Hashing passwords for a login form in vb.net - mysql

I have a Login form, I haven't done anything about hashing the password yet, I have been reading about hash here and there yet it really confuses me and don't really know how to implement it in my code for the login form.
Code for hashing I saw
Dim bytes() as byte = System.Text.Encoding.UTF8.GetBytes(stringPassword);
dim hashOfBytes() as byte = new System.Security.Cryptography.SHA1Managed().ComputeHash(bytes)
Dim strHash as string = Convert.ToBase64String(hashOfBytes)
Convert back to bytes
hashOfBytes = Convert.FromBase64String(strHash)
** My Login Form Code**
Using conn As New MySqlConnection("Server = localhost; Username= root; Password =; Database = forms")
Using cmd
With cmd
MsgBox("Connection Established")
.Connection = conn
.Parameters.Clear()
.CommandText = "SELECT * FROM users WHERE BINARY Username = #iUsername AND Password = #iPassword"
.Parameters.Add(New MySqlParameter("#iUsername", txtUser.Text))
.Parameters.Add(New MySqlParameter("#iPassword", txtPass.Text))
End With
Try
conn.Open()
dr = cmd.ExecuteReader()
Catch ex As MySqlException
MsgBox(ex.Message.ToString())
End Try
End Using
End Using
If dr.HasRows = 0 Then
MsgBox("Invalid user")
Conn.Close()
Else
Start.Show()
Conn.Close()
End If
End Sub

You should store the hash value of the password in the Password field of your table.
Then you search for user and the password hash, not directly for the password taken from the input box.
However, your code will still fail because you try to use the MySqlDataReader after the disposing of the connection. Move the check for rows inside the Using block
Dim strHash as string = Convert.ToBase64String(hashOfBytes)
.....
Dim userIsValid as Boolean = False
Using conn As New MySqlConnection(.........)
Using cmd
....
.Parameters.Add(New MySqlParameter("#iPassword", strHashPass))
Try
conn.Open()
dr = cmd.ExecuteReader()
userIsValid = dr.HasRows
Catch ex As MySqlException
MsgBox(ex.Message.ToString())
End Try
End Using
End Using
if userIsValid then
.....
else
.....
End

Related

Unknown database 'database'

I am trying to make a secure login for my database, using a MySQL database.
Private Sub logIn_Click(sender As Object, e As EventArgs) Handles logIn.Click
MysqlConn = New MySqlConnection
MysqlConn.ConnectionString =
"server=localhost;userid=root;password=Catawba;database=catawbapartnership"
Dim READER As MySqlDataReader
Try
MysqlConn.Open()
Dim Query As String
Query = "select * from database.admininfo where admin_username= ' " & TB_UN.Text & " ' and admin_password= ' " & TB_PD.Text & " '"
COMMAND = New MySqlCommand(Query, MysqlConn)
READER = COMMAND.ExecuteReader
Dim count As Integer
count = 0
While READER.Read
count = count + 1
End While
If count = 1 Then
MessageBox.Show("Username and Password Accepted")
ElseIf count > 1 Then
MessageBox.Show("Username and Password Are Incorrect")
Else
MessageBox.Show("Username and Password Are Incorrect")
End If
MysqlConn.Close()
Catch ex As MySqlException
MessageBox.Show(ex.Message)
Finally
MysqlConn.Dispose()
End Try`
This is the code, but I keep getting the error of Unknown database'database'
In MySQL Workbench, the entire database is named catawbapartnership
And the table I need to get info from is called admininfo
But, it keep saying I have entered it incorrectly. Please help!
Remove database. from your code. As a default database is in the connection you don't need to specify it in the question.
Please copy your implementation from somewhere else. This has SQL injection vulnerabilities and you should never store plain text passwords.
OWASP has a lot of guidance on being a responsible programmer.

How to select from a cell in mysql and add to button.text

i'm a newbie to visual basic 2015 in visual studio community.
what i'm trying to do on load of main form
i have 7 buttons that need the text field changed to correspond with the entries in the Database. these buttons can be change to now categories by the end user down the road.
I'm using MySQL for my database. Any help would be MUCH appreciated as i have searched google and youtube and it's an endless world of OVERLOAD.
My DB Structure is as follows since i cant embed an image:
idbtncat btn_Name btn_caption PanelNo btn_image
1 btn_cat1 Pizza pnl_cat1 pizza.jpg
Public Class frm_MainConsole
Dim conn As New MySqlConnection
Sub dbconn()
Dim DatabaseName As String = "posdb"
Dim server As String = "localhost"
Dim userName As String = "root"
Dim password As String = "8943117"
If Not conn Is Nothing Then conn.Close()
conn.ConnectionString = String.Format("server={0}; user id={1}; password={2}; database={3}; pooling=false", server, userName, password, DatabaseName)
Try
conn.Open()
Catch ex As Exception
MsgBox(ex.Message)
End Try
End Sub
Private Sub frm_MainConsole_Load(sender As Object, e As EventArgs) Handles MyBase.Load
Me.Show()
dbconn()
Dim query As String
Dim command As MySqlCommand
Dim reader As MySqlDataReader
Try
dbconn()
query = "select * from posdb.button_cat where btn_caption"
command = New MySqlCommand(query, conn)
reader = command.ExecuteReader
While reader.Read
btn_Cat1.Text = reader("btn_caption")
conn.Close()
End While
Catch ex As MySqlException
MessageBox.Show(ex.Message)
Finally
conn.Dispose()
End Try
End Sub
Private Sub testDatabaseConnectionToolStripMenuItem_Click(sender As Object, e As EventArgs) Handles testDatabaseConnectionToolStripMenuItem.Click
If mnit_dbConn.Text = "DB NOT Connected" Then
dbconn()
mnit_dbConn.Text = "DB CONNECTED"
Else
mnit_dbConn.Text = "DB NOT Connected"
conn.Close()
End If
End Sub

Mysql Localhost Access Denied VB.Net

I Have Login Form in VB.net
but i got problem if i access my localhost , previous the code is working, but after i leave the VS and go back again, i got problem like this http://i.imgur.com/SfMghZj.png
this is my source code
MySqlConn = New MySqlConnection
MySqlConn.ConnectionString = "server=localhost;userid=root;password=***;database=exodium"
Dim Reader As MySqlDataReader
Try
MySqlConn.Open()
Dim Query As String
Query = "select * from exodium.member where Username='" & UsernameTxt.Text & "' and Password='" & PasswordTxt.Text & "'"
Command = New MySqlCommand(Query, MySqlConn)
Reader = Command.ExecuteReader
Dim count As Integer
count = 0
While Reader.Read
count = count + 1
End While
If count = 1 Then
Loading.Show()
ElseIf count > 1 Then
MessageBox.Show("Duplicate !")
Else
MessageBox.Show("Not Correct !")
End If
MySqlConn.Close()
Catch ex As MySqlException
MessageBox.Show(ex.Message)
Finally
MySqlConn.Dispose()
End Try
and this is my Localhost http://i.imgur.com/CfeOHuh.png
anyone can help? thanks T_T
It may be possible of that you don't have permission on mysql database.
Look into mysql.user table that you have entry for localhost and that password[Will be in encrypted form].
if not please insert one and use
CREATE USER 'root'#'localhost' IDENTIFIED BY '14253690';
GRANT ALL PRIVILEGES ON * . * TO 'root'#'localhost' IDENTIFIED BY '14253690';
FLUSH PRIVILEGES;
Try
Dim MySqlConn As MySqlConnection
Dim COMMAND As MySqlCommand
MySqlConn = New MySqlConnection
MySqlConn.ConnectionString = "server=localhost;user id=root;password=;database=exodium"
Dim READER As MySqlDataReader
MySqlConn.Open()
Dim Query As String
Query = "SELECT Username,Password FROM member"
COMMAND = New MySqlCommand(Query, MySqlConn)
READER = COMMAND.ExecuteReader
While READER.Read
Dim userNameDB = READER.GetString("Username")
Dim PasswordDB = READER.GetString("Password")
Dim userName As String = UsernameTxt.Text
Dim Password As String = PasswordTxt.Text
If userNameDB = userName And PasswordDB = Password Then
MessageBox.Show("Duplicate !")
Else
MessageBox.Show("Not Correct !")
End If
End While
MySqlConn.Close()
Catch myerror As Exception
MessageBox.Show(myerror.Message, "Error", MessageBoxButtons.OK, MessageBoxIcon.Error)
End Try

VB Insert into MySql

As a Vb noob im working on this school project. I need to insert my values into my mysql database but for a reason it isn't inserting tried everything but i can't find why it isn't inserting.
Thx in advance
Dim sqlCommand As New MySqlCommand
Dim SQLConnection As MySqlConnection = New MySqlConnection
Dim strStockSQL As String
Dim server As String = "localhost"
Dim DatabaseName As String = "Gip"
Dim userName As String = "root"
Dim password As String = ""
SQLConnection = New MySqlConnection()
If Not conn Is Nothing Then conn.Close()
conn.ConnectionString = String.Format("server={0}; user id={1}; password={2}; database={3}; pooling=false", server, userName, password, DatabaseName)
Try
strStockSQL = "insert into stock (Barcode,Naam_Product,Verkoopprijs) values (#Barcode,#Naam_product,#Verkoopprijs)"
sqlCommand.Connection = SQLConnection
sqlCommand.CommandText = strStockSQL
sqlCommand.Parameters.AddWithValue("#Barcode", Convert.ToString(txtBarcode.Text))
sqlCommand.Parameters.AddWithValue("#Naam_product", Convert.ToString(txtNaam.Text))
sqlCommand.Parameters.AddWithValue("#Verkoopprijs", Convert.ToInt32(txtVP.Text))
sqlCommand.ExecuteNonQuery()
Catch ex As Exception
MsgBox("Error occured: Could not insert record")
When executing an sqlCommand you must have it's related connection object in open state.
SQLConnection.Open()
sqlCommand.ExecuteNonQuery()
SQLConnection.Close()
Also, read about Using statement and use it for SqlConnection.
Another thing: this code line is meaningless: If Not conn Is Nothing Then conn.Close() remove it.

Having problems with a login form in VB.NET

Ok so this is part of the program i am working on in vb.net what it should do is go into my MYSQL database and check to see what the user entered match's with the username/password in the database(simple login) but it is not working, it is stopping at the first if statement, i dont know why, but it goes down to the catch every time. i put in messagesbox's every other line to fine the problem so i know something is wrong with the if statements
Dim rdr As MySqlDataReader = Nothing
Myconnection = "Server=LocalHost; database=vb; user=root; password=tro63jans; "
db_con.ConnectionString = Myconnection
Dim cmd As New MySqlCommand("SELECT * FROM login", db_con)
Try
db_con.Open()
rdr = cmd.ExecuteReader()
Dim found As Boolean = False
While rdr.Read()
If username.ToUpper() = DirectCast(rdr("username"), String) Then
If password = DirectCast(rdr("password"), String) Then
found = True
MessageBox.Show("you are log in")
Exit While
Else
MessageBox.Show("username and password do not match", "Error")
txtpassword.Focus()
End If
If found Then
MessageBox.Show("user name not found", "error")
txtusername.Focus()
txtpassword.Focus()
Exit While
End If
Else
If found Then
MessageBox.Show("User name not found", "error")
txtusername.Focus()
End If
End If
End While