Solved

How to create Login Page with Mysql?

Posted on 2008-10-29
7
1,610 Views
Last Modified: 2013-11-07
HI experts!
 I have created a database in mysql(smcofchristlogin)and a table called "login"  with fields (username,password).
In my aspx page  I created two textboxes(username, password) also I have a imagebutton called "logon"
Note : I am not using the Login controls in asp.net.

 So how to create a login page in such a way that when I press the  logon button, the program can go to my database and check if  the values from the textboxes are the same value from my table (username and password).
If there are not , write a message "You are not authorized to see this page" , by the way this is an asp  label.

I am using C# server side and Mysql
Thanks for your help

protected void Logon_Click(object sender, ImageClickEventArgs e)

    {

        string host = "localhost";

        string database = "smcofchristlogin";

        string user = "root";

        string password = "";

        string strSQL = "SELECT * FROM login";
 

        string strProvider = "Data Source=" + host + ";Database=" + database + ";User ID=" + user + ";Password=" + password;

        MySqlConnection mysqlCon = new MySqlConnection(strProvider);

        mysqlCon.Open();

        if (mysqlCon.State.ToString() == "Open")

        {

            MySqlCommand mysqlCmd = new MySqlCommand(strSQL, mysqlCon);

            MySqlDataReader mysqlReader = mysqlCmd.ExecuteReader();
 
 

        }

        mysqlCon.Close();
 

    }

Open in new window

0
Comment
Question by:eddyperu
  • 4
  • 3
7 Comments
 
LVL 4

Author Comment

by:eddyperu
ID: 22834491
I create it , here is my code....Now I am looking for to do this(with my code) but in a more secure way, ..meaning....It will be hard for somebody to hack it

Thanks guys for your help :)

    protected void Logon_Click(object sender, ImageClickEventArgs e)

    {

        string host = "localhost";

        string database = "smcofchristlogin";

        string user = "root";

        string password = "";

       string strProvider = "Data Source=" + host + ";Database=" + database + ";User ID=" + user + ";Password=" + password;

       ReadMyData(strProvider);

}

    public void ReadMyData(string strProvider)

    {
 

        string strStoreProcedure = "select * from login where UserName='" + UserName.Text.Replace("'", "`") + "'and Password='" + Password.Text.Replace("'", "`") + "'";
 
 

        MySqlConnection mysqlConnection = new MySqlConnection(strProvider);

        MySqlCommand myCommand = new MySqlCommand(strStoreProcedure, mysqlConnection);

        mysqlConnection.Open();

        if (mysqlConnection.State.ToString() == "Open")

        {

            MySqlDataReader myReader;

            myReader = myCommand.ExecuteReader();
 

            while (myReader.Read())

            {

                Response.Redirect("Homepage.aspx");

            }

            myReader.Close();
 

        }
 

        lblErrorLogin.Text = "Sorry, you don't have acces to this page";

        mysqlConnection.Close();
 
 

    }

Open in new window

0
 
LVL 5

Expert Comment

by:ionutz2k2
ID: 22838629
The most popular way to secure your login is by storing the passwords in the database encrypted with MD5 and to compare the MD5 string in the database with the MD5 string of your password at login. In this way you avoid mysql injection.
Hope this helps.
0
 
LVL 4

Author Comment

by:eddyperu
ID: 22843493
I saw that but I heard that it is to hack it....

If anybody knows how to load/save a MD5 hash into mysql using asp.NET 2.0(C#).
examples will be great, I ma new suing this programs...
Thanks
0
3 Use Cases for Connected Systems

Our Dev teams are like yours. They’re continually cranking out code for new features/bugs fixes, testing, deploying, testing some more, responding to production monitoring events and more. It’s complex. So, we thought you’d like to see what’s working for us.

 
LVL 4

Author Comment

by:eddyperu
ID: 22843496
..sorry I mean to easy to hack!
0
 
LVL 5

Expert Comment

by:ionutz2k2
ID: 22844594
I was just about to tell you to use 'mysql_real_escape_string' but i remembered you are using C# :).  So i did a little research an this is what i've come up with::

'PHP, if properly coded, is perfectly safe. SQL statements in your PHP code are unavoidable, and in fact encouraged if you're using MySQL, where the mysql_real_escape_string function works perfectly to prevent attacks of this sort. MSSQL, even in PHP, is another matter--stored procedures are the way to go, simply because there's no MS equivalent to mysql_real_escape_string, and this function won't block every possible attack on MSSQL.
So yes, basic good practices apply here too--if you MUST use embedded SQL statements, parameterize each and every variable before using it in the SQL statement. Otherwise, use stored procedures. In either case, use restricted logins that are only capable of doing what they absolutely must do--no need for your reporting system to have UPDATE, INSERT, or DELETE capabilities.'

Let me know if this answers your question.
0
 
LVL 4

Author Comment

by:eddyperu
ID: 22855951
Would you mind to send me a good tutorial about store procedure and how to use with MySQL...

I don't know how to code with PHP that is going to be a problem, isn't it?
thanks
0
 
LVL 5

Accepted Solution

by:
ionutz2k2 earned 500 total points
ID: 22856392
Here are a couple of references:
http://dev.mysql.com/doc/refman/5.0/en/stored-routines.html
http://www.devshed.com/c/a/MySQL/A-DIY-Approach-to-Stored-Procedures-in-MySQL/
http://www.databasejournal.com/features/mysql/article.php/3525581
These articles should help you with creating and using stored procedures in MySQL.

Let me know if these links are what you need and if you have any other questions don't hesitate to ask.

P.S.: About PHP, it's not that hard to learn especially if you are already familiar with web programming.
0

Featured Post

PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

A long time ago (May 2011), I have written an article showing you how to create a DLL using Visual Studio 2005 to be hosted in SQL Server 2005. That was valid at that time and it is still valid if you are still using these versions. You can still re…
Entity Framework is a powerful tool to help you interact with the DataBase but still doesn't help much when we have a Stored Procedure that returns more than one resultset. The solution takes some of out-of-the-box thinking; read on!
Windows 10 is mostly good. However the one thing that annoys me is how many clicks you have to do to dial a VPN connection. You have to go to settings from the start menu, (2 clicks), Network and Internet (1 click), Click VPN (another click) then fi…
Learn how to create flexible layouts using relative units in CSS.  New relative units added in CSS3 include vw(viewports width), vh(viewports height), vmin(minimum of viewports height and width), and vmax (maximum of viewports height and width).

895 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

11 Experts available now in Live!

Get 1:1 Help Now