I was wondering if anyone is able to guide me in the right direction as to how to encrypt passwords given by a windows form in VB.net. I am fairly new to programming so some specialist terms may not make sense. I also store the username and password in an access database. Should this be encrypted? If so how? Or should i encrypt the password before pressing enter so that the encrypted value is stored? Any help or information whatsoever will be appreciated. I will respond quickly to any questions you may have in order to provide you with further information. I will provide my code now, (as i do not think it is of relevance) ::::::
Imports System.Data.OleDb
Imports System.Data
Public Class Form3
Private Sub Form3_Load(sender As Object, e As EventArgs) Handles MyBase.Load
End Sub
Private Sub Label4_Click(sender As Object, e As EventArgs) Handles Label4.Click
End Sub
Private Sub Button2_Click(sender As Object, e As EventArgs) Handles Button2.Click
If TextBox2.Text = "" Or TextBox2.Text = "" Or TextBox3.Text = "" Then
MsgBox("Please Complete All Fields")
Else
Try
Dim conn As New OleDbConnection("Provider=Microsoft.ACE.OLEDB.12.0;Data Source=E:\Computer Science\CA\tyre_stock_database_21.accdb")
Dim insert As String = "Insert into login_info values('" & TextBox1.Text & "','" & TextBox2.Text & "');"
Dim cmd As New OleDbCommand(insert, conn)
conn.Open()
cmd.ExecuteNonQuery()
MsgBox("Account Successfully Created")
Me.Close()
Catch ex As Exception
MsgBox(String.Format("Error: {0}", ex.Message))
End Try
End If
End Sub
End Class
Related
This is my code. help me to solve it thanks!
An exception of type 'System.InvalidOperationException' occurred in System.Data.dll but was not handled in user code Additional information: ExecuteReader requires an open and available Connection. The connection's current state is closed
Imports System.Data.SqlClient
Partial Class Staff
Inherits System.Web.UI.Page
' Dim conn As New SqlConnection("Data Source=USER-PC\SQLEXPRESS;Initial Catalog=carrental;Integrated Security=True;Pooling=False")
Dim con As New Data.SqlClient.SqlConnection
Dim cmd As New Data.SqlClient.SqlCommand
Dim dr As Data.SqlClient.SqlDataReader
Protected Sub Page_Load(ByVal sender As Object, ByVal e As System.EventArgs) Handles Me.Load
Try
con.ConnectionString = ("Data Source=(LocalDB)\MSSQLLocalDB;AttachDbFilename=C:\Users\user\Desktop\oh manisku\PROJECT ABIS\project baru\project baru\App_Data\order.mdf;Integrated Security=True;Connect Timeout=30")
con.Open()
Catch ex As Exception
' MsgBox(ex.Message)
End Try
End Sub
Protected Sub btnSubmit_Click(sender As Object, e As EventArgs) Handles btnSubmit.Click
cmd.CommandText = ("Select Username, Password from Admin WHERE Username ='" & txtusername.Text & "' and Password = '" & txtPass.Text) & "' "
cmd.Connection = con
dr = cmd.ExecuteReader
con.Close()
If dr.HasRows Then
MsgBox("Succesfully Login")
Response.Redirect("recalled.aspx")
Else
MsgBox("Invalid Username and Password")
End If
End Sub
Private Sub btnReset_Click(sender As Object, e As EventArgs) Handles btnReset.Click
End Sub
Protected Sub SqlDataSource1_Selecting(sender As Object, e As SqlDataSourceSelectingEventArgs) Handles SqlDataSource1.Selecting
End Sub
End Class
As I said in my comment, you're closing the connection before reading the data. You should move the connection close to after you finished with the data reader.
Protected Sub btnSubmit_Click(sender As Object, e As EventArgs) Handles btnSubmit.Click
Dim con As New Data.SqlClient.SqlConnection
con.ConnectionString = ("Data Source=(LocalDB)\MSSQLLocalDB;AttachDbFilename=C:\Users\user\Desktop\oh manisku\PROJECT ABIS\project baru\project baru\App_Data\order.mdf;Integrated Security=True;Connect Timeout=30")
con.Open()
cmd.CommandText = ("Select Username, Password from Admin WHERE Username ='" & txtusername.Text & "' and Password = '" & txtPass.Text) & "' "
cmd.Connection = con
dr = cmd.ExecuteReader
If dr.HasRows Then
MsgBox("Succesfully Login")
Response.Redirect("recalled.aspx")
Else
MsgBox("Invalid Username and Password")
End If
dr.Close() ' close the datareader
con.Close() ' close the connection
End Sub
Private Sub btnReset_Click(sender As Object, e As EventArgs) Handles btnReset.Click
End Sub
Calling ExecuteReader simply opens the stream. If you close the connection, you close the stream. To use a telephone analogy: it's like hanging up on someone, and then trying to have a conversation.
Please also switch to using parameterized queries since, as it stands, I could enter my username as ' OR 1 = 1 ; -- and I'd gain full access to the first account in your system.
Also, please look into ways to securely store passwords. You should never store passwords in your database in plain text, and you should never store passwords in a way that allows you to reverse them to the original user input. Passwords should be hashed with a salt. see here.
im trying to create a login form in vb.net with SQLite with this code
Imports System.Data.SQLite
Public Class frmLogin
Private Sub btnlogin_Click(ByVal sender As System.Object, ByVal e As System.EventArgs) Handles btnlogin.Click
Dim table As DataTable = Nothing
Dim da As New SQLiteDataAdapter("Select * from user_tbl where username='" & txtuser.Text & "'and pass_id='" & txtpass.Text & "'", myconn)
Try
If txtuser.Text = "" And txtpass.Text = "" Then
MessageBox.Show("Please fill Username and Password", "Important", MessageBoxButtons.OK, MessageBoxIcon.Information)
txtuser.Focus()
Else
da.Fill(table)
If table.Rows.Count > 0 Then
frmMain.Show()
Me.Close()
Else
MessageBox.Show("login not successful")
End If
da.Dispose()
End If
Catch ex As Exception
MessageBox.Show(ex.ToString)
End Try
End Sub
Private Sub frmLogin_Load(ByVal sender As System.Object, ByVal e As System.EventArgs) Handles MyBase.Load
ConnectME()
End Sub
End Class
but i keep getting an error at line 26 "da.fill(table)"
Here is what the error says:
Here are two lines of your code:
Dim table As DataTable = Nothing
da.Fill(table)
You have no code in between that assigns an object to that table variable. Why exactly are you surprised that there's an issue here? If I told you to fill a bag and then handed you no bag, how exactly would you go about filling it? You couldn't, because you can't fill a bag that doesn't exist, yet you expect your app to be able to fill a DataTable that doesn't exist.
I am creating a form application using Visual Studio Express VB 2008 and SQL server 2008. I have two forms. When the program start is not showing me any form. What is to be done that I could use two forms as one program. For example, in one form I want to insert data type state, city .. and the other to use the same information for something else. But like I said, my first step is to see both forms in one program. What should I do to make it work
Imports System.Data.Sql
Imports System.Data.SqlClient
' This is my main form called form1 and through it I want to call a form called Country. Belonging to the same project. How to call a form ,,country,, that I could use
Public Class Form1
Dim objDS As New DataSet
Dim objDA As New SqlDataAdapter
Public Sqlcon As New SqlConnection With {.connectionString = "server=XXX\MSSQL2008;database=TEST;Trusted_Connection=True;"}
Private Sub Form1_Load(ByVal sender As System.Object, ByVal e As System.EventArgs) Handles MyBase.Load
If hasConnection() = True Then
MessageBox.Show("uspijesno povezano sa bazom")
End If
getSelc()
End Sub
Public Function hasConnection() As Boolean
Try
Sqlcon.Open()
Sqlcon.Close()
Return True
Catch ex As Exception
MessageBox.Show("Niste povezani sa bazom")
Return False
End Try
End Function
Public Function selc()
Dim objDS = New DataSet
Dim objDA As New SqlDataAdapter
Sqlcon.Close()
Sqlcon.Open()
Dim exCommand As String = ""
Dim myCommand As New SqlCommand
Dim commitTransaction = Sqlcon.BeginTransaction
Try
myCommand = New SqlCommand("EXECUTE " & "regionSelect" & " '" & txtID.EditValue & "', '" & txtShortN.EditValue & "', N'" & txtRegion.EditValue & "', '" & txtStatus.EditValue & "'", Sqlcon)
myCommand.Transaction = commitTransaction
objDA.SelectCommand = myCommand
objDA.Fill(objDS)
commitTransaction.Commit()
Sqlcon.Close()
MessageBox.Show("Podaci su uspijesno poslati")
Catch ex As Exception
MessageBox.Show(ex.Message)
commitTransaction.Rollback()
End Try
End Function
Private Sub SimpleButton3_Click(ByVal sender As System.Object, ByVal e As System.EventArgs) Handles btnInsert.Click
'insert()
End Sub
Private Sub btnConfirm_Click(ByVal sender As System.Object, ByVal e As System.EventArgs) Handles btnConfirm.Click
getSelc()
End Sub
Public Function getSelc()
objDS = New DataSet
Dim com As New SqlCommand
Sqlcon.Close()
Sqlcon.Open()
GridControl1.DataSource = Nothing
Try
com = New SqlCommand("EXECUTE rS '" & txtID.Text & " ' , ' " & txtRegion.Text & "' , '" & txtShortN.Text & "', ' " & txtStatus.Text & " ' ", Sqlcon)
'com = New SqlCommand("SELECT * FROM tblRegion", Sqlcon)
objDA.SelectCommand = com
objDA.Fill(objDS)
com.CommandType = CommandType.StoredProcedure
GridControl1.DataSource = objDS.Tables(0)
objDA.Dispose()
com.Dispose()
Sqlcon.Close()
MessageBox.Show("Im here")
Catch ex As Exception
MessageBox.Show(ex.Message)
End Try
'GridControl1.DataSource = Nothing
'objDS.Tables(0).Rows.Clear()
End Function
Private Sub SimpleButton4_Click(ByVal sender As System.Object, ByVal e As System.EventArgs) Handles SimpleButton4.Click
getSelc()
Dim newRow As DataRow
newRow = objDS.Tables(0).NewRow
newRow.Item(0) = txtID.EditValue
newRow.Item(1) = txtShortN.EditValue
newRow.Item(2) = txtRegion.EditValue
newRow.Item(3) = txtStatus.EditValue
objDS.Tables(0).Rows.Add(newRow)
End Sub
Private Sub SimpleButton3_Click_1(ByVal sender As System.Object, ByVal e As System.EventArgs) Handles SimpleButton3.Click
End Sub
Private Sub SimpleButton1_Click(ByVal sender As System.Object, ByVal e As System.EventArgs) Handles SimpleButton1.Click
Country.Show() ' => Is this a good way, and is there any better way and more efficient
End Sub
End Class
You cannot load more than one form on Application Startup. You have to load any one form first then show others from its Form_Load event.
Private Sub StartupForm_Load(sender As Object, e As EventArgs) Handles Me.Load
Dim form2 As New Form2
form2.Show()
Dim form3 As New Form3
form3.Show()
End Sub
Or you can load forms manually on Button Click.
Set the Form1 as a StartupForm from the Project Property Window.
Now, Add a button in your first form button1 and write down some code to display another form.
Private Sub button1_Click(sender As Object, e As EventArgs) Handles button1.Click
Dim form2 As New Form2
form2.Show()
End Sub
Another one is calling main method. For that you need to assign Main method in your Project Property Window
Module mainModule
Sub Main()
Dim form2 As New Form2
form2.Show()
Dim form3 As New Form3
form3.ShowDialog()
End Sub
End Module
Can anyone Help me to figure out whats the meaning of this error statement.I keep getting this error statement:-
index (zero based) must be greater than or equal to zero and less than the size of the argument list
Below is my coding
Imports System.Data.OleDb
Public Class form2
Dim Mycn As OleDbConnection
Dim Command As OleDbCommand
Dim icount As Integer
Dim SQLstr As String
Private Sub Button1_Click_2(ByVal sender As System.Object, ByVal e As System.EventArgs) Handles Button1.Click
Try
Mycn = New OleDbConnection("Provider=Microsoft.Jet.OLEDB.4.0;Data Source=C:\Users\lenovo\Documents\Final year stuff\BookStoreDb.mdb;")
Mycn.Open()
SQLstr = String.Format("INSERT INTO login VALUES('{0}','{1}','{2}','{3}','{4}')", TextBox1.Text, TextBox2.Text)
Command = New OleDbCommand(SQLstr, Mycn)
icount = Command.ExecuteNonQuery
MessageBox.Show(icount)
Catch ex As Exception
MessageBox.Show(ex.Message & " - " & ex.Source)
Mycn.Close()
End Try
End Sub
Private Sub Button2_Click(sender As System.Object, e As System.EventArgs) Handles Button2.Click
Me.Close()
End Sub
End Class
As Plutonix suggested, just specify the two fields.
You can combine that with the parameters so you are also safe from injection attacks.
Try the following:
SQLstr = String.Format("INSERT INTO Login (User, Password) VALUES ('{0}','{1}')", TextBox1.Text, TextBox2.Text)
Command = New OleDbCommand(SQLstr, Mycn)
I'm new to VB.net. So here is what I want to do which I am having some serious problem
Using the "Get_Computer_Name form" will post the username and account type into another form. The Get_Computer_Name also gets the computer name where it will be sent to a module and that module will work as the main connection. Now I have tried to separate the login form and form that gets the computer name but that didn't work (I also want to try that method).
The problem with my current method is that it can only perform one thing at a time. It fails to post the username and account type and it fails to send the computer name to the module. Now strangely there is a way around. If I comment out the post username and account type, the computer name will be sent to the module and the module will work and connect to the database. Now if I choose not to comment out the code that post the username and account to the other form, the computer name won't be sent to the module that handles the connection thus failing to connect to the database.
I am open to other suggestions rather than doing it this way.
Thank you
'Here is my code for "Get_Computer_Name form"
Imports System.Data.SqlClient
Public Class Get_Computer_Name
Public Sub Get_Computer_Name_Load(sender As System.Object, e As System.EventArgs) Handles MyBase.Load
cmbcomputername.Text = My.Computer.Name
connect()
End Sub
Private Sub cmbcomputername_SelectedIndexChanged(sender As System.Object, e As System.EventArgs) Handles cmbcomputername.SelectedIndexChanged, cmbcomputername.TextChanged
cmbcomputername.Text = My.Computer.Name
End Sub
Public Sub btnlogin_Click(sender As System.Object, e As System.EventArgs) Handles btnlogin.Click
datasource = cmbcomputername.Text
If connection.State = ConnectionState.Closed Then
connection.Open()
End If
Dim reader As SqlDataReader
Dim sqlstatement As SqlCommand = New SqlCommand
sqlstatement.Connection = connection
Try
sqlstatement.CommandText = "Select account_username, account_password, account_type " &
"from account_login where account_username='" & txtusername.Text & "' and account_password='" & txtpassword.Text & "'"
reader = sqlstatement.ExecuteReader()
If (reader.Read()) Then
Dim application_form As application_form
application_form = New application_form
application_form.Show()
application_form = Nothing
Me.Visible = False
'This is the code that post the username and account type to the other form (application form). If I comment this code out, the system successfully connects to the database
application_form.lblusername.Text = (reader("account_username").ToString)
application_form.lblaccount_type.Text = (reader("account_type").ToString)
sqlstatement.Dispose()
reader.Close()
connection.Close()
Else
connection.Close()
MsgBox("Invalid")
End If
reader.Close()
Catch ex As Exception
End Try
End Sub
End Class
'This is the code for the module that holds the main connection string
Public connection As SqlConnection = New SqlConnection
Public datasource As String
Public database As String = "bpmi"
Public sqlmainconnector As String
Public Sub connect()
sqlmainconnector = "Data Source=" & datasource & ";Initial Catalog=bpmi;Integrated Security=True"
connection.ConnectionString = sqlmainconnector
Try
If connection.State = ConnectionState.Closed Then
connection.Open()
Else
connection.Close()
End If
Catch ex As Exception
End Try
End Sub
'And this code is the form where the username and account type will be posted
Imports System.Data.SqlClient
Public Class application_form
Dim sqlcommand As SqlCommand
Dim da As SqlDataAdapter
Dim table As New DataTable
Dim dategrabberapp As String
Dim dategrabberben As String
Dim benidgrabber As String
Private Sub Form1_Load(sender As System.Object, ByVal e As System.EventArgs) Handles MyBase.Load
connect()
filldatagrid(updateappdatagrid, updatebendatagrid)
fillcomboboxstatus(cmbstatus)
fillcomboboxposition(cmbappworkposition)
fillcomboboxrelationship(cmbrelation)
fillcomboboxrelationshipupdate(cmbrelationbenupdate)
fillcomboboxstatusupdate(cmbappstatusupdate)
fillcomboboxpositionupdate(cmbappworkposupdate)
'this is where the account type will got to
If lblaccount_type.Text <> "Administrator" Then
Me.TabControl1.TabPages(1).Enabled = False
Me.TabControl1.TabPages(2).Enabled = False
MsgBox("As a 'Staff', you are not permitted to do any updates")
updateappdatagrid.Hide()
updatebendatagrid.Hide()
End If
End Sub
End Class