Click here to Skip to main content
15,885,309 members
Search within:


How to change password help code
Please Sign up or sign in to vote.
1.00/5 (1 vote)
See more:
C#
WinForms
password
i get help from someone but i don't know how to do it im sure that is the write way to do it but i don't know how to write the code any help plzz
that is my login code
C#
SqlDataAdapter sda = new SqlDataAdapter("select count(*)  from tbluser1 where username='" + txtusername.Text.Trim() + "' and password='" + txtpassword.Text.Trim() + "'", sqlcon);
        DataTable dtbl = new DataTable();
        sda.Fill(dtbl);



        if (dtbl.Rows[0][0].ToString() == "1")
        {
            SqlDataAdapter From_sda = new SqlDataAdapter("select user_id , username from tbluser1 where username='" + txtusername.Text.Trim() + "' and password='" + txtpassword.Text.Trim() + "'", sqlcon);
            DataTable From_ds = new DataTable();
            From_sda.Fill(From_ds);
            String value1 = From_ds.Rows[0][1].ToString();
            int id = int.Parse(From_ds.Rows[0][0].ToString());

            Debug.WriteLine("value is :   " + value1);
            Class1.Txtusername = txtusername.Text;
            this.Hide();
            SqlDataAdapter sda1 = new SqlDataAdapter("select role , [from], Take, from2, Take2, from3, Take3, from4, Take4 from tbluser1 where username='" + txtusername.Text.Trim() + "' and password='" + txtpassword.Text.Trim() + "'", sqlcon);
            DataTable ds = new DataTable();
            sda1.Fill(ds);
            Researcher obj = new Researcher(ds.Rows[0][0].ToString(), ds.Rows[0][1].ToString(), ds.Rows[0][2].ToString(), ds.Rows[0][3].ToString(), ds.Rows[0][4].ToString(), ds.Rows[0][5].ToString(), ds.Rows[0][6].ToString(), ds.Rows[0][7].ToString(), ds.Rows[0][8].ToString());
            this.Hide();
            obj.Show();
        }
        else
        {
            MessageBox.Show("please check your username and password");
        }


What I have tried:

he tell me that i should to do that
i do that
You need to have a column "PasswordChangedDate" in database table. When user changes the password, set the value of that column to current DateTime.

how i will code this
When user logs in, check if Current Date is greater than "PasswordChangedDate" + 90 days. If true then show PasswordReset screen to the user and when user submit, set the "PasswordChangeDate" to CurrentDateTime. And so on
Posted
Updated 22-Jan-19 0:26am
v2
Add a Solution

3 solutions

When you asked this question last time: How to make expire for password[^] I warned you that you have bigger problems that you need to fix first: SQL Injection, and clear text password storage.

Unless you fix those problems, your passwords are irrelevant: they can be bypassed with ease, or your DB destroyed.
 
Share this answer
 
Posted
Comments
el_tot93 22-Jan-19 6:11am    
hey it is windows application no problem
OriginalGriff 22-Jan-19 6:23am    
Of course it's a problem! Or do you think "evil doers" are only on the internet? If you need passwords, then you need security for a reason - and this provides not only no security, but huge security holes that just "expiring password" will not plug! Come on, your best mate will try it just to see the look on your face ...
MadMyche 22-Jan-19 6:36am    
Hey, your DB is a lot more than a Windows App; any other app on the machine or network has access to all your data.
And the "it's no problem" comment is a problem in itself.
C#
SqlDataAdapter("select count(*)  from tbluser1 where username='" + txtusername.Text.Trim() + "' and password='" + txtpassword.Text.Trim() + "'", sqlcon);

Not necessary a solution to your question, but another problem you have.
Never build an SQL query by concatenating strings. Sooner or later, you will do it with user inputs, and this opens door to a vulnerability named "SQL injection", it is dangerous for your database and error prone.
A single quote in a name and your program crash. If a user input a name like "Brian O'Conner" can crash your app, it is an SQL injection vulnerability, and the crash is the least of the problems, a malicious user input and it is promoted to SQL commands with all credentials.
SQL injection - Wikipedia[^]
SQL Injection[^]
SQL Injection Attacks by Example[^]
PHP: SQL Injection - Manual[^]
SQL Injection Prevention Cheat Sheet - OWASP[^]
How can I explain SQL injection without technical jargon? - Information Security Stack Exchange[^]
 
Share this answer
 
Posted
Comments
el_tot93 22-Jan-19 6:11am    
hey it is windows application no problem
Patrice T 22-Jan-19 6:15am    
Try to register new user Brian O'Conner and you will see the there is a problem.
el_tot93 22-Jan-19 6:16am    
sorry bout im new in that and that the way that i know and i don't have time to solve this problem or something know i have 3 select in my code i don't know how to do one
el_tot93 22-Jan-19 6:22am    
if you have time make a one from them and i will see how should i do it
Before you start adding onto your application; I would highly recommend that you review what you currently have.
Just in the first 3 lines of code I see several problems: Vulnerable, Insecure, and Inefficient. I would find either of the first 2 to be grounds for termination.

Vulnerability Reduction: To reduce your chance of SQL Injection attacks, I would recommend parameterization of all your commands. Here is a quick sample based on your first line:
C#
string cmdtxt = "SELECT Count(*) FROM tbluser1 WHERE username=@username";
SqlCommand cmd = new SqlCommand(cmdtxt, sqlcon);
cmd.Parameters.AddWithValue("@username", txtusername.Text.Trim());

Security Strengthening: You should never store passwords in plain-text. You should implement some method of hashing to protect them. This will require much more than a quick answer though. I would recommend reading the articles here and elsewhere on the topic. I have worked with implementations of bCrypt and would consider this acceptable as well.
Password Storage: How to do it.[^]
Use BCrypt to Hash Your Passwords: Example for C# and SQL Server « Rob Kraft's Software Development Blog[^]

Seems minor, but for efficiency's sake use the simplest objects/methods needed. Line #1 of your script was creating a SqlDataAdapter which fed a DataTable and then you checked position [0][0] for the one value in that multidimensional object. Your command only returns 1 value; never more, and never less. If you go back to the Vulnerability paragraph you will see I changed it to an SqlCommand. You can simply just execute that as a Scalar function which only returns the one value
C#
int Matches = (int)cmd.ExecuteScalar();
 
Share this answer
 
Posted
Comments
el_tot93 22-Jan-19 6:37am    
i'm trying it now
Add a Solution

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)

  Print Answers RSS
Top Experts
Last 24hrsThis month
Related Questions
change password code
Can you help me change the code (( webbrowser الى webview2 ))
How to change password?
Want to change password
changing password in Oracle
HELP! Can't log in to code project OR change password
Change password
Password queries...What is the code of login form of change password forget password..
need help in changing the old username and password.. c#
Change password using Active Directory

Advertise
Privacy
Cookies
Terms of Use
Last Updated 22 Jan 2019
Layout: fixed | fluid
Copyright © CodeProject, 1999-2024
All Rights Reserved.

Web04 2.8:2024-04-02:1

CodeProject, 20 Bay Street, 11th Floor Toronto, Ontario, Canada M5J 2N8 +1 (416) 849-8900