Login script using remote database

[kBob]

Hello

This is a TUT for forum admins out there (mainly) but can be used for others.

This connects to a remote database. I've modified a default code that many other users have used. I made it faster in the process of logging in.

First download this: MySQL :: Download Connector/Net

Second import MySQL.Data from .NET Reference


Third, type in at the top of your code "Imports MySQL.Data.mysqlclient"


At the top of your form, dim a new MySQL Connector or:


Next on your form Startup or Load Declarations code, type in this:

Code:

conn = New MySqlConnection()
        conn.ConnectionString = "server=SERVER URL or IP; user id=DATABASE USER; password=DB PASS; database=DATABASE NAME"
        Try
            conn.Open()
        Catch myerror As MySqlException
            MsgBox("Error attempting to connect to server. The Mark M Server may be down.")
            Me.Close()
        End Try

Modify to your info

Next make two textboxes and 1 button (2 if you want one for exit)

Make the button say "LOGIN" and password textbox properties:


Double click the OK or LOGIN button and type this code (modify to your needs)

Code:

Dim myAdapter As New MySqlDataAdapter
                Dim sqlquery = "SELECT * FROM TABLE_HERE WHERE USERNAME_FIELD_HERE='" + TextBox1.Text + "' AND PASSWORD_FIELD_HERE'" + TextBox2.Text + "'"
                Dim myCommand As New MySqlCommand()
                myCommand.Connection = conn
                myCommand.CommandText = sqlquery
                'start query
                myAdapter.SelectCommand = myCommand
                Dim myData As MySqlDataReader
                myData = myCommand.ExecuteReader()
                'see if user exits.
                If myData.HasRows = 0 Then
                    conn.Close()
                    conn.Open()
                    MsgBox("Wrong username or Password", MsgBoxStyle.Critical, "Error")
                Else
                    Main.Show()
                    Me.Close()
                End If
            End If

Sorry ill modify it later(add explanation) i did this at 10 PM so i dont have much time

Thank me if this helped!

NOTE: YOU CAN TRY SSL IF YOUR WEBSITE SUPPORTS IT BUT I NEVER TRIED IT

[Jason]

This is a bad practice. Although having a mysql adapter is nice in theory, it's terrible for security. Because you're storing your usename/password/server in the exe, reversers can easily steal that info by dissembling your program. Even obfuscating doesn't solve the problem.

[Blubb1337]

This is a bad practice. Although having a mysql adapter is nice in theory, it's terrible for security. Because you're storing your usename/password/server in the exe, reversers can easily steal that info by dissembling your program. Even obfuscating doesn't solve the problem.

True. The MySQL adapter is terrible if you want to publish your application.

You should rather use PHP.

[qwerty01]

True. The MySQL adapter is terrible if you want to publish your application.

You should rather use PHP.

actually not really...then anyone can just access the webpage and modify the database

make them type the password every time -- you can't reverse what isn't stored

[Jason]

actually not really...then anyone can just access the webpage and modify the database

make them type the password every time -- you can't reverse what isn't stored

You can still reverse the connection string. And who said you can change the database through any PHP page lawl? Have the query pre-written in the page, and return the results. Or require a validation on the PHP page

[qwerty01]

You can still reverse the connection string. And who said you can change the database through any PHP page lawl? Have the query pre-written in the page, and return the results. Or require a validation on the PHP page

from what i inferred, he was suggesting to use php as a middleman for the queries, so you could easily do any query just by going to the php page (as it wouldn't require a password)

and i don't think any hacker's going to get much out of

Code:

conn.ConnectionString = "server="+txtServer.text+"; user id="+txtUser.text+"; password="+txtPass.text"; database="+txtDatabase.text

OP implies that you know the user and pass of the database, as this is designed for forum admins (and it expects you to know the password, etc)

EDIT:
modifying the database = modifying the contents of the database
modifying != changing

[Jason]

EDIT:
modifying the database = modifying the contents of the database
modifying != changing

Changing is definitely what modifying means lol. I suggest you get your hands on a good dictionary.

Define: Modifying

And making the user have to specify each aspect of the connection string...how is that a feasible solution? Congrats, your application no longer has any distributivity.

[qwerty01]

Changing is definitely what modifying means lol. I suggest you get your hands on a good dictionary.

Define: Modifying
...

If you want to get into grammar...

if i wanted to change the database i would have said changing the database
however here modifying is applied to the database itself

Changing: Make or become different

Modifying: Make partial or minor changes to (something), typically so as to improve it or to make it less extreme.

Database: A structured set of data held in a computer, esp. one that is accessible in various ways.

so therefore changing the database would be changing the current database in use, and modifying the database would be changing the data inside the current database

Changing:

Code:

USE [...]

Modifying: (assuming a DB is already selected)

Code:

UPDATE [...]

...
And making the user have to specify each aspect of the connection string...how is that a feasible solution? Congrats, your application no longer has any distributivity.

Functionality. This is designed for forum admins, so they should know the user/pass/database
and as it's being distributed to forum admins, there is no reason to force them to make their own php page, or hard code in a password
if it were me i would add something that would give the option to save the password (using security through obscurity to prevent most people from finding the password), so that they're not forced to type it in all the time, or compromise their password by saving it if they feel that security through obscurity isn't enough

[Jason]

If you want to get into grammar...

if i wanted to change the database i would have said changing the database
however here modifying is applied to the database itself




so therefore changing the database would be changing the current database in use, and modifying the database would be changing the data inside the current database

Changing:

Code:

USE [...]

Modifying: (assuming a DB is already selected)

Code:

UPDATE [...]

Functionality. This is designed for forum admins, so they should know the user/pass/database
and as it's being distributed to forum admins, there is no reason to force them to make their own php page, or hard code in a password
if it were me i would add something that would give the option to save the password (using security through obscurity to prevent most people from finding the password), so that they're not forced to type it in all the time, or compromise their password by saving it if they feel that security through obscurity isn't enough

Lol "changing" in my context wasn't changing the database in use, it was changing the data . And who says that MySQL connection is just for forum admins, if that's all you use MySQL for that's your own business, but isn't a restriction on all people who use MySQL, so a hardcoded connection string will have to be used. Gawd dammit.

[qwerty01]

Lol "changing" in my context wasn't changing the database in use, it was changing the data . And who says that MySQL connection is just for forum admins, if that's all you use MySQL for that's your own business, but isn't a restriction on all people who use MySQL, so a hardcoded connection string will have to be used. Gawd dammit.

it was changing the database in your context (as there was no way to tell otherwise), and therefore that's how i read your sentence

Hello

This is a TUT for forum admins out there (mainly) but can be used for others.
...

the tutorial is designed for forum admins, so in context, it's implied the username and password is known.
and if you can't edit the connection string to make up for the type of database then you wouldn't be able to put in the username/password required in the first place

[Jason]

it was changing the database in your context (as there was no way to tell otherwise), and therefore that's how i read your sentence



the tutorial is designed for forum admins, so in context, it's implied the username and password is known.
and if you can't edit the connection string to make up for the type of database then you wouldn't be able to put in the username/password required in the first place

(mainly) but can be used for others.

Jeebus, please read.

[qwerty01]

Hello

This is a TUT for forum admins out there (mainly) but can be used for others.

he is writing it to the forum admins, but he feels it may be useful to other people, i know how to read.

[Jason]

he is writing it to the forum admins, but he feels it may be useful to other people, i know how to read.

stop contradicting yourself for god's sake. /ignoring this thread from now on.

[qwerty01]

stop contradicting yourself for god's sake. /ignoring this thread from now on.

when did i contradict myself? ignore it all you want but it's OK to be wrong sometimes