0

I am trying to create login screen with WPF, i have input username and password in SQL data base and connected with C# code. When i am designing in visual studio, i am not getting any error messages and everything seams fine, but when i run application and login screen shows up, i put username and password in to fields but i still get error message that information are incorrect but application still let me trough to next window.Bellow is my code in xaml and c#.

private void buttonLogin_Click(object sender, RoutedEventArgs e)
{
    SqlConnection conn = new SqlConnection(@"Data Source=(LocalDB)\v11.0;AttachDbFilename=C:\Users\Denis\Documents\Data.mdf;Integrated Security=True;Connect Timeout=30");
    conn.Open();
    SqlCommand cmd = new SqlCommand("Select * from Login where Username='" + textBoxUsername + "' and Password='" + textBoxPassowrd + "'", conn);
    cmd.CommandType = CommandType.Text;
    SqlDataAdapter adapter = new SqlDataAdapter();
    adapter.SelectCommand = cmd;
    DataSet dataSet = new DataSet();
    adapter.Fill(dataSet);

    if (dataSet.Tables[0].Rows.Count>0)
    {
        string username = dataSet.Tables[0].Rows[0]["Username"].ToString();
        Close();
    }
    else
    {
        MessageBox.Show("Invalid username or password!", "Paznja", MessageBoxButton.OK, MessageBoxImage.Error);
    }

    this.Hide();
    MainWindow mn = new MainWindow(); 
    mn.Show();
    this.Close();
}
Abbas
  • 14,186
  • 6
  • 41
  • 72
Ronin
  • 39
  • 2
  • 3
  • 10
  • 1
    What happens if you move the code after the `else` inside the `if` after the `Close();` statement ? – Alex Mar 14 '14 at 13:08
  • Are your passwords in plain text in the database? – tonyriddle Mar 14 '14 at 13:32
  • @tonyriddle One hurdle at a time, mate ;) – TheGeekZn Mar 14 '14 at 13:37
  • Just checking to see if that is the cause of the issue :) If they are hashed and he's checking against plain text, it would cause the issue he is describing. – tonyriddle Mar 14 '14 at 13:38
  • @tonyriddle very valid point! I think he does seem to mention that it works in a Dev environment... At least that's what I **think** he means by `When i am designing in visual studio, i am not getting any error messages and everything seams fine`.. – TheGeekZn Mar 14 '14 at 13:43
  • I am total beginner in this so please bare with me if i say something wrong :). I have setup database trough Visual Studio 2013 Unlimited and i have create tables and edit rows for username and password. – Ronin Mar 14 '14 at 14:41

3 Answers3

2

The following lines are always executed:

this.Hide();
MainWindow mn = new MainWindow(); 
mn.Show();
this.Close();

Move them into the if statement (that one being executed if the user is found)

Sascha
  • 10,231
  • 4
  • 41
  • 65
  • Yes it worked in case of not letting me trough if i don't put correct information(username and password) but application is activating MessageBox.Show("Invalid username and password"); even if i put correct username and password that are setup in database. – Ronin Mar 14 '14 at 13:27
  • Are you sure you're using the correct user/pass? :P – TheGeekZn Mar 14 '14 at 13:37
  • I have put them in database – Ronin Mar 14 '14 at 15:46
2

Put

        this.Hide();
        MainWindow mn = new MainWindow(); 
        mn.Show();
        this.Close();

inside your if statement. Putting it after the else will make it always run..
PS: You may want to use SQL Parameters to prevent some nasty SQL injection.

Demo:

private void buttonLogin_Click(object sender, RoutedEventArgs e)
{
    SqlConnection conn = new SqlConnection(@"Data Source=(LocalDB)\v11.0;AttachDbFilename=C:\Users\Denis\Documents\Data.mdf;Integrated Security=True;Connect Timeout=30");
    SqlCommand cmd = new SqlCommand("Select * from Login where Username='@Name' and Password='@Pass'", conn);
    cmd.Parameters.Add(new SqlParameter("Name", textBoxUsername);
    cmd.Parameters.Add(new SqlParameter("Pass", textBoxPassowrd);

    conn.Open();

    SqlDataReader rdr= cmd.ExecuteReader();

    string username = null; 

    if (rdr.HasRows)
    {
        while(rdr.Read())
        {
           username = rdr["Username"].ToString();
        }

        conn.Close();

        this.Hide();
        MainWindow mn = new MainWindow(); 
        mn.Show();
        this.Close();
    }
    else
    {
        MessageBox.Show("Invalid username or password!", "Paznja", MessageBoxButton.OK, MessageBoxImage.Error);

        conn.Close();
    }
}
Community
  • 1
  • 1
TheGeekZn
  • 3,696
  • 10
  • 55
  • 91
  • Hi, this is something that would come in handy later, but when i type in username and password that i set up in database it is telling me that is invalid. – Ronin Mar 14 '14 at 13:17
  • when i add SQL Parameters, and run application. it stops whit running, VS highlights part with adapter.Fill(dataSet) and it says "An unhandled exception of type 'System.ArgumentException' occurred in System.Data.dll" – Ronin Mar 14 '14 at 13:24
  • I'd go about it using a `SqlDataReader` instead of filling adapters. Check out my update. – TheGeekZn Mar 14 '14 at 13:30
  • When i changed to SqlDataReader i am getting error message "The type 'System.Data.SqlClient.SqlDataReader' has no constructors defined. – Ronin Mar 14 '14 at 14:40
  • @Ronin Forgot to add `cmd.ExecuteReader()`. I updated the code. – TheGeekZn Mar 14 '14 at 20:03
  • when I add cmd.ExecuteReader() i am getting error massage when i start debuging and ArgumentException is trow with message: "An unhandled exception of type 'System.ArguementException' occured in System.Data.dll" and there id additional information: No mapping exists from object type System.Windows.Controls.TextBox to a known managed provider native type. – Ronin Mar 14 '14 at 22:00
1
    this.Hide();
    MainWindow mn = new MainWindow(); 
    mn.Show();
    this.Close();

inside your if statement. Putting it after the else will make it always run..

Ramji
  • 43
  • 3
  • 12