Trying to create a log in page

I am trying to create a login page where you would enter in a username and a password. It will query the database for the information you typed in, and if it is in the database, it will log me into the program. If not, it will display a message saying information is not correct.

Here is what I have so far.

private void okButton_Click(object sender, RoutedEventArgs e)
{
    try
    {

        SqlConnection UGIcon = new SqlConnection();
        UGIcon.ConnectionString = "XXXXXXXXX; Database=XXXXXXXX; User Id=XXXXXXX; password=XXXXXXXXX";
        UGIcon.Open();

        SqlCommand cmd = new SqlCommand("SELECT User(Username, '') AS Username, User(Password,'') AS Password, FROM User WHERE Username='"
            + txtUsername.Text + "' and Password='" + txtPassword.Password + "'", UGIcon);

        SqlDataReader dr = cmd.ExecuteReader();

        string userText = txtUsername.Text;
        string passText = txtPassword.Password;

        while (dr.Read())
        {
            if (this.userText(dr["stUsername"].ToString(), userText) &&
                this.passText(dr["stPassword"].ToString(), passText))
            {
                MessageBox.Show("OK");
            }
            else
            {
                MessageBox.Show("Error");
            }

        }

        dr.Close();

        UGIcon.Close();

    }
    catch (Exception ex)
    {
        MessageBox.Show(ex.Message);
    }
}

But, the only problem is it does not work at all. I am not sure I have the correct statements to query the database either. I am also getting an error on the "this.userText" As well.

{  
    if (this.userText(dr["stUsername"].ToString(), userText) &&   
        this.passText(dr["stPassword"].ToString(), passText))
    {  

For the error I'm getting, it tells me the WPF does not contain a definition for it

I am a little unsure of how to fix it and go about it as this is the first time I've had to do this. But I think I have a decent start to it though.

Answers


There are a couple of things wrong with this structure:

this.userText(dr["stUsername"].ToString(), userText)

First, userText isn't a function, it's a local variable. So I'm not sure what you're even trying to do by invoking it as a function. Are you just trying to compare the variable? Something like this?:

this.userText.Equals(dr["stUsername"].ToString())

Second, the error is telling you that the object doesn't contain a definition for userText because, well, it doesn't. When you do this:

this.userText

you're specifically looking for a class-level member called userText on the object itself. But your variable is local to the function:

string userText = txtUsername.Text;

So just drop the this reference:

userText.Equals(dr["stUsername"].ToString())

Third, the column reference is incorrect. Note how you define the columns in your SQL query:

SELECT User(Username, '') AS Username, User(Password,'') AS Password ...

The column is called Username, not stUsername:

userText.Equals(dr["Username"].ToString())

Edit: @Blam made a good point in a comment, which demonstrates a logical error in the code. If no results are returned from your query, the while loop will never execute. So no message will be shown. You can check for results with something like HasRows:

if (dr.HasRows)
    MessageBox.Show("OK");
else
    MessageBox.Show("Error");

This kind of renders the previous things moot, of course. But it's still good to know what the problems were and how to correct them, so I'll leave the answer whole for the sake of completeness regarding the overall question.


A few other notes which are important but not immediately related to your question...

  1. Your code is vulnerable to SQL injection attacks. You'll want to look into using parameterized queries instead of concatenating string values like that. Essentially what this code does is treat user input as executable code on the database, allowing users to write their own code for your application.
  2. Please don't store user passwords in plain text. The importance of this can not be overstated. The original text of a password should never be readable from storage. Instead, store a hash of the password. There's a lot more to read on the subject.
  3. Look into using blocks to dispose of resources when you're done with them.

Need Your Help

InfiniBand: transfer rate depends on MPI_Test* frequency

multithreading mpi openmpi infiniband rdma

I'm writing a multi-threaded OpenMPI application, using MPI_Isend and MPI_Irecv from several threads to exchange hundreds of messages per second between ranks over InfiniBand RDMA.

About UNIX Resources Network

Original, collect and organize Developers related documents, information and materials, contains jQuery, Html, CSS, MySQL, .NET, ASP.NET, SQL, objective-c, iPhone, Ruby on Rails, C, SQL Server, Ruby, Arrays, Regex, ASP.NET MVC, WPF, XML, Ajax, DataBase, and so on.