Solved

Login form

Posted on 2006-11-23
6
352 Views
Last Modified: 2010-04-23
This is the code I'm using for a simple login form, which checks the entered username and password against a table in a remote database:



Imports System.Data.SqlClient

Public Class frmLogin

    Private Sub Button1_Click(ByVal sender As System.Object, ByVal e As System.EventArgs) Handles btnLogin.Click
        Dim strLoginConnStr As String
        strLoginConnStr = "Data Source=xxx;" & _
            "Initial Catalog=xxx;User Id=xxx;Password=xxx;"
        Dim connLogin As New SqlClient.SqlConnection(strLoginConnStr)
        connLogin.Open()
        Dim strSQL As String = "sp_workshop_login '" & _
            Replace(tbUsername.Text, "'", "''") & "', '" & _
            Replace(tbPassword.Text, "'", "''") & "'"
        Dim comLogin As New SqlCommand(strSQL, connLogin)
        Dim Reader As SqlDataReader = comLogin.ExecuteReader()
        If Reader.Read() Then
            MsgBox("Good username and password!")
        Else
            MsgBox("Bad username or password!", MsgBoxStyle.Exclamation)
        End If
        connLogin.Close()
    End Sub

    Private Sub btnClose_Click(ByVal sender As System.Object, ByVal e As System.EventArgs) Handles btnClose.Click
        Me.Close()
    End Sub
End Class



I've got two questions in this regard:

1) Is this the best way to code a login form?

2) When the database is not available, the line        connLogin.Open()      will make the program hang. I even tried to surround it with a Try..Catch, but the exception doesn't occur when the database is down. How can I manage it to show an error message when the database is down?
0
Comment
Question by:huji
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
6 Comments
 
LVL 70

Expert Comment

by:Éric Moreau
ID: 18003075
2) you can shorter the timeout property of the Command object.
0
 
LVL 6

Accepted Solution

by:
Jayadev Nair earned 200 total points
ID: 18003715
Hi

Please try adding "Connect Timeout=5" parameter to your connection string. this must solve the issue. But donot forget to catch the timeout.

Thanks.
0
 
LVL 24

Assisted Solution

by:Jeff Certain
Jeff Certain earned 200 total points
ID: 18004186
1. Use your command to call a stored procedure, not the strange version of dynamic SQL you've got now.
2. Use "using" if you're in VB2005.
3. Create a stored procedure that takes the user name and password as parameters, and returns the user name.

Here's the function to check:

Public Function CheckLogin(ByVal userName As String, ByVal pwd As String) As Boolean
    Dim strLoginConnStr As String
    strLoginConnStr = "Data Source=xxx;" & _
        "Initial Catalog=xxx;User Id=xxx;Password=xxx;"
    Using connLogin As New SqlClient.SqlConnection(strLoginConnStr)
      connLogin.Open()
      Using cmd As New SqlCommand("sp_workshop_login", connLogin)
        cmd.CommandType = CommandType.StoredProcedure
        cmd.Parameters.Add("@userName", SqlDbType.VarChar, 30).Value = userName
        cmd.Parameters.Add("@password", SqlDbType.VarChar, 30).Value = pwd
        Return Not (cmd.ExecuteScalar Is System.DBNull.Value)
      End Using
    End Using
  End Function

Note: in general, it is a bad idea to transmit credentials in clear text; I hash passwords and then submit the hash to the sproc to check to see if the login is valid.
0
Instantly Create Instructional Tutorials

Contextual Guidance at the moment of need helps your employees adopt to new software or processes instantly. Boost knowledge retention and employee engagement step-by-step with one easy solution.

 
LVL 14

Author Comment

by:huji
ID: 18004223
>> ... "Connect Timeout=5" ...
It did the trick.

>> 2. Use "using" if you're in VB2005.
What is its benefit in this case?
0
 
LVL 24

Expert Comment

by:Jeff Certain
ID: 18004230
2. Using disposes the objects for you. In the case of connection objects, it closes them for you as well.
0
 
LVL 14

Author Comment

by:huji
ID: 18004827
Great.

Follow me here please: http:Q_22070999.html

0

Featured Post

Free Tool: ZipGrep

ZipGrep is a utility that can list and search zip (.war, .ear, .jar, etc) archives for text patterns, without the need to extract the archive's contents.

One of a set of tools we're offering as a way to say thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Introduction As chip makers focus on adding processor cores over increasing clock speed, developers need to utilize the features of modern CPUs.  One of the ways we can do this is by implementing parallel algorithms in our software.   One recent…
1.0 - Introduction Converting Visual Basic 6.0 (VB6) to Visual Basic 2008+ (VB.NET). If ever there was a subject full of murkiness and bad decisions, it is this one!   The first problem seems to be that people considering this task of converting…
Michael from AdRem Software outlines event notifications and Automatic Corrective Actions in network monitoring. Automatic Corrective Actions are scripts, which can automatically run upon discovery of a certain undesirable condition in your network.…
Monitoring a network: how to monitor network services and why? Michael Kulchisky, MCSE, MCSA, MCP, VTSP, VSP, CCSP outlines the philosophy behind service monitoring and why a handshake validation is critical in network monitoring. Software utilized …

707 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question