c# - Don't meet the condition in if() but it dosen't show the MessageBox.show(""); Everything else works just fine - 


public partial class formlogin : form {     private oledbconnection connection = new oledbconnection();     //private bool checkusername = false;      public formlogin()     {         initializecomponent();         connection.connectionstring = @"provider=microsoft.ace.oledb.12.0;data source=d:\class\this semester\c#\code\access login app\database1.accdb;persist security info=false;";     }      private void form1_load(object sender, eventargs e)     {         try         {             connection.open();             dbchecklabel.text = "connected";             connection.close();         } catch(exception ex)         {             messagebox.show("error:" + ex);         }     }      private void log_in_btn_click(object sender, eventargs e)     {         try         {             oledbcommand command = new oledbcommand();             connection.open();             command.connection = connection;             command.commandtext = "select * acctbl username=" + txt_bx_username.text + "and password ='" + txt_bx_password.text + "';";             oledbdatareader reader = command.executereader();              while (reader.read())             {                 string username = reader.getvalue(reader.getordinal("username")).tostring();                 string password = reader.getvalue(reader.getordinal("password")).tostring();                  if (username.equals(txt_bx_username.text))                 {                     if (password.equals(txt_bx_password.text))                     {                         this.hide();                         formprofile f1 = new formprofile();                         f1.show();                     }                     else                         messagebox.show("incorrect pass");                             }                 else                     messagebox.show("incorrect username");             }              reader.close();             connection.close();         }         catch (exception ex)         {             messagebox.show("error: " + ex);             connection.close();         }     } }

here code login page. goes next if user name , password correct don't show message in else block if user name or password not matched.

private void log_in_btn_click(object sender, eventargs e)     {          try         {             oledbcommand command = new oledbcommand();             connection.open();             command.connection = connection;             command.commandtext = "select `username`, `password` acctbl;";             oledbdatareader reader = command.executereader();              while (reader.read())             {                 string username = reader.getvalue(reader.getordinal("username")).tostring();                 string password = reader.getvalue(reader.getordinal("password")).tostring();                   if (username.equals(txt_bx_username.text))                 {                      if (password.equals(txt_bx_password.text))                     {                         this.hide();                         formprofile f1 = new formprofile();                         f1.show();                     }                     else                     {                         messagebox.show("incorrect pass");                     }                 }                 else                 {                     messagebox.show("incorrect username");                 }             }                reader.close();             connection.close();         }         catch (exception exbtn)         {             messagebox.show("error" + exbtn);             connection.close();         }     }

after got site coded right below. value database record , check if match entered username check if match recorded password. if not shows message box. works fine.

your code dangerous.

there several security issues it.

the reason code not work quite simple: try read record database given username , password. if username or password incorrect, not retrieve record, while(reader.read()) never executes.

if do retrieve record, utterly useless compare username , password, always match because read them database.

fix sql-injection issue, store password hashes instead of plain text passwords , use different algorithm check:

either try read records database given username , hashed password , return error if no record found, or read record database username check retrieved password hash.

in either case, return generic error message if wrong. not give out information being username or password wrong. simple "incorrect username or password" enough.


Comments

Post a Comment

Popular posts from this blog

resizing Telegram inline keyboard -

telegram's inline keyboard great feature lots of different use cases. inline buttons added list of items this: inline_keyboard = [[inlinekeyboardbutton(text="button", callback_data="button"), inlinekeyboardbutton(text="reset",callback_data="reset")]] inline_keyboard_markup = inlinekeyboardmarkup(inline_keyboard) update.message.reply_text("hi", reply_markup=inline_keyboard_markup) the above code adds 2 buttons each half width of chat screen. i know the normal keyboard button there resize_keyboard parameter somehow can used. my question is there way resize inline buttons ? example make full width or quarter width. unfortunately, can't now. :( you can suggest @botsupport , might add feature next version.
Read more

command line - How can a Python program background itself? -

consider following python command-line program. doesn't work because incomplete, think illustrates problem: #!/usr/bin/python3 import multiprocessing pool = multiprocessing.pool() task in expensive_iterator_with_user_interaction(): pool.call_async(expensive_computation, (task,)) pool.close() print("dear user, may press ctrl-z , bg script.") pool.join() thus, problem scripts needs user input while it's launching expensive parallel processes. there moment when user interaction not needed anymore. then, ask user background process shell actions. however, can achieved program itself? (side note: core of problem entanglement of user input firing “expensive computations”. therefore, cannot separate both in 2 scripts, , letting 1 spawning other daemon.) the command screen may you. use screen -l create new session , run application. after inputting data, can press " ctrl-a " , press " d " on keyboard detach session. now
Read more

php - "cURL error 28: Resolving timed out" on Wordpress on Azure App Service on Linux -

Image
my wordpress installation on azure app service on linux using custom docker container has slow response times. pages take around 20-40 seconds load. i have troubleshooting plugin installed indicates problem "curl error 28: resolving timed out after n milliseconds" when making requests following urls https://api.wordpress.org/core/version-check/1.7/ http://api.wordpress.org/core/version-check/1.7/ https://api.wordpress.org/plugins/update-check/1.1/ http://api.wordpress.org/plugins/update-check/1.1/ https://api.wordpress.org/themes/update-check/1.1/ http://api.wordpress.org/themes/update-check/1.1/ curl works fine on scm-site command line. example works ok. curl -x post http://api.wordpress.org/core/version-check/1.7/ edit if ssh container , run php code, works fine. <?php $url = 'http://api.wordpress.org/core/version-check/1.7/'; $fields = array( 'version' => urlencode('4.8.1'), 'php' => urlencode(
Read more