1

我正在使用 Visual Studio 2010 使用 mysql 数据库进行 Web 服务。

我已经完成了一个检查密码并返回密码(当前密码)的函数,在 web 方法中,我调用该函数来验证更改之前的旧密码是否相等,然后再继续调用 mysql 命令。但即使我仔细检查并直接从数据库复制粘贴用户/密码,Web 方法调用返回无效。谁能看看我哪里出错了?还是我需要提供任何其他信息。谢谢你的协助!

EDIT1:应该是函数do_check_password 的问题。我已经尝试阻止包含 do_check_password 并且能够成功更改的 if 循环。

我的功能代码

private string do_check_password(string username)
        {
            string connectionString = ConfigurationManager.ConnectionStrings["mysql"].ToString();
            MySqlCommand dCmd = new MySqlCommand();
            using (MySqlConnection mysqlCon = new MySqlConnection(connectionString))
            {
                mysqlCon.Open();
                dCmd.CommandText = "select password from tbl_login WHERE username = ?username ";
                dCmd.CommandType = CommandType.Text;
                dCmd.Parameters.Add(new MySqlParameter("?username", username));
                dCmd.Connection = mysqlCon;
                dCmd.ExecuteNonQuery();
                mysqlCon.Close();
                MySqlDataAdapter da = new MySqlDataAdapter(dCmd);
                DataTable dt = new DataTable();
                da.Fill(dt);

                string currentPassword = dt.Rows[0].ToString();
                return currentPassword;
            }

        }

[网络方法]

    public string editUserPassword(string username, string oldPassword, string newPassword)
        {

               try
                {

                    string connectionString = ConfigurationManager.ConnectionStrings["mysql"].ToString();
                    MySqlCommand dCmd = new MySqlCommand();
                    using (MySqlConnection mysqlCon = new MySqlConnection(connectionString))
                    {
                        if(do_check_password(username) == oldPassword)              
                            {
                                mysqlCon.Open();
                                dCmd.CommandText = "UPDATE tbl_login SET password=?password WHERE username=?username";
                                dCmd.CommandType = CommandType.Text;
                                dCmd.Parameters.Add(new MySqlParameter("?username", username));
                                dCmd.Parameters.Add(new MySqlParameter("?password", newPassword));    
                                dCmd.Connection = mysqlCon;
                                dCmd.ExecuteNonQuery();
                                mysqlCon.Close(); 
                            }
                            else

                            {
                                return string.Format( "invalid password");
                            }
                  }
                     return string.Format("password changed");
                  }
                catch (Exception ex)
                {
                    return string.Format(ex.Message);
                }

}
4

4 回答 4

1

在您的 do_check_password 中,您有以下行:

dCmd.ExecuteNonQuery();

那不应该是一个

dCmd.ExecuteReader();

不过,建议不要以明文形式存储这些密码。使用单向哈希用盐加密密码。

于 2012-06-19T04:13:17.223 回答
1

do_check_password(string username)您的函数中不需要以下行

dCmd.ExecuteNonQuery();

Close()连接after fill the dataset...

你的方法应该是这样的

private string do_check_password(string username)
        {
            string connectionString = ConfigurationManager.ConnectionStrings["mysql"].ToString();
            MySqlCommand dCmd = new MySqlCommand();
            using (MySqlConnection mysqlCon = new MySqlConnection(connectionString))
            {
                mysqlCon.Open();
                dCmd.CommandText = "select password from tbl_login WHERE username = ?username ";
                dCmd.CommandType = CommandType.Text;
                dCmd.Parameters.Add(new MySqlParameter("?username", username));
                dCmd.Connection = mysqlCon;
                //dCmd.ExecuteNonQuery(); no need here

                MySqlDataAdapter da = new MySqlDataAdapter(dCmd);
                DataTable dt = new DataTable();
                da.Fill(dt);
                mysqlCon.Close();
                string currentPassword = dt.Rows[0].ToString();
                return currentPassword;
            }

        }
于 2012-06-19T04:50:49.020 回答
1

在 do_check_password 中,您可以将dCmd.ExecuteNonQuery开头的行替换为:

string currentPassword = (string)dCmd.ExecuteScalar();
mysqlConn.Close();
return currentPassword;

*请注意,您只应在命令执行后关闭连接。dCmd.ExecuteNonQuery 并不是必需的,您也可以放弃使用 MySqlDataAdapter。如果您仍然有问题,请尝试明确指定参数的类型和大小,例如

dCmd.Parameters.Add(new MySqlParameter("?username", MySqlDbType.VarChar, 30, username));
于 2012-06-19T04:50:59.377 回答
0

我已经将方法从字符串更改为 BOOL 并且效果很好。数据语法部分可能出了点问题。这是我的代码,以防有人尝试使用字符串但失败并想转换为 bool

 private bool do_check_password(string username, string oldPassword)
        {
            string connectionString = ConfigurationManager.ConnectionStrings["mysql"].ToString();
            MySqlCommand dCmd = new MySqlCommand();
            using (MySqlConnection mysqlCon = new MySqlConnection(connectionString))
            {
                mysqlCon.Open();
                dCmd.CommandText = "select password from tbl_login WHERE username = ?username and password=?oldPassword";
                dCmd.Parameters.Add(new MySqlParameter("?username", username));
                dCmd.Parameters.Add(new MySqlParameter("?oldPassword", oldPassword));
                dCmd.CommandType = CommandType.Text;
                dCmd.Connection = mysqlCon;
                dCmd.ExecuteNonQuery();
                mysqlCon.Close();
                MySqlDataAdapter da = new MySqlDataAdapter(dCmd);
                DataTable dt = new DataTable();
                da.Fill(dt);
                if (dt.Rows.Count > 0)
                {
                    return true;
                }
                else
                {
                    return false;
                }


                //string currentPassword = dt.Rows[0].ToString();
                //return currentPassword;
            }

        }

[网络方法]

    public string editUserPassword(string username, string oldPassword, string newPassword)
        {

               try
                {

                    string connectionString = ConfigurationManager.ConnectionStrings["mysql"].ToString();
                    MySqlCommand dCmd = new MySqlCommand();
                    using (MySqlConnection mysqlCon = new MySqlConnection(connectionString))
                    {
                        if(do_check_password(username, oldPassword) == true )              
                            {
                                mysqlCon.Open();
                                dCmd.CommandText = "UPDATE tbl_login SET password=?password WHERE username=?username";
                                dCmd.CommandType = CommandType.Text;
                                dCmd.Parameters.Add(new MySqlParameter("?username", username));
                                dCmd.Parameters.Add(new MySqlParameter("?password", newPassword));    
                                dCmd.Connection = mysqlCon;
                                dCmd.ExecuteNonQuery();
                                mysqlCon.Close(); 
                            }
                            else

                            {
                                return string.Format( "invalid password");
                           }
                  }
                     return string.Format("password changed");
                  }
                catch (Exception ex)
                {
                    return string.Format(ex.Message);
                }

}
于 2012-06-19T08:38:35.333 回答