Post: [C#] Log In/Account Registration[MySQL]
Options
01-19-2015, 12:38 AM
#1
jagex
Gym leader
Make a new class first and reference mysql
Credits
1% to stackoverflow for the count method
99% me for everything else lol
using MySql.Data.MySqlClient;
Global Variables
MySqlConnection connect;
public static List<string> CustomerInformation = new List<string>();
public static bool isConnected = false;
//Sets up connection to database
public void SetupConnection()
{
string serverInfo = ("Server=
atabase=;Uid=root;Pwd=;");
connect = new MySqlConnection(serverInfo);
try
{
connect.Open();
isConnected = true;
}
catch
{
MessageBox.Show("Could Not Connect To MySQL Database");
Application.Current.Shutdown();
}
}
//Log In
public void LogIn(string username, string password)
{
MySqlCommand logIn = new MySqlCommand("SELECT * from customers where username='" + username + "' and pwd = '" + password + "'", connect);
MySqlDataReader reader = logIn.ExecuteReader();
int count = 0;
while (reader.Read())
{
count += 1;
}
if (count == 0)
{
MessageBox.Show("Username/Password is incorrect", "Error", MessageBoxButton.OK, MessageBoxImage.Error);
}
else if (count == 1)
{
[B]Obviously put whatever you want here, this is a successful log in[/B]
CustomerInformation.Add(reader["ID"] + "");
CustomerInformation.Add(reader["FirstName"] + "");
CustomerInformation.Add(reader["LastName"] + "");
CustomerInformation.Add(reader["Gender"] + "");
CustomerInformation.Add(reader["PhoneNumber"] + "");
CustomerInformation.Add(reader["Address"] + "");
CustomerInformation.Add(reader["City"] + "");
CustomerInformation.Add(reader["PostalCode"] + "");
CustomerInformation.Add(reader["UserName"] + "");
CustomerInformation.Add(reader["Pwd"] + "");
CustomerInformation.Add(reader["Admin"] + "");
}
else if (count >= 2)
{
MessageBox.Show("Duplicate Accounts Found, Contact an Adminstrator", "Error", MessageBoxButton.OK, MessageBoxImage.Error);
}
reader.Close();
count = 0;
}
[B]Again this is just an example of my registration process, change it to fit yours[/B]
public void Register(string firstName, string lastName, string gender, string address, string phonenumber,
string city, string postalcode, string username, string pwd)
{
if (DuplicateUserNameCheck() == false)
{
MySqlCommand register = new MySqlCommand("INSERT INTO Customers (FirstName, LastName, Gender, Address, PhoneNumber, City, PostalCode, UserName, Pwd) Values(@FN, @LN, @GN, @AD, @PN, @Cty, @PSTL, @UN, @PWD)", connect);
//register.Parameters.AddWithValue("@ID", ID);
register.Parameters.AddWithValue("@FN", firstName);
register.Parameters.AddWithValue("@LN", lastName);
register.Parameters.AddWithValue("@GN", gender);
register.Parameters.AddWithValue("@AD", address);
register.Parameters.AddWithValue("@PN", phonenumber);
register.Parameters.AddWithValue("@Cty", city);
register.Parameters.AddWithValue("@PSTL", postalcode);
//register.Parameters.AddWithValue("@Admin", admin);
register.Parameters.AddWithValue("@UN", username);
register.Parameters.AddWithValue("@PWD", pwd);
try
{
register.ExecuteNonQuery();
MessageBox.Show("Account Has Been Registered, You Can Now Log In");
}
catch (MySqlException ex)
{
MessageBox.Show(ex.Message);
}
}
}
//Checks for exisiting username on registration
private bool DuplicateUserNameCheck()
{
string _username = Registration.username;
MySqlCommand duplicateUserCheck = new MySqlCommand("SELECT UserName FROM customers WHERE UserName =" + "'" + _username + "'", connect);
MySqlDataReader reader = duplicateUserCheck.ExecuteReader();
int count = 0;
while (reader.Read())
{
count++;
}
reader.Close();
duplicateUserCheck.Dispose();
if (count >= 1)
{
MessageBox.Show("Username is already taken");
count = 0;
return true;
}
else
{
return false;
}
}
}
Last edited by
jagex ; 01-19-2015 at 12:46 AM.
01-19-2015, 03:34 PM
#2
MrRa1n
League Champion
Originally posted by jagex
If you find any improvements let me know!
Make a new class first and reference mysql
Credits
1% to stackoverflow for the count method
99% me for everything else lol
Global Variables
Make a new class first and reference mysql
Credits
1% to stackoverflow for the count method
99% me for everything else lol
using MySql.Data.MySqlClient;
Global Variables
MySqlConnection connect;
public static List<string> CustomerInformation = new List<string>();
public static bool isConnected = false;
//Sets up connection to database
public void SetupConnection()
{
string serverInfo = ("Server=atabase=;Uid=root;Pwd=;");
connect = new MySqlConnection(serverInfo);
try
{
connect.Open();
isConnected = true;
}
catch
{
MessageBox.Show("Could Not Connect To MySQL Database");
Application.Current.Shutdown();
}
}
//Log In
public void LogIn(string username, string password)
{
MySqlCommand logIn = new MySqlCommand("SELECT * from customers where username='" + username + "' and pwd = '" + password + "'", connect);
MySqlDataReader reader = logIn.ExecuteReader();
int count = 0;
while (reader.Read())
{
count += 1;
}
if (count == 0)
{
MessageBox.Show("Username/Password is incorrect", "Error", MessageBoxButton.OK, MessageBoxImage.Error);
}
else if (count == 1)
{
[B]Obviously put whatever you want here, this is a successful log in[/B]
CustomerInformation.Add(reader["ID"] + "");
CustomerInformation.Add(reader["FirstName"] + "");
CustomerInformation.Add(reader["LastName"] + "");
CustomerInformation.Add(reader["Gender"] + "");
CustomerInformation.Add(reader["PhoneNumber"] + "");
CustomerInformation.Add(reader["Address"] + "");
CustomerInformation.Add(reader["City"] + "");
CustomerInformation.Add(reader["PostalCode"] + "");
CustomerInformation.Add(reader["UserName"] + "");
CustomerInformation.Add(reader["Pwd"] + "");
CustomerInformation.Add(reader["Admin"] + "");
}
else if (count >= 2)
{
MessageBox.Show("Duplicate Accounts Found, Contact an Adminstrator", "Error", MessageBoxButton.OK, MessageBoxImage.Error);
}
reader.Close();
count = 0;
}
[B]Again this is just an example of my registration process, change it to fit yours[/B]
public void Register(string firstName, string lastName, string gender, string address, string phonenumber,
string city, string postalcode, string username, string pwd)
{
if (DuplicateUserNameCheck() == false)
{
MySqlCommand register = new MySqlCommand("INSERT INTO Customers (FirstName, LastName, Gender, Address, PhoneNumber, City, PostalCode, UserName, Pwd) Values(@FN, @LN, @GN, @AD, @PN, @Cty, @PSTL, @UN, @PWD)", connect);
//register.Parameters.AddWithValue("@ID", ID);
register.Parameters.AddWithValue("@FN", firstName);
register.Parameters.AddWithValue("@LN", lastName);
register.Parameters.AddWithValue("@GN", gender);
register.Parameters.AddWithValue("@AD", address);
register.Parameters.AddWithValue("@PN", phonenumber);
register.Parameters.AddWithValue("@Cty", city);
register.Parameters.AddWithValue("@PSTL", postalcode);
//register.Parameters.AddWithValue("@Admin", admin);
register.Parameters.AddWithValue("@UN", username);
register.Parameters.AddWithValue("@PWD", pwd);
try
{
register.ExecuteNonQuery();
MessageBox.Show("Account Has Been Registered, You Can Now Log In");
}
catch (MySqlException ex)
{
MessageBox.Show(ex.Message);
}
}
}
//Checks for exisiting username on registration
private bool DuplicateUserNameCheck()
{
string _username = Registration.username;
MySqlCommand duplicateUserCheck = new MySqlCommand("SELECT UserName FROM customers WHERE UserName =" + "'" + _username + "'", connect);
MySqlDataReader reader = duplicateUserCheck.ExecuteReader();
int count = 0;
while (reader.Read())
{
count++;
}
reader.Close();
duplicateUserCheck.Dispose();
if (count >= 1)
{
MessageBox.Show("Username is already taken");
count = 0;
return true;
}
else
{
return false;
}
}
}
Good practice would be to add a password hashing function to your code before sending it to the server (having the passwords on the server hashed also)
So add this:
public class Security
{
public static string HashCode(string str)
{
string rethash = "";
try
{
System.Security.Cryptography.SHA1 hash = System.Security.Cryptography.SHA1.Create();
System.Text.ASCIIEncoding encoder = new System.Text.ASCIIEncoding();
byte[] combined = encoder.GetBytes(str);
hash.ComputeHash(combined);
rethash = BitConverter.ToString(hash.Hash).Replace("-", "");
}
catch (Exception ex)
{
string strerr = "Error in HashCode : " + ex.Message;
}
return rethash;
}
}
And call it in your above code like so
public void LogIn(string username, string password)
{
string hashedvalue = Security.HashCode(password);
MySqlCommand logIn = new MySqlCommand("SELECT * from customers where username='" + username + "' and pwd = '" + hashedvalue + "'", connect);
MySqlDataReader reader = logIn.ExecuteReader();
int count = 0;
while (reader.Read())
{
count += 1;
}
if (count == 0)
{
MessageBox.Show("Username/Password is incorrect", "Error", MessageBoxButton.OK, MessageBoxImage.Error);
}
else if (count == 1)
{
Obviously put whatever you want here, this is a successful log in
CustomerInformation.Add(reader["ID"] + "");
CustomerInformation.Add(reader["FirstName"] + "");
CustomerInformation.Add(reader["LastName"] + "");
CustomerInformation.Add(reader["Gender"] + "");
CustomerInformation.Add(reader["PhoneNumber"] + "");
CustomerInformation.Add(reader["Address"] + "");
CustomerInformation.Add(reader["City"] + "");
CustomerInformation.Add(reader["PostalCode"] + "");
CustomerInformation.Add(reader["UserName"] + "");
CustomerInformation.Add(reader["Pwd"] + "");
CustomerInformation.Add(reader["Admin"] + "");
}
else if (count >= 2)
{
MessageBox.Show("Duplicate Accounts Found, Contact an Adminstrator", "Error", MessageBoxButton.OK, MessageBoxImage.Error);
}
reader.Close();
count = 0;
}
This is using SHA1 hashing, but you can use other methods such as SHA256 etc
The following user thanked MrRa1n for this useful post:
Copyright © 2024, NextGenUpdate.
All Rights Reserved.
