0

I am a c# learner and need your help. Thanks in advance. I am working on this multi-user single login form. I have connected to SQL local database with the following as the columns: UserID, Password, UserType

My problem is, the code below works fine as long as these three are correct. If I provide a wrong password for example, nothing happens.

It has to be an issue with the "Else" part of my code, but I have tried so many changes I have even lost track of when I was close to making it work. Please help. To restate my expectations of the project: 1.When I select Admin or Student from combobox(cmbusertype) and provide INcorrect userid and password, I should get an incorrect credentials error message and number of attempts left.After 3 attempts, login button should be grayed out and I am prompted to reset my password.

public partial class Loginsystem : Form
{
    public Loginsystem()
    {
        InitializeComponent();
    }
    int attempts =1;
    private void btnlogin_Click(object sender, EventArgs e)
    {
        if (cmbusertype.SelectedItem == null)
        {
            MessageBox.Show("Please select User Type to continue...");
            cmbusertype.Focus();
            return;
        }
        if (txtuserid.Text == "")
        {
            MessageBox.Show("Please enter your UserID...");
            txtuserid.Focus();
            return;
        }
        if (txtpassword.Text == "")
        {
            MessageBox.Show("Please enter your password...");
            txtpassword.Focus();
            return;
        }

        try
        {
            SqlConnection con = new SqlConnection(@"Data Source = (LocalDB)\MSSQLlocaldb; Initial Catalog = AdminAuthentication; Integrated Security = True"); ;
            SqlCommand cmd = new SqlCommand("select * from SimplifyLogin where userID='" + txtuserid.Text + "' and password='" + txtpassword.Text + "'", con);
            SqlDataAdapter sda = new SqlDataAdapter(cmd);
            DataTable dt = new DataTable();
            sda.Fill(dt);
            string cmbItemValue = cmbusertype.SelectedItem.ToString();
            if (dt.Rows.Count >0)
            {
                for (int i = 0; i < dt.Rows.Count; i++)
                {

                    if (dt.Rows[i]["UserType"].ToString() == cmbItemValue) //you can use 2 instead of usertype in that index because usertype column is in 2 index
                    {
                        if (cmbusertype.SelectedIndex == 0)
                        {
                            MessageBox.Show("You are logged in as " + dt.Rows[i][2]);
                            MessageBox.Show("Displaying Admin Dashboard");
                            this.Hide();
                        }

                        else
                        {
                            MessageBox.Show("Welcome Student! Displaying Exam Options");
                            this.Hide();
                        }
                    }
                    else
                    {
                        MessageBox.Show("Invalid username and/or Password.Please try again. \nAttempts: " + attempts + "out of of 3");
                        txtpassword.Clear();
                        attempts++;
                    }

                    if (attempts == 4)
                    {
                        MessageBox.Show("You have reached maximum login attempts. Click 'Forgot Password' below to reset it.");
                        btnlogin.Enabled = false;

                    }
                }
            }
        }

        catch (Exception ex)
        {
            MessageBox.Show(ex.Message, "Error", MessageBoxButtons.OK, MessageBoxIcon.Error);
        }
    }
}

}

Joel Bwana
  • 43
  • 6
  • 2
    Be aware of the SQL injection issue here! See https://stackoverflow.com/questions/14376473/what-are-good-ways-to-prevent-sql-injection – Julian Jul 12 '20 at 03:22
  • If you enter incorrect username and password, `dt.Rows.Count` will be zero. So it will not execute the code inside of `if (dt.Rows.Count >0)` block. And you have not written any code which should be executed if `dt.Row.Count` is zero. That's why you don't see any thing when user enters incorrect username and password. – Chetan Jul 12 '20 at 03:52

2 Answers2

0

i can customize this code because you have not to use for loop because number of rows which return from database will be one only so..

public partial class Loginsystem : Form {
public Loginsystem() {
    InitializeComponent();
}
private int attempts = 1;
private void btnlogin_Click(object sender, EventArgs e) {
    if (cmbusertype.SelectedItem == null) {
        MessageBox.Show("Please select User Type to continue...");
        cmbusertype.Focus();
        return;
    }
    if (txtuserid.Text == "") {
        MessageBox.Show("Please enter your UserID...");
        txtuserid.Focus();
        return;
    }
    if (txtpassword.Text == "") {
        MessageBox.Show("Please enter your password...");
        txtpassword.Focus();
        return;
    }
    try {
      SqlConnection con = new 
      SqlConnection(@"Data Source = (LocalDB)\MSSQLlocaldb; Initial Catalog = AdminAuthentication; Integrated Security = True"); ;
      SqlCommand cmd = new SqlCommand("select * from SimplifyLogin where userID='" + txtuserid.Text + "' and password='" + txtpassword.Text + "'", con);
      SqlDataAdapter sda = new SqlDataAdapter(cmd);
      DataTable dt = new DataTable();
      sda.Fill(dt);
      string cmbItemValue = cmbusertype.SelectedItem.ToString();
      if (dt.Rows.Count > 0) {

        if(dt.Rows[0]["UserType"].ToString() == cmbItemValue) {

          if (cmbusertype.SelectedIndex == 0 ) {
            MessageBox.Show("You are logged in as " + dt.Rows[0][2] + Environment.NewLine + "Displaying Admin Dashboard"); 
            this.Hide();
          } else {
            MessageBox.Show("Welcome Student! Displaying Exam Options");
            this.Hide();
          }
       } else {
            MessageBox.Show("Invalid username and/or Password.Please try again. \nAttempts: " + attempts + "out of of 3");
            txtpassword.Clear();
            attempts++;
            if (attempts == 4) {
              MessageBox.Show("You have reached maximum login attempts. Click 'Forgot Password' below to reset it.");
              btnlogin.Enabled = false;
            }
      }
    } catch (Exception ex) {
         MessageBox.Show(ex.Message, "Error", MessageBoxButtons.OK, MessageBoxIcon.Error);
   }
 }
Mahmoud Mohamed Ramadan
  • 389
  • 6
  • 12
0

I figured out this morning:

Here are the changes I made:

Got rid of one of the nested ifs

if ((dt.Rows[i]["UserType"].ToString() == cmbItemValue) && (cmbusertype.SelectedIndex == 0))

adjusted the } as neccesary.

Joel Bwana
  • 43
  • 6