How to check user on login screen?

Question

How to check user on login screen?

Asked 7 years, 9 months ago

Viewed 1,015 times

2

I have a problem, I have a login screen and I need to check it with a query Sql.

To be able to do something, but she doesn’t check and enter directly.

private void btn_Entrar_Click(object sender, EventArgs e)
    {

        SqlConnection conexao = new SqlConnection();

        conexao.ConnectionString = Properties.Settings.Default.cs1;


        try
        {
            conexao.Open();
            SqlCommand obj = new SqlCommand();

            obj.CommandText = "Select * FROM TB_LOGIN WHERE Usuario =@Usuario And  Senha=@Senha";


            obj.Parameters.Add("@Usuario", SqlDbType.VarChar).Value =  Txt_Nome.Text;
            obj.Parameters.Add("@Senha", SqlDbType.VarChar).Value = Txt_Senha.Text;

            obj.CommandType = CommandType.Text;
            obj.Connection = conexao;
            obj.ExecuteNonQuery();

            conexao.Close(); 


        }
        catch
        {
            MessageBox.Show("Falha ");
            conexao.Close();
        }

2

in reality you are only making the select in the database, you have to check if the return of your user exists in the database.

– Marco Souza

2016/09/21 at 19:33
When is verified if the user exists in the bank??

– Jéf Bueno

2016/09/21 at 19:37
1

I hope this code is just an exercise, because it is not a good idea to store the password exposed in the database. you can use the Cryptsharp to protect your password as follows: Generate password hash and save to database

– Tobias Mesquita

2016/09/21 at 19:54

1 answer

Browser other questions tagged c# sql-server

You are not signed in. Login or sign up in order to post.

by Marco Souza • **12,304** points · Answer 1 · 2016-09-21T19:48:02+00:00

Change your method to the below and validate your user

protected void btn_Entrar_Click(object sender, EventArgs e)
        {
            SqlConnection conexao = new SqlConnection();
            conexao.ConnectionString = ConnString;
            conexao.Open();
            SqlCommand obj = new SqlCommand();
            obj.CommandText = "Select * FROM TB_LOGIN WHERE Usuario =@Usuario And  Senha=@Senha";
            obj.Parameters.Add("@Usuario", SqlDbType.VarChar).Value = Txt_Nome.Text;
            obj.Parameters.Add("@Senha", SqlDbType.VarChar).Value = Txt_Senha.Text;
            obj.CommandType = CommandType.Text;
            obj.Connection = conexao;

            SqlDataReader reader = obj.ExecuteReader();
            if (reader.HasRows)
            {
                //todo : usuario logado
                Response.Redirect(Request.QueryString["ReturnUrl"]); // ????
            }
            else
            {
                //todo : Login ou Senha Invalida
            }
            conexao.Close();
        }