Login form

This is the code I'm using for a simple login form, which checks the entered username and password against a table in a remote database:



Imports System.Data.SqlClient

Public Class frmLogin

    Private Sub Button1_Click(ByVal sender As System.Object, ByVal e As System.EventArgs) Handles btnLogin.Click
        Dim strLoginConnStr As String
        strLoginConnStr = "Data Source=xxx;" & _
            "Initial Catalog=xxx;User Id=xxx;Password=xxx;"
        Dim connLogin As New SqlClient.SqlConnection(strLoginConnStr)
        connLogin.Open()
        Dim strSQL As String = "sp_workshop_login '" & _
            Replace(tbUsername.Text, "'", "''") & "', '" & _
            Replace(tbPassword.Text, "'", "''") & "'"
        Dim comLogin As New SqlCommand(strSQL, connLogin)
        Dim Reader As SqlDataReader = comLogin.ExecuteReader()
        If Reader.Read() Then
            MsgBox("Good username and password!")
        Else
            MsgBox("Bad username or password!", MsgBoxStyle.Exclamation)
        End If
        connLogin.Close()
    End Sub

    Private Sub btnClose_Click(ByVal sender As System.Object, ByVal e As System.EventArgs) Handles btnClose.Click
        Me.Close()
    End Sub
End Class



I've got two questions in this regard:

1) Is this the best way to code a login form?

2) When the database is not available, the line        connLogin.Open()      will make the program hang. I even tried to surround it with a Try..Catch, but the exception doesn't occur when the database is down. How can I manage it to show an error message when the database is down?
LVL 14
hujiAsked:
Who is Participating?

Improve company productivity with a Business Account.Sign Up

x
 
Jayadev NairConnect With a Mentor Application DeveloperCommented:
Hi

Please try adding "Connect Timeout=5" parameter to your connection string. this must solve the issue. But donot forget to catch the timeout.

Thanks.
0
 
Éric MoreauSenior .Net ConsultantCommented:
2) you can shorter the timeout property of the Command object.
0
 
Jeff CertainConnect With a Mentor Commented:
1. Use your command to call a stored procedure, not the strange version of dynamic SQL you've got now.
2. Use "using" if you're in VB2005.
3. Create a stored procedure that takes the user name and password as parameters, and returns the user name.

Here's the function to check:

Public Function CheckLogin(ByVal userName As String, ByVal pwd As String) As Boolean
    Dim strLoginConnStr As String
    strLoginConnStr = "Data Source=xxx;" & _
        "Initial Catalog=xxx;User Id=xxx;Password=xxx;"
    Using connLogin As New SqlClient.SqlConnection(strLoginConnStr)
      connLogin.Open()
      Using cmd As New SqlCommand("sp_workshop_login", connLogin)
        cmd.CommandType = CommandType.StoredProcedure
        cmd.Parameters.Add("@userName", SqlDbType.VarChar, 30).Value = userName
        cmd.Parameters.Add("@password", SqlDbType.VarChar, 30).Value = pwd
        Return Not (cmd.ExecuteScalar Is System.DBNull.Value)
      End Using
    End Using
  End Function

Note: in general, it is a bad idea to transmit credentials in clear text; I hash passwords and then submit the hash to the sproc to check to see if the login is valid.
0
Get your problem seen by more experts

Be seen. Boost your question’s priority for more expert views and faster solutions

 
hujiAuthor Commented:
>> ... "Connect Timeout=5" ...
It did the trick.

>> 2. Use "using" if you're in VB2005.
What is its benefit in this case?
0
 
Jeff CertainCommented:
2. Using disposes the objects for you. In the case of connection objects, it closes them for you as well.
0
 
hujiAuthor Commented:
Great.

Follow me here please: http:Q_22070999.html

0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.