Vb.net 在Visual Studio中单击验证用户名和密码
使用用户名和密码文本框,我尝试在单击时验证用户名和密码是否在表中。下面是我的按钮。如果可能的话,有人能回顾一下,告诉我哪里出了问题吗?我是新来的,真的需要一些建议 谢谢你的帮助,非常感谢Vb.net 在Visual Studio中单击验证用户名和密码,vb.net,visual-studio,Vb.net,Visual Studio,使用用户名和密码文本框,我尝试在单击时验证用户名和密码是否在表中。下面是我的按钮。如果可能的话,有人能回顾一下,告诉我哪里出了问题吗?我是新来的,真的需要一些建议 谢谢你的帮助,非常感谢 Partial Class _Default Inherits System.Web.UI.Page Protected Sub butSubmit_Click(ByVal sender As Object, ByVal e As System.EventArgs) Handles butSu
Partial Class _Default
Inherits System.Web.UI.Page
Protected Sub butSubmit_Click(ByVal sender As Object, ByVal e As System.EventArgs) Handles butSubmit.Click
Dim myReader As Data.SqlClient.SqlDataReader
Dim mySqlConnection As Data.SqlClient.SqlConnection
Dim mySqlCommand As Data.SqlClient.SqlCommand
'Establish the SqlConnection by using the configuration manager to get the connection string in our web.config file.
mySqlConnection = New Data.SqlClient.SqlConnection(ConfigurationManager.ConnectionStrings("ConnectionString").ToString())
Dim sql As String = "SELECT password FROM MyUsers WHERE username = '" & Me.logon_id.Text & "'"
mySqlCommand = New Data.SqlClient.SqlCommand(sql, mySqlConnection)
Try
mySqlConnection.Open()
myReader = mySqlCommand.ExecuteReader()
If (myReader.HasRows) Then
myReader.Read()
Dim password As String = myReader("password")
If (password = Me.user_password.Text) Then
'Open page with users and roles
Dim message As String = "Correct password"
Dim style As MsgBoxStyle = MsgBoxStyle.OkOnly
Dim title As String = "Authenticated"
MsgBox(message, style, title)
End If
End If
Catch ex As Exception
Console.WriteLine(ex.ToString())
Finally
If Not (myReader Is Nothing) Then
myReader.Close()
End If
If (mySqlConnection.State = Data.ConnectionState.Open) Then
mySqlConnection.Close()
End If
End Try
End Sub
End Class
user_description VARCHAR(100) NOT NULL,
user_password VARCHAR(50) NOT NULL,
);
INSERT INTO MyUsers (user_logon_id, user_full_name, user_description, user_password) VALUES
('mcoby', 'Mary Coby', 'Class Instructor', 'password');
CREATE TABLE MyRole
(
myrole_id INT IDENTITY(1,1)PRIMARY KEY,
role_name VARCHAR(50) NOT NULL,
role_description VARCHAR(100) NOT NULL,
);
INSERT INTO MyRole (role_name, role_description) VALUES ('administrator', ' Administrator of the web site');
INSERT INTO MyRole (role_name, role_description) VALUES ('user', ' User of the web site');
CREATE TABLE UserRoles
(
user_id int FOREIGN KEY REFERENCES MyUsers(id),
role_id int FOREIGN KEY REFERENCES MyRole(myrole_id),
);
不要从数据库发送/接收清晰的密码文本。
您应该创建一个密码散列并存储它。当需要检查密码时,重新应用哈希函数并检查数据库 此外,命令文本中使用的字符串连接也是一种非常糟糕的做法。您应该始终使用参数化查询,以避免sql注入和包含单引号或小数的字符串以及数据库无法识别的日期的解析问题 最后,连接、命令和数据读取器都是一次性对象,因此最好使用using语句 这只是一个例子,没有经过测试
Dim sql As String = "SELECT password FROM MyUsers WHERE username = @uname"
Using mySqlConnection = New Data.SqlClient.SqlConnection(ConfigurationManager.ConnectionStrings("ConnectionString").ToString())
Using mySqlCommand = New Data.SqlClient.SqlCommand(sql, mySqlConnection)
mySqlConnection.Open()
mySqlCommand.Parameters.AddWithValue("@uname", Me.logon_id.Text)
result = mySqlCommand.ExecuteScalar()
if result Is Nothing Then
' User not found
Else
Dim pwHash = GetHashedText(Me.user_password.Text)
if result.ToString = pwHash Then
'Open page with users and roles
Dim message As String = "Correct password"
Dim style As MsgBoxStyle = MsgBoxStyle.OkOnly
Dim title As String = "Authenticated"
MsgBox(message, style, title)
Else
' wrong Password
End If
End If
End Using
End Using
End Sub
Private Function GetHashedText(ByVal clearText As String) As String
Dim e As New UnicodeEncoding()
Dim sourceBytes() As Byte = e.GetBytes(clearText)
Dim md5 As New MD5CryptoServiceProvider()
Dim hashedBytes() As Byte = md5.ComputeHash(sourceBytes)
Return Convert.ToBase64String(hashedBytes)
End Function
然后对用户键入的密码进行散列,然后根据数据库返回的散列进行检查。没有清晰的密码文本,在数据库端,密码的加密方式使得远程机器的管理员都无法恢复原始文本 在没有更多关于实际问题的信息的情况下:投票关闭被移动到我为上述问题添加了更多信息。谢谢你的回复。我真的是新手,所以任何建议都是非常感谢的!