Skip to content
  • Categories
  • Recent
  • Tags
  • Popular
  • World
  • Users
  • Groups
Skins
  • Light
  • Cerulean
  • Cosmo
  • Flatly
  • Journal
  • Litera
  • Lumen
  • Lux
  • Materia
  • Minty
  • Morph
  • Pulse
  • Sandstone
  • Simplex
  • Sketchy
  • Spacelab
  • United
  • Yeti
  • Zephyr
  • Dark
  • Cyborg
  • Darkly
  • Quartz
  • Slate
  • Solar
  • Superhero
  • Vapor
  • Default (No Skin)
  • No Skin
Collapse
Code Project
CODE PROJECT For Those Who Code
  • Home
  • Articles
  • FAQ
Community
  1. Home
  2. Database & SysAdmin
  3. Database
  4. Login page

Login page

Scheduled Pinned Locked Moved Database
databasequestionsecurityhelplearning
9 Posts 4 Posters 0 Views 1 Watching
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
Reply
  • Reply as topic
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • D Offline
    D Offline
    Desi Bravo
    wrote on last edited by
    #1

    I created a user login page associated with an address book. In order to retrieve the address book the user must enter the username and password. How can i code the login button for authentication. Below is the code that i used but there is an error message that points to ExecuteReader. Error: "ExecuteReader requires an open and available connection. The connection current state is closed." I am using the OleDbDataAdapter, OleDbDataReader, OleDbConnection, and the OleDbCommand. What is it that I am doing wrong. I also created a MS Access table. Dim mypath = Application.StartupPath & "\password.mdb" Dim Password = "" Dim conn As New OleDbConnection("Provider=Microsoft.Jet.OLEDB.4.0;Data Source=" & mypath & ";Jet OLEDB:Database Password=" & Password) Dim cmd As OleDbCommand Private Sub btnLogin_Click(ByVal sender As System.Object, ByVal e As System.EventArgs) Handles btnLogin.Click Dim sql = "SELECT Username,Password FROM Password WHERE Username = '" & txtUsername.Text & "' AND Password = '" & txtPassword.Text & "'" cmd = New OleDbCommand(sql, conn) Dim dr As OleDbDataReader = cmd.ExecuteReader If conn.State <> ConnectionState.Open Then conn.Open() End If Try conn.Open() Catch ex As InvalidOperationException MsgBox(ex.Message) End Try Try If dr.Read = False Then MessageBox.Show("Authentication Failed...") Else MessageBox.Show("Login Successful...") End If Catch ex As Exception MsgBox(ex.Message) End Try If conn.State <> ConnectionState.Closed Then conn.Close() End If Dim form As New Form2 form.Show() bravo659

    M J 2 Replies Last reply
    0
    • D Desi Bravo

      I created a user login page associated with an address book. In order to retrieve the address book the user must enter the username and password. How can i code the login button for authentication. Below is the code that i used but there is an error message that points to ExecuteReader. Error: "ExecuteReader requires an open and available connection. The connection current state is closed." I am using the OleDbDataAdapter, OleDbDataReader, OleDbConnection, and the OleDbCommand. What is it that I am doing wrong. I also created a MS Access table. Dim mypath = Application.StartupPath & "\password.mdb" Dim Password = "" Dim conn As New OleDbConnection("Provider=Microsoft.Jet.OLEDB.4.0;Data Source=" & mypath & ";Jet OLEDB:Database Password=" & Password) Dim cmd As OleDbCommand Private Sub btnLogin_Click(ByVal sender As System.Object, ByVal e As System.EventArgs) Handles btnLogin.Click Dim sql = "SELECT Username,Password FROM Password WHERE Username = '" & txtUsername.Text & "' AND Password = '" & txtPassword.Text & "'" cmd = New OleDbCommand(sql, conn) Dim dr As OleDbDataReader = cmd.ExecuteReader If conn.State <> ConnectionState.Open Then conn.Open() End If Try conn.Open() Catch ex As InvalidOperationException MsgBox(ex.Message) End Try Try If dr.Read = False Then MessageBox.Show("Authentication Failed...") Else MessageBox.Show("Login Successful...") End If Catch ex As Exception MsgBox(ex.Message) End Try If conn.State <> ConnectionState.Closed Then conn.Close() End If Dim form As New Form2 form.Show() bravo659

      M Offline
      M Offline
      MoustafaS
      wrote on last edited by
      #2

      first of all : the actual reason of this problem that you must close the reader before you clos the connection , And also it seems you opened the connection twice in : If conn.State <> ConnectionState.Open Then conn.Open() End If And : Try conn.Open() Catch ex As InvalidOperationException MsgBox(ex.Message) End Try hope that helps.

      D 1 Reply Last reply
      0
      • M MoustafaS

        first of all : the actual reason of this problem that you must close the reader before you clos the connection , And also it seems you opened the connection twice in : If conn.State <> ConnectionState.Open Then conn.Open() End If And : Try conn.Open() Catch ex As InvalidOperationException MsgBox(ex.Message) End Try hope that helps.

        D Offline
        D Offline
        Desi Bravo
        wrote on last edited by
        #3

        I didn't even noticed that I opened it twice, thanks for pointing it out to me. So then, it is not the ExecuteReader, is that I used the conn.Open twice that disallow the disconnect from the reader, it just tries to open twice without closing the reader. Thanks for your response. Let me try and will post again whether it works or not. Been working on this for 3 months. LOL. bravo659

        M 1 Reply Last reply
        0
        • D Desi Bravo

          I didn't even noticed that I opened it twice, thanks for pointing it out to me. So then, it is not the ExecuteReader, is that I used the conn.Open twice that disallow the disconnect from the reader, it just tries to open twice without closing the reader. Thanks for your response. Let me try and will post again whether it works or not. Been working on this for 3 months. LOL. bravo659

          M Offline
          M Offline
          MoustafaS
          wrote on last edited by
          #4

          Nevermind, but try also to close the reader before closing the connection .

          D 1 Reply Last reply
          0
          • D Desi Bravo

            I created a user login page associated with an address book. In order to retrieve the address book the user must enter the username and password. How can i code the login button for authentication. Below is the code that i used but there is an error message that points to ExecuteReader. Error: "ExecuteReader requires an open and available connection. The connection current state is closed." I am using the OleDbDataAdapter, OleDbDataReader, OleDbConnection, and the OleDbCommand. What is it that I am doing wrong. I also created a MS Access table. Dim mypath = Application.StartupPath & "\password.mdb" Dim Password = "" Dim conn As New OleDbConnection("Provider=Microsoft.Jet.OLEDB.4.0;Data Source=" & mypath & ";Jet OLEDB:Database Password=" & Password) Dim cmd As OleDbCommand Private Sub btnLogin_Click(ByVal sender As System.Object, ByVal e As System.EventArgs) Handles btnLogin.Click Dim sql = "SELECT Username,Password FROM Password WHERE Username = '" & txtUsername.Text & "' AND Password = '" & txtPassword.Text & "'" cmd = New OleDbCommand(sql, conn) Dim dr As OleDbDataReader = cmd.ExecuteReader If conn.State <> ConnectionState.Open Then conn.Open() End If Try conn.Open() Catch ex As InvalidOperationException MsgBox(ex.Message) End Try Try If dr.Read = False Then MessageBox.Show("Authentication Failed...") Else MessageBox.Show("Login Successful...") End If Catch ex As Exception MsgBox(ex.Message) End Try If conn.State <> ConnectionState.Closed Then conn.Close() End If Dim form As New Form2 form.Show() bravo659

            J Offline
            J Offline
            jonathan15
            wrote on last edited by
            #5

            "SELECT Username,Password FROM Password WHERE Username = '" & txtUsername.Text & "' AND Password = '" & txtPassword.Text & "'" Just as a side issue and before Colin gets you for it. Although this is the sort of code you see in many text book examples it is open to SQL injection attacks. Again it probably matters less if it is a desktop application but its still bad practice. what this means basically is that a user can input a string of SQL into the username textbox which could easily invalidate your security. This is why paramaters in Stored Procedures is a better way to go. Jon

            C D 2 Replies Last reply
            0
            • J jonathan15

              "SELECT Username,Password FROM Password WHERE Username = '" & txtUsername.Text & "' AND Password = '" & txtPassword.Text & "'" Just as a side issue and before Colin gets you for it. Although this is the sort of code you see in many text book examples it is open to SQL injection attacks. Again it probably matters less if it is a desktop application but its still bad practice. what this means basically is that a user can input a string of SQL into the username textbox which could easily invalidate your security. This is why paramaters in Stored Procedures is a better way to go. Jon

              C Offline
              C Offline
              Colin Angus Mackay
              wrote on last edited by
              #6

              jonathan15 wrote: Just as a side issue and before Colin gets you for it. :-D

              My: Blog | Photos | Next SQL Presentation WDevs.com - Open Source Code Hosting, Blogs, FTP, Mail and More

              1 Reply Last reply
              0
              • J jonathan15

                "SELECT Username,Password FROM Password WHERE Username = '" & txtUsername.Text & "' AND Password = '" & txtPassword.Text & "'" Just as a side issue and before Colin gets you for it. Although this is the sort of code you see in many text book examples it is open to SQL injection attacks. Again it probably matters less if it is a desktop application but its still bad practice. what this means basically is that a user can input a string of SQL into the username textbox which could easily invalidate your security. This is why paramaters in Stored Procedures is a better way to go. Jon

                D Offline
                D Offline
                Desi Bravo
                wrote on last edited by
                #7

                Thanks for your reply. I've been hearing about these issues. But I am still learning, and need to learn about stored procedires. I believe I am not ready for the stored procedures. But I will try to learn it. I like programming, which it is a challenge. Is it possible if you would explain more about stored procedures? I really appreciate it. And what is the best advanced books that I can learn from. By the way who is Colin? bravo659

                C 1 Reply Last reply
                0
                • M MoustafaS

                  Nevermind, but try also to close the reader before closing the connection .

                  D Offline
                  D Offline
                  Desi Bravo
                  wrote on last edited by
                  #8

                  I finally fixed the problem. But I still need more to learn about programming in vb.net. Thanks for your reply. bravo659

                  1 Reply Last reply
                  0
                  • D Desi Bravo

                    Thanks for your reply. I've been hearing about these issues. But I am still learning, and need to learn about stored procedires. I believe I am not ready for the stored procedures. But I will try to learn it. I like programming, which it is a challenge. Is it possible if you would explain more about stored procedures? I really appreciate it. And what is the best advanced books that I can learn from. By the way who is Colin? bravo659

                    C Offline
                    C Offline
                    Colin Angus Mackay
                    wrote on last edited by
                    #9

                    Dessi Bravo wrote: By the way who is Colin? Me. And I tend to point people in the direction of this article, SQL Injection Attacks and Tips on How to Prevent Them[^] whenever I see code that is susceptable to attack.

                    My: Blog | Photos | Next SQL Presentation WDevs.com - Open Source Code Hosting, Blogs, FTP, Mail and More

                    1 Reply Last reply
                    0
                    Reply
                    • Reply as topic
                    Log in to reply
                    • Oldest to Newest
                    • Newest to Oldest
                    • Most Votes

                    • Login
                    • Don't have an account? Register
                    • Login or register to search.
                    • First post
                      Last post
                    0
                    • Categories
                    • Recent
                    • Tags
                    • Popular
                    • World
                    • Users
                    • Groups