Home/ Questions/Q 8602763
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-06-12T02:09:55+00:00

I wrote the following function to verify log in data for user, but so

  • 0

I wrote the following function to verify log in data for user, but so far its not working as it should and I am sure there is something wrong with it:

Private Sub button2_Click(ByVal sender As System.Object, ByVal e As System.Windows.RoutedEventArgs) Handles button2.Click
    If loginpasswordtx.Text.Length > 1 And loginpasswordtx.Text.Length > 1 And My.Settings.SQLConnectionString.Length > 5 Then
        Try
            Dim cnn As New SqlConnection(My.Settings.SQLConnectionString)
            Dim cmd = New SqlCommand("SELECT AppUser,AppUserPass FROM OrderAppUsers WHERE AppUser=@AppUser AND AppUserPass=@AppUserPass", cnn)
            cmd.Parameters.Add(New SqlParameter("@AppUser", createuserAppUser.Text))
            cmd.Parameters.Add(New SqlParameter("@AppUserPass", MD5StringHash(loginpasswordtx.Text)))
            cnn.Open()

            Dim obj As Object = cmd.ExecuteScalar()
            If obj = Nothing Then
                MsgBox("Faild to Log in, check your log in info")
                cnn.Close()
                Return
            End If
            cnn.Close()
        Catch ex As SqlException
            MsgBox(ex.Message)
            Return
        End Try

        MsgBox("Logged in Successfully")
    End If
End Sub

All I get is a null obj even though user and pass exist in the table.

the following code is for adding new users

 Try
            Dim cnnstring As String = String.Format("Server={0};Database={1};Trusted_Connection=True;", createuserServerTx.Text, createuserDatabaseTx.Text)
            Dim cnn As New SqlConnection(cnnstring)
            Dim cmd As New SqlCommand("INSERT INTO OrderAppUsers VALUES (@AppUser, @AppUserPass)", cnn)
            cmd.Parameters.Add(New SqlParameter("@AppUser", createuserAppUser.Text))
            cmd.Parameters.Add(New SqlParameter("@AppUserPass", MD5StringHash(createuserpassword.Text)))
            cnn.Open()
            cmd.ExecuteNonQuery()
            cnn.Close()
            MsgBox("User Crated Successfully")
            LayoutControl1.Visibility = Windows.Visibility.Collapsed
            My.Settings.SQLConnectionString = cnnstring
            My.Settings.Save()
        Catch ex As SqlException
            MsgBox(ex.Message)
        End Try

and the function to generate a custom hash

 Private Function MD5StringHash(ByVal strString As String) As String
    Dim MD5 As New MD5CryptoServiceProvider
    Dim Data As Byte()
    Dim Result As Byte()
    Dim R As String = ""
    Dim Temp As String = ""

    Data = Encoding.ASCII.GetBytes(strString)
    Result = MD5.ComputeHash(Data)
    For i As Integer = 0 To Result.Length - 1
        Temp = Hex(3 * Result(i) + 1)
        If Len(Temp) = 1 Then Temp = "0" & Temp
        R += Temp
    Next
    Return R
End Function
Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    Try the following when adding parameter

    cmd.Parameters.AddWithValue("@AppUser", createuserAppUser.Text)
cmd.Parameters.AddWithValue("@AppUserPass", MD5StringHash(loginpasswordtx.Text))

    or just stick with what you did but a little different than yours,

    cmd.Parameters.Add("@AppUser", SqlDbType.VarChar)       
cmd.Parameters("@AppUser").Value = createuserAppUser.Text
cmd.Parameters.Add("@AppUserPass", SqlDbType.VarChar)       
cmd.Parameters("@AppUserPass").Value = MD5StringHash(loginpasswordtx.Text)

    by the way, when using ExecuteScalar() it only returns single value. So your query can be written as 

    SELECT COUNT(*) 
FROM OrderAppUsers
WHERE AppUser=@AppUser AND AppUserPass=@AppUserPass

    and you can use int variable to store its value

    Dim obj As int = Cint(cmd.ExecuteScalar())

    so the possible values are 0 or the total number of records return.

    If obj = 0 Then
    MsgBox("Faild to Log in, check your log in info")
    '' other codes
End If

    and by refractoring your code, use Using -Statement

    Using cnn As New SqlConnection(My.Settings.SQLConnectionString)
    Using cmd = New SqlCommand("SELECT COUNT(*) FROM OrderAppUsers WHERE AppUser=@AppUser AND AppUserPass=@AppUserPass", cnn)
        cmd.Parameters.AddWithValue("@AppUser", createuserAppUser.Text)
        cmd.Parameters.AddWithValue("@AppUserPass", MD5StringHash(loginpasswordtx.Text))
        cmd.CommandType = CommandType.Text
        Try
            cnn.Open()
            Dim obj As int = Cint(cmd.ExecuteScalar())
            If obj = 0 Then
                MsgBox("Faild to Log in, check your log in info")
            Else
                 MsgBox("Logged in Successfully")
            End If
        Catch(ex As SqlException)
             MsgBox(ex.Message.ToString())
        End Try
    End Using
End Using
    • 0