• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 358
  • Last Modified:

Login form

This is the code I'm using for a simple login form, which checks the entered username and password against a table in a remote database:



Imports System.Data.SqlClient

Public Class frmLogin

    Private Sub Button1_Click(ByVal sender As System.Object, ByVal e As System.EventArgs) Handles btnLogin.Click
        Dim strLoginConnStr As String
        strLoginConnStr = "Data Source=xxx;" & _
            "Initial Catalog=xxx;User Id=xxx;Password=xxx;"
        Dim connLogin As New SqlClient.SqlConnection(strLoginConnStr)
        connLogin.Open()
        Dim strSQL As String = "sp_workshop_login '" & _
            Replace(tbUsername.Text, "'", "''") & "', '" & _
            Replace(tbPassword.Text, "'", "''") & "'"
        Dim comLogin As New SqlCommand(strSQL, connLogin)
        Dim Reader As SqlDataReader = comLogin.ExecuteReader()
        If Reader.Read() Then
            MsgBox("Good username and password!")
        Else
            MsgBox("Bad username or password!", MsgBoxStyle.Exclamation)
        End If
        connLogin.Close()
    End Sub

    Private Sub btnClose_Click(ByVal sender As System.Object, ByVal e As System.EventArgs) Handles btnClose.Click
        Me.Close()
    End Sub
End Class



I've got two questions in this regard:

1) Is this the best way to code a login form?

2) When the database is not available, the line        connLogin.Open()      will make the program hang. I even tried to surround it with a Try..Catch, but the exception doesn't occur when the database is down. How can I manage it to show an error message when the database is down?
0
huji
Asked:
huji
2 Solutions
 
Éric MoreauSenior .Net ConsultantCommented:
2) you can shorter the timeout property of the Command object.
0
 
Jayadev NairApplication DeveloperCommented:
Hi

Please try adding "Connect Timeout=5" parameter to your connection string. this must solve the issue. But donot forget to catch the timeout.

Thanks.
0
 
Jeff CertainCommented:
1. Use your command to call a stored procedure, not the strange version of dynamic SQL you've got now.
2. Use "using" if you're in VB2005.
3. Create a stored procedure that takes the user name and password as parameters, and returns the user name.

Here's the function to check:

Public Function CheckLogin(ByVal userName As String, ByVal pwd As String) As Boolean
    Dim strLoginConnStr As String
    strLoginConnStr = "Data Source=xxx;" & _
        "Initial Catalog=xxx;User Id=xxx;Password=xxx;"
    Using connLogin As New SqlClient.SqlConnection(strLoginConnStr)
      connLogin.Open()
      Using cmd As New SqlCommand("sp_workshop_login", connLogin)
        cmd.CommandType = CommandType.StoredProcedure
        cmd.Parameters.Add("@userName", SqlDbType.VarChar, 30).Value = userName
        cmd.Parameters.Add("@password", SqlDbType.VarChar, 30).Value = pwd
        Return Not (cmd.ExecuteScalar Is System.DBNull.Value)
      End Using
    End Using
  End Function

Note: in general, it is a bad idea to transmit credentials in clear text; I hash passwords and then submit the hash to the sproc to check to see if the login is valid.
0
Cloud Class® Course: Amazon Web Services - Basic

Are you thinking about creating an Amazon Web Services account for your business? Not sure where to start? In this course you’ll get an overview of the history of AWS and take a tour of their user interface.

 
hujiAuthor Commented:
>> ... "Connect Timeout=5" ...
It did the trick.

>> 2. Use "using" if you're in VB2005.
What is its benefit in this case?
0
 
Jeff CertainCommented:
2. Using disposes the objects for you. In the case of connection objects, it closes them for you as well.
0
 
hujiAuthor Commented:
Great.

Follow me here please: http:Q_22070999.html

0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Cloud Class® Course: CompTIA Cloud+

The CompTIA Cloud+ Basic training course will teach you about cloud concepts and models, data storage, networking, and network infrastructure.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now