VB.NET登录表单身份验证

时间:2011-12-14 03:43:48

标签: mysql vb.net

我正在VB.NET中创建一个登录表单,我在mysql中有一个名为user的表。我想要做的是在用户登录之前,用户表的Administrator列必须为TRUE且DELETED列必须为FALSE。我已经尝试了所有我知道但所有非管理员用户仍然可以登录...

Heres用户表的外观如下:

+---------------+------------+---------+--------+---------+----------+---------------+---------+
| User_BannerID | FirstName | LastName | Email | Username | Password | Administrator | Deleted |
+---------------+------------+---------+--------+---------+----------+---------------+---------+
|               |            |         |        |         |          |               |         |
|               |            |         |        |         |          |               |         |
+---------------+------------+---------+--------+---------+----------+---------------+---------+

这是代码:

Imports MySql.Data.MySqlClient
Public Class frmAdlogin

    Private Sub cmdCancel_Click(sender As System.Object, e As System.EventArgs) Handles cmdCancel.Click
        Application.Exit()
    End Sub

    Private Sub cmdLogin_Click(sender As System.Object, e As System.EventArgs) Handles cmdLogin.Click
        Dim conn As New MySqlConnection
        Dim myCommand As New MySqlCommand

        Dim myConnString As String
        Dim UserID As String

        myConnString = "server=" & txtServer.Text & ";" _
  & "user id=" & txtUsername.Text & ";" _
  & "password=" & txtPassword.Text & ";" _
  & "database=attendance"

        conn.ConnectionString = myConnString

        Try
            conn.Open()

            myCommand.Connection = conn
            myCommand.CommandText = "SELECT user_bannerid FROM user WHERE BINARY username = ?Username and administrator = 'TRUE' and deleted = 'FALSE' "
            myCommand.Parameters.Add("?Username", txtUsername.Text)

            UserID = myCommand.ExecuteScalar

            conn.Close()

            Dim AdminForm As New frmAdmin
            AdminForm.UserID = UserID
            AdminForm.connectionString = myConnString
           AdminForm.Show()

            Me.Hide()
            Me.Close()
        Catch myerror As MySqlException
            MessageBox.Show("Invalid login. Please Enter The Correct Server Address And Your Username Plus The Correct Password ")
            conn.Dispose()
        End Try
    End Sub
    Private Sub frmAdlogin_Load(ByVal sender As System.Object, ByVal e As System.EventArgs) Handles MyBase.Load
        Me.AcceptButton = cmdLogin
        Me.CancelButton = cmdCancel
        txtPassword.PasswordChar = "*"
    End Sub
End Class

编辑BizApps现在看起来如何:

Imports MySql.Data.MySqlClient
Public Class frmAdlogin

    Private Sub cmdCancel_Click(sender As System.Object, e As System.EventArgs) Handles cmdCancel.Click
        Application.Exit()
    End Sub

    Private Sub cmdLogin_Click(sender As System.Object, e As System.EventArgs) Handles cmdLogin.Click
        Dim conn As New MySqlConnection
        Dim myCommand As New MySqlCommand

        Dim myConnString As String
        Dim UserID As String

        myConnString = "server=" & txtServer.Text & ";" _
  & "user id=" & txtUsername.Text & ";" _
  & "password=" & txtPassword.Text & ";" _
  & "database=attendance"

        conn.ConnectionString = myConnString


        conn.Open()

        myCommand.Connection = conn
        myCommand.CommandText = "SELECT user_bannerid FROM user WHERE BINARY username = ?Username and administrator = 'TRUE' and deleted = 'FALSE' "
        myCommand.Parameters.Add("?Username", txtUsername.Text)
        Dim dt = New DataTable()
        Dim ds = New MySqlDataAdapter(myCommand)

        ds.Fill(dt)

        If (dt.Rows.Count > 0) Then

            conn.Close()

            Dim AdminForm As New frmAdmin
            AdminForm.UserID = UserID
            AdminForm.connectionString = myConnString
            AdminForm.Show()

            Me.Hide()
            Me.Close()
        Else
            MessageBox.Show("Invalid login. Please Enter The Correct Server Address And Your Username Plus The Correct Password ")
        End If

    End Sub
    Private Sub frmAdlogin_Load(ByVal sender As System.Object, ByVal e As System.EventArgs) Handles MyBase.Load
        Me.AcceptButton = cmdLogin
        Me.CancelButton = cmdCancel
        txtPassword.PasswordChar = "*"
    End Sub
End Class

2 个答案:

答案 0 :(得分:1)

首先尝试查询是否有效。

 SELECT user_bannerid FROM user WHERE BINARY username ='myusername' and administrator = 'TRUE' and deleted = 'FALSE'

然后如果它返回记录

试试这个:

 myCommand.Connection = conn
        myCommand.CommandText = "SELECT user_bannerid FROM user WHERE BINARY username = ?Username and administrator = 'TRUE' and deleted = 'FALSE' "
        myCommand.Parameters.Add("?Username", txtUsername.Text)
        Dim dt = new DataTable()
        Dim ds =  New MySqlDataAdapter(myCommand)

       ds.Fill(dt)

       if(dt.Rows.Count < 1 ) then   // no record found

MessageBox.Show("Invalid login. Please Enter The Correct Server Address And Your Username Plus The Correct Password ")

       Else       //record found

       conn.Close()

        Dim AdminForm As New frmAdmin
        AdminForm.UserID = UserID
        AdminForm.connectionString = myConnString
       AdminForm.Show()

        Me.Hide()
        Me.Close()

       End If

此致

答案 1 :(得分:0)

由于我见过的大多数SQL数据库都将布尔值表示为0(false)和1(true),因此请尝试将sql语句更改为:

myCommand.CommandText = "SELECT user_bannerid FROM user WHERE BINARY username = ?Username and administrator = 1 and deleted = 0"
相关问题
最新问题