1

我编写了以下函数来验证用户的登录数据,但到目前为止它没有正常工作,我确信它有问题:

Private Sub button2_Click(ByVal sender As System.Object, ByVal e As System.Windows.RoutedEventArgs) Handles button2.Click
    If loginpasswordtx.Text.Length > 1 And loginpasswordtx.Text.Length > 1 And My.Settings.SQLConnectionString.Length > 5 Then
        Try
            Dim cnn As New SqlConnection(My.Settings.SQLConnectionString)
            Dim cmd = New SqlCommand("SELECT AppUser,AppUserPass FROM OrderAppUsers WHERE AppUser=@AppUser AND AppUserPass=@AppUserPass", cnn)
            cmd.Parameters.Add(New SqlParameter("@AppUser", createuserAppUser.Text))
            cmd.Parameters.Add(New SqlParameter("@AppUserPass", MD5StringHash(loginpasswordtx.Text)))
            cnn.Open()

            Dim obj As Object = cmd.ExecuteScalar()
            If obj = Nothing Then
                MsgBox("Faild to Log in, check your log in info")
                cnn.Close()
                Return
            End If
            cnn.Close()
        Catch ex As SqlException
            MsgBox(ex.Message)
            Return
        End Try

        MsgBox("Logged in Successfully")
    End If
End Sub

我得到的只是一个null obj即使用户和通行证存在于表中。

以下代码用于添加新用户

 Try
            Dim cnnstring As String = String.Format("Server={0};Database={1};Trusted_Connection=True;", createuserServerTx.Text, createuserDatabaseTx.Text)
            Dim cnn As New SqlConnection(cnnstring)
            Dim cmd As New SqlCommand("INSERT INTO OrderAppUsers VALUES (@AppUser, @AppUserPass)", cnn)
            cmd.Parameters.Add(New SqlParameter("@AppUser", createuserAppUser.Text))
            cmd.Parameters.Add(New SqlParameter("@AppUserPass", MD5StringHash(createuserpassword.Text)))
            cnn.Open()
            cmd.ExecuteNonQuery()
            cnn.Close()
            MsgBox("User Crated Successfully")
            LayoutControl1.Visibility = Windows.Visibility.Collapsed
            My.Settings.SQLConnectionString = cnnstring
            My.Settings.Save()
        Catch ex As SqlException
            MsgBox(ex.Message)
        End Try

以及生成自定义哈希的函数

 Private Function MD5StringHash(ByVal strString As String) As String
    Dim MD5 As New MD5CryptoServiceProvider
    Dim Data As Byte()
    Dim Result As Byte()
    Dim R As String = ""
    Dim Temp As String = ""

    Data = Encoding.ASCII.GetBytes(strString)
    Result = MD5.ComputeHash(Data)
    For i As Integer = 0 To Result.Length - 1
        Temp = Hex(3 * Result(i) + 1)
        If Len(Temp) = 1 Then Temp = "0" & Temp
        R += Temp
    Next
    Return R
End Function
4

2 回答 2

1

添加参数时尝试以下操作

cmd.Parameters.AddWithValue("@AppUser", createuserAppUser.Text)
cmd.Parameters.AddWithValue("@AppUserPass", MD5StringHash(loginpasswordtx.Text))

或者只是坚持你所做的,但与你的有所不同,

cmd.Parameters.Add("@AppUser", SqlDbType.VarChar)       
cmd.Parameters("@AppUser").Value = createuserAppUser.Text
cmd.Parameters.Add("@AppUserPass", SqlDbType.VarChar)       
cmd.Parameters("@AppUserPass").Value = MD5StringHash(loginpasswordtx.Text)

顺便说一句,使用ExecuteScalar()它时只返回单个值。所以你的查询可以写成

SELECT COUNT(*) 
FROM OrderAppUsers
WHERE AppUser=@AppUser AND AppUserPass=@AppUserPass

你可以使用int变量来存储它的值

Dim obj As int = Cint(cmd.ExecuteScalar())

所以可能的值是0或返回的记录总数。

If obj = 0 Then
    MsgBox("Faild to Log in, check your log in info")
    '' other codes
End If

并通过重构您的代码,使用Using -Statement

Using cnn As New SqlConnection(My.Settings.SQLConnectionString)
    Using cmd = New SqlCommand("SELECT COUNT(*) FROM OrderAppUsers WHERE AppUser=@AppUser AND AppUserPass=@AppUserPass", cnn)
        cmd.Parameters.AddWithValue("@AppUser", createuserAppUser.Text)
        cmd.Parameters.AddWithValue("@AppUserPass", MD5StringHash(loginpasswordtx.Text))
        cmd.CommandType = CommandType.Text
        Try
            cnn.Open()
            Dim obj As int = Cint(cmd.ExecuteScalar())
            If obj = 0 Then
                MsgBox("Faild to Log in, check your log in info")
            Else
                 MsgBox("Logged in Successfully")
            End If
        Catch(ex As SqlException)
             MsgBox(ex.Message.ToString())
        End Try
    End Using
End Using
于 2012-09-28T08:38:01.040 回答
0

我在我的本地系统中检查了你的代码,它工作正常我的意思是我能够验证它的返回 true i 分析并发现它的返回 false 只有当我在加密之前在密码文本上添加一个空格时,你可以检查数据库值是否为空格添加到密码值或您可以发布您的加密代码

于 2012-09-29T21:27:41.573 回答