEDB.4.0;Data Source=E:\Majel\Tic Tac Toe\Database\Database.mdb";
OleDbConnection con = new OleDbConnection(str);
OleDbCommand cmd = new OleDbCommand("SELECT COUNT(*) FROM data WHERE Users = '" + textBox1.Text + "' AND Pass = '" + textBox2.Text + "'", con);
con.Open(); try
{
int i;
i = Convert.ToInt32(cmd.ExecuteScalar());
if (i == 1)
{
MessageBox.Show("Login Successful!",
this.Hide();
frm2.Show();
}
else
{
MessageBox.Show("Invalid User Name or Password",
"Note",
MessageBoxButtons.OK,
MessageBoxIcon.Exclamation,
MessageBoxDefaultButton.Button1);
}
}
catch (Exception ex)
{
MessageBox.Show(ex.Message);
}
finally
{
con.Close();
}
}
}
有人可以帮帮我吗?非常感谢你。
答案 0 :(得分:1)
非常简单,你需要一个WHERE条款。
string SqlString ="更新数据SET Player1 =?,Player2 =?哪里 USERNAME = @用户&#34 ;;
没有它,更新将应用于表中的所有行。请注意,这与DELETE语句完全相同。
现在,您通常不会像这样匹配用户名,您可以使用表主键进行这些比较。除此之外,这是SQL 101.我强烈建议在尝试继续下去之前获取RDBMS书籍并学习SQL的基础知识。
答案 1 :(得分:1)
我可以说你在db中保存密码,你必须使用哈希Algorithm保存密码数据,例如MD5或SHA1
当用户键入用于登录的密码时,您键入为密码键入的字符串,并将此字符串与保存在db
public static void HashPassword(string Password, out string Salt, out string Hash)
{
System.Security.Cryptography.SHA1Managed sha = new System.Security.Cryptography.SHA1Managed();
Random rnd = new Random();
byte[] s = new byte[20];
rnd.NextBytes(s);
Salt = Convert.ToBase64String(s);
System.Text.UTF8Encoding u = new UTF8Encoding();
byte[] pass = u.GetBytes(Password);
byte[] all = new byte[pass.Length + s.Length];
Array.Copy(pass, all, pass.Length);
Array.Copy(s, 0, all, pass.Length, s.Length);
Byte[] H = sha.ComputeHash(all);
Hash = Convert.ToBase64String(H);
}
public bool IsPasswordCorrect(string Password, string Salt, string Hash)
{
System.Security.Cryptography.SHA1Managed sha = new System.Security.Cryptography.SHA1Managed();
byte[] s = Convert.FromBase64String(Salt);
System.Text.UTF8Encoding u = new UTF8Encoding();
byte[] pass = u.GetBytes(Password);
byte[] all = new byte[pass.Length + s.Length];
Array.Copy(pass, all, pass.Length);
Array.Copy(s, 0, all, pass.Length, s.Length);
Byte[] H = sha.ComputeHash(all);
return (Hash == Convert.ToBase64String(H));
}
现在你必须使用HashPassword方法为哈希提供一个盐,并为每个用户将哈希和盐保存到数据库。
想要检查密码时使用IsPasswordcorrect方法
代码
private void button1_Click(object sender, EventArgs e)
{
if (textBox1.Text == "" || textBox2.Text == "")
{
MessageBox.Show("Input Required Fields!",
"Note",
MessageBoxButtons.OK,
MessageBoxIcon.Exclamation,
MessageBoxDefaultButton.Button1);
}
else
{
//Passing the value from textbox
Tic_Tac_Toe frm2 = new Tic_Tac_Toe(textBox1.Text);
View view = new View(textBox1.Text);
string str = @"Provider=Microsoft.Jet.OLEDB.4.0;Data Source=E:\Majel\Tic Tac Toe\Database\Database.mdb";
OleDbConnection con = new OleDbConnection(str);
OleDbCommand cmd = new OleDbCommand("SELECT * FROM data WHERE Users = '" + textBox1.Text, con);
OleDbDataAdapter ta=new OleDbDataAdapter(cmd);
DataSet ds=new DataSet();
try
{
ta.Fill(ds);
if(ds.Tables[0].Rows.Count==0)
{
MessageBox.Show("User Dos not Exists");
Application.Exit();
}
string hash=ds.Tables[0].Rows[0]["password"].ToString();
string salt=ds.Tables[0].Rows[0]["salt"].ToString();
if(IsPasswordCorrect(textBox2.Text,salt,hash))
{
MessageBox.Show("Success");
this.Hide();
frm2.Show();
}
else
{
MessageBox.Show("Invalid User Name or Password",
"Note",
MessageBoxButtons.OK,
MessageBoxIcon.Exclamation,
MessageBoxDefaultButton.Button1);
}
}
catch (Exception ex)
{
MessageBox.Show(ex.Message);
}
finally
{
con.Close();
}
}
}