How to avoid following "If" conditions if the first "If" is true - vb.net

I want to make my first If to stop at "Incorrect user and password", but it goes to the second and third If saying "incorrect user" and "incorrect password" after "incorrect user and password".
Public Class Form1
Dim numAttempts As Double = 0
Private Sub btnok_Click(ByVal sender As System.Object, ByVal e As System.EventArgs) Handles btnok.Click
Dim User As String = "ShaoHecc"
Dim Password As String = "daedric123"
Dim loginuser As String
Dim loginpassword As String
Dim wrong As String = False
loginpassword = Val(txtpass.Text)
loginuser = Val(txtuser.Text)
txtpass.Text = loginpassword
txtuser.Text = loginuser
If txtuser.Text = User And
txtpass.Text = Password Then
MessageBox.Show("Access Granted!")
ElseIf txtuser.Text = loginuser And
txtpass.Text = loginpassword Then
MessageBox.Show("Username and Password incorrect, " & numAttempts & " / 3 attempts left")
End If
If txtuser.Text = User = False Then
MessageBox.Show("Username incorrect, you have " & numAttempts & " / 3 attempts left.")
txtuser.Text = Nothing
End If
If txtpass.Text = Password = False Then
MessageBox.Show("Password incorrect, you have " & numAttempts & " / 3 attempts left.")
txtpass.Text = Nothing
End If
If numAttempts = 3 Then
MessageBox.Show("Maxiumum number attempts reached, you have been denied access.")
Application.Exit()
Else
numAttempts = numAttempts + 1
End If
End Sub
End Class

You have far too much code there than what is needed.
You are also using legacy VB6 code where it is not needed.
You appear to have no idea of variables and variable types.
Let me explain a little... Let's work backwards...
Variable types, of which there are many, each are required and/or recommended for a particular task. In your example you have a numAttempts which is used to count the failed attempts, however, you have it as a Double >>> Dim numAttempts As Double, it's wrong and wasteful, just use a standard Integer for a whole number in this situation. This is also of interest: Dim wrong As String = False. There are two things fundamentally wrong here. A string is Text, which means it should always have quotes surrounding the text >>> Dim wrong As String = "False". However, using something to test for True or False should be a Boolean so actually, the correct usage and syntax should be Dim wrong As Boolean = False.
Legacy VB6 code. Never a good thing to mix and match pre-.NET code with .NET code. You're using Val, don't do it. Also, it's worth noting that your usage is not needed and simply incorrect. You are using: loginpassword = Val(txtpass.Text). Why are you doing this? What do you think is happening here? It's going to try to convert whatever is in your txtpass.Text (string) to a Double (not a string) then put it into loginpassword (string).
I hope you don't take offence, I'm just trying to get you to see some flaws so you can try to improve and get to love programming like many people here already do so.
SO let's get back to your original code and question. Below is a simplified version of what you want to do.
Try it, understand it, and then change it as you see fit. For example, if you want a separate Username/Password check.
Good Luck!
Dim numAttempts As Integer = 3
Dim User As String = "ShaoHecc"
Dim Password As String = "daedric123"
Private Sub btnok_Click(sender As Object, e As EventArgs) Handles btnok.Click
'Check if Username or Password are incorrect
If Not txtuser.Text = User Or Not txtpass.Text = Password Then
numAttempts -= 1
If numAttempts = 0 Then
MessageBox.Show("Maxiumum number attempts reached, you have been denied access.")
Application.Exit()
End If
MessageBox.Show("Invalid Username or Password, you have " & numAttempts & " attempts left.")
Exit Sub
End If
'Username and Password are correct
MessageBox.Show("Access Granted!")
numAttempts = 3 'Reset if needed
End Sub

Related

Checks The Informations In Text File. VB.NET

I work on a project "SignInLogeIn" using Visual Basic.NET.
I save the user informations in text file.
the name of the file is "data.txt".
to create a new account in my program. you must enter the name,email,password and the program write the informations in textfile.
i use "Streamwritter" to write the informations.
when user create a new account The program checks if the email entered by the user is already in the text file that contains the users' information.
and the program checks from informations by "StreamReader". it reads the information in text file and checks.
I have the problem.
when I CREATE A new account. problem appears.
and the problem is
"
An unhandled exception of type 'System.IO.IOException' occurred in mscorlib.dll
Additional information: The process cannot access the file 'D:\1- Anas Files\Projects\VisualBasic.NET\SignInLogIn\SignInLogIn\SignInLogIn\bin\Debug\Data.txt' because it is being used by another process.
"
I think the problem is that I used the file twice
Once to write and once to read.
The error occurs in this line "Dim sw As New StreamWriter("Data.txt")".
how can i solve this problem ?
this is the code of "SignIn" button
Private Sub btnSignIn_Click(sender As Object, e As EventArgs) Handles btnSignIn.Click
Dim strEmail As String = txtEmail.Text
Dim Reg As New Regex("^\w+([-_.]\w+)*#\w+([-.]\w+)*\.\w+([-.]\w+)*$")
If txtUserName.Text.Trim() = "" Or txtEmail.Text.Trim() = "" Or txtPassword.Text.Trim() = "" Then
MsgBox("Please Enter All Input")
If Not Reg.IsMatch(strEmail) Then
MsgBox("Please Enter Email")
End If
Else
Dim sr As New StreamReader("Data.txt")
Dim sw As New StreamWriter("Data.txt")
Dim strPerson As String = txtUserName.Text & ";" & txtEmail.Text & ";" & txtPassword.Text
Dim line As String = ""
Do
line = sr.ReadLine()
Dim arrData As String() = line.Split(";")
If arrData(1) = strEmail Then
MsgBox("Please Change Email")
Else
sw.WriteLine(strPerson)
sw.Close()
End If
Loop While line <> Nothing
sr.Close()
End If
End Sub
You open twice the same file. First, to read and second to write, this is why you cannot write.
Dim sr As New StreamReader("Data.txt")
Dim lines As String = sr.ReadToEnd().Split(Environment.NewLine)
sr.Close()
Dim strPerson As String = txtUserName.Text & ";" & txtEmail.Text & ";" & txtPassword.Text
Dim sw As New StreamWriter("Data.txt")
For Each line As String In lines
Dim arrData As String() = line.Split(";")
If arrData(1) = strEmail Then
MsgBox("Please Change Email")
Exit For
Else
sw.WriteLine(strPerson)
Exit For
End If
Next
sw.Close()
Streams need to be closed and disposed. They are usually put in Using blocks.
I wasn't quite sure of the program flow you wanted. It seemed, since you created a writer and a reader you intended to add to user to the file if they were not listed.
I broke out some of the code into separate methods. I used System.IO since we have a simple text file.
Private Sub btnSignIn_Click(sender As Object, e As EventArgs) Handles btnSignIn.Click
If ValidInput() Then
Dim strPerson As String = $"{txtUserName.Text};{txtEmail.Text};{txtPassword.Text}"
If Not IsUserInFile(strPerson) Then
File.AppendAllText("Data.txt", strPerson & Environment.NewLine)
End If
End If
End Sub
Private Function ValidInput() As Boolean
Dim strEmail As String = txtEmail.Text
Dim Reg As New Regex("^\w+([-_.]\w+)*#\w+([-.]\w+)*\.\w+([-.]\w+)*$")
If txtUserName.Text.Trim() = "" OrElse txtEmail.Text.Trim() = "" OrElse txtPassword.Text.Trim() = "" Then
MsgBox("Please Enter All Input")
Return False
If Not Reg.IsMatch(strEmail) Then
MsgBox("Please Enter Email")
Return False
End If
End If
Return True
End Function
Private Function IsUserInFile(Person As String) As Boolean
Dim p = Person.Split(";"c)
Dim lines = File.ReadAllLines("Data.txt")
For Each line In lines
If Person = line Then
Return True
End If
Dim fields = line.Split(";"c)
If fields(0) = p(0) AndAlso fields(2) = p(2) AndAlso fields(1) <> p(1) Then
MessageBox.Show("Please Change Email")
Return False
End If
Next
Return False
End Function
This is going to get messy and slow if there are too many users. This info should really be in a database. The worst thing is the passwords should always be salted and hashed; never stored as plain text even is a database.

VB.net COMExeption was unhandled

I am creating a user login system using vb.net and MS access. I am unsure what is going wrong with my system and I receive the error message "Item cannot be found in the collection corresponding to the requested name or ordinal" The error is coming up in the section "User.Find(Username)" on the first line of the DO loop. Here is my code:
Public Class Login
Dim LoginError As String ' This will tell the user what is wrong with his login
Public Function Login()
Dim DBConn As New ADODB.Connection ' This is how we tell visual studio
'how to connect to our database
Dim User As New ADODB.Recordset 'We pass our argument through our recordset
Dim Username As String 'This will be our "Query"
Dim strUserDB As String 'This get sets to the email field in our database.
Dim strPassDB As String 'Same as above just for the password
Dim blnUserFound As Boolean 'I will be using a "DO" loop so I will use
'this as my condition
DBConn.Open("Provider = Microsoft.Jet.OLEDB.4.0;" & _
"Data Source = '" & Application.StartupPath & "\UserDetails2000.mdb'")
'The inverted comas in the dataOuce statement as itt keeps the location of your
'file as one string.
User.Open("tblUserDetails", DBConn, ADODB.CursorTypeEnum.adOpenStatic, ADODB.LockTypeEnum.adLockOptimistic)
'This is my table 'This is my connection 'These are some settings
blnUserFound = False
Login = False
Username = "User = '" & txtEmail.Text & "'" 'This tells the database to find the email field
'Equivilent to what was entered in the textbox
Do
User.Find(Username) 'This is the full statement that sends my 'Query' to the record set
If User.BOF = False And User.EOF = False Then
'BOF = Begining of file, EOF = End of file, it tests whether the database has
'reached its sentinal value, if it hasent then the username has been found, If it has,
'the username has been found.
strUserDB = User.Fields("Email").Value.ToString
'"Email" is my table field. I am setting strUserDB to the username field of my table
strPassDB = User.Fields("Password").Value.ToString
If strUserDB <> txtEmail.Text Then
User.MoveNext()
'This IF statement handles different CASE usernames, Example, admin and AdMiN
'We use this if statement to differentiate between different CASE letters
Else
blnUserFound = True
If strPassDB = txtPassword.Text Then
User.Close()
DBConn.Close()
Return True
Else
LoginError = "Invalid Password"
User.Close()
DBConn.Close()
Return False
End If
End If
Else
LoginError = "Invalid Username"
User.Close()
DBConn.Close()
Return False
End If
Loop Until blnUserFound = True
LoginError = "Invalid Username"
User.Close()
DBConn.Close()
Return False
End Function
Private Sub btnLogin_Click(ByVal sender As System.Object, ByVal e As System.EventArgs) Handles btnLogin.Click
If Login() = True Then
MessageBox.Show("Login Succesful", "Login Status")
Else
MessageBox.Show(LoginError, "Login Status")
End If
End Sub
End Class
Verify that tblUserDetails contains a column named User.
Maybe User is also a reserved keyword in Access so try setting Username as:
Username = "[User] = '" & txtEmail.Text & "'"

Struggling with basic VB.net. Variable addition

I'm trying to set up my form program so if the user fails to login 3 times (linked to a database), it closes the program. However, I'm a kinda crap at programming and I can't get the variable to actually hold the addition I'm trying to use?
Private Sub Login_Click(sender As Object, e As EventArgs) Handles Login.Click
Dim uname, pass As String
Dim attempt As Integer = 0
' Warns the user if they have missed out login information.
If UserNameBox.Text = "" Or PasswordBox.Text = "" Then
MessageBox.Show("Please ensure you have entered your username and password", "Authentication Error", MessageBoxButtons.OK, MessageBoxIcon.Error)
Else
uname = UserNameBox.Text
pass = PasswordBox.Text
GetFilteredData("username = '" & uname & "' AND password = '" & pass & "'")
If CountRecords() = 1 Then
MsgBox("Logged In!")
Else
MsgBox("Incorrect Credentials!")
attempt = attempt + 1 ' <-- Main Issue is here
If attempt = 4 Then
Application.Exit()
End If
End If
End If
End Sub
Any help would be amazing. Thanks :D
You're declaring on the attempt varible inside the Login_Click event handler. Hence, each time the Login_Click event is raised, you are initializing it to 0.
Dim attempt As Integer = 0
Try to move it to outer scope, for example make it a member of the Class.
This should work. If you want to have variable accessible from all subs, just take it out too root of class.
Private attempt As Integer = 0
Private Sub Login_Click(sender As Object, e As EventArgs) Handles Login.Click
Dim uname, pass As String
' Warns the user if they have missed out login information.
If UserNameBox.Text = "" Or PasswordBox.Text = "" Then
MessageBox.Show("Please ensure you have entered your username and password", "Authentication Error", MessageBoxButtons.OK, MessageBoxIcon.Error)
Else
uname = UserNameBox.Text
pass = PasswordBox.Text
GetFilteredData("username = '" & uname & "' AND password = '" & pass & "'")
If CountRecords() = 1 Then
MsgBox("Logged In!")
Else
MsgBox("Incorrect Credentials!")
attempt = attempt + 1 ' <-- Main Issue is here
If attempt = 4 Then
Application.Exit()
End If
End If
End If
End Sub

VB.Net Satisfy if condition from array BEFORE else statement executes

This is killing me because I know why it's doing it but I don't know how to stop it. I am reading from a text file where I have 2 users on 2 lines: bill|777 & john|333.
My conditional statement satisfies both conditions because when it loops thru, it declines one user and accepts the other causing it to do the if and the else. Please tell me how to do this one at a time. Loop thru the text, get the proper user and then go thru the conditions.
Dim MyReader As New StreamReader("login.txt")
While Not MyReader.EndOfStream
Dim user As String = UsernameTextBox.Text + "|" + PasswordTextBox.Text
Dim names() As String = MyReader.ReadLine().Split()
For Each myName In names
If user = myName Then
Me.Hide()
OrderForm.Show()
Else
MsgBox("Wrong username and password")
End If
Next
End While
MyReader.Close()
Something like this should work:
Using MyReader As New StreamReader("login.txt")
Dim GoodUser As Boolean = False
Dim user As String = UsernameTextBox.Text + "|" + PasswordTextBox.Text
While Not MyReader.EndOfStream
Dim user As String = UsernameTextBox.Text + "|" + PasswordTextBox.Text
Dim names() As String = MyReader.ReadLine().Split()
If Not names Is Nothing Then
For Each myName In names
If user = myName Then
GoodUser = True
Me.Hide()
OrderForm.Show()
Exit While
End If
Next
End If
End While
If Not GoodUser Then
MsgBox("Wrong username and password")
End If
End Using
The using block automatically disposes of the streamreader. A boolean to signify a good login can set the condition when the While loop exits. The Exit While will break out of the loop when the proper user is found. It's usually a good idea to set a conditional to check for empty lines
One thing to watch for. If a user name includes a space your code won't work. You'll have to either restrict the user names or use a different delimiter like ~.
Try this code:
Using r As StreamReader = New StreamReader("login.txt")
Dim line As String = r.ReadLine
Dim user As String = UsernameTextBox.Text + "|" + PasswordTextBox.Text
Dim found As Boolean = False
Do While (Not line Is Nothing)
If (line = user) Then
found = True
break
End If
line = r.ReadLine
Loop
If (Not found) Then
MessageBox.Show("Wrong username and password")
End If
End Using

encrypting/decrypting a password stored on a compact database

My project contains 2 forms, one to register users and one to login. I am using a compact local database to store the passwords. I wrote a function to encrypt the password when the user registers. I then wrote another to decrypt the same password when the user logs in.
The first part, encryption, works just fine. The user registers, and I can see the password encrypted on the database. However, when I try to log in, the password is not being decrypted. Here are my Functions.
Module EncryptionModule
Public Function base64Encode(ByVal sData As String) As String
Try
Dim encData_Byte As Byte() = New Byte(sData.Length - 1) {}
encData_Byte = System.Text.Encoding.UTF8.GetBytes(sData)
Dim encodedData As String = Convert.ToBase64String(encData_Byte)
Return (encodedData)
Catch ex As Exception
Throw (New Exception("Error is base64Encode" & ex.Message))
End Try
End Function
Public Function base64Decode(ByVal sData As String) As String
Dim encoder As New System.Text.UTF8Encoding()
Dim utf8Decode As System.Text.Decoder = encoder.GetDecoder()
Dim todecode_byte As Byte() = Convert.FromBase64String(sData)
Dim charCount As Integer = utf8Decode.GetCharCount(todecode_byte, 0, todecode_byte.Length)
Dim decoded_char As Char() = New Char(charCount - 1) {}
utf8Decode.GetChars(todecode_byte, 0, todecode_byte.Length, decoded_char, 0)
Dim result As String = New [String](decoded_char)
Return result
End Function
End Module
This is the routine to register a user and encrypting the password:
Private Sub btnRegister_Click(sender As Object, e As EventArgs) Handles btnRegister.Click
'If the username is taken or used on the
'database, then create account
If MasterTableAdapter.CheckUserName(txtUserName.Text) = Nothing Then
Dim pwd As String = base64Encode(Trim(txtConfirmPassword.Text))
MasterTableAdapter.CreateAccount(txtFName.Text, txtLName.Text, txtUserName.Text, pwd, int1)
MsgBox("An account has been created for: " & vbNewLine & _
"Employee: " & txtFName.Text & " " & txtLName.Text & vbNewLine & _
"User Name: " & txtUserName.Text & vbNewLine & _
"Access Level: " & strAccessLevel)
Me.Close()
Else
MessageBox.Show("The username is in use. Please select another username.", "Authentication Error", MessageBoxButtons.OK, _
MessageBoxIcon.Error)
End If
End Sub
Here is the routine to log in and decrypt the password from the Login Form:
Private Sub btnLogin_Click(sender As Object, e As EventArgs) Handles btnLogin.Click
Dim pwd As String = base64Decode(Trim(txtPassword.Text))
If Not MasterTableAdapter.Login(txtUserName.Text, pwd) = Nothing Then
'frmWelcomePage.Show()
MsgBox("SUCCESS")
Else
'If no match, display error, clear text boxes and send focus back to the username text box.
MessageBox.Show("Username or password do not match", "Authentication Failure", MessageBoxButtons.OK, MessageBoxIcon.Exclamation)
txtPassword.Text = Nothing
txtUserName.Text = Nothing
txtUserName.Focus()
End If
End if
End Sub
I am new to the whole encryption arena so I don't know what I am doing wrong here.
You shouldn't decrypyt the password.
When the user creates a password, you should generate a hash (ie: a value from which the password can not be reconstructed)
When the user attempts to login, you should compare the hash value of the given password with the stored hash.
First, Base64 encoding is not encryption. Many people can look at a B64 string and know what to do to unscramble it. You should look into hash techniques as podiluska suggested.
That said, since your Decode method cant unscramble what you encode, it means you have an error in one or the other. Simple encoding for what you are doing can be done:
Dim s As String = "MySecretPassword"
' convert to byte array
Dim bArry() As Byte = System.Text.Encoding.UTF8.GetBytes(s)
' convert bytes to Base64:
Dim sb64 As String = System.Convert.ToBase64String(barry)
To decode is just the reverse:
' Base64 -> Byte Array
Dim bOut() As Byte = System.Convert.FromBase64String(sb64)
' Byte Arry -> clear text
Dim sOut As String = System.Text.Encoding.UTF8.GetString(bOut)