multi-user winforms application
-
Hi, What I am trying to achieve is that in the winforms application I am creating (a journal one), it allows multiple users to register/login and add/edit/delete their entries, my questions are: 1. How do I create the application that allows different users to login? 2. Once logged in, how will the application know which user is which and to update the logged in user's particular entries? Like in PHP you can use sessions do this easily, but how to do it in C#? I have created a simple register and login form right now, but the difference of user is my problem, I am using the SqlceDataReader but I can only login with the last user that exists in the DB and if a change that user's password, every user's password in the db is changed to that particular password. Is it better to use datasets? Here are the relevant bits from my code for both winforms: Main form:
using System;
using System.Drawing;
using System.Collections;
using System.ComponentModel;
using System.Windows.Forms;
using System.Data;
using System.Data.SqlServerCe;/// <summary> /// The main entry point for the application. /// </summary> \[STAThread\] static void Main() { MainForm frmLogin = new MainForm(); frmLogin.ShowDialog(); } private void btnLogin\_Click(object sender, System.EventArgs e) { if (txtuser.Text.Equals("")) { MessageBox.Show("Please Enter User Name", "Organiser", MessageBoxButtons.OK, MessageBoxIcon.Information); return; } if (txtpwd.Text.Equals("")) { MessageBox.Show("Please Enter Password", "Organiser", MessageBoxButtons.OK, MessageBoxIcon.Information); return; } int count = 0; con = new SqlCeConnection(); con.ConnectionString = "Data Source=Database.sdf"; com = new SqlCeCommand("select \* from \[User\]", con); con.Open(); if (con.State == ConnectionState.Open) { SqlCeDataReader dtr = com.ExecuteReader(); while (dtr.Read()) { us = dtr\["username"\].ToString(); ps = dtr\["password"\].ToString(); if (us == txtuser.Text && ps == txtpwd.Text) { count = 1; -
Hi, What I am trying to achieve is that in the winforms application I am creating (a journal one), it allows multiple users to register/login and add/edit/delete their entries, my questions are: 1. How do I create the application that allows different users to login? 2. Once logged in, how will the application know which user is which and to update the logged in user's particular entries? Like in PHP you can use sessions do this easily, but how to do it in C#? I have created a simple register and login form right now, but the difference of user is my problem, I am using the SqlceDataReader but I can only login with the last user that exists in the DB and if a change that user's password, every user's password in the db is changed to that particular password. Is it better to use datasets? Here are the relevant bits from my code for both winforms: Main form:
using System;
using System.Drawing;
using System.Collections;
using System.ComponentModel;
using System.Windows.Forms;
using System.Data;
using System.Data.SqlServerCe;/// <summary> /// The main entry point for the application. /// </summary> \[STAThread\] static void Main() { MainForm frmLogin = new MainForm(); frmLogin.ShowDialog(); } private void btnLogin\_Click(object sender, System.EventArgs e) { if (txtuser.Text.Equals("")) { MessageBox.Show("Please Enter User Name", "Organiser", MessageBoxButtons.OK, MessageBoxIcon.Information); return; } if (txtpwd.Text.Equals("")) { MessageBox.Show("Please Enter Password", "Organiser", MessageBoxButtons.OK, MessageBoxIcon.Information); return; } int count = 0; con = new SqlCeConnection(); con.ConnectionString = "Data Source=Database.sdf"; com = new SqlCeCommand("select \* from \[User\]", con); con.Open(); if (con.State == ConnectionState.Open) { SqlCeDataReader dtr = com.ExecuteReader(); while (dtr.Read()) { us = dtr\["username"\].ToString(); ps = dtr\["password"\].ToString(); if (us == txtuser.Text && ps == txtpwd.Text) { count = 1;Hi, first of all a question: Do you want to build a Windows Forms Application or an ASP.NET application (because PHP is web-based as ASP.NET is). When you use ASP.NET you got a session object, just like in PHP. Second: The way you validate username and password is not really the safest one. I suggest using a query within a prepared-statement, passing the username and passwords as statements. Regards Sebastian
It's not a bug, it's a feature! Check out my CodeProject article Permission-by-aspect. Me in Softwareland.
-
Hi, first of all a question: Do you want to build a Windows Forms Application or an ASP.NET application (because PHP is web-based as ASP.NET is). When you use ASP.NET you got a session object, just like in PHP. Second: The way you validate username and password is not really the safest one. I suggest using a query within a prepared-statement, passing the username and passwords as statements. Regards Sebastian
It's not a bug, it's a feature! Check out my CodeProject article Permission-by-aspect. Me in Softwareland.
SeMartens wrote:
Second: The way you validate username and password is not really the safest one.
Safest? It's flawed badly! Of course you can only log in as the last user in the db, because that's when your while loop ends. Even when and if your username and password is correct for some other user, and you set the count variable to 1, the next time the loop.. .erm... loops it will change it back to 2. Unless it's the last record. To the author: But yeah, the way you do it is really ugly, though. Imagine you had 500k users. Would you put all the records in the memory then, and iterate through them? Ever heard of the "WHERE" clause for T-Sql? ;>
var question = (_2b || !(_2b));
-
SeMartens wrote:
Second: The way you validate username and password is not really the safest one.
Safest? It's flawed badly! Of course you can only log in as the last user in the db, because that's when your while loop ends. Even when and if your username and password is correct for some other user, and you set the count variable to 1, the next time the loop.. .erm... loops it will change it back to 2. Unless it's the last record. To the author: But yeah, the way you do it is really ugly, though. Imagine you had 500k users. Would you put all the records in the memory then, and iterate through them? Ever heard of the "WHERE" clause for T-Sql? ;>
var question = (_2b || !(_2b));
Haha, its only in the early stages of development lads, just like I am a novice at this. Could you guys provide me with examples as to how I can do it better. PS. I am creating a winforms application only, no ASP.NET or nothing. Its a standalone app. Thanks
-
Haha, its only in the early stages of development lads, just like I am a novice at this. Could you guys provide me with examples as to how I can do it better. PS. I am creating a winforms application only, no ASP.NET or nothing. Its a standalone app. Thanks
An Enigma wrote:
2. Once logged in, how will the application know which user is which and to update the logged in user's particular entries?
Well this part sort of says: "I can't tell the difference between a winform and a webform", with all due respect. Each instance of your "application" will have to be installed on each computer you will ever want to use it on, right? Then when you log in, just keep your user id, name, or shoe-size in a global variable than you can access later. Bah, go crazy, make it a static! And use it in your PARAMETERIZED queries in the WHERE clause ;> What's your ChangePassword class supposed to do, again?
var question = (_2b || !(_2b));
-
An Enigma wrote:
2. Once logged in, how will the application know which user is which and to update the logged in user's particular entries?
Well this part sort of says: "I can't tell the difference between a winform and a webform", with all due respect. Each instance of your "application" will have to be installed on each computer you will ever want to use it on, right? Then when you log in, just keep your user id, name, or shoe-size in a global variable than you can access later. Bah, go crazy, make it a static! And use it in your PARAMETERIZED queries in the WHERE clause ;> What's your ChangePassword class supposed to do, again?
var question = (_2b || !(_2b));
-
Haha, its only in the early stages of development lads, just like I am a novice at this. Could you guys provide me with examples as to how I can do it better. PS. I am creating a winforms application only, no ASP.NET or nothing. Its a standalone app. Thanks
First up split the database connection and authentication of the application out from the authentication of the users. Create a SQL standard login for you app. Now you application has na identity that it can use to connect to the database regardless of the user. Create your own user table where you store all the data to authenticate you users (userid, password - encrypted, expiry date and any groups he user may belong to in your app, email, names, address, phones, etc etc) You login form can now talk to your database (using it's own ID) and query the user table to check the userid and password, if the login is valid then pass the user to the main form. I think there is an example login project here on CP if you search for it.
-
First up split the database connection and authentication of the application out from the authentication of the users. Create a SQL standard login for you app. Now you application has na identity that it can use to connect to the database regardless of the user. Create your own user table where you store all the data to authenticate you users (userid, password - encrypted, expiry date and any groups he user may belong to in your app, email, names, address, phones, etc etc) You login form can now talk to your database (using it's own ID) and query the user table to check the userid and password, if the login is valid then pass the user to the main form. I think there is an example login project here on CP if you search for it.
-
Woah, this is too much unknown info for me there mate. :doh: The change password class changes the password for the user logged in. Are there any examples I can look at for what you are saying?
-
Thanks for the reply Mycroft. The way you described it in your post sounds like what I am looking for, would you know the name of the project? Thanks
Heres a little light reading[^] for you. It is after all a fairly large and critical area of developing. try wandering through some of these articles and pick the ones most relevant to you.