How do I actually login user

Question

Im very new to C#, im working on a login system. The program can verify the user information but I dont get how your suppose to log the user in. Beacuse now you get a success message and thats it. And how do you redirect the user to the rest of the application. This is a native app and all I could find was information about how to redirect in asp.net instad of c#.net.

private void button1_Click(object sender, EventArgs e)
    {
        string user = textBox1.Text;
        string pwd = textBox2.Text;
        MySqlConnection conn = new MySqlConnection("server = localhost; user id = root; database = bot");
        MySqlDataAdapter sda = new MySqlDataAdapter("select count(*) from license where user = '" + textBox1.Text + "' and pwd = '" + textBox2.Text + "'", conn);
        DataTable dt = new DataTable();
        sda.Fill(dt);
        if (dt.Rows[0][0].ToString() == "1")
        {

            MessageBox.Show("Successful login!", "info", MessageBoxButtons.OK, MessageBoxIcon.Information);


        }
        else
        {
            MessageBox.Show("Info is not valid", "alter", MessageBoxButtons.OK, MessageBoxIcon.Error);
        }
    }

Simple. Load the window or page or anything that you want the authenticated user to see. — bolkay, Dec 15 '18 at 20:04
Are you using forms/WPF? You need to load the target window/form. — Peter Smith, Dec 15 '18 at 20:05
**warning** your code is extremely vulnerable to sql injection attacks! — Daniel A. White, Dec 15 '18 at 20:06
It is very unclear what you mean " to log the user in". If you just want to check if there is a database record that matches couple parameters there are plenty examples (even with column names matching your code https://www.bing.com/search?q=c%23+sql+name+password+check)... (And as @DanielA.White said please read https://stackoverflow.com/questions/5468425/how-do-parameterized-queries-help-against-sql-injection - posting code showing SQL injection *always* distract from whatever question you are trying to ask). — Alexei Levenkov, Dec 15 '18 at 20:16
@AlexeiLevenkov Im used to programing in php. By loging in the user I mean that I store the user information in the session and can refer to it when I for example want to output "Signed in as ....". — Enis.b, Dec 15 '18 at 20:23
You just need to define a class from the main form and use `form.show();` — I_Al-thamary, Dec 15 '18 at 20:28
See this:https://github.com/CodAffection/Login-Form-in-Csharp — I_Al-thamary, Dec 15 '18 at 20:30
@bolkay his question is not about security. There is no even encryption here. — I_Al-thamary, Dec 15 '18 at 20:45
This is for ASP.net :https://drive.google.com/drive/folders/17KvHSTJvvD5jmcufr35-V8TV67pHL7D8 — I_Al-thamary, Dec 15 '18 at 20:46
For security see this:https://stackoverflow.com/questions/2794016/what-should-every-programmer-know-about-security — I_Al-thamary, Dec 15 '18 at 20:48

I_Al-thamary · Accepted Answer · 2018-12-17T07:41:36.943

You just need to define an object of the class and the use Show(); after you use this.Hide(); for ASP.NET use Response.Redirect("Dashboard.aspx")

For increasing the security of your login form you should read this to preventing SQL injection attacks: https://www.codeproject.com/Articles/9378/%2FArticles%2F9378%2FSQL-Injection-Attacks-and-Some-Tips-on-How-to-Prev

https://www.mikesdotnetting.com/article/113/preventing-sql-injection-in-asp-net

For the session setting

How to set security on Login Page in asp.net

For encryption :

C# encrypted Login

  private void button1_Click(object sender, EventArgs e)
    {
        string user = textBox1.Text;
        string pwd = textBox2.Text;
        MySqlConnection conn = new MySqlConnection("server = localhost; user id = root; database = bot");

 string query = "Select * from license Where user = '" + textBox1.Text.Trim() + "' and pwd = '" + textBox2.Text.Trim() + "'";
            SqlDataAdapter sda = new SqlDataAdapter(query, conn );
            DataTable dtbl = new DataTable();
            sda.Fill(dtbl);
            if (dtbl.Rows.Count == 1)
            {    //change the name of the form depend on the form that you need to show.
                frmMain objFrmMain = new frmMain();
                this.Hide();
                objFrmMain.Show();
            }
            else
            {
                MessageBox.Show("Check your username and password");
            }

    }

For ASP.NET

  protected void btnLogin_Click(object sender, EventArgs e)
        {
            using (SqlConnection sqlCon = new SqlConnection("server = localhost; user id = root; database = bot");

            {
                sqlCon.Open();
                string query =  "Select * from license Where user = '" + textBox1.Text.Trim() + "' and pwd = '" + textBox2.Text.Trim() + "'";


       SqlCommand sqlCmd = new SqlCommand(query, sqlCon);
            sqlCmd.Parameters.AddWithValue("@user",textBox1.Text.Trim());
            sqlCmd.Parameters.AddWithValue("@pwd", textBox2.Text.Trim());
            int count = Convert.ToInt32(sqlCmd.ExecuteScalar());
            if (count == 1)
            {
                Session["user"] = textBox1.Text.Trim();
                Response.Redirect("Dashboard.aspx");
            }
            else { lblErrorMessage.Visible = true; }
        }
    }

Download the code from here:https://drive.google.com/drive/folders/17KvHSTJvvD5jmcufr35-V8TV67pHL7D8

Giving new users example with SQL injection is just not nice. — Alexei Levenkov, Dec 16 '18 at 00:35
@AlexeiLevenkov we just solved his problem and answered his question for SQL injection use this: https://www.c-sharpcorner.com/UploadFile/75a48f/how-sql-injection-can-be-possible-in-asp-net-websites/ https://stackoverflow.com/questions/36427520/asp-net-login-control-protect-from-sqli-with-authenticate-event — I_Al-thamary, Dec 16 '18 at 00:46
@AlexeiLevenkov His question is about how to show the form. I used his code to solve his problem. I add some reference in case if he needs to secure his code. The problem of the security is not only the SQL injection. He has to manage the session and other things. Best Regards. — I_Al-thamary, Dec 17 '18 at 07:39

How do I actually login user

1 Answers1