几天来一直遇到问题。我正在使用简单的用户名和密码登录屏幕,并将所有内容存储在数据库中。我需要检查用户名和密码是否匹配,并查看帐户是否已激活(0或1)。我一直遇到这个问题,似乎无法让它正常工作。任何帮助表示赞赏。
DB Mysql
private void loginButton_Click(object sender, EventArgs e)
{
AdamPanel blarg = new AdminPanel();
string pass, user;
string password = "";
string username = "";
user = usernameBox.Text;
pass = passwordBox.Text;
DataSet bb = new DataSet();
string connectionString = "datasource=stuff;database=users";
MySqlConnection mysql = new MySqlConnection(connectionString);
MySqlDataAdapter adapter = new MySqlDataAdapter();
adapter.SelectCommand = new MySqlCommand("SELECT * FROM RegularUsers WHERE Username = '" + user + "' AND Password = '" + pass + "'", mysql);
adapter.Fill(bb);
if(bb.HasRows)
blarg.Show();
return 0;
}
}
}
仍然没有任何想法?
答案 0 :(得分:2)
首先,请将您的密码哈希并加盐。确保你的用户名/ pw没有sql注入易受攻击,因为你没有使用带参数化查询的语言...最好使用存储过程,因为我相信MySql现在拥有它们。
然而,尽管如此......我认为这正是你所寻找的。
public int Load()
{
string connectionString = "datasource=STUFF YOU SHOULDNT SEEdatabase=users";
MySqlConnection mysql = new MySqlConnection(connectionString);
MySqlDataAdapter adapter = new MySqlDataAdapter();
mysql.SelectCommand = new MySqlCommand("SELECT * FROM [RegularUsers] WHERE Username = '" + this.username + "' AND Pass = '" + this.password + "'", conn);
mysql.Fill(dataset);
if (dataset.HasRows)
return 1;
return 0;
}
答案 1 :(得分:1)
public bool ValidateLogin(string username, string password)
{
MySqlConnection conn = new MySqlConnection("[YOURCONNECTIONSTRING]");
MySqlDataAdapter adapter = new MySqlDataAdapter();
adapter.SelectCommand = new MySqlCommand("SELECT * FROM [YOURUSERTABLE] WHERE Username = ? AND Pass = ?", conn);
adapter.SelectCommand.Parameters.Add("@Username", username);
adapter.SelectCommand.Parameters.Add("@Password", password);
adapter.Fill(dataset);
If (dataset.HasRows)
{
// User is logged in maybe do FormsAuthentication.SetAuthcookie(username);
return true;
} else {
// Authentication failed
return false;
}
}
答案 2 :(得分:1)
首先,您必须使用MySql.Data.MySqlClient 使用这些功能:
public MySqlConnection NewConnection()
{
string cstr = String.Format(
"SERVER={0};PORT={1};DATABASE={2};UID={3};PWD={4}",
sett.DBHost, sett.DBPort, sett.DBDatabase,
HotelDB.user, HotelDB.password);
MySqlConnection conn = new MySqlConnection(cstr);
try { conn.Open(); }
catch (Exception ex)
{
conn = null;
}
return conn;
}
private MySqlCommand NewCommand(MySqlConnection conn, string cmd, params object[] parameters)
{
if (conn==null) return null;
MySqlCommand command;
try
{
command = new MySqlCommand(cmd, conn);
if (parameters != null)
{
int index = 0;
while (index < parameters.Length)
{
command.Parameters.Add(
new MySqlParameter((string)parameters[index], parameters[index + 1]));
index += 2;
}
}
}
catch { command = null; }
return command;
}
private string MD5(string Value)
{
System.Security.Cryptography.MD5CryptoServiceProvider x = new System.Security.Cryptography.MD5CryptoServiceProvider();
byte[] data = System.Text.Encoding.ASCII.GetBytes(Value);
data = x.ComputeHash(data);
string ret = "";
for (int i=0; i < data.Length; i++)
ret += data[i].ToString("x2").ToLower();
return ret;
}
然后你可以这样做:
MySqlConnection conn = NewConnection(.....);
MySqlCommand cmd = NewCommand(conn,"SELECT userid,useractive FROM table WHERE username=@user AND MD5(password)=@pwd","user",username,"pwd",MD5(pwd));
MySqlDataReader rd = cmd.ExecuteReader();
其中username和pwd是从用户输入的用户名和密码。 如果rd为空,则user / pwd错误;否则你可以阅读你需要的字段。
答案 3 :(得分:1)
我更改了一些变量并尽可能简化, 而是为文本框声明一个变量,我将它指向适配器:
private void button Click
{
MySqlConnection mcon = new MySqlConnection("Yourconnection");
MySqlDataAdapter adapter;
DataTable table = new DataTable();
adapter = new MySqlDataAdapter("Select * From database.table where Username = '" + textbox1.Text + "' and password = '" + textbox2.Text + "'", mcon);
adapter.Fill(table);
if (table.Rows.Count <= 0)
{
//message something
}
else
{
//show main form
}
}